Fusion of Improved LSTM with Graph Attention Networks for Malicious IoT Traffic Detection
Abstract
In the rapid development of the Internet of Things, malicious traffic is highly mixed with normal business traffic, and exhibits strong long-term and short-term temporal dependencies and suddenness. Traditional detection methods have shortcomings in identifying covert attacks and reducing false positives. To this end, this study proposes an Internet of Things malicious traffic detection method that integrates an improved Long Short-Term Memory (LSTM) network with a Multi-Feature Graph Attention Network (MFGAT). In the temporal modeling stage, an attention mechanism and residual connections are introduced to enhance the representation of critical time-slice features, while lightweight gating and parameter compression strategies are employed to reduce model complexity. In the spatial modeling stage, a graph attention mechanism is utilized to weight the relationships among traffic nodes, enabling collaborative enhancement of multi-dimensional traffic features. The experimental results show that the area under the curve of the proposed method reaches 0.96, with an average accuracy of 0.91. The ablation experiment shows that after introducing improvement measures, the F1 value increases from 0.87 to 0.92, the parameter counts decreases from 5.13M to 4.23M, and the single sample inference delay is shortened from 7.64ms to 5.61ms. In complex scenarios, this method maintains an F1 score above 0.80 under highly imbalanced class distributions. conditions, with an average detection delay of only about 30ms under sudden attacks, and maintains long-term stability through rolling updates in concept drift scenarios. The proposed method not only outperforms existing methods in detection accuracy and robustness, but also has the advantages of lightweight and real-time performance, providing a feasible solution for efficient identification of malicious traffic in the Internet of Things environment.
DOI:
https://doi.org/10.31449/inf.v50i12.13007Downloads
Published
05/13/2026
How to Cite
Li, Y. (2026). Fusion of Improved LSTM with Graph Attention Networks for Malicious IoT Traffic Detection. Informatica, 50(12). https://doi.org/10.31449/inf.v50i12.13007
Issue
Section
Online-only
License
Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.
All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.
Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.
