Network Flow Based IoT Anomaly Detection Using Graph Neural Network

被引：2

作者：

Wei, Chongbo ^{[1
,2
]}

Xie, Gaogang ^{[3
]}

Diao, Zulong ^{[1
,4
]}

机构：

[1] Chinese Acad Sci, Inst Comp Technol, Beijing, Peoples R China

[2] Univ Chinese Acad Sci, Beijing, Peoples R China

[3] Chinese Acad Sci, Comp Network Informat Ctr, Beijing, Peoples R China

[4] Purple Mt Labs, Nanjing, Peoples R China

来源：

KNOWLEDGE SCIENCE, ENGINEERING AND MANAGEMENT, PT II, KSEM 2023 | 2023年 / 14118卷

基金：

中国国家自然科学基金;

关键词：

Deep learning; Anomaly detection; Internet-of-things; Network flow; Graph neural network;

D O I：

10.1007/978-3-031-40286-9_35

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Deep learning-based traffic anomaly detection methods are usually fed with high-dimensional statistical features. The greatest challenges are how to detect complex inter-feature relationships and localize and explain anomalies that deviate from these relationships. However, existing methods do not explicitly learn the structure of existing relationships between traffic features or use them to predict the expected behavior of traffic. In this work, we propose a network flow-based IoT anomaly detection approach. It extracts traffic features in different channels as time series. Then a graph neural network combined with a structure learning approach is used to learn relationships between features, which allows users to deduce the root cause of a detected anomaly. We build a real IoT environment and deploy our method on a gateway (simulated with Raspberry PI). The experiment results show that our method has excellent accuracy for detecting anomaly activities and localizes and explains these deviations.

引用

页码：432 / 445

页数：14

共 16 条

[1] Angrishi K, 2017, Arxiv, DOI arXiv:1702.03681
[2] Antonakakis M, 2017, PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY '17), P1093
[3] Cisco, 2020, White Paper
[4] Deng AL, 2021, AAAI CONF ARTIF INTE, V35, P4027
[5] LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks
Giaretta, Lodovico
Lekssays, Ahmed
Carminati, Barbara
Ferrari, Elena
Girdzijauskas, Sarunas
[J]. COMPUTER SECURITY - ESORICS 2021, PT I, 2021, 12972 : 605 - 625
[6] MedBIoT: Generation of an IoT Botnet Dataset in a Medium-sized IoT Network
Guerra-Manzanares, Alejandro
Medina-Galindo, Jorge
Bahsi, Hayretdin
Nomm, Sven
[J]. ICISSP: PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2020, : 207 - 218
[7] MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks
Li, Dan
Chen, Dacheng
Shi, Lei
Jin, Baihong
Goh, Jonathan
Ng, See-Kiong
[J]. ARTIFICIAL NEURAL NETWORKS AND MACHINE LEARNING - ICANN 2019: TEXT AND TIME SERIES, PT IV, 2019, 11730 : 703 - 716
[8] Merino Borja., 2013, Instant traffic analysis with Tshark how-to
[9] Mirsky Y, 2018, Arxiv, DOI arXiv:1802.09089
[10] Kipf TN, 2017, Arxiv, DOI arXiv:1609.02907

← 1 2 →