Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events

Yuchen Guo, James Pope

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

35 Downloads (Pure)


Internet of Things (IoT) devices bring an attack surface closer to personal life and industrial production. With containers as the primary method of IoT application deployment, detecting container escapes by analyzing audit logs can identify compromised edge devices. Since audit log data contains temporal property of events and relational information between system entities, existing analysis methods cannot comprehensively analyze these two properties. In this paper, a new Temporal Graph Neural Network (GNN) -based model was designed to detect anomalies of IoT applications in a container environment. The model employed Gated Recurrent Unit (GRU) and Graph Isomorphism Network (GIN) operators to capture temporal and spatial features. Using unsupervised learning to model the application’s normal behavior, the model can detect unknown anomalies that have not appeared in training. The model is trained on a dynamic graph generated from audit logs, which records security events in a system. Due to the lack of real-world datasets, we conducted experiments on a simulated dataset. Audit log records are divided into multiple graphs according to their temporal attribute to form a dynamic graph. Some nodes and edges are aggregated or removed to reduce the complexity of the graph. In the Experiments, The model has an F1 score of 0.976 on the validation set, which outperforms the best-performing baseline model, with an F1 score of 0.845.
Original languageEnglish
Title of host publicationProceedings of the 16th International Conference on Agents and Artificial Intelligence
Subtitle of host publicationICAART
EditorsAna Paula Rocha, Luc Steels, Jaap van den Herik
Number of pages8
ISBN (Electronic)9789897586804
Publication statusPublished - 26 Feb 2024
EventICAART2024 : 16th International Conference on Agents and Artificial Intelligence - Italy, Rome, Italy
Duration: 24 Feb 202426 Feb 2024
Conference number: 16

Publication series

NameICAART - International Conference on Agents and Artificial Intelligence
ISSN (Print)2184-3589
ISSN (Electronic)2184-433X


Abbreviated titleICAART2024
Internet address

Bibliographical note

Publisher Copyright:
© 2024 by SCITEPRESS - Science and Technology Publications, Lda.


  • Graph neural networks
  • Anomaly Detection
  • Computer Security


Dive into the research topics of 'Spatial-Temporal Graph Neural Network for the Detection of Container Escape Events'. Together they form a unique fingerprint.

Cite this