A Hub-Centric Graph Neural Network for Scalable Intrusion Detection – Volume 12 Issue 5

Intrusion detection is a critical component of modern cybersecurity, particularly as network traffic continues to increase in scale and complexity. Traditional machine learning methods have achieved promising results but often fail to capture the relational dependencies among network entities. Graph Neural Networks (GNNs) offer an effective framework for learning from graph-structured data, enabling the modeling of such relationships. However, applying GNNs directly to large-scale intrusion datasets poses scalability challenges due to the vast number of nodes and potential interconnections. In this study, we propose a hub-centric graph construction approach where Internet Protocol (IP) addresses act as hub nodes, and all traffic records associated with the same IP are connected to the hub. This strategy reduces graph density and enhances scalability without significant loss of structural information. The proposed GNN model, implemented using a four-layer SAGEConv architecture, achieved an accuracy of 80% on the UNSW-NB15 dataset [1]. Although traditional models such as Random Forest reached a higher accuracy of 96%, the GNN demonstrated stronger relational learning and better generalization to complex, non-linear, and previously unseen attack patterns.

This research presents a hub-centric GNN for scalable intrusion detection using the UNSW-NB15 dataset [1]. By leveraging IP addresses as hub nodes, the approach reduces graph complexity while retaining essential structural dependencies. The proposed model achieved an accuracy of 83%, demonstrating its effectiveness in learning relational patterns across network flows. Although traditional algorithms such as Random Forest achieved higher accuracy, the GNN’s ability to capture inter-node correlations offers superior adaptability to non-linear and evolving attack patterns.

[1] N. Moustafa and J. Slay, “UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 Network Data Set),” in *2015 Military Communications and Information Systems Conference (MilCIS)*, IEEE, 2015, pp. 1–6, doi: 10.1109/MilCIS.2015.7348942. [2] G. Indira Bharathi, K. Anandh, and A. Prasanna, “Network Intrusion Detection System Using Random Forest and Gradient Boosting Machines,” in *2024 2nd International Conference on Computing and Information Technology (CONIT)*, IEEE, 2024, pp. 1–6, doi: 10.1109/CONIT60122.2024.00045. [3] T. Wisanwanichthan and M. Thammawichai, “A Double-Layered Hybrid Approach for Network Intrusion Detection System Using Combined Naïve Bayes and SVM,” IEEE Access, vol. 9, pp. 137818–137830, 2021, doi: 10.1109/ACCESS.2021.3118573. [4] A. Ahmim, I. Amri, M. H. Abid, and M. Aliouat, “Distributed Denial of Service Attack Detection for the Internet of Things Using a Hybrid Deep Learning Model,” IEEE Access, vol. 10, pp. 69414–69426, 2022, doi: 10.1109/ACCESS.2022.3192665. [5] L. Zou, J. Wang, and X. Jiang, “Network Intrusion Detection Based on Hierarchical Clustering and Twin SVM,” IEEE Access, vol. 8, pp. 68543–68552, 2020, doi: 10.1109/ACCESS.2020.2986957. [6] Z. Hu, J. Li, and Y. Zhang, “GRID: A Graph Representation-Based Intrusion Detection Framework Using Graph Random State Embedding,” IEEE Access, vol. 9, pp. 102834–102847, 2021, doi: 10.1109/ACCESS.2021.3096994. [7] M. Zhong, M. Lin, C. Zhang, and Z. Xu, “A Survey on Graph Neural Networks for Intrusion Detection Systems: Methods, Trends and Challenges,” College of Computer and Cyber Security, Fujian Normal University, Fuzhou, 350117, Fujian, China, 2023.

Call for Paper (Hub) Fast Paper Publication IJCT Indexing & Databases Submit Manuscript Call for Paper: Sep–Oct 2025 Call for Paper: Publish Research