Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks

Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new mac...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings (International Symposium on Digital Forensic and Security. Online) pp. 1 - 6
Main Authors: Howe, Alex, Papa, Mauricio
Format: Conference Proceeding
Language:English
Published: IEEE 24.04.2025
Subjects:
Accuracy
Autoencoders
Digital forensics
Feature extraction
Graph convolutional networks
Image edge detection
Network intrusion detection
Network security
Real-time systems
Telecommunication traffic
ISSN:2768-1831
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security.
ISSN:2768-1831
DOI:10.1109/ISDFS65363.2025.11011968