Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

GNN-enhanced Traffic Anomaly Detection for Next-Generation SDN-Enabled Consumer Electronics

Guan-Yan Yang, Farn Wang, Kuo-Hui Yeh

TL;DR

This work tackles NAD in next-generation SDN-enabled CE networks, where CE devices and traffic patterns are diverse and dynamic. It introduces GNN-NAD, which fuses a static vulnerability-aware attack graph with real-time traffic features, learned via a streamlined GSAGE graph neural network and final classification by a Random Forest. The approach achieves state-of-the-art performance on CIC-IDS-2017 with small data samples, demonstrating robustness and efficiency suitable for resource-constrained CE environments. The findings highlight the practical potential of integrated static-dynamic graph representations for rapid detection and automated mitigation in CFN/SDN CE ecosystems.

Abstract

Consumer electronics (CE) connected to the Internet of Things are susceptible to various attacks, including DDoS and web-based threats, which can compromise their functionality and facilitate remote hijacking. These vulnerabilities allow attackers to exploit CE for broader system attacks while enabling the propagation of malicious code across the CE network, resulting in device failures. Existing deep learning-based traffic anomaly detection systems exhibit high accuracy in traditional network environments but are often overly complex and reliant on static infrastructure, necessitating manual configuration and management. To address these limitations, we propose a scalable network model that integrates Software-defined Networking (SDN) and Compute First Networking (CFN) for next-generation CE networks. In this network model, we propose a Graph Neural Networks-based Network Anomaly Detection framework (GNN-NAD) that integrates SDN-based CE networks and enables the CFN architecture. GNN-NAD uniquely fuses a static, vulnerability-aware attack graph with dynamic traffic features, providing a holistic view of network security. The core of the framework is a GNN model (GSAGE) for graph representation learning, followed by a Random Forest (RF) classifier. This design (GSAGE+RF) demonstrates superior performance compared to existing feature selection methods. Experimental evaluations on CE environment reveal that GNN-NAD achieves superior metrics in accuracy, recall, precision, and F1 score, even with small sample sizes, exceeding the performance of current network anomaly detection methods. This work advances the security and efficiency of next-generation intelligent CE networks.

GNN-enhanced Traffic Anomaly Detection for Next-Generation SDN-Enabled Consumer Electronics

TL;DR

This work tackles NAD in next-generation SDN-enabled CE networks, where CE devices and traffic patterns are diverse and dynamic. It introduces GNN-NAD, which fuses a static vulnerability-aware attack graph with real-time traffic features, learned via a streamlined GSAGE graph neural network and final classification by a Random Forest. The approach achieves state-of-the-art performance on CIC-IDS-2017 with small data samples, demonstrating robustness and efficiency suitable for resource-constrained CE environments. The findings highlight the practical potential of integrated static-dynamic graph representations for rapid detection and automated mitigation in CFN/SDN CE ecosystems.

Abstract

Consumer electronics (CE) connected to the Internet of Things are susceptible to various attacks, including DDoS and web-based threats, which can compromise their functionality and facilitate remote hijacking. These vulnerabilities allow attackers to exploit CE for broader system attacks while enabling the propagation of malicious code across the CE network, resulting in device failures. Existing deep learning-based traffic anomaly detection systems exhibit high accuracy in traditional network environments but are often overly complex and reliant on static infrastructure, necessitating manual configuration and management. To address these limitations, we propose a scalable network model that integrates Software-defined Networking (SDN) and Compute First Networking (CFN) for next-generation CE networks. In this network model, we propose a Graph Neural Networks-based Network Anomaly Detection framework (GNN-NAD) that integrates SDN-based CE networks and enables the CFN architecture. GNN-NAD uniquely fuses a static, vulnerability-aware attack graph with dynamic traffic features, providing a holistic view of network security. The core of the framework is a GNN model (GSAGE) for graph representation learning, followed by a Random Forest (RF) classifier. This design (GSAGE+RF) demonstrates superior performance compared to existing feature selection methods. Experimental evaluations on CE environment reveal that GNN-NAD achieves superior metrics in accuracy, recall, precision, and F1 score, even with small sample sizes, exceeding the performance of current network anomaly detection methods. This work advances the security and efficiency of next-generation intelligent CE networks.

Paper Structure

This paper contains 24 sections, 7 equations, 6 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Security in CFN and Intelligent IoT
  4. Traditional and ML-based NAD
  5. GNN-based and Advanced NAD
  6. Research Gap Summary
  7. Our Network Model
  8. Proposed GNN-NAD Framework
  9. Graph Construction
  10. Static Attack Graph
  11. Dynamic Traffic Data
  12. Integrating Static and Dynamic Features
  13. GNN-based Representation Learning
  14. Classification
  15. Experiment
  16. ...and 9 more sections

Figures (6)

  • Figure 1: Our Network Model
  • Figure 2: Our Proposed Detection Framework
  • Figure 3: Topology for our experiment. (Screenshot from Onos Controller.)
  • Figure 4: Compare with widely used NN and GNN models with different sample rates with our graph classification method.
  • Figure 5: Compare Testing Time with Baseline methods.
  • ...and 1 more figures