Deep Learning for IoT Security: Leveraging GNNs and Attention Networks
摘要
Securing the Internet of Things (IoT) has become a critical challenge, as traditional intrusion detection methods often fail to capture the complex, structural dependencies between compromised devices. In this study, we introduce Graph-Fusion, a novel architecture that we believe represents a significant methodological advancement by effectively bridging the gap between node-centric Graph Attention Networks (GAT) and edge-centric E-GraphSAGE algorithms. Unlike conventional Deep Neural Networks (DNNs) or standalone GNNs that often treat network flows in isolation, our approach explicitly models the intricate relationships between traffic patterns and device behaviors. We subjected this model to rigorous testing across four benchmark datasets (Bot-IoT, ToN-IoT, and their NetFlow variants). The results were compelling: Graph-Fusion achieved a 100.00% F1-Score on the Bot-IoT dataset and 98.35% on ToN-IoT, consistently outperforming standard baselines which struggle to maintain such precision in binary classification tasks. However, we go beyond simply reporting high metrics; we also provide a candid "root cause analysis" to explain specific detection limitations observed in imbalanced scenarios, such as XSS and DoS attacks. We argue that understanding these structural blind spots is just as valuable as the detection rates themselves. Ultimately, this work demonstrates that fusing edge and node features offers a far more robust defense mechanism for modern IoT infrastructures than existing single-stream architectures.