Paper Type
Complete
Abstract
Graph Neural Networks (GNNs) are increasingly employed in network security, leveraging graph-structured data to capture complex interdependencies often overlooked by conventional cybersecurity systems. In this paper, we systematically review key GNN flavors—convolution, attention, and message-passing—highlighting their application to diverse security objectives. We demonstrate how graph-based representations naturally encode relational information critically for detecting network attacks. Building on fundamental message-passing concepts, we show how these mechanisms can emphasize critical connections, while hybrid and temporal GNN models address heterogeneous and evolving threats. Furthermore, we examine network security applications at the node, edge, and graph levels, illustrating how GNN embeddings translate into practical threat identification and classification. By bridging foundational theory, diverse use cases, and implementation trade-offs, this paper offers researchers and practitioners a guide to harnessing GNNs for robust, forward- thinking network security systems.
Paper Number
1728
Recommended Citation
Zhang, Xiao, "Graph Neural Networks in Network Security: From Theoretical Foundations to Applications" (2025). AMCIS 2025 Proceedings. 10.
https://aisel.aisnet.org/amcis2025/sig_odis/sig_odis/10
Graph Neural Networks in Network Security: From Theoretical Foundations to Applications
Graph Neural Networks (GNNs) are increasingly employed in network security, leveraging graph-structured data to capture complex interdependencies often overlooked by conventional cybersecurity systems. In this paper, we systematically review key GNN flavors—convolution, attention, and message-passing—highlighting their application to diverse security objectives. We demonstrate how graph-based representations naturally encode relational information critically for detecting network attacks. Building on fundamental message-passing concepts, we show how these mechanisms can emphasize critical connections, while hybrid and temporal GNN models address heterogeneous and evolving threats. Furthermore, we examine network security applications at the node, edge, and graph levels, illustrating how GNN embeddings translate into practical threat identification and classification. By bridging foundational theory, diverse use cases, and implementation trade-offs, this paper offers researchers and practitioners a guide to harnessing GNNs for robust, forward- thinking network security systems.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGODIS