HC-NIDS: Historical contextual information based network intrusion detection system in Internet of Things

In the context of the burgeoning Internet of Things (IoT), the security of interconnected devices is of paramount importance. Nevertheless, the dynamic nature of IoT networks and the challenges in low-label data volume present significant difficulties for traditional network security technologies. This paper introduces HC-NIDS, a Historical Contextual Traffic Based Network Intrusion Detection System, which addresses these challenges by leveraging contextual information from historical traffic. In HC-NIDS, we propose a novel feature representation technique based on the structure of Graph Neural Networks (GNNs), called Signal Channel Correlation Fusion Representation. This technique is designed to extract compelling features from complex historical traffic in a dynamic manner. Subsequently, the incorporation of extracted historical and current traffic features facilitates the enhancement of the efficacy and resilience of HC-NIDS against evolving network threats. A series of comprehensive experiments on four public datasets have validated the effectiveness of HC-NIDS, demonstrating its superior performance even when utilizing disparate volumes of labeled data. Notably, in multi-classification tasks, the detection outcomes remain markedly enhanced even when employing a mere 2% of original labeled training data, in comparison to the baselines. The study also investigates the impact of varying lengths of historical data and the functionality of different modules within HC-NIDS, confirming its adaptability and potential for practical application in securing IoT networks. The findings highlight the critical role of historical traffic information in enhancing the accuracy of network intrusion detection, indicating a promising direction for future research in network security.