REAL-IoT: Characterizing GNN Intrusion Detection Robustness under Practical Adversarial Attack

• URL: http://arxiv.org/abs/2507.10836v1
• Date: Mon, 14 Jul 2025 22:10:08 GMT
• Title: REAL-IoT: Characterizing GNN Intrusion Detection Robustness under Practical Adversarial Attack
• Authors: Zhonghao Zhan, Huichi Zhou, Hamed Haddadi,
• Abstract summary: Graph Neural Network (GNN)-based network intrusion detection systems (NIDS) are often evaluated on single datasets.<n>We propose textbfREAL-IoT, a comprehensive framework for robustness evaluation of GNN-based NIDS in IoT environments.
• Score: 5.881825061973424
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Graph Neural Network (GNN)-based network intrusion detection systems (NIDS) are often evaluated on single datasets, limiting their ability to generalize under distribution drift. Furthermore, their adversarial robustness is typically assessed using synthetic perturbations that lack realism. This measurement gap leads to an overestimation of GNN-based NIDS resilience. To address the limitations, we propose \textbf{REAL-IoT}, a comprehensive framework for robustness evaluation of GNN-based NIDS in IoT environments. Our framework presents a methodology that creates a unified dataset from canonical datasets to assess generalization under drift. In addition, it features a novel intrusion dataset collected from a physical IoT testbed, which captures network traffic and attack scenarios under real-world settings. Furthermore, using REAL-IoT, we explore the usage of Large Language Models (LLMs) to analyze network data and mitigate the impact of adversarial examples by filtering suspicious flows. Our evaluations using REAL-IoT reveal performance drops in GNN models compared to results from standard benchmarks, quantifying their susceptibility to drift and realistic attacks. We also demonstrate the potential of LLM-based filtering to enhance robustness. These findings emphasize the necessity of realistic threat modeling and rigorous measurement practices for developing resilient IoT intrusion detection systems.

Related papers

• Poster: Enhancing GNN Robustness for Network Intrusion Detection via Agent-based Analysis [5.881825061973424]
  Graph Neural Networks (GNNs) show great promise for Network Intrusion Detection Systems (NIDS)<n>GNNs suffer performance degradation due to distribution drift and lack robustness against realistic adversarial attacks.<n>This work proposes a novel approach to enhance GNN robustness and generalization by employing Large Language Models (LLMs) in an agentic pipeline as simulated cybersecurity expert agents.
  arXiv  Detail & Related papers  (2025-06-25T19:49:55Z)
• Localization of Impacts on Thin-Walled Structures by Recurrent Neural Networks: End-to-end Learning from Real-World Data [45.9982965995401]
  Impacts on thin-walled structures excite Lamb waves, which can be measured with piezoelectric sensors.<n>In the present contribution, we explore the localization of impacts using neural networks.<n>Our results show remarkable accuracy in estimating impact positions, even with a comparatively small dataset.
  arXiv  Detail & Related papers  (2025-05-13T09:08:47Z)
• Constrained Network Adversarial Attacks: Validity, Robustness, and Transferability [0.0]
  Research reveals a critical flaw in existing adversarial attack methodologies.<n>We show that the frequent violation of domain-specific constraints, inherent to IoT and network traffic, leads to up to 80.3% of adversarial examples being invalid.<n>This work underscores the importance of considering both domain constraints and model architecture when evaluating and designing robust ML/DL models for security-critical IoT and network applications.
  arXiv  Detail & Related papers  (2025-05-02T15:01:42Z)
• FLARE: Feature-based Lightweight Aggregation for Robust Evaluation of IoT Intrusion Detection [0.0]
  Internet of Things (IoT) devices have expanded the attack surface, necessitating efficient intrusion detection systems (IDSs) for network protection.<n>This paper presents FLARE, a feature-based lightweight aggregation for robust evaluation of IoT intrusion detection.<n>We employ four supervised learning models and two deep learning models to classify attacks in IoT IDS.
  arXiv  Detail & Related papers  (2025-04-21T18:33:53Z)
• Enhancing Network Intrusion Detection Performance using Generative Adversarial Networks [0.25163931116642785]
  We propose a novel approach for enhancing the performance of an NIDS through the integration of Generative Adversarial Networks (GANs) GANs generate synthetic network traffic data that closely mimics real-world network behavior. Our findings show that the integration of GANs into NIDS can lead to enhancements in intrusion detection performance for attacks with limited training data.
  arXiv  Detail & Related papers  (2024-04-11T04:01:15Z)
• Problem space structural adversarial attacks for Network Intrusion Detection Systems based on Graph Neural Networks [8.629862888374243]
  We propose the first formalization of adversarial attacks specifically tailored for GNN in network intrusion detection. We outline and model the problem space constraints that attackers need to consider to carry out feasible structural attacks in real-world scenarios. Our findings demonstrate the increased robustness of the models against classical feature-based adversarial attacks.
  arXiv  Detail & Related papers  (2024-03-18T14:40:33Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• A Geometrical Approach to Evaluate the Adversarial Robustness of Deep Neural Networks [52.09243852066406]
  Adversarial Converging Time Score (ACTS) measures the converging time as an adversarial robustness metric. We validate the effectiveness and generalization of the proposed ACTS metric against different adversarial attacks on the large-scale ImageNet dataset.
  arXiv  Detail & Related papers  (2023-10-10T09:39:38Z)
• Federated Deep Learning for Intrusion Detection in IoT Networks [1.3097853961043058]
  A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. This approach may violate data privacy and prohibit IDS scalability. We design an experiment representative of the real world and evaluate the performance of an FL-based IDS.
  arXiv  Detail & Related papers  (2023-06-05T09:08:24Z)
• Energy-based Out-of-Distribution Detection for Graph Neural Networks [76.0242218180483]
  We propose a simple, powerful and efficient OOD detection model for GNN-based learning on graphs, which we call GNNSafe. GNNSafe achieves up to $17.0%$ AUROC improvement over state-of-the-arts and it could serve as simple yet strong baselines in such an under-developed area.
  arXiv  Detail & Related papers  (2023-02-06T16:38:43Z)
• On the benefits of robust models in modulation recognition [53.391095789289736]
  Deep Neural Networks (DNNs) using convolutional layers are state-of-the-art in many tasks in communications. In other domains, like image classification, DNNs have been shown to be vulnerable to adversarial perturbations. We propose a novel framework to test the robustness of current state-of-the-art models.
  arXiv  Detail & Related papers  (2021-03-27T19:58:06Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Uncertainty-Matching Graph Neural Networks to Defend Against Poisoning Attacks [43.60973654460398]
  Graph Neural Networks (GNNs) are generalizations of neural networks to graph-structured data. GNNs are vulnerable to adversarial attacks, i.e., a small perturbation to the structure can lead to a non-trivial performance degradation. We propose Uncertainty Matching GNN (UM-GNN), that is aimed at improving the robustness of GNN models.
  arXiv  Detail & Related papers  (2020-09-30T05:29:42Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.