Intrusion Detection in IoT Networks Using Dynamic Graph Modeling and Graph-Based Neural Networks
William Villegas-Ch, Jaime Govea, Alexandra Maldonado Navarro, Pablo Palacios Játiva
Abstract
The rapid expansion of Internet of Things (IoT) networks has significantly increased security vulnerabilities, exposing critical infrastructures to sophisticated cyberattacks. Traditional Intrusion Detection Systems, based mainly on signature matching and predefined rules, present limitations in identifying emerging threats and distributed attacks due to their inability to analyze complex interactions within IoT networks. To address this problem, this study proposes a graph-based intrusion detection model using Graph Neural Networks (GNNs), leveraging a dynamic representation of IoT network traffic. In this model, devices are represented as nodes and communications as weighted edges, integrating features such as communication frequency, transmitted data volume, and protocol type. The proposed method was evaluated using a customized dataset from a simulated IoT network to reflect real-world attack scenarios, including Denial of Service, Spoofing, and Man-in-the-Middle. Experimental results demonstrate that our GNN-based model significantly outperforms traditional machine learning methods, achieving an F1-Score of 0.95 and an AUC-ROC of 0.98, compared to values between 0.84 and 0.91 for Support Vector Machines and Random Forests. Furthermore, the system reduces the false positive rate by 40% compared to signature-based IDS, improving its applicability in operational environments. The model also proved scalable, maintaining an inference time of 2.5 ms per sample on graphs of up to 10,000 nodes, making it viable for real-time deployment. These findings confirm that graph-based anomaly detection is a promising approach for securing large-scale IoT infrastructures, providing increased precision, adaptability, and robustness against emerging cyber threats.