Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks
Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new mac...
Uloženo v:
| Vydáno v: | Proceedings (International Symposium on Digital Forensic and Security. Online) s. 1 - 6 |
|---|---|
| Hlavní autoři: | , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
24.04.2025
|
| Témata: | |
| ISSN: | 2768-1831 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security. |
|---|---|
| AbstractList | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security. |
| Author | Papa, Mauricio Howe, Alex |
| Author_xml | – sequence: 1 givenname: Alex surname: Howe fullname: Howe, Alex email: alex-howe@utulsa.edu organization: The University of Tulsa,Tulsa,Oklahoma – sequence: 2 givenname: Mauricio surname: Papa fullname: Papa, Mauricio email: mauricio-papa@utulsa.edu organization: The University of Tulsa,Tulsa,Oklahoma |
| BookMark | eNo1kM1OAjEYAKvRRETewENfYLHtt9ufI0FAko2YsJ5Jt_1WK7Al7RLj2xujniaZwxzmllz1sUdCKGdTzpl5WG8fl1tZgYSpYKL6kZwbqS_IxCijAXjFjIHykoyEkrrgGvgNmeT8wRgDrpRk1Yi8LvwbFsvozhk9bfB4iske6CrZ0zudnYeIvYseU6ZdTHTWx6M9xHOmdej39CWhD24Isaehp5uGPuPwGdM-35Hrzh4yTv44Js1y0cyfinqzWs9ndREMDIVprXKl6IB12jgGYJwStkXjwQktlTNac19Kpa2QAlppnWwtqrJD5U2JMCb3v9mAiLtTCkebvnb_I-AbmzBU-A |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISDFS65363.2025.11011968 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEL IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Social Welfare & Social Work |
| EISBN | 9798331509934 |
| EISSN | 2768-1831 |
| EndPage | 6 |
| ExternalDocumentID | 11011968 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-i93t-9ba7c42f30f89c0339c72abe9d3c2867c9881d4678a2623b6ac6bae74fe7d94e3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 01:48:11 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i93t-9ba7c42f30f89c0339c72abe9d3c2867c9881d4678a2623b6ac6bae74fe7d94e3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_11011968 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-April-24 |
| PublicationDateYYYYMMDD | 2025-04-24 |
| PublicationDate_xml | – month: 04 year: 2025 text: 2025-April-24 day: 24 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings (International Symposium on Digital Forensic and Security. Online) |
| PublicationTitleAbbrev | ISDFS |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003177605 |
| Score | 1.9063709 |
| Snippet | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Accuracy Autoencoders Digital forensics Feature extraction Graph convolutional networks Image edge detection Network intrusion detection Network security Real-time systems Telecommunication traffic |
| Title | Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks |
| URI | https://ieeexplore.ieee.org/document/11011968 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELZoxcDEq4hHQR4QW9o0dmN7rKAFJFQqEaBb5dhnVFESlAe_HztpihgY2CxLfshn-e58932H0CWVhoe-Mt5Qc9-jWitPQjj0BpzLmNFQk6p0wssDm075fC5ma7B6hYUBgCr5DHquWcXydapK91XWt6pqYG8Mb6EWY2EN1tp8qFhFyKxt3mTr-KJ__3Tj-INISKwfGAx7zfBfhVQqPTLZ_ecO9lDnB5GHZxtds4-2IDlA3Rpbi19hZWQG-Ao3HWn2foiex_oNvImdNAeNo5qDaoVvHUU1HpVF6jgsXR4ztoYrHiXph1ylZY6de2oXcxEcJzW8TPBjhKd1vnjeQdFkHF3feesqCt5SkMITsWSKBob4hgvlEyIUC2QMQhMV8JApwa3Jap9LLgNrCsWhVGEsgVEDTAsK5Ai1kzSBY4SFoL5UzDp0saS-ttKkzBhGwDdGDaU4QR13YovPmidj0RzW6R_9Z2jHycXFZgLaRe0iK-EcbauvYplnF5V0vwGyraYA |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG4UTfTkC-MDtQfjbWHddrftkSgIEZHEVbmRbjs1RNw1LPj7bXcB48GDt2YObdNpOjOd-b5B6JJKwyNfGS_U3Peo1sqTEIXeNecyYTTSpGid8NJj_T4fDsVgAVYvsDAAUBSfQd0Ni1y-ztTcfZU1rKm6tjeGr6ONkNrAp4Rrrb5UrClk1jtf1uv4otF9unUMQiQiNhIMwvpygl-tVApL0t755x52UfUHk4cHK2uzh9Yg3Ue1El2LX2Fi5BTwFV4Ksun7AXpu6Tfw2nbSHDSOSxaqCb5zJNW4OZ9ljsXSVTJj67riZpp9yEk2z7ELUO1iLofj9IbHKX6Mcb-sGM-rKG634puOt-ij4I0FmXkikUzRwBDfcKF8QoRigUxAaKICHjEluHVa7YPJZWCdoSSSKkokMGqAaUGBHKJKmqVwhLAQ1JeK2ZAukdTXVp-UGcMI-MaoUIpjVHUnNvosmTJGy8M6-UN-gbY68UNv1Ov270_RttORy9QEtIYqs-kcztCm-pqN8-l5oelvg5CpRw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%28International+Symposium+on+Digital+Forensic+and+Security.+Online%29&rft.atitle=Edge-Focused+Temporal+Graph+Autoencoders+for+Anomalous+Link+Prediction+in+OT+Networks&rft.au=Howe%2C+Alex&rft.au=Papa%2C+Mauricio&rft.date=2025-04-24&rft.pub=IEEE&rft.eissn=2768-1831&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FISDFS65363.2025.11011968&rft.externalDocID=11011968 |