Abstract: Aiming at the heterogeneity of network devices and the complex correlation among devices in the internet of things intrusion detection, this paper proposed a GraphSAGE-GAT model based on the graph neural network, which could effectively capture the correlation between internet of things devices and reduced the communication topology between internet of things devices, so as to improve the accuracy rate of internet of things anomaly detection. Firstly, the device association graph was constructed based on the network flow data among iot devices, and then the graph sample and aggregate algorithm was used to sample adjacent device nodes, so that the embedded information representation of device nodes could be enhanced by using the information of interconnected device nodes. Then, through the graph attention network, the correlation weight was automatically learned for the relationship between the extracted associated device nodes, and the representation of the associated device nodes was further fused through the multi-layer aggregation function to obtain the embedded representation vector of the device association graph nodes, so as to further enhance the representation capability of each device node. Finally, the benign and offensive classification of device network node samples was realized according to the fused graph node embedding representation vector. Based on the data sets NF-ToN-IoT-v2 and NF-BoN-IoTv2, the experiment results show that the accuracy of the proposed model of GraphSAGE-GAT in IoT intrusion detection is as high as 97. 25% and 98. 62%, respectively, both of which are superior to the latest baseline detection models. Therefore, the model GraphSAGE-GAT proposed in this paper can further guarantee the communication security of network data.