With the rapid popularization of the Internet of Things (IoT), insufficient network access protection for IoT devices makes them vulnerable to malicious traffic attacks, posing a severe challenge to the security of the IoT. Existing methods mainly extract features from a single bidirectional flow(bi-flow), ignoring the fact that IoT traffic is composed of high-density short bi-flows, where the interactions between multiple bi-flows are crucial. In this paper, we propose a Bi-Flow Interaction-based Recognition of Encrypted malicious traffic model using Graph neural network for IoT, termed as FIRE-G. More specifically, for the Intra-Bi-Flow level, we propose the Intra-Bi-Flow Interaction Graph module (IntraFIG), which enhances the temporal feature representation of the bi-flow by using time encoding, and combines the graph attention mechanism with a diverse pooling strategy to extract the Intra-Bi-Flow features. For the Inter-Bi-Flow level, we propose an Inter-Bi-Flow Interaction Graph module (InterFIG), which constructs an Inter-Bi-Flow relational graph by using temporal and bi-flow context features, and enhances each bi-flow feature representation by using relational graph attention network. Finally, a multi-class classifier module is used to detect and classify IoT traffic. Extensive experiments on benchmark datasets demonstrate that FIRE-G achieves higher accuracy and stronger robustness compared to existing methods based on external flow characteristics, highlighting its feasibility in IoT security detection systems.
Liu et al. (Thu,) studied this question.