Abstract
Recent IoT proliferation has undeniably affected the way organizational activities and business procedures take place within several IoT domains such as smart manufacturing, food supply chain, intelligent transportation systems, medical care infrastructures etc. The number of the interconnected edge devices has dramatically increased, creating a huge volume of transferred data susceptible to leakage, modification or disruption, ultimately affecting the security level, robustness and QoS of the attacked IoT ecosystem. In an attempt to prevent or mitigate network abnormalities while accommodating the cohesiveness among the involved entities, modeling their interrelations and incorporating their structural, content and temporal attributes, graph-based anomaly detection solutions have been repeatedly adopted. In this article we propose, a multi-agent system, with each agent implementing a Graph Neural Network, in order to exploit the collaborative and cooperative nature of intelligent agents for anomaly detection. To this end, against the propagating nature of cyber-attacks such as the Distributed Denial-of-Service (DDoS), we propose a distributed detection scheme, which aims to monitor efficiently the entire network infrastructure. To fulfill this task, we consider employing monitors on active network nodes such as IoT devices, SDN forwarders, Fog Nodes, achieving localization of anomaly detection, distribution of allocated resources such as the bandwidth and power consumption and higher accuracy results. In order to facilitate the training, testing and evaluation activities of the Graph Neural Network algorithm, we create simulated datasets of network flows of various normal and abnormal distributions, out of which we extract essential structural and content features to be passed to neighbouring agents.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Al-Qatf M, Lasheng Y, Al-Habib M, Al-Sabahi K (2018) Deep learning approach combining sparse autoencoder with svm for network intrusion detection. IEEE Access 6:52843–52856
Angelov P (2014) Anomaly detection based on eccentricity analysis. In: 2014 IEEE symposium on evolving and autonomous learning systems (EALS), pp. 1–8
Angelov P, Sadeghi-Tehran P, Ramezani R (2011) An approach to automatic real-time novelty detection, object identification, and tracking in video streams based on recursive density estimation and evolving takagi-sugeno fuzzy systems. Int J Intell Syst 26(3):189–205
Bars BL, Kalogeratos A (2019) A probabilistic framework to node-level anomaly detection in communication networks. arXiv preprint arXiv:1902.04521
Battaglia PW, Hamrick JB, Bapst V, Sanchez-Gonzalez A, Zambaldi V, Malinowski M, Tacchetti A, Raposo D, Santoro A, Faulkner R, et al. (2018) Relational inductive biases, deep learning, and graph networks. arXiv preprint arXiv:1806.01261
Beigi EB, Jazi HH, Stakhanova N, Ghorbani AA (2014) Towards effective feature selection in machine learning-based botnet detection approaches. In: 2014 IEEE Conference on Communications and Network Security, pp. 247–255. IEEE
Brun O, Yin Y, Gelenbe E (2018) Deep learning with dense random neural network for detecting attacks against iot-connected home environments. Proced Computer Sci 134:458–463
Chaudhary A, Mittal H, Arora A (2019) Anomaly detection using graph neural networks. In: 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), pp. 346–350. IEEE
Chen X, Pawlowski N, Rajchl M, Glocker B, Konukoglu E (2018) Deep generative models in the real-world: An open challenge from medical imaging. arXiv preprint arXiv:1806.05452
Cheng M, Xu Q, Lv J, Liu W, Li Q, Wang J (2016) Ms-lstm: A multi-scale lstm model for bgp anomaly detection. In: 2016 IEEE 24th International Conference on Network Protocols (ICNP), pp. 1–6. IEEE
Creech G (2014) Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks. Ph.D. thesis, University of New South Wales, Canberra, Australia
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Future Gener Computer Syst 82:761–768
Erfani SM, Rajasegarar S, Karunasekera S, Leckie C (2016) High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning. Pattern Recogn 58:121–134
Eswaran D, Faloutsos C, Guha S, Mishra N (2018) Spotlight: Detecting anomalies in streaming graphs. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 1378–1386
Fey M, Lenssen JE (2019) Fast graph representation learning with pytorch geometric. arXiv preprint arXiv:1903.02428
Garcia S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. computers & security 45, 100–123
Garcia V, Bruna J (2017) Few-shot learning with graph neural networks. arXiv preprint arXiv:1711.04043
Garg S, Kaur K, Kumar N, Kaddoum G, Zomaya AY, Ranjan R (2019) A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Transact Network Service Manag 16(3):924–935
Guo M, Chou E, Huang DA, Song S, Yeung S, Fei-Fei L (2018) Neural graph matching networks for fewshot 3d action recognition. In: Proceedings of the European Conference on Computer Vision (ECCV), pp. 653–669
Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) Ioddos–the internet of distributed denial of service attacks
Hamilton W, Ying Z, Leskovec J (2017) Inductive representation learning on large graphs. In: Advances in neural information processing systems, pp. 1024–1034
Irfan M, Ahmad N (2018) Internet of medical things: Architectural model, motivational factors and impediments. In: 2018 15th Learning and Technology Conference (L&T), pp. 6–13. IEEE
Google. edge tpu (2018) https://cloud.google.com/edge-tpu/
Nvidia jetson tx2 module. (2018) https://developer.nvidia.com/embedded/buy/jetson-tx2
Javaid A, Niyaz Q, Sun W, Alam M (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp. 21–26. ICST (Institute for Computer Sciences, Social-Informatics and
Kang MJ, Kang JW (2016) Intrusion detection system using deep neural network for in-vehicle network security. PloS One 11(6):e0155781
Kawahara J, Brown CJ, Miller SP, Booth BG, Chau V, Grunau RE, Zwicker JG, Hamarneh G (2017) Brainnetcnn: Convolutional neural networks for brain networks; towards predicting neurodevelopment. NeuroImage 146:1038–1049
Kim J, Kim J, Thu HLT, Kim H (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp. 1–5. IEEE
Kingma DP, Ba J (2014) Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980
Kipf TN, Welling M (2016) Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) Ddos in the iot: Mirai and other botnets. Computer 50(7):80–84
Liu L, Zhou T, Long G, Jiang J, Yao L, Zhang C (2019) Prototype propagation networks (ppn) for weakly-supervised few-shot learning on category graph. arXiv preprint arXiv:1905.04042
Logenthiran T, Srinivasan D (2015) Computational intelligence and smart grid. Computational Intelligence-Volume II p. 202
Lyu L, Jin J, Rajasegarar S, He X, Palaniswami M (2017) Fog-empowered anomaly detection in iot using hyperellipsoidal clustering. IEEE Internet Things J 4(5):1174–1184
Ma T, Wang F, Cheng J, Yu Y, Chen X (2016) A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors 16(10):1701
Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5g networks. IEEE Access 6:7700–7712
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot-network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22
Moubayed A, Refaey A, Shami A (2019) Software-defined perimeter (sdp): State of the art secure solution for modern networks. IEEE Network 33(5):226–233
Moustafa N, Turnbull B, Choo KKR (2018) An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J
Nair T, Precup D, Arnold DL, Arbel T (2020) Exploring uncertainty measures in deep networks for multiple sclerosis lesion detection and segmentation. Med Image Analys 59:101557
Paszke A, Gross S, Chintala S, Chanan G, Yang E, DeVito Z, Lin Z, Desmaison A, Antiga L, Lerer A (2017) Automatic differentiation in pytorch
Rubinstein R (2005) A stochastic minimum cross-entropy method for combinatorial optimization and rare-event estimation. Methodol Comput Appl Probab 7(1):5–50
Sedjelmaci H, Senouci SM, Al-Bahri M (2016) A lightweight anomaly detection technique for low-resource iot devices: A game-theoretic methodology. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE
Seeböck P, Orlando JI, Schlegl T, Waldstein SM, Bogunović H, Klimscha S, Langs G, Schmidt-Erfurth U (2019) Exploiting epistemic uncertainty of anatomy segmentation for anomaly detection in retinal oct. IEEE Transact Med Imag 39(1):87–98
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116
Shin K, Hooi B, Faloutsos C (2016) M-zoom: Fast dense-block detection in tensors with quality guarantees. Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, Berlin, pp 264–280
Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers Secur 31(3):357–374
Singh VK, Ozen A, Govindarasu M (2018) A hierarchical multi-agent based anomaly detection for wide-area protection in smart grid. In: 2018 Resilience Week (RWS), pp. 63–69. IEEE
Summerville DH, Zach KM, Chen Y (2015) Ultra-lightweight deep packet anomaly detection for internet of things devices. In: 2015 IEEE 34th international performance computing and communications conference (IPCCC), pp. 1–8. IEEE
Tang TA, Mhamdi L, McLernon D, Zaidi SAR, Ghogho M (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263. IEEE
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE
Tcpdump/libpcap public repository (2018). https://www.tcpdump.org
Thing VL (2017) Ieee 802.11 network anomaly detection and attack classification: A deep learning approach. In: 2017 IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–6. IEEE
Tran MC, Heejeong L, Nakamura Y (2014) Abnormal web traffic detection using connection graph. Bull Networki Comput Syst Software 3(1):57–62
Vargaftik S, Keslassy I, Ben-Itzhak Y (2019) Rade: Resource-efficient supervised anomaly detection using decision tree-based ensemble methods. arXiv preprint arXiv:1909.11877
Vishwanath A, Hinton K, Ayre RW, Tucker RS (2014) Modeling energy consumption in high-capacity routers and switches. IEEE J Selected Areas Commun 32(8):1524–1532
Wang W, Sheng Y, Wang J, Zeng X, Ye X, Huang Y, Zhu M (2017) Hast-ids: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792–1806
Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., Yu, P.S.: A comprehensive survey on graph neural networks. arXiv preprint arXiv:1901.00596 (2019)
Xu K, Hu W, Leskovec J, Jegelka S (2018) How powerful are graph neural networks? arXiv preprint arXiv:1810.00826
Yavuz FY, Ünal D, Gül E (2018) Deep learning for detection of routing attacks in the internet of things. Int J Comput Intell Syst 12(1):39–58
Yu W, Cheng W, Aggarwal CC, Zhang K, Chen H, Wang W (2018) Netwalk: A flexible deep embedding approach for anomaly detection in dynamic networks. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 2672–2681
Zheng L, Li Z, Li J, Li Z, Gao J (2019) Addgraph: anomaly detection in dynamic graph using attention-based temporal gcn. In: Proceedings of the 28th International Joint Conference on Artificial Intelligence, pp. 4419–4425. AAAI Press
Zou Z, Jin Y, Nevalainen P, Huan Y, Heikkonen J, Westerlund T (2019) Edge and fog computing enabled ai for iot-an overview. In: 2019 IEEE International Conference on Artificial Intelligence Circuits and Systems (AICAS), pp. 51–56. IEEE
Acknowledgements
This work is supported by the European Unions Horizon 2020 Research and Innovation Program through the SerIoT project under Grant Agreement No. 780139 (https://seriot-project.eu/project/).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Protogerou, A., Papadopoulos, S., Drosou, A. et al. A graph neural network method for distributed anomaly detection in IoT. Evolving Systems 12, 19–36 (2021). https://doi.org/10.1007/s12530-020-09347-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12530-020-09347-0