Graph Neural Networks for Real-Time Cyber Threat Intelligence in LargeScale Networks

Abstract

The increasing complexity and scale of modern network infrastructures have made realtime cyber threat intelligence (CTI) a crucial requirement for ensuring security and resilience. Traditional machine learning approaches struggle with capturing intricate relationships between network entities, limiting their effectiveness in detecting advanced cyber threats. Graph Neural Networks (GNNs) offer a powerful solution by leveraging graph-based representations to model complex network structures and interactions, enabling more accurate anomaly detection and predictive threat analysis. This study presents a GNN-based framework for real-time cyber threat intelligence in large-scale networks, focusing on detecting zero-day attacks, advanced persistent threats (APTs), and lateral movement patterns. The proposed model integrates heterogeneous graph embeddings, attention mechanisms, and temporal graph networks to enhance threat detection capabilities. Extensive experiments using real-world cybersecurity datasets, including UNSW-NB15 and CIC-IDS2018, demonstrate that our approach achieves higher detection accuracy, lower false positive rates, and improved scalability compared to conventional deep learning models. The results highlight the effectiveness of GNNs in capturing complex threat propagation patterns, making them a promising tool for proactive cybersecurity strategies in large-scale networks.