A novel hybrid approach combining GCN and GAT for effective anomaly detection from firewall logs in campus networks

Abstract

Anomaly detection is essential in domains like network monitoring, fraud detection, and cybersecurity, where it is vital to identify unusual patterns early on to avert possible harm. The complexity and scale of contemporary graph-structured networks are frequently too much for conventional anomaly detection techniques to handle. However, graph neural networks (GNNs), including graph convolutional networks (GCN), graph attention networks (GAT), and graph sample and aggregate (GraphSAGE), have become successful alternatives. This study obtains anomaly detection findings by independently using the GCN, GAT, and GraphSAGE models on the same dataset. In addition to the anomaly detection derived from separate models, we provide a novel hybrid anomaly detection model that combines the advantages of GCN and GAT. By utilizing GCN’s capacity to collect global structural data and GAT’s attention mechanism to enhance local node interactions, we aim to improve the accuracy of the hybrid model anomaly detection. Particularly in dynamic and expansive graph contexts, this combination enhances detection sensitivity and processing efficiency. According to our experimental findings, the hybrid model performs better than the separate GCN, GAT, and GraphSAGE models in terms of recall (0.9904%), accuracy (0.9904%), precision (0.9843%), and f1 score (0.9872%). The high success rate achieved in detecting various cyberattacks within the utilized dataset demonstrates that this method provides an especially effective solution in fields such as cybersecurity and financial fraud detection, where highly accurate anomaly detection systems are required for analyzing dynamic and large-scale graph data. The suggested method is a reliable option for real-time anomaly identification in intricate network environments since it demonstrates notable gains in identifying both local and global anomalies.