Abstract
The rapid expansion of Internet of Things deployments has introduced significant challenges in trust management and certificate lifecycle administration. Traditional Public Key Infrastructure mechanisms struggle with the scalability and responsiveness demands of large-scale IoT environments. This paper proposes a graph neural network-based framework that integrates trust propagation with intelligent certificate revocation decision-making. We develop a graph attention-based trust propagation model that captures relational dynamics among IoT devices through multi-head attention mechanisms with explicit temporal decay factors. Additionally, we design an adaptive revocation decision algorithm that synthesizes trust embeddings, behavioral anomaly indicators, and topological features to generate risk scores for certificate management. Experimental evaluation across networks comprising up to 102,400 devices demonstrates that our approach achieves trust propagation accuracy exceeding 89% and revocation decision F1 scores of 0.904, with median response latency under five seconds. The proposed framework outperforms the evaluated baseline methods, including traditional reputation-based approaches and standard graph convolutional networks, in both accuracy and computational efficiency within the considered experimental settings, providing a practical solution for securing large-scale IoT infrastructures.
Similar content being viewed by others
Data availability
All data generated and analyzed during the current study are available from the corresponding author upon reasonable request.
Abbreviations
- IoT:
-
Internet of Things
- PKI:
-
Public Key Infrastructure
- CRL:
-
Certificate Revocation List
- OCSP:
-
Online Certificate Status Protocol
- GNN:
-
Graph Neural Network
- GCN:
-
Graph Convolutional Network
- GAT:
-
Graph Attention Network
- MPNN:
-
Message Passing Neural Network
- MLP:
-
Multilayer Perceptron
- CT:
-
Certificate Transparency
- AUC:
-
Area Under Curve
- ROC:
-
Receiver Operating Characteristic
- GPU:
-
Graphics Processing Unit
- RAM:
-
Random Access Memory
References
Dong, G. et al. Graph neural networks in IoT: A survey. ACM Trans. Sens. Netw. 19(2), 1–50 (2023).
Khan, S. et al. A survey on X.509 public-key infrastructure, certificate revocation, and their modern implementation on blockchain and ledger technologies. IEEE Commun. Surv. Tutor. 25(4), 2529–2568 (2023).
Sagar, S. et al. Understanding the trustworthiness management in the social internet of things: A survey. Comput. Netw. 251, Article 110611 (2024).
Bilot, T., El Madhoun, N., Agha, K. A. & Zouaoui, A. Graph neural networks for intrusion detection: A survey. IEEE Access 11, 49114–49139 (2023).
Wu, Z. et al. A comprehensive survey on graph neural networks. IEEE Trans. Neural Netw. Learn. Syst. 32(1), 4–24 (2021).
Ahanger, A. S., Khan, S. M., Masoodi, F. S. & Salau, A. O. Advanced intrusion detection in internet of things using graph attention networks. Sci. Rep. 15, Article 9831 (2025).
Singh, A., Chatterjee, K. & Satapathy, S. C. TRIDS: An intelligent behavioural trust based IDS for smart healthcare system. Cluster Comput. 26(2), 903–925 (2023).
Namdari, H., Avalos, V. M., Alshehri, A., Tunc, C. & Dantu, R. Enhanced trust in IoT environments: Utilizing perfect Bayesian equilibrium, exponential smoothing, and machine learning. Cluster Comput. 28, Article 572 (2025).
Hammi, B., Adja, A., Serhrouchni, A. & Zeadally, S. A Blockchain-based certificate revocation management and status verification system. Comput. Secur. 104, Article 102199 (2021).
Awan, K. A., Uddin, I., Almogren, A., Han, Z., Guizani, M. TrustAware-GNN: Graph-Neural-Network-Based Trust Management for IoT Anomaly Detection. IEEE Internet of Things Journal (2025).
Ahmadi, A. A trust based anomaly detection scheme using a hybrid deep learning model for IoT routing attacks mitigation. IET Inf. Secur. 2024, Article 4449798 (2024).
Tfaily, F. A. et al. Graph-based federated learning approach for intrusion detection in IoT networks. Sci. Rep. 15, Article 41264 (2025).
Liang, S. Survey of graph neural networks and applications. Wirel. Commun. Mob. Comput. 2022, Article 9261537 (2022).
Kipf, T. N., Welling, M. Semi-Supervised Classification with Graph Convolutional Networks. In: Proceedings of the 5th International Conference on Learning Representations (ICLR) (2017).
Veličković, P., Cucurull, G., Casanova, A., Romero, A., Liò, P., Bengio, Y., Graph Attention Networks, In: Proceedings of the 6th International Conference on Learning Representations (ICLR) (2018).
Gilmer, J., Schoenholz, S. S., Riley, P. F., Vinyals, O., Dahl, G. E. Neural Message Passing for Quantum Chemistry. In: Proceedings of the 34th International Conference on Machine Learning, pp. 1263–1272 (2017).
Zhou, Y., Huo, H., Hou, Z. & Bu, F. A deep graph convolutional neural network architecture for graph classification. PLoS ONE 18(3), e0279604 (2023).
Bhatti, U. A. Deep learning with graph convolutional networks: An overview and latest applications in computational intelligence. Int. J. Intell. Syst. 2023, 8342104 (2023).
Verma, R. & Chandra, S. RepuTE: A soft voting ensemble learning framework for reputation-based attack detection in Fog-IoT milieu. Eng. Appl. Artif. Intell. 119, 106601 (2023).
Arshad, D. et al. THC-RPL: A lightweight trust-enabled routing in RPL-based IoT networks against Sybil attack. PLoS ONE 17(7), e0271277 (2022).
Yu, Z. et al. KGTrust: Evaluating Trustworthiness of SIoT via Knowledge Enhanced Graph Neural Networks. Proceedings of the ACM Web Conference 2023, 727–736 (2023).
Hassan, J., Sohail, A., Awad, A. I. & Zaka, M. A. LETM-IoT: A lightweight and efficient trust-based mechanism for Sybil attacks in Internet of Things networks. Ad Hoc Netw. 163, 103576 (2024).
Rajan, A., Jithish, J., Sankaran, S. Sybil Attack in IoT: Modelling and Defenses. in Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2323–2327 (2017).
Burange, A. W., Deshmukh, V. M., Thakare, Y. A. & Shelke, N. A. Safeguarding the Internet of Things: Elevating IoT routing security through trust management excellence. Comput. Stand. Interfaces. 90, 103856 (2024).
Mekala, S. H., Baig, Z., Anwar, A. & Zeadally, S. Cybersecurity for industrial IoT (IIoT): Threats, countermeasures, challenges and future directions. Comput. Commun. 208, 294–320 (2023).
Höglund, J., Lindemer, S., Furuhed, M. & Raza, S. PKI4IoT: Towards public key infrastructure for the Internet of Things. Comput. Secur. 89, 101658 (2020).
Höglund, J., Furuhed, M. & Raza, S. Lightweight certificate revocation for low-power IoT with end-to-end security. J. Inf. Secur. Appl. 73, Article 103424 (2023).
Liu, Y., Tome, W., Zhang, L., Choffnes, D., Levin, D., Maggs, B., Mislove, A., Schulman, A., Wilson, C. An End-to-end Measurement of Certificate Revocation in the Web’s PKI. in Proceedings of the Internet Measurement Conference (IMC), pp. 183–196 (2015).
Shi, X., Shi, S., Wang, M., Kaunisto, J., Qian, C. "On-device IoT Certificate Revocation Checking with Small Memory and Low Latency," in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1118–1134, 2021.
Singla, A., Bertino, E. Blockchain-Based PKI Solutions for IoT. In: Proceedings of the 4th IEEE International Conference on Collaboration and Internet Computing (CIC), pp. 9–15 (2018).
Zhong, Z., Li, C. T. & Pang, J. Hierarchical message-passing graph neural networks. Data Min. Knowl. Discov. 37(1), 381–408 (2023).
Adam, M., Hammoudeh, M., Alrawashdeh, R. & Alsulaimy, B. A survey on security, privacy, trust, and architectural challenges in IoT systems. IEEE Access 12, 57128–57149 (2024).
Wang, Y., Han, Z., Li, J. & He, X. BS-GAT: A network intrusion detection system based on graph neural network for edge computing. Cybersecurity 8, Article 27 (2025).
Wu, J. et al. Federated learning for network attack detection using attention-based graph neural networks. Sci. Rep. 14, 19088 (2024).
Liu, C., Sun, Y., Davis, R., Cardona, S. T. & Hu, P. ABT-MPNN: An atom-bond transformer-based message-passing neural network for molecular property prediction. J. Cheminform. 15, Article 29 (2023).
Wang, Y., Han, Z., Li, J., He, X. BS-GAT Behavior Similarity Based Graph Attention Network for Network Intrusion Detection. arXiv preprint arXiv:2304.07226, (2023).
Wang, B., Cheng, L., Sheng, J., Li, S. & Liu, D. Graph convolutional networks fusing motif-structure information. Sci. Rep. 12, Article 10735 (2022).
Wu, S., Xiong, Y., Liang, H. & Weng, C. D2-GCN: A graph convolutional network with dynamic disentanglement for node classification. Front. Comput. Sci. 19(1), Article 191305 (2025).
Lo, W. W., Layeghy, S., Sarhan, M., Gallagher, M., Portmann, M. E-GraphSAGE: A Graph Neural Network Based Intrusion Detection System for IoT. in Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 1–9, (2022).
Li, Y., Tarlow, D., Brockschmidt, M., Zemel, R. Gated Graph Sequence Neural Networks. in Proceedings of the 4th International Conference on Learning Representations (ICLR) (2016).
Wang, X. et al. Federated deep learning for anomaly detection in the Internet of Things. Comput. Electr. Eng. 108, 108651 (2023).
Peng, K., Xiao, P., Wang, S. & Leung, V. C. M. SCOF: Security-aware computation offloading using federated reinforcement learning in Industrial Internet of Things with edge computing. IEEE Trans. Serv. Comput. 17(4), 1780–1792 (2024).
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L. & Janicke, H. Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access 10, 40281–40306 (2022).
Zhong, M., Lin, M., Zhang, C. & Xu, Z. A survey on Graph Neural Networks for Intrusion Detection Systems: Methods, trends and challenges. Comput. Secur. 141, 103821 (2024).
Tran, D. H. & Park, M. FN-GNN: A novel graph embedding approach for enhancing Graph Neural Networks in Network Intrusion Detection Systems. Appl. Sci. 14(16), 6932 (2024).
Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M. NetFlow Datasets for Machine Learning-Based Network Intrusion Detection Systems. in Big Data Technologies and Applications (BDTA 2020, WiCON 2020), Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 371, pp. 117–135, Springer (2021).
Abu-El-Haija, S., Perozzi, B., Kapoor, A., Alipourfard, N., Lerman, K., Harutyunyan, H., Ver Steeg, G., Galstyan, A. MixHop: Higher-Order Graph Convolutional Architectures via Sparsified Neighborhood Mixing. in Proceedings of the 36th International Conference on Machine Learning, pp. 21–29 (2019).
Zhou, H., Zhou, J. & Jia, X. Towards robust and privacy-preserving federated learning in edge computing. Comput. Netw. 243, 110291 (2024).
Fenanir, S. & Semchedine, F. Smart intrusion detection in IoT edge computing using federated learning. Rev. Intell. Artif. 37(5), 1133–1145 (2023).
Pujol-Perich, D., Suárez-Varela, J., Cabellos-Aparicio, A. & Barlet-Ros, P. Unveiling the potential of graph neural networks for robust intrusion detection. ACM SIGMETRICS Perform. Eval. Rev. 49(4), 111–117 (2022).
Aminifar, A., Shokri, M. & Aminifar, A. Privacy-preserving edge federated learning for intelligent mobile-health systems. Future Gener. Comput. Syst. 161, 625–637 (2024).
Zhang, H. et al. Trustworthy graph neural networks: Aspects, methods, and trends. Proc. IEEE 112(2), 97–139 (2024).
Dritsas, E. & Trigka, M. Federated learning for IoT: A survey of techniques, challenges, and applications. J. Sens. Actuator Netw. 14(1), 9 (2025).
Funding
No funding was received for this research.
Author information
Authors and Affiliations
Contributions
Wenlong Han: Conceptualization, Methodology, Writing – original draft, Project administration. Muheng Sui: Software, Formal analysis, Validation. Yi Gao: Data curation, Experiments, Visualization. Pengfei Tao: Investigation, Resources, Writing – review & editing. Donghong Zheng: Supervision, Writing – review & editing. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Ethics approval and consent to participate
Not Applicable. This study involves computational analysis of IoT device interaction data and does not involve human participants, human tissue, or identifiable personal data. The dataset was collected from device-level communication logs in a smart campus deployment with appropriate institutional authorization.
Consent for publication
All authors have reviewed the manuscript and consent to its publication. No identifiable information regarding participants has been included.
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Han, W., Sui, M., Gao, Y. et al. GNN-based trust propagation and intelligent certificate revocation decision mechanism for large-scale IoT networks. Sci Rep (2026). https://doi.org/10.1038/s41598-026-43310-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-026-43310-4
