ADAP-GNN: Adaptive property-aware graph neural network for intrusion detection in IoT networks

New and sophisticated attacks are threatening Internet of Things (IoT) networks, compromising the security and trustworthiness of devices. Consequently, Network Intrusion Detection Systems (NIDS) have become critical for protecting these networks, and AI-based NIDS have emerged as a promising solution. A relatively new subfield of deep learning, Graph Neural Networks (GNNs), has further advanced this field by capturing the complex relational patterns in network data. Architectures like GraphSAGE, which employs neighborhood sampling at the node level, and Graph Attention Networks (GAT), which use an attention mechanism to emphasize important nodes, have demonstrated impressive performance across various applications. However, these architectures have not yet been fully explored in the context of NIDS. Additionally, no single GNN architecture is universally optimal across all networks, as their performance depends on the specific graph properties of the network. To address these challenges, a novel framework is proposed encompassing two main aspects: (i) adaptation of the GNN architectures for Intrusion Detection in IoT networks, (ii) dynamic selection of the most suitable GNN configuration based on graph properties of the IoT network using the so-called ”Adaptive Property-Aware Graph Neural Network (ADAP-GNN)”. This method can deploy neighbor sampling safely in datasets with a large fraction of malicious nodes, as the risk of missing information about rare attacks is low. Also, attention mechanism proves advantageous in networks with high centrality entropy. Experimental results demonstrate the importance of property-aware model selection for developing robust GNN-based NIDS, highlighting the adaptability and effectiveness of the proposed approach compared to existing methods.