Abstract:

The widespread growth of Internet of Things (IoT) networks has greatly enhanced the attack surface, necessitating scalable, intelligent threat detection. Utilizing Graph-Optimized Neural Networks and topological embeddings provides an effective means to capture intricate device interaction and communication patterns in these networks. Nevertheless, current threat detection mechanisms tend to fall short of scalability over dense IoT topologies and cannot model dynamic, non-linear relationships common with lateral movement attacks. Most existing anomaly detection mechanisms are based on static features or linear models and hence produce very high false positives and suffer from delayed detection. In response to these issues, we present TopoGNN-LMA (Topological Graph Neural Network for Lateral Movement Attack Detection), a new framework that builds dynamic communication graphs of IoT devices and utilizes Graph Neural Networks (GNNs) with augmented topological embeddings. Combining node2vec-based structural embeddings and persistent homology features, TopoGNN-LMA detects local connectivity and global topological variations in real-time to recognize anomalous device behavior. Experimental tests on benchmark IoT datasets and a tailored smart home simulation prove that TopoGNN-LMA attains high detection accuracy with minimal latency and reduces false positives significantly compared to traditional approaches. These findings show the promise of integrating GNNs with topological understanding for scalable and trustworthy cyber threat detection in contemporary IoT infrastructures.