E-GRAPHSAGE++: ENHANCING GRAPH NEURAL NETWORK-BASED INTRUSION DETECTION SYSTEMS FOR IOT NETWORKS

Abstract

This paper introduces E-GraphSAGE++, an ad- vanced Network Intrusion Detection System (NIDS) leveraging Graph Neural Networks (GNNs) to enhance security in IoT networks. Unlike traditional methods, E-GraphSAGE++ effec- tively captures both edge features and topological information inherent in flow-based network data. This dual-focus approach allows for a more comprehensive analysis of network traffic, enabling the detection of complex attack patterns that might be overlooked by methods focusing solely on node features or using traditional ML approaches. Our approach addresses several key limitations of existing NIDS solutions. Traditional NIDS methods, particularly those based on signature detection, often fail to identify novel or sophisticated attacks due to their reliance on predefined attack signatures. On the other hand, anomaly-based detection methods, while better at identifying new threats, can suffer from high false-positive rates. E-GraphSAGE++ mitigates these issues by leveraging the relational structure of network data through GNNs, providing a holistic view of traffic patterns and their interdependencies. We conduct extensive evaluations on four benchmark NIDS datasets: BoT-IoT, ToN-IoT, and their NetFlow variants NF-BoT-IoT and NF-ToN-IoT. Our experiments demon- strate that E-GraphSAGE++ significantly outperforms state-of- the-art methods in key classification metrics, including accuracy, precision, recall, and F1-score. For instance, E-GraphSAGE++ achieves near-perfect precision and recall rates on these datasets, indicating its robustness and effectiveness in real-world scenarios. Hence, these results show the possibility of GNNs in transforming ND and establishing a benchmark for future research on the domain. In addition, there is a new method of edge embedding in E-GraphSAGE++, which improves not only the detection performance and provides better interpretability of the model’s conclusions. Through the visualization of the learned embeddings, network administrators are able to better understand the char- acteristics of identified abnormal activities and cyber-attacks so as to design more appropriate countermeasures. Cybersecurity is therefore enhanced by the skill of differentiating between different network flows as well as the risks that are associated with each of the flows and their visual presentation. Moreover, to be more scalable and efficient, E-GraphSAGE++ is proposed. The model’s structure is well suited for large-scale network processing, and therefore, its usage can be suggested in real-time intrusion detection systems. Thus, with the help of improved GNN technologies, E-GraphSAGE++ is capable of processing the dynamically changing characteristics of IoT networks and new threats entering the network. Specifically, E-GraphSAGE++ can be considered as the development in the area of network intrusion detection for IoT-enabled settings. Thus, integrating the edge features and topological information can be a valuable tool to detect cybersecurity threats of a higher level. Thus, the applicability of E-GraphSAGE++ within various benchmarks is suitable for set scenes, and its capability to perform well proves its general usability. Future work will seek to improve the model by implementing advanced sampling techniques and, in order to increase the model’s practical use, as well as making its functioning more transparent, use the explainable AI tools. These improvement Purpose to transform E-GraphSAGE++ not only into a strong identification system but also into an IoT networks’ security solution.