Network Flow Based IoT Anomaly Detection Using Graph Neural Network

Deep learning-based traffic anomaly detection methods are usually fed with high-dimensional statistical features. The greatest challenges are how to detect complex inter-feature relationships and localize and explain anomalies that deviate from these relationships. However, existing methods do not explicitly learn the structure of existing relationships between traffic features or use them to predict the expected behavior of traffic. In this work, we propose a network flow-based IoT anomaly detection approach. It extracts traffic features in different channels as time series. Then a graph neural network combined with a structure learning approach is used to learn relationships between features, which allows users to deduce the root cause of a detected anomaly. We build a real IoT environment and deploy our method on a gateway (simulated with Raspberry PI). The experiment results show that our method has excellent accuracy for detecting anomaly activities and localizes and explains these deviations.