Anomaly traffic detection in IoT security using graph neural networks

The number of Internet of Things (IoT) devices is expanding quickly as IoT gradually spreads to all aspects of life. At the same time, IoT devices have emerged as a new attack medium for attack groups, and IoT security becomes an urgent issue to be solved. Attackers often evade intrusion detection using disguises, and attack methods against the IoT continue to evolve over time. To effectively identify malicious traffic, we propose a method for anomaly detection based on attribute graphs to identify potential security vulnerabilities in IoT traffic. The nodes of the attribute graph are values of features extracted from network traffic, with a meta-path-based graph neural network learning the topology and attribute information of the traffic network. To assure the model’s performance under large-scale IoT nodes, we develop a Hoffman coding-based data accuracy adjustment strategy to optimize the data, which regulates the size of the attribute graph under various data sizes. Our extensive experiments on datasets of real network traffic show the effectiveness of our method.