This paper presents a new Network Intrusion Detection System (NIDS) based on
Graph Neural Networks (GNNs). GNNs are a relatively new sub-field of deep
neural networks, which can leverage the inherent structure of graph-based data.
Training and evaluation data for NIDSs are typically represented as flow
records, which can naturally be represented in a graph format. In this paper,
we propose E-GraphSAGE, a GNN approach that allows capturing both the edge
features of a graph as well as the topological information for network
intrusion detection in IoT networks. To the best of our knowledge, our proposal
is the first successful, practical, and extensively evaluated approach of
applying GNNs on the problem of network intrusion detection for IoT using
flow-based data. Our extensive experimental evaluation on four recent NIDS
benchmark datasets shows that our approach outperforms the state-of-the-art in
terms of key classification metrics, which demonstrates the potential of GNNs
in network intrusion detection, and provides motivation for further research.