Zhian Cui, Hailong Li, Xieyang Shen and Yunhao Zhang, Rocket Force University of Engineering, China
With the rapid growth of Internet of Things (IoT) devices, network attacks are exhibiting a composite characteristic of "localized feature obfuscation" and "global propagation synergy" exposing significant limitations in traditional intrusion detection methods when confronting complex attack patterns. To address this challenge, this paper proposes a network intrusion detection model based on Graph Attention Network (GAT) and Graph Sample and Aggregate (GraphSAGE), named GAS-IDS. The GAT layer employs a multi-head attention mechanism to achieve dynamic weighting of critical features, effectively enhancing the representation capability for anomalous traffic. The GraphSAGE layer captures the propagation patterns of attack behaviors through two-hop neighborhood sampling and aggregation of topological features. Validation was conducted on four public datasets, including BoT-IoT. Experimental results demonstrate that the model achieves an approximate 4.5% improvement in F1-score compared to traditional baseline models, while exhibiting strong stability under class imbalance and large-scale topological data. This provides a robust solution for IoT security.
Graph neural networks, Graph attention network, Graph sampling and aggregation, Internet of Things security.
