Новая гибридная модель обнаружения аномалий с использованием ансамблевого машинного обучения и федеративных графовых нейронных сетей для обеспечения сетевой безопасности
Работая с сайтом, я даю свое согласие на использование файлов cookie. Это необходимо для нормального функционирования сайта, показа целевой рекламы и анализа трафика. Статистика использования сайта обрабатывается системой Яндекс.Метрика
Научный журнал Моделирование, оптимизация и информационные технологииThe scientific journal Modeling, Optimization and Information Technology
Online media
issn 2310-6018

A novel hybrid anomaly detection model using federated graph neural networks and ensemble machine learning for network security

idArm A., idLyapuntsova E.V.

UDC 303.734
DOI: 10.26102/2310-6018/2025.49.2.044

  • Abstract
  • List of references
  • About authors

Traditional network intrusion detection systems have increasingly complex challenges as the sophistication and frequency of cyber-attacks grow. This research proposes federated ensemble graph-based network as a novel hybrid approach to anomaly detection that increases detection performance while minimizing false positives. This new framework relies on federated graph neural networks combined with ensemble approaches using three highly recognized machine learning techniques –Random Forest, XGboost, and LightGBM – to accurately characterize expected patterns of traffic and discern anomalies. Moreover, the framework uses federated learning to ensure privacy-compliant decentralized training across multiple clients learning the same model concurrently without exposure to raw data. The FEGB-Net framework is evaluated using the CICIDS2017 dataset, achieving 97.1% accuracy, 96.2% F1-Score, and 0.98 metrics for evaluating the effectiveness of models, surpassing results from both traditional machine learning and deep learning approaches. By relying on novel graph signal processing approaches to shape the relational learning and ensemble-based voting techniques to categorize results, FEGB-Net can become a practical and effective framework for real-world use due to its transparent interpretability, relative ease of use, and scalability. key contributions include a privacy-preserving Fed-GNN and ensemble framework, a novel meta-fusion algorithm, a reproducible Python implementation, and a large-scale evaluation on CICIDS2017. Future work includes experiments to apply the obtained results in real time and subsequent research considering new attack vectors.

Keywords: network security, anomaly detection, federated learning, graph neural networks, ensemble learning, FEGB-Net, metrics for evaluating the effectiveness of models (AUC-ROC)

For citation: Arm A., Lyapuntsova E.V. A novel hybrid anomaly detection model using federated graph neural networks and ensemble machine learning for network security. Modeling, Optimization and Information Technology. 2025;13(2). URL: https://moitvivt.ru/ru/journal/pdf?id=1887 DOI: 10.26102/2310-6018/2025.49.2.044 (In Russ).

158

Full text in PDF

Received 11.04.2025

Revised 02.06.2025

Accepted 10.06.2025

Published 30.06.2025