Enhancing IoT Network Intrusion Detection with a new GraphSAGE embedding algorithm using Centrality measures

The rapid expansion of the Internet of Things (IoT) has led to many opportunities in addition to introducing complex security challenges, necessitating more powerful Network Intrusion Detection Systems (NIDS). This study addresses this challenge by enhancing Graph Neural Networks (GNNs) with centrality measures to improve intrusion detection performance in IoT environments. We propose the so-called ”Centrality-based E-GraphSAGE”, an extension to the E-GraphSAGE model incorporating the centrality measures: Degree, Betweenness, Closeness, PageRank, and K-truss. These centrality measures, which highlight both the local and global influence of nodes (IoT devices), can uncover hidden patterns and relationships in network traffic data, thereby enhancing the performance of IDS systems. The centrality-informed initialization of node embeddings aids the model in capturing critical structural insights in the graph. The inclusion of residual connections further improves classification accuracy. Our models were evaluated on four datasets: NF-UQ-NIDS, NF-CSE-CIC-IDS2018, CCD-INID, and X-IIoTID. Results showed significant performance gains in accuracy of detection evaluated using F1-score and reduced number of false alarms. This work paves the way for more advanced and robust intrusion detection systems to improve the security of IoT networks.