AI-Driven Intrusion Detection System Using Graph Neural Networks for Cloud Environments

Journal of Advanced Engineering Technology and Management

ISSN (Online): 3049-3684  

Volume: 1 Issue: 1 | Open Access | 20 Nov 2025

AI-Driven Intrusion Detection System Using Graph Neural Networks for Cloud Environments

Deepti Chandra, B. Tech Student, Jadavpur University

Abstract: Cloud environments present dynamic, multi-tenant, and highly connected infrastructures where attacks often manifest as relational patterns (lateral movement, service-to-service misuse, multi-step attacks). Traditional per-flow or per-host classifiers ignore relational structure and temporal interactions. This paper proposes GNN-Cloud-IDS, an AI-driven intrusion detection system that models cloud telemetry (network flows, API calls, IAM events, and VM/container relationships) as heterogeneous, temporal graphs and applies Graph Neural Networks (GNNs) — combining GraphSAGE/GAT-style encoders with temporal aggregation — to detect multi-stage intrusions and anomalous behavior in cloud environments. We describe graph construction, model architecture, training strategies, handling class imbalance, and privacy-preserving deployment options. We evaluate the approach using public IDS datasets (CICIDS2017, UNSW-NB15) adapted to graph formats and report detection performance improvements compared to baseline deep classifiers reported in literature. Our findings suggest GNNs effectively capture relational cues in cloud telemetry and are promising for cloud IDS deployments when combined with scalable graph construction and sampling strategies. [Kipf & Welling 2017; Veličković et al. 2018; UNSW-NB15; CICIDS2017].

Keywords: Graph Neural Networks, Intrusion Detection System, Cloud Security, Temporal Graphs, CICIDS2017, UNSW-NB15, GraphSAGE, GAT.

Download Article 

References

[1] NIST, S. Rose, O. Borchert, S. Mitchell, and S. Connelly, Zero Trust Architecture, NIST Special Publication 800-207, Aug. 2020. (Background on architectural needs for per-request authorization; used to motivate cloud security requirements).

[2] M. Zhong, X. Zhang, and Y. Li, “A survey on graph neural networks for intrusion detection,” Computers & Security, 2024.

[3] E. Androulaki, A. Barger, V. Bortnikov, et al., “Hyperledger Fabric: A distributed operating system for permissioned blockchains,” arXiv, Jan. 2018. (Included as example of enterprise system design patterns — cited for architectural comparisons and ledger references where relevant).

[4] D. H. Tran, N. T. Nguyen, and H. T. Nguyen, “FN-GNN: A novel graph embedding approach for flow-based intrusion detection,” Applied Sciences, 2024. (Example flow→graph conversion and GNN application.)

[5] T. N. Kipf and M. Welling, “Semi-Supervised Classification with Graph Convolutional Networks,” ICLR (preprint), 2017. (Core GCN model).

[6] P. Veličković, G. Cucurull, A. Casanova, et al., “Graph Attention Networks,” ICLR, 2018. (GAT model).

[7] D. Arrieta, N. Díaz-Rodríguez, J. Del Ser, et al., “Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI,” Information Fusion, vol. 58, pp. 82–115, 2020. (XAI background, applied to GNN explainability).

[8] W. Hamilton, R. Ying, and J. Leskovec, “Inductive representation learning on large graphs,” NeurIPS, 2017. (GraphSAGE — inductive learning and neighborhood sampling techniques).

[9] E. C. P. Neto, J. R. Silva, and B. P. Rocha, “Deep learning for intrusion detection in emerging technologies: Survey and future directions,” Intell. Data Anal. / Springer, 2025. (Survey of DL methods for IDS).

[10] Information Technology Centre, CIC, “CICIDS2017 Dataset,” University of New Brunswick, 2017. (Dataset details and usage).

[11] N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems,” MilCIS, 2015. (UNSW-NB15 dataset).

[12] “GNN-IDS: Graph Neural Network based Intrusion Detection,” ACM Digital Library / Conference Proceedings, (authors and year vary by version) — prototype GNN-IDS designs and evaluations.

[13] “GNN-based Traffic Anomaly Detection on CIC/UNSW,” various preprints and arXiv works detailing flow→graph conversions and evaluation practices, 2021–2024. (Representative papers aggregated in the survey [2]).

[14] M. S. Dawood, “Optimized explicit feature interaction-aware graph neural methods for intrusion detection,” Future Generation Computer Systems, 2026. (Recent advances in graph feature engineering).

[15] “Performance Analysis of a Hyperledger Fabric Blockchain Framework: throughput, latency and scalability,” M. Kuzlu, M. Pipattanasomporn, and L. Gurses, Proc. IEEE Blockchain 2019. (Cited for architectural and performance tradeoffs where distributed/cloud references discussed earlier).

[16] Research articles and preprints (2023–2026) on converting flow datasets to graphs and the impact on IDS detection quality (see repository entries and conference papers linked in the GNN-IDS survey).

[17] “Graph Neural Network–Based Adaptive Threat Detection,” recent arXiv preprints (2025) exploring temporal/heterogeneous graph models for cloud IAM and telemetry.

[18] GNN-IDS and related implementations published in conference proceedings and ACM DL (2024–2026) showing practical GNN architectures for IDS tasks.

[19] “Graph Embedding for GNN in Intrusion Detection,” ICOIN/ICONS abstracts (2024) showing graph embedding pipelines for CIC-IDS datasets.

[20] Survey and datasets references (Kaggle UNSW mirrors, dataset documentation) for reproducibility and public dataset access.




Submit your article for peer review and publication. You can email your paper to info@iqrjournals.com, or editor@iqrjournals.com. You can expect to get an instant reply from the team. IQR Journals take 5 working days for first decision, 10 days for review process and 5 days for publication (upon acceptance of your article).