Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks
Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new mac...
Saved in:
| Published in: | Proceedings (International Symposium on Digital Forensic and Security. Online) pp. 1 - 6 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
24.04.2025
|
| Subjects: | |
| ISSN: | 2768-1831 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security. |
|---|---|
| AbstractList | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect novel/unknown attacks which traditional signature-based methods struggle with. Recent advancements in Graph Neural Networks (GNNs) have enabled new machine learning-based approaches for anomaly detection in network traffic. However, most existing architectures either rely on node-focused GNN models or fail to account for inherent time-variance in network communication. The proposed approach proposes a novel edge-focused temporal graph autoencoder that explicitly models edge features alongside temporal variations to improve intrusion detection performance. Three edge-focused GNNs are explored (Graph Attention Networks, E-GraphSAGE, and Edge Enhanced GNNs (EGNN)) and are combined with a Gated Recurrent Unit (GRU) to learn meaningful communication patterns in network traffic over time. Two OT network datasets are used to validate this approach and compare it against a commonly used node-focused GNNs (such as Graph Convolutional Network). Results indicate that incorporating high-quality edge features significantly enhances detection accuracy, with EGNN achieving up to 0.947 and 1.0 F1-scores on each OT dataset respectively. Additionally, an edge-feature set analysis reveals that high-quality edge attributes are essential for maximizing performance. This work demonstrates the value of edge-focused and temporal-aware architectures for network intrusion detection and highlights the potential of GNN-based NIDS for OT security. |
| Author | Papa, Mauricio Howe, Alex |
| Author_xml | – sequence: 1 givenname: Alex surname: Howe fullname: Howe, Alex email: alex-howe@utulsa.edu organization: The University of Tulsa,Tulsa,Oklahoma – sequence: 2 givenname: Mauricio surname: Papa fullname: Papa, Mauricio email: mauricio-papa@utulsa.edu organization: The University of Tulsa,Tulsa,Oklahoma |
| BookMark | eNo1kM1OAjEYAKvRRETewENfYLHtt9ufI0FAko2YsJ5Jt_1WK7Al7RLj2xujniaZwxzmllz1sUdCKGdTzpl5WG8fl1tZgYSpYKL6kZwbqS_IxCijAXjFjIHykoyEkrrgGvgNmeT8wRgDrpRk1Yi8LvwbFsvozhk9bfB4iske6CrZ0zudnYeIvYseU6ZdTHTWx6M9xHOmdej39CWhD24Isaehp5uGPuPwGdM-35Hrzh4yTv44Js1y0cyfinqzWs9ndREMDIVprXKl6IB12jgGYJwStkXjwQktlTNac19Kpa2QAlppnWwtqrJD5U2JMCb3v9mAiLtTCkebvnb_I-AbmzBU-A |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISDFS65363.2025.11011968 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library (IEL) (UW System Shared) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Social Welfare & Social Work |
| EISBN | 9798331509934 |
| EISSN | 2768-1831 |
| EndPage | 6 |
| ExternalDocumentID | 11011968 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IPLJI M43 OCL RIE RIL |
| ID | FETCH-LOGICAL-i93t-9ba7c42f30f89c0339c72abe9d3c2867c9881d4678a2623b6ac6bae74fe7d94e3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 01:48:11 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i93t-9ba7c42f30f89c0339c72abe9d3c2867c9881d4678a2623b6ac6bae74fe7d94e3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_11011968 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-April-24 |
| PublicationDateYYYYMMDD | 2025-04-24 |
| PublicationDate_xml | – month: 04 year: 2025 text: 2025-April-24 day: 24 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings (International Symposium on Digital Forensic and Security. Online) |
| PublicationTitleAbbrev | ISDFS |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003177605 |
| Score | 1.9063709 |
| Snippet | Anomalous Network Intrusion Detection Systems (NIDS) play a critical role in securing Operational Technology (OT) networks and can be used to detect... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Accuracy Autoencoders Digital forensics Feature extraction Graph convolutional networks Image edge detection Network intrusion detection Network security Real-time systems Telecommunication traffic |
| Title | Edge-Focused Temporal Graph Autoencoders for Anomalous Link Prediction in OT Networks |
| URI | https://ieeexplore.ieee.org/document/11011968 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3JTsMwELWg4sCJrYilIB8QN7chdr0cK2iBS6lEEL1Vjj1BFSVBWfh-7KQp4sCBW2QpizxW3rNn3huErgxPKOUqIUZoTpgBQRRLBLHD2LcXiUXAbN1sQkyncj5Xs7VYvdbCAEBdfAZ9f1nn8m1mKn9UNnBQdeNWjNxG20LwRqy1OVBxQCgcN2-rdQI1eHy-8_5BlFO3DwyH_fb2X41UahyZ7P3zC_ZR90eRh2cbrDlAW5Aeol6jrcWvsEp0DvgatwNZ_n6EXsb2DcjEPbQAi6PGg2qF771FNR5VZeY9LH0dM3bEFY_S7EOvsqrAfnvqXuYzOD5qeJnipwhPm3rxoouiyTi6fSDrLgpkqWhJVKyFYWFCg0QqE1CqjAh1DMpSE0oujJKOsrrfpdSho0Ix14bHGgRLQFjFgB6jTpqlcIKwJ3-hBDPU2mGatloo4-gcY4JbR_z4Ker6GVt8Nj4Zi3ayzv4YP0e7Pi4-NxOyHuqUeQUXaMd8lcsiv6yj-w0qj6Uc |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV07T8MwELagIMHEq4hHAQ-ILaXErh2PFbS0ooRKBNGtcuwLqigJyoPfj500RQwMbJYHx_JZ-b7z3X2H0KViESFMRI7ikjlUAXcEjbiju6FtLxLyDtVlswnu-950KibLYvWyFgYAyuQzaNthGcvXiSrsU9m1gaobc2O8dbTRpcbxqcq1Vk8qBgq5Yed1vk5HXI-e76yCEGHEeIJut10v8KuVSokkg51_7mEXNX9q8vBkhTZ7aA3ifdSqqmvxKywimQK-wvVEkr4foJe-fgNnYBbNQOOgUqFa4HsrUo17RZ5YFUubyYwNdcW9OPmQi6TIsHVQzcdsDMfaDc9j_BRgv8oYz5ooGPSD26Gz7KPgzAXJHRFKrqgbkU7kCdUhRCjuyhCEJsr1GFfCM6TV_DA96RoyFDKpWCiB0wi4FhTIIWrESQxHCFv653qgulIaVJNacqEMoaOUM22oHztGTXtis89KKWNWH9bJH_MXaGsYPI5n45H_cIq2rY1spMalLdTI0wLO0Kb6yudZel5a-hvwd6hj |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%28International+Symposium+on+Digital+Forensic+and+Security.+Online%29&rft.atitle=Edge-Focused+Temporal+Graph+Autoencoders+for+Anomalous+Link+Prediction+in+OT+Networks&rft.au=Howe%2C+Alex&rft.au=Papa%2C+Mauricio&rft.date=2025-04-24&rft.pub=IEEE&rft.eissn=2768-1831&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FISDFS65363.2025.11011968&rft.externalDocID=11011968 |