Firmware Attestation in IoT Swarms Using Relational Graph Neural Networks and Static Random Access Memory

Abstract

The proliferation of Internet of Things (IoT) swarms—comprising billions of low-end interconnected embedded devices—has transformed industrial automation, smart homes, and agriculture. However, these swarms are highly susceptible to firmware anomalies that can propagate across nodes, posing serious security threats. To address this, we propose a novel Remote Attestation (RA) framework for real-time firmware verification, leveraging Relational Graph Neural Networks (RGNNs) to model the graph-like structure of IoT swarms and capture complex inter-node dependencies. Unlike conventional Graph Neural Networks (GNNs), RGNNs incorporate edge types (e.g., Prompt, Sensor Data, Processed Signal), enabling finer-grained detection of propagation dynamics. The proposed method uses runtime Static Random Access Memory (SRAM) data to detect malicious firmware and its effects without requiring access to firmware binaries. Experimental results demonstrate that the framework achieves 99.94% accuracy and a 99.85% anomaly detection rate in a 4-node swarm (Swarm-1), and 100.00% accuracy with complete anomaly detection in a 6-node swarm (Swarm-2). Moreover, the method proves resilient against noise, dropped responses, and trace replay attacks, offering a robust and scalable solution for securing IoT swarms.

1. Introduction

The rapid expansion of the Internet of Things (IoT) has ushered in an era of billions of low-end embedded devices, interconnected to form swarms that power transformative applications in industrial automation, smart homes, agriculture, and beyond [1,2]. These IoT swarms—tightly knit networks of nodes collaborating on tasks such as distributed sensing or coordinated actuation [3]—offer unprecedented scalability and efficiency. However, their interconnectedness exposes a critical vulnerability: firmware anomalies. A single compromised node can propagate malicious firmware across the swarm, jeopardizing the integrity, confidentiality, and functionality of the entire network [4]. This risk is amplified by the resource-constrained nature of low-end devices, which often lack robust security mechanisms, rendering them prime targets for exploitation [5].

Traditional Remote Attestation (RA) techniques, designed to verify firmware integrity, struggle to meet the demands of IoT swarms. Methods relying on cryptographic checksums or hardware-based roots of trust (e.g., Trusted Platform Modules) incur high latency and computational overhead or require proprietary firmware copies—often impractical due to intellectual property (IP) constraints and the scale of swarm deployments [6]. Recent advances, such as Swarm-Net [7], a GNN to model swarm topologies and detect anomalies using runtime SRAM data, eliminate the need for firmware copies. However, Swarm-Net’s generic GNN approach overlooks the rich relational dynamics between nodes (e.g., sensor data exchanges, control signals), limiting its ability to capture subtle propagation effects.

To address these gaps, we propose a novel RA framework for IoT swarm firmware attestation using RGNN. Unlike conventional GNNs, RGNN explicitly incorporates edge types (e.g., Prompt, Sensor Data, Processed Signal) to capture diverse inter-node relationships, enabling superior detection of subtle propagation dynamics, such as malicious firmware spread or communication failures. Compared to traditional cryptographic methods, RGNN avoids high latency and proprietary hardware requirements, while its edge-type modeling surpasses Swarm-Net’s uniform approach, achieving a higher accuracy (99.94% and 100.00% on 4-node and 6-node configurations, respectively) and robustness against noise, dropped responses, and trace replay attacks. By leveraging SRAM’s runtime behavior, RGNN detects anomalies without firmware copies, offering a scalable, efficient, and IP-compliant solution. Evaluated on 4-node and 6-node swarm configurations, RGNN achieves an overall accuracy of 99.94% and a propagated anomaly detection rate of 99.85% on the smaller swarm, and perfect scores of 100.00% for both metrics on the larger swarm. It excels at identifying subtle faults, such as inter-node communication failures, and demonstrates resilience in simulated adversarial scenarios.

Our contributions are threefold: (1) an RGNN-based RA framework tailored for IoT swarm attestation, (2) an edge-type modeling approach that captures nuanced inter-node relationships for superior anomaly detection, and (3) a rigorous evaluation showcasing RGNN’s scalability, efficiency, and resilience. This work advances beyond Swarm-Net by addressing its relational modeling limitations, offering a practical, IP-compliant solution for securing IoT swarms.

This paper is structured as follows: Section 2 reviews related work on RA and swarm attestation; Section 3 provides background on IoT swarms, RA, SRAM, and Graph Neural Networks; Section 4 details the RGNN framework and methodology; Section 5 presents the experimental setup and results; Section 6 discusses findings and implications; and Section 7 concludes with future research directions.

2. Related Work

Strategies for securing firmware in IoT environments are broadly classified into single-node and swarm attestation techniques. Our RGNN framework builds upon these foundations, extending Swarm-Net [7] with notable improvements.

2.1. Single-Node IoT Attestation Techniques

Single-node attestation verifies firmware integrity on individual devices, including software-based, hardware-based, and hybrid approaches, each balancing security and feasibility differently.

2.1.1. Software-Based RA Techniques

Software-based RA typically computes memory checksums verified against trusted hash values [8,9,10]. SWATT [8] pioneered this approach using a pseudo-random memory traversal with over 50,000 hashing iterations, detecting tampering with low false positives (2%) but imposing high computational overhead and strict timing requirements, limiting applicability in low-end devices. It achieves an accuracy of approximately 90%.

SCUBA [9] integrates secure code updates with checksum attestation, inheriting SWATT’s accuracy but facing scalability and latency challenges in large, distributed swarms. Its accuracy is around 85%.

SAKE [10] innovatively combines attestation with cryptographic key establishment, assuming synchronous communication and static topologies, limiting scalability in dynamic IoT environments.

Lightweight methods such as Chen et al. [11] proposed partial memory checksums to reduce latency and resource use on ARM-based devices but risk missing transient faults in unchecked regions. Cao et al. [12] improved detection via deferred observation and reputation systems but still required full firmware copies, raising IP concerns [5].

Side-channel attestation leverages physical signals for verification without firmware access. Surminski et al. [13] achieved a high accuracy by analyzing electromagnetic emissions yet faced hardware heterogeneity and noise issues. Laeuchli and Trujillo-Rasua [14] used SRAM-based quantum entanglement classifiers, showing promising detection but limited generalizability across anomaly types.

2.1.2. Hardware-Based RA Techniques

Hardware-based RA leverages TPMs and secure enclaves [15,16]. TPM-enabled cluster heads [15] allow for localized attestation but pose single points of failure and high resource demands, achieving an accuracy of approximately 95%. Quantum PUFs [16] offer robust multi-region attestation leveraging quantum superposition, with a reported accuracy of 98% but remain costly and complex for swarm deployment.

2.1.3. Hybrid-Based RA Techniques

Hybrid RA combines hardware and software for balanced security. SMART [17], TrustLite [18], and TyTAN [19] provide secure foundations but remain vulnerable to roaming malware. HAtt [20] secures secrets via lightweight PUFs but depends on firmware copies. RAM-based methods [21] enable a low latency but are impractical for low-cost nodes. Solutions addressing roaming malware [22] relax atomicity via full-memory hashing but at the cost of higher computational overhead and reduced availability.

2.2. Swarm IoT Attestation Techniques

Swarm attestation verifies collective IoT device integrity [23,24]. WISE [23] achieves the detection of approximately 62% of compromised devices while minimizing overhead. FeSA [24] applies federated learning for scalability, reporting 87% accuracy. SAFE-IoT [25] uses machine learning on SRAM features to detect anomalies, achieving an accuracy of 90%, though latency remains a challenge in real-time deployments. RAGE [26], employing GNNs on execution traces, detects anomalies effectively but requires sophisticated hardware, limiting broad deployment. These approaches often simplify swarm interdependencies, missing subtle anomaly propagation.

Graph Neural Networks (GNNs) have improved swarm attestation by modeling network topology. Swarm-Net [7] employs a Graph Transformer on IoT-Swarm SRAM data [27], achieving a 99.96% attestation rate, perfect anomalous firmware detection, and 99% propagated anomaly detection. However, its generic GNN treats all edges uniformly, ignoring relational edge types (e.g., Sensor Data vs. Control Signals), limiting sensitivity to nuanced propagation effects.

2.3. Advantages of RGNN

Our RGNN framework enhances swarm attestation by integrating Relational Graph Neural Networks, extending the IoT-Swarm SRAM dataset [27] and Swarm-Net [7]. Unlike generic GNNs, RGNN models distinct edge types (Prompt, Sensor Data, Processed Signal), capturing diverse node interactions and improving the detection of propagation dynamics. It removes firmware copy requirements, addressing IP protection [5], and outperforms WISE, FeSA, and SAFE-IoT in propagated anomaly detection. Compared to Swarm-Net, RGNN’s relational modeling detects subtle communication failures with higher precision, and unlike RAGE, it avoids the need for sophisticated hardware.

Table 1. Comparison of IoT attestation techniques.

Technique	Type	Approach	Feature	Firmware Copies Propagated	Anomaly Detection	Scalability	Accuracy (%)
SWATT [8]	Software	Crypto	Flash	Yes	No	Low	90
SCUBA [9]	Software	Crypto	Network	Yes	No	Low	85
TPM-based [15]	Hardware	Crypto	Flash	Yes	No	Medium	95
QPUF [16]	Hardware	Crypto	Quantum	No	No	Low	98
SMART [17]	Hybrid	Crypto	Flash	Yes	No	Medium	92
WISE [23]	Swarm	Crypto + ML	Flash	No	Partial	High	62
FeSA [24]	Swarm	FL	Property	No	Partial	High	87
SAFE-IoT [25]	Swarm	ML	Network	No	Partial	Medium	90
Swarm-Net [7]	Swarm	GNN	SRAM	No	Yes	High	99.96
RGNN (Ours)	Swarm	RGNN	SRAM	No	Yes	High	99.94 (Swarm-1) 100 (Swarm-2)

details RGNN’s superior scalability, efficiency, and robustness.

To contextualize our approach within the broader landscape of IoT attestation, we present a comparison of representative techniques across software-based, hardware-based, hybrid, and swarm-oriented architectures. Table 1 summarizes these methods based on their attestation type, primary features, anomaly detection capability, and scalability. Scalability here refers to the technique’s ability to maintain performance—such as detection accuracy and latency—as the number of devices in the swarm increases. For prior methods, scalability levels (Low, Medium, High) are assessed qualitatively based on insights and experimental results reported in the original publications.

3. Background

An in-depth overview of the foundational concepts behind RGNN for firmware attestation in IoT swarms is presented. Key topics include IoT swarm environments, Remote Attestation (RA), the significance of SRAM with particular emphasis on the IoT-Swarm SRAM dataset, and the progression from GNNs to RGNNs. Together, these components provide the necessary background to understand our approach and how it effectively addresses the unique challenges of securing interconnected IoT ecosystems.

3.1. IoT Swarms

IoT swarms consist of numerous resource-constrained embedded devices—such as sensors, actuators, or microcontrollers—interconnected to perform collaborative tasks like distributed environmental monitoring, swarm robotics, or smart grid management [2]. These systems are characterized by their graph-like topology, where nodes represent devices and edges denote interactions, such as data exchanges or control commands [3]. For example, in a smart agriculture swarm, nodes might share soil moisture data to optimize irrigation, while in industrial automation, they could coordinate machinery operations. This interdependence enhances scalability and adaptability but introduces a critical security flaw: a single node’s firmware anomaly—whether from malware injection or misconfiguration—can propagate across the swarm, disrupting functionality or exfiltrating sensitive data [4]. Unlike isolated IoT devices, swarms amplify the impact of such threats, necessitating attestation methods that account for both individual node integrity and network-wide propagation effects.

3.2. Remote Attestation

RA is a security mechanism enabling a trusted entity (verifier) to remotely validate the software state—typically firmware—of an untrusted device (prover) over a network [6]. In a typical RA protocol, the verifier sends a challenge (e.g., a nonce), prompting the prover to generate a response—often a cryptographic hash of its firmware—verified against a reference value. For IoT swarms, RA is indispensable due to the prevalence of firmware vulnerabilities, such as buffer overflows or backdoors, exploited by attackers [4]. Traditional RA approaches fall into two categories: software-based methods, like SWATT [8], which compute memory checksums over thousands of iterations, and hardware-based methods, such as those using Trusted Platform Modules (TPMs) [15], which anchor trust in dedicated hardware. However, both face limitations in swarm contexts: software-based RA incurs excessive latency and requires firmware copies, often unavailable due to intellectual property (IP) restrictions [5], while hardware-based RA demands costly components impractical for low-end devices. Our work leverages runtime SRAM data to bypass these constraints, offering a lightweight, IP-compliant alternative tailored to swarm dynamics.

3.3. SRAM in Attestation

SRAM is a volatile, high-speed memory in IoT microcontrollers, refreshed on power-up and distinct from slower, non-volatile Flash ROM used for firmware storage [27]. As depicted in Figure 1, SRAM is organized into four segments: the .data section (initialized global/static variables), the .bss section (uninitialized global/static variables), the heap (dynamic memory allocations), and the stack (local variables and function call data). The data section—comprising .data, .bss, and heap—captures firmware runtime behavior, exhibiting two key properties: consistency, where identical firmware produces near-identical SRAM patterns across devices, and distinguishability, where firmware modifications (e.g., malware) yield detectable SRAM deviations [14].

SRAM’s utility in attestation stems from its sensitivity to firmware execution: malicious code alters variable values, memory allocations, or stack usage reflected in SRAM dumps. In IoT swarms, SRAM also encodes inter-node interactions; for example, a Prompt from node $N_i$ to $N_j$ may update $N_j$’s .data section with a command variable, while Sensor Data or Processed Signal exchanges modify heap or stack contents. This relational richness enables the detection of propagated anomalies, such as corrupted sensor readings or communication failures, without requiring firmware binaries.

The IoT-Swarm SRAM dataset [27], foundational to our work, provides SRAM traces from two configurations: Swarm-1 (4 nodes, 5 edges) and Swarm-2 (6 nodes, 8 edges), shown in Figure 2. Each trace $T_j={[b_0,b_1,\dots ,b_{l-1}]}_j$ from node $N_j$ is a hexadecimal byte sequence of length l, with the data section $T_j^{\prime }={[b_0,b_1,\dots ,b_{d-1}]}_j$ ($d<l$) extracted for efficiency. The dataset annotates edges as Prompt , Sensor Data , or Processed Signal, capturing diverse interactions under benign and malicious conditions (e.g., malware injection, fault injection). Our RGNN framework exploits these traces and edge types to model swarm behavior, surpassing methods reliant on firmware copies or uniform graph assumptions.

3.4. Graph Neural Networks and Relational Graph Neural Networks

GNNs are machine learning models designed for graph-structured data, iteratively updating node features by aggregating information from neighbors [28]. A basic GNN computes a node v’s representation at layer l using the following update rule:

$$h_v^{\left(l\right)}=\sigma \left(W·\sum _{u\in N\left(v\right)}{h}_u^{(l-1)}\right)$$

where $N\left(v\right)$ is the set of neighboring nodes, W is a learnable weight matrix, and $\sigma$ is a non-linear activation function (e.g., ReLU). GNNs are well-suited for IoT swarm attestation by modeling topological dependencies, as demonstrated in Swarm-Net [7], which employs a Graph Transformer on SRAM data. However, generic GNNs assume edge homogeneity, overlooking the semantic diversity of swarm interactions (e.g., Prompt vs. Sensor Data), which limits their ability to capture nuanced propagation effects.

Relational Graph Neural Networks (RGNNs) extend GNNs by incorporating edge types into the aggregation process [29]. For an edge type r (e.g., Prompt), RGNN updates node features according to the following:

$$h_v^{\left(l\right)}=\sigma \left(\sum _{r\in R}{W}_r·\sum _{u\in N_r\left(v\right)}{h}_u^{(l-1)}\right)$$

where R is the set of edge types, $N_r\left(v\right)$ are neighbors connected via type r, and $W_r$ is a type-specific weight matrix. This relational awareness enhances sensitivity to swarm dynamics. Our RGNN, illustrated in Figure 3, employs two RGCNConv layers for edge-type-aware message passing, followed by a linear layer to reconstruct SRAM data or classify anomalies. By leveraging the IoT-Swarm SRAM dataset’s edge annotations, RGNN outperforms generic GNNs, offering precise detection of both local and propagated firmware anomalies.

4. Methodology

Our RGNN framework detects firmware anomalies in IoT swarms by analyzing SRAM data from the IoT-Swarm SRAM dataset [27]. Unlike methods requiring firmware copies, restricted by intellectual property [5], we use SRAM patterns to identify malicious firmware and its propagation. Modeling swarms as graphs, devices as nodes, interactions as typed edges (Prompt, Sensor Data, Processed Signal), the RGNN captures anomaly spread, such as a faulty node affecting others. We describe the model, dataset use, anomaly detection, and integration, providing a clear methodology.

4.1. RGNN Model Architecture

The RGNN processes swarm graphs to detect anomalies using SRAM features and edge types, as shown in Figure 3. Built in PyTorch, it uses Relational Graph Convolutional Network (RGCN) layers to handle Prompt (0), Sensor Data (1), and Processed Signal (2) edges, unlike uniform Graph Neural Networks [7]. Its components are as follows:

Here, $\widehat{x}\in {\mathbb{R}}^{N\times 2048}$ predicts SRAM vectors. For example, a malicious prompt from node 0 to node 1 in Swarm-1 alters node 1’s SRAM, detected via edge-type weights.

The model, shown in Listing 1, uses $input\_dim=2048$, $num\_relations=3$, and it is optimized for Swarm-1 and Swarm-2 (Figure 2).

Listing 1. Compact RGNN model for IoT firmware anomaly detection.

class RGNNModel(nn.Module):     def __init__(self, in_dim, hid_dim, n_rel, drop=0.1):         super().__init__()         self.conv1 = gnn.RGCNConv(in_dim, 2 * hid_dim, num_relations=n_rel)         self.conv2 = gnn.RGCNConv(2 * hid_dim, hid_dim, num_relations=n_rel)         self.lin = nn.Linear(hid_dim, in_dim)         self.drop = drop     def forward(self, x, edge_idx, edge_type):         x = F.relu(self.conv1(x, edge_idx, edge_type))         x = F.dropout(x, p=self.drop, training=self.training)         x = F.relu(self.conv2(x, edge_idx, edge_type))         return self.lin(x)

4.2. Dataset Used

The IoT-Swarm SRAM dataset [27] provides SRAM traces for Swarm-1 (4 nodes, 13 scenarios, 400 samples per node) and Swarm-2 (6 nodes, 10 scenarios, 900 samples per node). Node roles, firmware behaviors, and inter-node relations, detailed in

Table 2. Normal and anomalous firmware in Swarm-1 [27].

Node	Type	Normal Firmware Functions	d	Anomalous Firmware Functions	d
N0	Control	Broadcasts one byte to all nodes	191	Generates three random integers; broadcasts one byte to all nodes	195
N1	Sense	Generates six floating point numbers in unique ranges; sends data to N2	450	Generates data in an extended range; sends data to N2	438
N2	Process	Processes received data into a six-byte signal; sends Processed Signal to N3	516	Generates a random six-byte signal; sends control signal to N3	414
N3	Control	Control six LEDs using the processed signal	406	Control six LEDs at random	386

,

Table 3. Normal and anomalous firmware in Swarm-2 [27].

Node	Type	Normal Firmware Functions	d	Anomalous Firmware Functions	d
N0	Control	Broadcasts one byte to all nodes	195	Generates two random integers; broadcasts one byte to all nodes	199
N1	Sense	Generates four floating point numbers in unique ranges; sends data to N2	438	Generates data in an extended range; sends data to N2	430
N2	Process	Processes received data into a four-byte signal; sends Processed Signal to N3	490	Generates a random four-byte signal; sends control signal to N3	414
N3	Control	Controls four LEDs using the Processed Signal	394	Controls four LEDs at random	386
N4	Sense	Generates three floating point numbers in unique ranges; sends data to N5	430	Generates data normally; does not send data to N5	372
N5	Process and Control	Processes received data into a three-byte signal; controls three LEDs using the Processed Signal	446	Processes received data normally; controls three unauthorized LEDs	452

,

Table 4. Node relations in Swarm-1 [27].

Source Node	Destination Node	Edge Type	Description
N0	N1	Prompt (0)	Broadcasts a control byte to initiate N1’s sensing of six floating-point numbers.
N0	N2	Prompt (0)	Broadcasts a control byte to initiate N2’s processing of Sensor Data.
N0	N3	Prompt (0)	Broadcasts a control byte to initiate N3’s control of six LEDs.
N1	N2	Sensor Data (1)	Sends six floating-point numbers to N2 for processing into a six-byte signal.
N2	N3	Processed Signal (2)	Sends a six-byte processed signal to N3 for controlling six LEDs.

and

Table 5. Node relations in Swarm-2 [27].

Source Node	Destination Node	Edge Type	Description
N0	N1	Prompt (0)	Broadcasts a control byte to initiate N1’s sensing of four floating-point numbers.
N0	N2	Prompt (0)	Broadcasts a control byte to initiate N2’s processing of Sensor Data.
N0	N3	Prompt (0)	Broadcasts a control byte to initiate N3’s control of four LEDs.
N0	N4	Prompt (0)	Broadcasts a control byte to initiate N4’s sensing of three floating-point numbers.
N0	N5	Prompt (0)	Broadcasts a control byte to initiate N5’s processing and control of three LEDs.
N1	N2	Sensor Data (1)	Sends four floating-point numbers to N2 for processing into a four-byte signal.
N2	N3	Processed Signal (2)	Sends a four-byte processed signal to N3 for controlling four LEDs.
N4	N5	Sensor Data (1)	Sends three floating-point numbers to N5 for processing into a three-byte signal.

, enable the RGNN to detect anomalies by analyzing SRAM patterns. Scenarios include benign (e.g., D1) and anomalous (e.g., AN0, node 0 faulty) cases. The dataset supplies the following:

• Node features: SRAM vectors $x_j\in {\mathbb{R}}^{2048}$, normalized to $[0,1]$ and padded to 2048 bytes per node.
• Node roles and graph structure:

  –

  Swarm-1: Table 2 shows N0 (Control) broadcasting to N1–N3, N1 (Sense) generating data for N2 (Process), and N2 sending signals to N3 (Control). Table 4 details 5 edges: N0 to N1–N3 (Prompts, type 0), N1 to N2 (Sensor Data, type 1), and N2 to N3 (Processed Signal, type 2). Edge indices $\mathit{edge}\_\mathit{index}\in {\mathbb{Z}}^{2\times 5}$.

  –

  Swarm-2: Table 3 shows N0 (Control) broadcasting to N1–N5, N1 and N4 (Sense) generating data for N2 and N5, N2 (Process) sending signals to N3 (Control), and N5 (Process and Control) processing and controlling LEDs. Table 5 details 8 edges: N0 to N1–N5 (Prompts, type 0), N1 to N2 and N4 to N5 (Sensor Data, type 1), and N2 to N3 (Processed Signal, type 2). Edge indices $\mathit{edge}\_\mathit{index}\in {\mathbb{Z}}^{2\times 8}$.

• Scenarios: Swarm-1 includes benign (D1, D2, P1, P2) and anomalous (AN0–AN3, AN12, AN23, AN13, AN123, AN0123) cases; e.g., AN0 alters N0’s broadcast (195 bytes vs. 191). Swarm-2 has benign (D1–D4) and anomalous (AN0–AN5) cases; e.g., AN4 stops N4’s data transmission to N5 (372 bytes vs. 430).
• Labels: 0 (benign) or 1 (anomalous); e.g., AN1 flags N1.

To provide insight into the physical configuration underlying the benchmark datasets, Figure 4 illustrates the swarm setup used for data collection. The image is reproduced from [7].

The edge types—Prompt, Sensor Data, and Processed Signal—are selected to align with the swarm’s communication patterns, as defined in Table 4 and Table 5. Prompt edges (type 0) capture control signals from N0 initiating node actions (e.g., N0’s broadcast in AN0), Sensor Data edges (type 1) model raw data exchanges from sense nodes to process nodes (e.g., N1 → N2 in AN1, N4 → N5 in AN4), and Processed Signal edges (type 2) reflect processed outputs to control nodes (e.g., N2 → N3 in AN2). These edge types comprehensively cover the primary interaction modalities in the swarm configurations, capturing control-driven dependencies, raw data flows, and processed outputs critical for detecting primary and propagated anomalies. The edge types are predefined by the swarm’s communication protocol, encoded in the graph structure’s adjacency matrix (e.g., N0’s broadcasts to all nodes, sequential links like N1 → N2), ensuring no manual labeling per instance and maintaining practicality for dynamic swarms. RGNN’s performance is robust to minor variations in edge-type definitions due to their tailored design, but omitting or adding edge types could impact accuracy if key dependencies are missed.

4.3. Anomaly Detection

The RGNN reconstructs SRAM vectors, minimizing mean squared error:

$$\mathcal{L}={\displaystyle \frac{1}{N·2048}}\sum _{i=1}^N{\parallel x_i-{\widehat{x}}_i\parallel }_2^2$$

Inference uses cosine similarity:

$${\mathrm{cs}}_i=\mathrm{CosineSimilarity}(x_i,{\widehat{x}}_i)$$

Nodes with ${\mathrm{cs}}_i<{\theta }_i$, where ${\theta }_i=0.999\times min\left({\mathrm{cs}}_i\right)$ from benign data, are anomalous. Edge types trace propagation; e.g., Sensor Data issues indicate corrupted exchanges.

4.4. System Integration

The pipeline includes the following:

1.

Collection: Secure SRAM trace gathering.

2.

Input: Node features and graph structure.

3.

Inference: RGNN computes similarities.

4.

Output: Flags anomalies and propagation.

This avoids firmware access, scales with batching, and resists noise, ensuring deployment feasibility.

5. Experiments and Results

The evaluation of our RGNN framework for firmware attestation in IoT swarms was conducted using the IoT-Swarm SRAM dataset [27]. RGNN was compared against two variants: fastRGNN, optimized for reduced latency, and RGAT, which leverages Graph Attention Networks. Experiments were carried out on Swarm-1 (4 nodes, 13 scenarios) and Swarm-2 (6 nodes, 10 scenarios). The experimental design, metrics, and results demonstrate RGNN’s superior performance in terms of accuracy, propagated anomaly detection rate (ADR), and resilience to noise, dropped responses, and trace replay attacks.

5.1. Experimental Setup

The IoT-Swarm SRAM dataset [27] includes two configurations: Swarm-1 (4 nodes, 13 scenarios, 400 samples per node) and Swarm-2 (6 nodes, 10 scenarios, 900 samples per node), as described in Section 4.2. Swarm-1 scenarios, detailed in

Table 6. Swarm-1 dataset scenarios [27].

Scenario No.	Scenario	Primary Anomaly	Secondary Anomaly	Swarm Label (N0–N3)
1–2	D1–2	–	–	0-0-0-0
3–4	P1–2	–	–	0-0-0-0
5	AN0	N0	–	1-0-0-0
6	AN1	N1	N2, N3	0-1-1-1
7	AN2	N2	N3	0-0-1-1
8	AN3	N3	–	0-0-0-1
9	AN12	N1, N2	N3	0-1-1-1
10	AN23	N2, N3	–	0-0-1-1
11	AN13	N1, N3	N2	0-1-1-1
12	AN123	N1–N3	N2, N3	0-1-1-1
13	AN0123	N0–N3	N2, N3	1-1-1-1

, comprise benign cases (D1–D2, P1–P2) and anomalous cases (AN0–AN3, AN12, AN23, AN13, AN123, AN0123). Swarm-2 scenarios, listed in

Table 7. Swarm-2 dataset scenarios [27].

Scenario No.	Scenario	Primary Anomaly	Secondary Anomaly	Swarm Label (N0–N5)
1–4	D1–4	–	–	0-0-0-0-0-0
5	AN0	N0	–	1-0-0-0-0-0
6	AN1	N1	N2, N3	0-1-1-1-0-0
7	AN2	N2	N3	0-0-1-1-0-0
8	AN3	N3	–	0-0-0-1-0-0
9	AN4	N4	N5	0-0-0-0-1-1
10	AN5	N5	–	0-0-0-0-0-1

, include benign (D1–D4) and anomalous (AN0–AN5) cases. The SRAM vectors ($x_j\in {\mathbb{R}}^{2048}$) are normalized to $[0,1]$ and padded to 2048 bytes. The model was trained using benign scenarios (D1–D2 for Swarm-1 and D1–D4 for Swarm-2) and evaluated across all scenarios to assess anomaly detection performance.

Hardware and software. Experiments were conducted on an NVIDIA RTX 2060 GPU (NVIDIA Corporation, Santa Clara, CA, USA) with 6 GB of VRAM, using PyTorch 2.0 and Torch Geometric 2.3 for RGCN and GAT layers. Code was implemented in Python 3.9.

Model configuration. The RGNN (Section 4.1) uses $input\_dim=2048$, $latent\_dim=32$, $num\_relations=3$, and dropout $p=0.1$. The fastRGNN variant reduces $latent\_dim=32$ and uses fewer RGCN layers to minimize latency. RGAT replaces RGCN with Graph Attention layers, using $num\_heads=4$. All models were trained for 200 epochs with the Adam optimizer (learning rate $5\times {10}^{-3}$), minimizing mean squared error (MSE) loss:

$$\mathcal{L}={\displaystyle \frac{1}{N·2048}}\sum _{i=1}^N{\parallel x_i-{\widehat{x}}_i\parallel }_2^2$$

(1)

The cosine similarity threshold (${\theta }_i=0.999\times min\left({\mathrm{cs}}_i\right)$) was calibrated on benign training data.

Evaluation scenarios. We tested all scenarios in Table 6 and Table 7, with emphasis on propagation cases like Swarm-1’s AN1 (N1 affects N2, N3; 0-1-1-1) and Swarm-2’s AN4 (N4 affects N5; 0-0-0-0-1-1), detailed in Table 2 and Table 3.

5.2. Evaluation Metrics

We evaluated the models using:

• Per-node accuracy: Percentage of correctly classified nodes (benign: 0, anomalous: 1) per scenario, as defined in Table 6 and Table 7.
• Overall accuracy: Average per-node accuracy across all scenarios and nodes.
• Propagated anomaly detection rate (ADR): Percentage of correctly identified secondary anomalies (e.g., N2, N3 in AN1; N5 in AN4), traced via edge types (Table 4 and Table 5).
• Robustness tests: Performance under Gaussian noise ($\sigma =0.01$), 10% dropped responses, and trace replay attacks.

To better understand the models evaluated,

Table 8. Comparison of key parameters and training metrics for RGNN, fastRGNN, and RGAT on Swarm-1 and Swarm-2.

Attribute	Swarm-1			Swarm-2
	RGNN	fastRGNN	RGAT	RGNN	fastRGNN	RGAT
Total Parameters	600,160	600,160	472,736	600,160	600,160	472,736
Conv1 Type	RGCNConv	FastRGCNConv	RGATConv	RGCNConv	FastRGCNConv	RGATConv
Latent Dim	32	32	32	32	32	32
Dropout	0.1	0.1	0.1	0.1	0.1	0.1
Learning Rate	$5\times {10}^{-3}$	$5\times {10}^{-3}$	$5\times {10}^{-3}$	$5\times {10}^{-3}$	$5\times {10}^{-3}$	$5\times {10}^{-3}$
Noise Level	0.4	0.4	0.4	0.4	0.4	0.4

summarizes the key parameters and training metrics of the RGNN, fastRGNN, and RGAT models on the Swarm-1 and Swarm-2 datasets. This includes the number of trainable parameters, types of convolutional layers, hyperparameters used during training, final training loss, and average epoch training times.

5.3. Results

Table 9. Comparison of accuracy and detection metrics for RGNN, fastRGNN, and RGAT on Swarm-1 and Swarm-2.

Metric	Swarm-1			Swarm-2
	RGNN (%)	fastRGNN (%)	RGAT (%)	RGNN (%)	fastRGNN (%)	RGAT (%)
Overall Accuracy (OA)	99.94	99.93	97.31	100.0	100.0	97.97
Anomaly Recall (AR)	99.89	99.91	99.91	99.99	99.99	99.68
Detection Rate (All)	99.97	99.94	96.16	100.0	100.0	96.83
Detection Rate (Propagated)	99.97	99.93	96.83	100.0	100.0	94.65
Final Loss	0.0005	0.0006	0.0031	0.0012	0.0015	0.0035
Avg. Epoch Time (s)	0.0445	0.0806	0.1371	0.1134	5.4953	0.4909

summarizes the overall performance comparison of RGNN against two competitive variants, fastRGNN and RGAT, evaluated on the Swarm-1 and Swarm-2 datasets. The table reports key metrics including overall accuracy, anomaly recall, detection rates for all anomalies and specifically for propagated anomalies, as well as training efficiency indicators such as final loss and average epoch time.

Table 10. Comparison of RGNN, fastRGNN, and RGAT models on Swarm-1 [27].

Scenario No.	Scenario	RGNN (%)				fastRGNN (%)				RGAT (%)
		N0	N1	N2	N3	N0	N1	N2	N3	N0	N1	N2	N3
1	D1	100	100	100	100	100	100	100	100	100	100	100	100
2	D2	100	100	100	100	100	100	100	100	100	100	100	100
3	P1	100	100	100	100	100	100	100	100	99.75	100	100	100
4	P2	100	98.75	99.50	100	100	99.00	99.50	100	100	99.25	99.50	100
5	AN0	100	100	100	100	100	100	100	100	100	100	93.75	44.50
6	AN1	100	100	99.75	99.50	100	100	99.75	98.75	100	100	94.75	98.75
7	AN2	100	100	100	100	100	100	100	100	99.50	100	100	69.50
8	AN3	100	100	99.75	100	100	99.75	99.75	100	100	100	99.75	100
9	AN12	100	100	100	100	100	100	100	100	100	100	100	66.50
10	AN23	100	99.75	100	100	100	100	100	100	99.75	100	100	100
11	AN13	100	100	100	100	100	100	99.75	100	100	100	95.00	100
12	AN123	100	100	100	100	100	100	100	100	100	100	100	100
13	AN0123	100	100	100	100	100	100	100	100	100	100	100	100

and

Table 11. Comparison of RGNN, fastRGNN, and RGAT models on Swarm-2 [27].

Scenario No.	Scenario	RGNN (%)						fastRGNN (%)						RGAT (%)
		N0	N1	N2	N3	N4	N5	N0	N1	N2	N3	N4	N5	N0	N1	N2	N3	N4	N5
1	D1	100	100	100	100	100	100	100	100	100	100	100	100	99.89	99.33	99.44	99.22	99.89	99.33
2	D2	100	100	100	100	100	100	100	100	100	100	100	100	100	99.44	99.67	99.67	99.78	99.56
3	D3	100	99.89	100	100	100	100	100	100	100	100	100	100	99.89	99.00	99.67	100	100	99.89
4	D4	100	99.89	100	100	100	100	100	100	100	100	100	100	99.89	99.44	99.89	100	99.78	99.67
5	AN0	100	100	100	100	100	100	100	100	100	100	100	100	100	100	87.89	98.78	100	100
6	AN1	100	100	100	100	100	100	100	100	99.75	98.75	100	100	100	100	13.33	100	99.75	99.44
7	AN2	100	100	100	100	100	100	100	100	100	100	100	100	99.50	100	100	93.78	100	99.44
8	AN3	100	100	100	100	100	100	100	99.75	99.75	100	100	100	100	100	99.75	100	99.89	100
9	AN4	100	100	100	100	100	100	100	100	100	100	100	100	100	100	100	66.50	100	100
10	AN5	100	100	100	100	100	100	100	100	100	100	100	100	99.75	100	100	100	100	100

present per-node accuracies for RGNN, fastRGNN, and RGAT on Swarm-1 and Swarm-2, respectively. RGNN achieved an overall accuracy of 99.94% and detection rate of 99.85% on Swarm-1, and 100.0% for both metrics on Swarm-2. fastRGNN performed slightly lower, with a 99.90% accuracy and 99.80% detection rate on Swarm-1, and 99.95% accuracy and 99.90% detection rate on Swarm-2. In contrast, RGAT struggled in anomalous scenarios, particularly on Swarm-1 AN0 (N3 = 44.50%) and Swarm-2 AN6 (N2 = 13.33%), resulting in a markedly reduced accuracy and detection performance.

Robustness tests showed that RGNN maintained a 99.80% accuracy under Gaussian noise ($\sigma =0.01$), 99.75% with 10% dropped responses, and 99.90% against trace replay attacks, outperforming fastRGNN (99.70%, 99.65%, 99.80%) and RGAT (90%, 85%, 88%).

RGNN’s edge-type modeling enables it to detect propagated anomalies effectively. For instance, in Swarm-1’s AN1 scenario, N1’s extended range affected N2 and N3, yet RGNN still achieved a high accuracy (N2 = 99.75%, N3 = 99.50%). In Swarm-2’s AN4, where N4’s failure impacted N5, RGNN maintained a 100% accuracy for N5.

To evaluate generalizability across other GNN architectures, we extended our comparison to include SAGEConv, EdgeConv, GATConv, and GIN, as summarized in

Table 12. Comparison of RGNN and other GNN backbones on Swarm-1 and Swarm-2.

Model	Swarm-1				Swarm-2
	OA (%)	AR (%)	DR (All Anomalous) (%)	DR (Propagated Anomalous) (%)	OA (%)	AR (%)	DR (All Anomalous) (%)	DR (Propagated Anomalous) (%)
SAGEConv	99.82	99.89	99.79	99.71	99.96	99.99	99.95	99.90
EdgeConv	99.80	99.89	99.76	99.67	99.96	100.00	99.93	99.88
GATConv	93.31	99.91	90.37	85.59	94.96	99.98	91.62	85.44
GIN	97.58	99.89	96.56	95.20	94.54	99.97	90.91	86.38
RGNN	99.94	99.89	99.97	99.97	100.00	99.99	100.00	100.00

. RGNN consistently outperformed all other models across both datasets in terms of overall accuracy (OA), average recall (AR), and detection rates for both general and propagated anomalies (DR). On Swarm-1, RGNN achieved the highest DR (99.97%) in propagated anomaly scenarios, where EdgeConv and SAGEConv slightly trailed behind (99.67% and 99.71%, respectively). GATConv and GIN suffered from pronounced drops in performance in these scenarios, indicating a lack of robustness to indirect anomaly propagation.

On Swarm-2, this trend was even more evident—while SAGEConv and EdgeConv reached commendable scores (99.95–99.96% OA), they still fell short of RGNN’s perfect detection rate. GATConv and GIN again demonstrated weakness in propagated anomaly detection, dropping below 86%. This suggests that attention-based aggregation alone (as in GATConv) is insufficient for complex anomaly interactions, whereas RGNN’s explicit edge-type modeling provides a more reliable framework.

6. Discussion

The results in Section 5 demonstrate that RGNN significantly advances firmware attestation for IoT swarms, achieving near-perfect performance on benchmark datasets. RGNN’s edge-type modeling (Prompt, Sensor Data, Processed Signal) enables precise detection of both primary and propagated anomalies, with a 99.94% accuracy and 99.85% anomaly detection rate (ADR) on a four-node swarm and perfect scores on a six-node swarm (Table 10 and Table 11). For instance, in the four-node swarm’s AN1 scenario, RGNN effectively identifies an extended data anomaly originating from N1 and propagating to N2 and N3, demonstrating its strength in detecting complex fault propagation.

Compared to Swarm-Net [7], which employs a uniform GNN approach, RGNN’s relational awareness and edge-type distinction substantially improve sensitivity to subtle fault propagation, critical for early anomaly detection. Although fastRGNN offers lower latency through reduced dimensionality and fewer layers, it sacrifices some sensitivity to propagated anomalies, making RGNN the better choice where accuracy and robustness are paramount. RGAT, despite its attention mechanisms, underperforms in complex scenarios due to misweighting edge importance, underscoring RGNN’s advantage in capturing intricate relational patterns.

Beyond methodological soundness, RGNN’s practical impact is significant. In smart agriculture, for example, RGNN can detect early sensor failures in irrigation nodes, preventing mismanagement of water resources that could lead to crop damage or loss. In industrial automation, its ability to precisely identify communication failures between robotic components enables timely maintenance, reducing costly production downtime and improving overall system reliability. These concrete application scenarios illustrate RGNN’s value in real-world deployments, where early fault detection directly translates into operational cost savings and enhanced safety.

RGNN’s robustness is demonstrated not only by accuracy metrics but also by resilience to real-world challenges such as sensor noise, with 99.80% accuracy under Gaussian noise ($\sigma =0.01$) and robustness against 10% dropped responses and trace replay attacks. These attributes outperform comparable methods like fastRGNN and RGAT, highlighting RGNN’s suitability for deployment in noisy or unstable network environments typical of IoT swarms.

From a scalability perspective, RGNN’s training time (10 min on an NVIDIA RTX 3090) and fast inference (0.1 s per swarm) support its application to larger swarms, balancing computational demands with resource constraints. Additionally, the SRAM-based design aligns well with intellectual property protection requirements by avoiding the need to copy firmware, facilitating secure deployment across diverse hardware platforms [5].

However, RGNN’s reliance on the quality and consistency of SRAM traces means that variations across hardware or firmware versions could impact performance. The current evaluation focuses on small swarm configurations (4–6 nodes), leaving open questions about RGNN’s efficacy in larger or more dynamic swarm topologies. Furthermore, while RGNN detects propagated anomalies effectively, pinpointing exact anomaly sources in highly interconnected swarms may require further localization mechanisms. Finally, the cosine similarity threshold calibration assumes benign baseline data, which may be challenging in adversarial contexts.

To further strengthen the RGNN framework, future research will address several critical areas. First, to validate scalability and mitigate concerns about overfitting, we plan to evaluate RGNN on larger swarm topologies, targeting configurations with 50+ nodes, to assess performance and computational overhead in scenarios reflective of real-world IoT deployments. Second, to ensure generalizability, we will conduct benchmarking on real IoT hardware, such as Raspberry Pi clusters and industrial sensors, to complement simulated datasets. Third, to justify RGNN’s complexity, comparative experiments will include non-GNN baselines, such as cryptographic hashing (e.g., SWATT [8]) and hardware-based Trusted Platform Modules (TPMs), evaluating their accuracy, latency, and resource demands against RGNN.

To clarify the role of edge-type modeling, we will perform an ablation study to analyze the importance of the selected edge types (Prompt, Sensor Data, Processed Signal) and their sufficiency in capturing swarm interactions. This will include sensitivity analyses to assess performance changes when adding or removing edge types and exploring automated edge-type learning via attention mechanisms to enhance adaptability in dynamic swarms.

To strengthen the threat model, future work will incorporate adversarial robustness testing, such as Fast Gradient Sign Method (FGSM) attacks on SRAM data, to evaluate RGNN’s resilience to adversarial firmware perturbations. We will also analyze false positive and negative rates to quantify the likelihood of misclassifying benign or malicious firmware. Additionally, we will investigate defenses against physical attacks, such as voltage glitching and side-channel leaks, by exploring mitigation strategies like noise injection or secure SRAM sampling.

To address computational overhead, we will profile RGNN’s memory, latency, and energy consumption on low-end IoT devices (e.g., Cortex-M0 microcontrollers) to ensure feasibility for resource-constrained environments. Model compression techniques, such as quantization and pruning, will be explored to optimize RGNN for real-time attestation. Finally, we plan to develop hybrid approaches combining RGNN with lightweight cryptographic checks to balance accuracy and efficiency, alongside specific scheduling strategies for real-time attestation in dynamic swarms.

These efforts will enhance RGNN’s scalability, robustness, and practical deployability, ensuring it meets the demands of diverse IoT swarm applications.

7. Conclusions

This work advances IoT swarm security by introducing a novel graph-based Remote Attestation framework (RGNN) that effectively detects both primary and propagated firmware anomalies without relying on firmware copies. By explicitly modeling diverse edge types, RGNN captures complex inter-node relationships inherent in swarm architectures, achieving near-perfect detection accuracy on benchmark datasets. This approach exemplifies how Relational Graph Neural Networks can overcome the limitations of traditional attestation techniques and uniform GNN models, marking a significant step toward scalable, real-time IoT swarm security solutions.

Despite these promising results, practical deployment challenges remain. The current evaluation focuses on small and static swarm topologies, limiting insights into performance under larger, more dynamic conditions. Moreover, RGNN’s dependency on consistent SRAM trace quality across heterogeneous hardware may constrain its universal applicability. To address these gaps, future work will focus on scalability testing with larger topologies (50+ nodes), real-device benchmarking on platforms like Raspberry Pi and industrial sensors, and comparisons with non-GNN methods like cryptographic hashing and TPMs. Additional efforts will include ablation studies on edge-type modeling, adversarial robustness testing (e.g., FGSM attacks), analysis of false positive/negative rates, and defenses against physical attacks. Computational profiling on low-end devices and an exploration of model compression and hybrid approaches will further ensure RGNN’s suitability for resource-constrained environments.

Methodologically, this research is grounded in recent advances in graph-based learning and firmware attestation; however, the literature review would benefit from systematic inclusion of peer-reviewed, high-impact studies within mainstream SSCI and SCIE journals. Applying rigorous quality assessment tools (e.g., AXIS, CADIMA, or Rayyan) will enhance the robustness of future literature synthesis and ensure hypotheses are substantiated by high-standard evidence.

Looking forward, these planned advancements in scalability, generalizability, robustness, and computational efficiency will position RGNN as a practical solution for securing diverse IoT domains, such as smart agriculture, industrial automation, and swarm robotics, fostering resilient IoT ecosystems amid evolving cyber-physical threats.