Unified Cybersecurity Threat Detection Using Graph Neural Networks on Multi-Modal Network Data

Abstract

The blistering development of interrelated infrastructures, including cloud systems, the Internet of Things (IoT), and mobile networks, has intensively extended the cyber-attack surface so that the previously used intrusion detection systems (IDS) are no longer effective in countering the emerging threats and those of the third generation (0-day). The suggested research is the Unified Graph Neural Network (U-GNN) which is an intrusion detection framework that analyzes flow-level and packet-level data together in a single heterogeneous graph representation. The framework incorporates Lightweight Graph Attention Networks (Light-GAT) to introduce relational dependencies among the network entities and to enable scalability in edge computing environments. The suggested system passes through the pre-processing steps that include normalization, SMOTE-based class balancing, and weighted inter-entity communication links drawing graphs. Experimental comparison to CICIDS2017 and UNSW-NB15 datasets shows that the model has a high level of performance with the accuracy of 97.83, F1-score of 97.00 and AUC of 0.981 which is better than the performance of the traditional SVM, Random Forest, Deep Neural Network and unimodal GCN models. Also, knowledge distillation methods cut down on model parameters by 40 percent without affecting the accuracy, and the addition of GNNExplainer made models more interpretable by visualizing influential subgraphs that cause anomaly detection. The findings validate the claim that multi-modal feature fusion and attention-based aggregation can significantly enhance detection accuracy and generalization on a variety of categories of attacks. The suggested U-GNN presents an equilibrium between precision, understandability and the computational efficiency, which is appropriate when real-time and resource limited intrusion detection systems are required. The next generation of work will cover federated training and adaptive learning processes to continuously evolve cyber-threats, which will entrench the framework into the next generation of intelligent cybersecurity.

Introduction

The document proposes a Graph Neural Network (GNN)-based Intrusion Detection System (IDS) designed to improve cybersecurity in modern interconnected networks such as cloud, IoT, and mobile environments. As digital systems expand, the cyber-attack surface increases, exposing networks to threats like APT attacks, DDoS, and insider attacks. Traditional signature-based and machine learning-based IDS struggle to detect unknown (zero-day) attacks and fail to capture relationships between network entities.

To overcome these limitations, the study introduces a graph-based approach, where network components (hosts, users, devices, sessions) are modeled as nodes, and communications are modeled as edges. This structure allows the system to detect hidden relational and topological attack patterns that conventional methods may miss.

The research highlights the effectiveness of Graph Neural Networks (GNNs), particularly Lightweight Graph Attention Networks (Light-GAT), for intrusion detection. GNNs can learn structural dependencies, improve anomaly detection, and outperform traditional deep learning models in recognizing complex threats. However, standard GNNs are computationally expensive and lack interpretability.

To address these issues, the proposed framework introduces:

• Multi-modal integration (flow-level + packet-level data)

• Lightweight GNN design for edge deployment

• Model compression techniques (pruning, distillation)

• Explainable AI tools (e.g., GNNExplainer) for transparency

The system is evaluated using benchmark datasets CICIDS2017 and UNSW-NB15, achieving high performance (e.g., 98.4% accuracy and 0.97 F1-score). The methodology includes data preprocessing, SMOTE balancing, heterogeneous graph construction, and training using the Light-GAT model in a PyTorch-based environment.

Overall, the research aims to develop an interpretable, scalable, and lightweight GNN-based IDS that combines multi-modal data, improves detection accuracy, supports real-time deployment, and enhances trust through explainability.

References

[1] Alarab, I., & Prakoonwit, S. (2023). Graph-Based LSTM for Anti-money Laundering: Experimenting Temporal Graph Convolutional Network with Bitcoin Data. Neural Processing Letters. https://doi.org/10.1007/s11063-022-10904-8 [2] Deldar, F., Abadi, M., & Ebrahimifard, M. (2022). Android Malware Detection Using One-Class Graph Neural Networks. ISeCure. https://doi.org/10.22042/isecure.2022.14.3.6 [3] Drewek-Ossowicka, A., Pietro?aj, M., & Rumi?ski, J. (2021). A survey of neural networks usage for intrusion detection systems. Journal of Ambient Intelligence and Humanized Computing. https://doi.org/10.1007/s12652-020-02014-x [4] Duan, G., Lv, H., Wang, H., & Feng, G. (2023). Application of a Dynamic Line Graph Neural Network for Intrusion Detection With Semisupervised Learning. IEEE Transactions on Information Forensics and Security. https://doi.org/10.1109/TIFS.2022.3228493 [5] Hou, X., Qi, P., Wang, G., Ying, R., Huang, J., He, X., & Zhou, B. (2021). Graph Ensemble Learning over Multiple Dependency Trees for Aspect-level Sentiment Classification. NAACL-HLT 2021 - 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Proceedings of the Conference. https://doi.org/10.18653/v1/2021.naacl-main.229 [6] Jalving, J., Cao, Y., & Zavala, V. M. (2019). Graph-based modeling and simulation of complex systems. Computers and Chemical Engineering. https://doi.org/10.1016/j.compchemeng.2019.03.009 [7] Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity. https://doi.org/10.1186/s42400-019-0038-7 [8] Korium, M. S., Saber, M., Beattie, A., Narayanan, A., Sahoo, S., & Nardelli, P. H. J. (2024). Intrusion detection system for cyberattacks in the Internet of Vehicles environment. Ad Hoc Networks. https://doi.org/10.1016/j.adhoc.2023.103330 [9] Laghrissi, F. E., Douzi, S., Douzi, K., & Hssina, B. (2021). Intrusion detection systems using long short-term memory (LSTM). Journal of Big Data. https://doi.org/10.1186/s40537-021-00448-4 [10] Lasbahani, A., Tahri, R., Jarrar, A., & Balouki, Y. (2023). A New Centralized Detection-Based Process for Evaluating Anomalies and Analyzing the First Causes Using Machine Learning and Web Semantic. International Journal of Online and Biomedical Engineering. https://doi.org/10.3991/ijoe.v19i03.30079 [11] Liao, Y., Zhao, G., & Wang, J. (2020). Autonomous Cognitive Model and Analysis for Survivable System. Mathematical Problems in Engineering. https://doi.org/10.1155/2020/3618284 [12] Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks. https://doi.org/10.1177/1550147717741463 [13] Masood, S., & Zafar, A. (2024). Deep-efficient-guard: securing wireless ad hoc networks via graph neural network. International Journal of Information Technology (Singapore). https://doi.org/10.1007/s41870-023-01702-z [14] Otala, J., Minard, A., Madraki, G., & Mousavian, S. (2021). Graph-based modeling in shop scheduling problems: Review and extensions. In Applied Sciences (Switzerland). https://doi.org/10.3390/app11114741 [15] Patil, S., Varadarajan, V., Mazhar, S. M., Sahibzada, A., Ahmed, N., Sinha, O., Kumar, S., Shaw, K., & Kotecha, K. (2022). Explainable Artificial Intelligence for Intrusion Detection System. Electronics (Switzerland). https://doi.org/10.3390/electronics11193079 [16] Schiller, E., Aidoo, A., Fuhrer, J., Stahl, J., Ziörjen, M., & Stiller, B. (2022). Landscape of IoT security. In Computer Science Review. https://doi.org/10.1016/j.cosrev.2022.100467 [17] Seo, M., Jeong, E., & Kim, K. S. (2023). Multi-Class fNIRS Classification Using an Ensemble of GNN-Based Models. IEEE Access. https://doi.org/10.1109/ACCESS.2023.3339647 [18] Shah, Z., Ullah, I., Li, H., Levula, A., & Khurshid, K. (2022). Blockchain Based Solutions to Mitigate Distributed Denial of Service (DDoS) Attacks in the Internet of Things (IoT): A Survey. In Sensors. https://doi.org/10.3390/s22031094 [19] Veeramreddy, J., & Vaddella, R. P. V. (2016). Anomaly-based network intrusion detection through assessing feature association impact scale. International Journal of Information and Computer Security. https://doi.org/10.1504/IJICS.2016.079185 [20] Venkatapathy, S., Votinov, M., Wagels, L., Kim, S., Lee, M., Habel, U., Ra, I. H., & Jo, H. G. (2023). Ensemble graph neural network model for classification of major depressive disorder using whole-brain functional connectivity. Frontiers in Psychiatry. https://doi.org/10.3389/fpsyt.2023.1125339 [21] Wani, S., Imthiyas, M., Almohamedh, H., Alhamed, K. M., Almotairi, S., & Gulzar, Y. (2021). Distributed denial of service (Ddos) mitigation using blockchain—a comprehensive insight. In Symmetry. https://doi.org/10.3390/sym13020227 [22] Yang, J., Chen, Z., Sun, H., & Samanta, A. (2023). Graph-EAM: An Interpretable and Efficient Graph Neural Network Potential Framework. Journal of Chemical Theory and Computation. https://doi.org/10.1021/acs.jctc.3c00344 [23] Zeng, Z., Wang, C., Ma, F., Wang, P., & Wang, H. (2024). Multiple-model and time-sensitive dynamic active learning for recurrent graph convolutional network model extraction attacks. International Journal of Machine Learning and Cybernetics. https://doi.org/10.1007/s13042-023-01916-4 [24] Zhang, B. C., Hu, G. Y., Zhou, Z. J., Zhang, Y. M., Qiao, P. L., & Chang, L. L. (2017). Network intrusion detection based on directed acyclic graph and belief rule base. ETRI Journal. https://doi.org/10.4218/etrij.17.0116.0305 [25] Zhang, Q., Cai, L., Liao, N., Lu, Y., Zhang, J., Zhang, C., & Zeng, K. (2024). Work Function Prediction by Graph Neural Networks for Configurationally Hybridized Boron-Doped Graphene. Langmuir. https://doi.org/10.1021/acs.langmuir.4c00228 [26] Zhao, L., Song, Y., Zhang, C., Liu, Y., Wang, P., Lin, T., Deng, M., & Li, H. (2020). T-GCN: A Temporal Graph Convolutional Network for Traffic Prediction. IEEE Transactions on Intelligent Transportation Systems. https://doi.org/10.1109/TITS.2019.2935152

Copyright

Copyright © 2026 Pawan Yadav, Dr. Preeti Gupta. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.