POSTER: Activity Graph Learning for Attack Detection in IoT Networks

Abstract

IoT networks are the favorite target of cybercriminals. With more and more connected IoT devices, IoT networks offer large attack surface. There are many potential entry points for cybercriminals in these networks. Hence, attack detection is an essential part of securing IoT networks and protecting against the potential harm or damage that can result from successful attacks. In this paper, we propose a graph-based framework for detecting attacks in IoT networks. Our approach involves constructing an activity graph to represent the networking events occurring during a monitoring window. This graph is a rich attributed graph capturing both structure and semantic features from the network traffic. Then, we train a neural network on this graph to distinguish between normal activities and attacks. Our preliminary experiments show that our approach is able to accurately detect a large range of attacks when the size of the monitoring window is correctly set.