{"id":"https://openalex.org/W4385236985","doi":"https://doi.org/10.1109/jiot.2023.3298663","title":"A GNN-Based Adversarial Internet of Things Malware Detection Framework for Critical Infrastructure: Studying Gafgyt, Mirai, and Tsunami Campaigns","display_name":"A GNN-Based Adversarial Internet of Things Malware Detection Framework for Critical Infrastructure: Studying Gafgyt, Mirai, and Tsunami Campaigns","publication_year":2023,"publication_date":"2023-07-25","ids":{"openalex":"https://openalex.org/W4385236985","doi":"https://doi.org/10.1109/jiot.2023.3298663"},"language":"en","primary_location":{"id":"doi:10.1109/jiot.2023.3298663","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2023.3298663","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017182552","display_name":"Bardia Esmaeili","orcid":"https://orcid.org/0000-0003-0149-501X"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Bardia Esmaeili","raw_affiliation_strings":["Cyber Science Lab, School of Computer Sciences, University of Guelph, Guelph, ON, Canada"],"raw_orcid":"https://orcid.org/0000-0003-0149-501X","affiliations":[{"raw_affiliation_string":"Cyber Science Lab, School of Computer Sciences, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046380826","display_name":"Amin Azmoodeh","orcid":"https://orcid.org/0000-0002-4109-4395"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amin Azmoodeh","raw_affiliation_strings":["Cyber Science Lab, School of Computer Sciences, University of Guelph, Guelph, ON, Canada"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Cyber Science Lab, School of Computer Sciences, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038019914","display_name":"Ali Dehghantanha","orcid":"https://orcid.org/0000-0002-9294-7554"},"institutions":[{"id":"https://openalex.org/I79817857","display_name":"University of Guelph","ror":"https://ror.org/01r7awg59","country_code":"CA","type":"education","lineage":["https://openalex.org/I79817857"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ali Dehghantanha","raw_affiliation_strings":["Cyber Science Lab, School of Computer Sciences, University of Guelph, Guelph, ON, Canada"],"raw_orcid":"https://orcid.org/0000-0002-9294-7554","affiliations":[{"raw_affiliation_string":"Cyber Science Lab, School of Computer Sciences, University of Guelph, Guelph, ON, Canada","institution_ids":["https://openalex.org/I79817857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041541232","display_name":"Gautam Srivastava","orcid":"https://orcid.org/0000-0001-9851-4103"},"institutions":[{"id":"https://openalex.org/I184693016","display_name":"China Medical University","ror":"https://ror.org/00v408z34","country_code":"TW","type":"education","lineage":["https://openalex.org/I184693016"]},{"id":"https://openalex.org/I48890080","display_name":"Brandon University","ror":"https://ror.org/02qp25a50","country_code":"CA","type":"education","lineage":["https://openalex.org/I48890080"]},{"id":"https://openalex.org/I56306041","display_name":"Lebanese American University","ror":"https://ror.org/00hqkan37","country_code":"LB","type":"education","lineage":["https://openalex.org/I56306041"]}],"countries":["CA","LB","TW"],"is_corresponding":false,"raw_author_name":"Gautam Srivastava","raw_affiliation_strings":["Department of Math and Computer Science, Brandon University, Brandon, MB, Canada","Department of Computer Science and Math, Lebanese American University, Beirut, Lebanon","Research Centre for Interneural Computing, China Medical University, Taichung, Taiwan"],"raw_orcid":"https://orcid.org/0000-0001-9851-4103","affiliations":[{"raw_affiliation_string":"Department of Math and Computer Science, Brandon University, Brandon, MB, Canada","institution_ids":["https://openalex.org/I48890080"]},{"raw_affiliation_string":"Department of Computer Science and Math, Lebanese American University, Beirut, Lebanon","institution_ids":["https://openalex.org/I56306041"]},{"raw_affiliation_string":"Research Centre for Interneural Computing, China Medical University, Taichung, Taiwan","institution_ids":["https://openalex.org/I184693016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102945288","display_name":"Hadis Karimipour","orcid":"https://orcid.org/0000-0001-7948-4033"},"institutions":[{"id":"https://openalex.org/I168635309","display_name":"University of Calgary","ror":"https://ror.org/03yjb2x39","country_code":"CA","type":"education","lineage":["https://openalex.org/I168635309"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Hadis Karimipour","raw_affiliation_strings":["Department of Electrical and Software Engineering, University of Calgary, Calgary, AB, Canada"],"raw_orcid":"https://orcid.org/0000-0001-7948-4033","affiliations":[{"raw_affiliation_string":"Department of Electrical and Software Engineering, University of Calgary, Calgary, AB, Canada","institution_ids":["https://openalex.org/I168635309"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000640263","display_name":"Jerry Chun\u2010Wei Lin","orcid":"https://orcid.org/0000-0001-8768-9709"},"institutions":[{"id":"https://openalex.org/I119004910","display_name":"Silesian University of Technology","ror":"https://ror.org/02dyjk442","country_code":"PL","type":"education","lineage":["https://openalex.org/I119004910"]}],"countries":["PL"],"is_corresponding":false,"raw_author_name":"Jerry Chun-Wei Lin","raw_affiliation_strings":["Department of Distributed Systems and IT Devices, Faculty of Automatic Control, Electronics, and Computer Science, Silesian University of Technology, Gliwice, Poland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Distributed Systems and IT Devices, Faculty of Automatic Control, Electronics, and Computer Science, Silesian University of Technology, Gliwice, Poland","institution_ids":["https://openalex.org/I119004910"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.7445,"has_fulltext":false,"cited_by_count":23,"citation_normalized_percentile":{"value":0.94513929,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"11","issue":"16","first_page":"26826","last_page":"26836"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8536943197250366},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8186166286468506},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7983400821685791},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6011813879013062},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5245224237442017},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.47174084186553955},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.4625927805900574},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3871319890022278},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3634083867073059}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8536943197250366},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8186166286468506},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7983400821685791},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6011813879013062},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5245224237442017},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.47174084186553955},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.4625927805900574},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3871319890022278},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3634083867073059},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/jiot.2023.3298663","is_oa":false,"landing_page_url":"https://doi.org/10.1109/jiot.2023.3298663","pdf_url":null,"source":{"id":"https://openalex.org/S2480266640","display_name":"IEEE Internet of Things Journal","issn_l":"2327-4662","issn":["2327-4662","2372-2541"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Internet of Things Journal","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6700000166893005,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W1976107877","https://openalex.org/W2001487532","https://openalex.org/W2077278164","https://openalex.org/W2091939272","https://openalex.org/W2148542813","https://openalex.org/W2514974017","https://openalex.org/W2573650634","https://openalex.org/W2574017551","https://openalex.org/W2744095836","https://openalex.org/W2765921396","https://openalex.org/W2803831897","https://openalex.org/W2891700561","https://openalex.org/W2911377781","https://openalex.org/W2914953695","https://openalex.org/W2961099251","https://openalex.org/W2962711740","https://openalex.org/W2962802821","https://openalex.org/W2964159373","https://openalex.org/W2969468102","https://openalex.org/W2969904462","https://openalex.org/W2973367395","https://openalex.org/W2981856772","https://openalex.org/W2982596671","https://openalex.org/W2990623250","https://openalex.org/W2995512646","https://openalex.org/W3013520104","https://openalex.org/W3015481738","https://openalex.org/W3047095708","https://openalex.org/W3087886930","https://openalex.org/W3098276446","https://openalex.org/W3119687955","https://openalex.org/W3131231119","https://openalex.org/W3167041328","https://openalex.org/W3186739895","https://openalex.org/W3201570226","https://openalex.org/W3217748719","https://openalex.org/W4231702991","https://openalex.org/W4283747666","https://openalex.org/W4285224916","https://openalex.org/W4288021162","https://openalex.org/W4312537006","https://openalex.org/W4312707592","https://openalex.org/W4324142623","https://openalex.org/W6606847443","https://openalex.org/W6738964360","https://openalex.org/W6751494907","https://openalex.org/W6754717347","https://openalex.org/W6754929296","https://openalex.org/W6760045743","https://openalex.org/W6767756853","https://openalex.org/W6771273758","https://openalex.org/W6794840795"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119","https://openalex.org/W4285226279","https://openalex.org/W4288019534"],"abstract_inverted_index":{"Significant":[0],"advancement":[1],"in":[2,20,39,58,124],"Deep":[3],"learning":[4],"(DL)":[5],"has":[6],"turned":[7],"it":[8],"into":[9],"an":[10,143],"integral":[11],"part":[12],"of":[13,164,189],"robust":[14],"approaches":[15],"for":[16,108],"addressing":[17],"cybersecurity":[18],"problems":[19],"both":[21],"current":[22],"and":[23,62,91,147],"aging":[24],"infrastructures.":[25],"Control":[26],"Flow":[27],"Graphs":[28],"(CFGs)":[29],"have":[30,55,80,94],"demonstrated":[31],"their":[32],"effectiveness":[33],"as":[34,142,201],"leading":[35],"choices":[36],"that":[37],"result":[38],"high-performing":[40],"classifiers":[41,89],"among":[42],"various":[43],"data":[44,126,156],"representations":[45],"used":[46,68],"by":[47],"DL-based":[48],"models.":[49],"Recently,":[50],"Graph":[51],"Neural":[52],"Networks":[53],"(GNNs)":[54],"made":[56],"breakthroughs":[57],"the":[59,84,116,138,149,154,173,185,190,193,212],"graph":[60],"domain,":[61],"before":[63,128],"long,":[64],"they":[65],"were":[66],"jointly":[67],"with":[69,112,176],"CFGs":[70,111],"to":[71,152,196,211],"train":[72,148],"performant":[73],"malware":[74,88,131],"classifiers.":[75],"However,":[76],"graph-based":[77,87],"adversarial":[78,106,110,120,139,150,160,166],"attacks":[79],"caused":[81],"suspicion":[82],"about":[83],"predictions":[85],"these":[86],"make,":[90],"few":[92],"studies":[93],"investigated":[95],"detecting":[96],"such":[97],"attacks.":[98],"Therefore,":[99],"this":[100,134],"paper":[101],"proposes":[102],"a":[103,125,129,177,198,202,207],"novel":[104],"GNN-based":[105,130,159],"detector":[107,121,151,161],"identifying":[109],"higher":[113,171],"efficacy":[114],"than":[115,172],"previous":[117,174,213],"work.":[118],"This":[119],"is":[122,169],"placed":[123],"pipeline":[127],"classifier.":[132],"In":[133,184],"paper,":[135],"we":[136,205],"solve":[137],"detection":[140,145],"problem":[141],"anomaly":[144],"scenario":[146],"learn":[153],"normal":[155],"distribution.":[157],"Our":[158],"detects":[162],"98.96%":[163],"all":[165],"CFGs,":[167],"which":[168],"1.17%":[170],"method,":[175],"5.95%":[178],"lower":[179],"False":[180],"Positive":[181],"Rate":[182],"(FPR).":[183],"most":[186],"hazardous":[187],"category":[188],"attack,":[191],"where":[192],"attacker":[194],"intends":[195],"render":[197],"malicious":[199],"example":[200],"benign":[203],"input,":[204],"achieve":[206],"4.85%":[208],"boost":[209],"compared":[210],"competitors.":[214]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":6}],"updated_date":"2026-06-13T07:54:00.901334","created_date":"2025-10-10T00:00:00"}