Graph-ensemble fusion for enhanced IoT intrusion detection: leveraging GCN and deep learning.

The proliferation of Internet of Things (IoT) applications has heightened the vulnerability of information security, making it susceptible to attacks that may lead to the compromise of sensitive data. Intrusion Detection System (IDS) is deployed in IoT networks for the detection of attacks and to ensure the security of information. In previous works, the IDS datasets suffer from an imbalanced distribution of data about attacks and, the flow of packets in IDS which hinders the ability of deep learning models for potent and coherent classification. With the emergence of graph convolution neural network (GCN), a new sub-field of deep learning models, the structure of graphs can be leveraged to represent the data effectively. IDS datasets typically consist of flow records of data which can naturally be represented as graph structures capturing both edge features and network topology information for classification of attacks. Hence, in this paper, a novel GCN-Ensemble fusion model is proposed for enhanced IoT IDS. There are three stages in this proposed model: (1) Data processing and attribute graph generation, (2) Feature engineering and (3) Classification. The flow attributes of data packets in IDS datasets are represented as the edges and the corresponding varying attacks as nodes of the attribute graph. Here the GCN model is leveraged for feature engineering of the IDS dataset. Further, a novel Ensemble of Convolution Neural Networks is proposed for the classification task. The evaluation of the proposed model encompasses the utilization of four distinct datasets, namely BoT-IoT, ToN-IoT, CIC-IDS2018, and NF UQ NIDS. In the BoT-IoT dataset, the proposed model demonstrates superior performance compared to state-of-art models like Deep learning and Graph neural network (GNN), achieving accuracy improvements of 3.16 and 0.91%, respectively. The observed superior performance of the model in comparison to the baseline models serves to emphasize its potential to augment IoT network security. [ABSTRACT FROM AUTHOR]