Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks
Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new mac...
Saved in:
| Published in: | Proceedings (International Symposium on Digital Forensic and Security. Online) pp. 1 - 6 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
24.04.2025
|
| Subjects: | |
| ISSN: | 2768-1831 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security. |
|---|---|
| AbstractList | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security. |
| Author | Papa, Mauricio Howe, Alex |
| Author_xml | – sequence: 1 givenname: Alex surname: Howe fullname: Howe, Alex email: alex-howe@utulsa.edu organization: The University of Tulsa,Tulsa,Oklahoma – sequence: 2 givenname: Mauricio surname: Papa fullname: Papa, Mauricio email: mauricio-papa@utulsa.edu organization: The University of Tulsa,Tulsa,Oklahoma |
| BookMark | eNo1kM1OAjEYAKvRRETewENfYLHtt9ufI0FAko2YsJ5Jt_1WK7Al7RLj2xujniaZwxzmllz1sUdCKGdTzpl5WG8fl1tZgYSpYKL6kZwbqS_IxCijAXjFjIHykoyEkrrgGvgNmeT8wRgDrpRk1Yi8LvwbFsvozhk9bfB4iske6CrZ0zudnYeIvYseU6ZdTHTWx6M9xHOmdej39CWhD24Isaehp5uGPuPwGdM-35Hrzh4yTv44Js1y0cyfinqzWs9ndREMDIVprXKl6IB12jgGYJwStkXjwQktlTNac19Kpa2QAlppnWwtqrJD5U2JMCb3v9mAiLtTCkebvnb_I-AbmzBU-A |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISDFS65363.2025.11011968 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library (IEL) (UW System Shared) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Social Welfare & Social Work |
| EISBN | 9798331509934 |
| EISSN | 2768-1831 |
| EndPage | 6 |
| ExternalDocumentID | 11011968 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-i93t-9ba7c42f30f89c0339c72abe9d3c2867c9881d4678a2623b6ac6bae74fe7d94e3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 01:48:11 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i93t-9ba7c42f30f89c0339c72abe9d3c2867c9881d4678a2623b6ac6bae74fe7d94e3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_11011968 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-April-24 |
| PublicationDateYYYYMMDD | 2025-04-24 |
| PublicationDate_xml | – month: 04 year: 2025 text: 2025-April-24 day: 24 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings (International Symposium on Digital Forensic and Security. Online) |
| PublicationTitleAbbrev | ISDFS |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003177605 |
| Score | 1.9062644 |
| Snippet | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Accuracy Autoencoders Digital forensics Feature extraction Graph convolutional networks Image edge detection Network intrusion detection Network security Real-time systems Telecommunication traffic |
| Title | Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks |
| URI | https://ieeexplore.ieee.org/document/11011968 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3JTsMwELVoxYETWxFLQT4gbmmT2InjYwUtIKFSiQC9VV4mqKIkKAvfj500RRw4cIssZdFM7Hn2zHuD0GWilJQyMBNJqcihQRA6wvO04yck0JQmiVt3nnt5YNNpNJ_z2ZqsXnNhAKAuPoOBvaxz-TpTlT0qG5pQ5Zk_JuqgDmNhQ9baHKiYQMgMNm-rdVw-vH-6sfpBJCRmH-gHg_b2X41U6jgy2f3nF-yh3g8jD882sWYfbUF6gPoNtxa_wioROeAr3A5k-fsheh7rN3Am5qEFaBw3GlQrfGslqvGoKjOrYWnrmLEBrniUZh9ilVUFtttT8zKbwbFew8sUP8Z42tSLFz0UT8bx9Z2z7qLgLDkpHS4FU9SY3k0irlxCuGK-kMA1UX4UMsUjA1nNchkJ30AhGQoVSgGMJsA0p0COUDfNUjhGWHoQCA84aIio0EwITqWBjwqowRmcn6Cetdjis9HJWLTGOv1j_AztWL_Y3IxP-6hb5hWco231VS6L_KL27jc8WKZg |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3JTsMwELWgIMGJrYilgA-IW9oszuJjBS2tKKESYblVXiaooiQoC9-PnTRFHDhwi3xwopkk88Yz7w1Cl7EQnHNXfUhCBAZxXc9gliUNO3ZcSUgcm9XkueeJH4bB6yudLsnqFRcGAKrmM-jqy6qWL1NR6qOyngpVlnpjgnW04RKV-NR0rdWRigqFvkLnTb-OSXvjxxutIOR4jsoEbbfbbPBrlEoVSYY7_3yGXdT-4eTh6Sra7KE1SPZRp2bX4hdYxCwDfIWbhTR7P0BPA_kGxlBtmoPEUa1CtcC3WqQa98si1SqWupMZK-iK-0n6wRZpmWOdoKqb6RqO9hueJ_ghwmHdMZ63UTQcRNcjYzlHwZhTpzAoZ74gyvhmHFBhOg4Vvs04UOkIO_B8QQMFWtUPM2C2AkPcY8LjDHwSgy8pAecQtZI0gSOEuQUus4CChIAw6TNGCVcAUgBRSIPSY9TWFpt91koZs8ZYJ3-sX6CtUXQ_mU3G4d0p2tY-0pUam3RQq8hKOEOb4quY59l55elvEhOppw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%28International+Symposium+on+Digital+Forensic+and+Security.+Online%29&rft.atitle=Edge-Focused+Temporal+Graph+Autoencoders+for+Anomalous+Link+Prediction+in+OT+Networks&rft.au=Howe%2C+Alex&rft.au=Papa%2C+Mauricio&rft.date=2025-04-24&rft.pub=IEEE&rft.eissn=2768-1831&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FISDFS65363.2025.11011968&rft.externalDocID=11011968 |