A Hybrid Deep Reinforcement Learning and Graph Neural Network Framework for Adaptive Intrusion Detection in IoT-Enabled Cyber-Physical Systems

The Internet of Things (IoT) has enabled the rapid development of Cyber Physical Systems (CPS), but this has also created serious security concerns, particularly in the area of identifying sophisticated and changing cyberattacks. Traditional intrusion detection systems (IDSs) are built on static models and handcrafted features that are unable to keep up with the constantly changing nature of network behavior and new threats. This study presents a hybrid intelligent architecture built on Graph Neural Networks (GNNs) and Deep Reinforcement Learning (DRL) for context-aware and adaptive intrusion detection in order to address these limitations. In order to aid the GNN component in capturing complex spatial and relational patterns between connected nodes over time, the suggested method treats the network traffic as a dynamic graph made up of devices as nodes and interactions between them as edges. With a multi-objective reward that takes into account detection performance, false positive rate, and computation latency, a DRL agent is also presented as a meta-controller that dynamically adjusts detection policies in response to the current network states and environmental feedback. The framework is evaluated using three cutting-edge IoT intrusion detection datasets Edge-IIoTset, TON_IoT, and CICIoT2023 under a variety of traffic scenarios, including concept drift and zero-day exploits. The suggested method achieves a 97. 2% F1 score and a 1. 1% false positive rate, according to experimental data, which is significantly better than conventional machine learning, deep learning, GNN-only, and DRL-only baselines. When subjected to unidentified assaults, the end-to-end framework only experiences a 6. 2% drop in the F1-score, compared to 18. 3% for static GNNs, and it recovers from concept drift 4. 7 times faster than DRL-only techniques, all while running with a low inference latency (27. 6 ms per batch). These findings show how promising adaptive decision-making and integrated structural graph learning are for safeguarding the next generation of IoT-CPS systems.