A novel hybrid anomaly detection model using federated graph neural networks and ensemble machine learning for network security

Traditional network intrusion detection systems have increasingly complex challenges as the sophistication and frequency of cyber-attacks grow. This research proposes federated ensemble graph-based network as a novel hybrid approach to anomaly detection that increases detection performance while minimizing false positives. This new framework relies on federated graph neural networks combined with ensemble approaches using three highly recognized machine learning techniques –Random Forest, XGboost, and LightGBM – to accurately characterize expected patterns of traffic and discern anomalies. Moreover, the framework uses federated learning to ensure privacy-compliant decentralized training across multiple clients learning the same model concurrently without exposure to raw data. The FEGB-Net framework is evaluated using the CICIDS2017 dataset, achieving 97.1% accuracy, 96.2% F1-Score, and 0.98 metrics for evaluating the effectiveness of models, surpassing results from both traditional machine learning and deep learning approaches. By relying on novel graph signal processing approaches to shape the relational learning and ensemble-based voting techniques to categorize results, FEGB-Net can become a practical and effective framework for real-world use due to its transparent interpretability, relative ease of use, and scalability. key contributions include a privacy-preserving Fed-GNN and ensemble framework, a novel meta-fusion algorithm, a reproducible Python implementation, and a large-scale evaluation on CICIDS2017. Future work includes experiments to apply the obtained results in real time and subsequent research considering new attack vectors.

1. Singh N., Buyya R., Kim H. Securing Cloud-Based Internet of Things: Challenges and Mitigations. Sensors. 2025;25(1). https://doi.org/10.3390/s25010079

2. Neupane S., Ables J., Anderson W., et al. Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities. IEEE Access. 2022;10:112392–112415. https://doi.org/10.1109/ACCESS.2022.3216617

3. Chinnasamy R., Subramanian M., Easwaramoorthy S.V., Cho J. Deep Learning-Driven Methods for Network-Based Intrusion Detection Systems: A Systematic Review. ICT Express. 2025;11(1):181–215. https://doi.org/10.1016/j.icte.2025.01.005

4. Garg I., Sharma P., Singh G., Sharma P., Sharma V. Network Intrusion Detection System: Machine Learning Approach. In: Proceedings of the 2nd International Conference on Advanced Computing & Communication Technologies (ICACCTech 2024), 16–17 November 2024, Sonipat, India. IEEE; 2024. P. 222–229. https://doi.org/10.1109/ICACCTech65084.2024.00045

5. Wettewa S., Hou L., Zhang G. Graph Neural Networks for Building and Civil Infrastructure Operation and Maintenance Enhancement. Advanced Engineering Informatics. 2024;62. https://doi.org/10.1016/j.aei.2024.102868

6. Bhavani T.T., Rao M.K., Reddy A.M. Network Intrusion Detection System Using Random Forest and Decision Tree Machine Learning Techniques. In: First International Conference on Sustainable Technologies for Computational Intelligence: Proceedings of ICTSCI 2019, 29–30 March 2019, Jaipur, India. Singapore: Springer; 2020. P. 637–643. https://doi.org/10.1007/978-981-15-0029-9_50

7. Zuo F., Zhang D., Li L., He Q., Deng J. GSOOA-1DDRSN: Network Traffic Anomaly Detection Based on Deep Residual Shrinkage Networks. Heliyon. 2024;10(11). https://doi.org/10.1016/j.heliyon.2024.e32087

8. Wang Ya. Deep Learning-Based Network Intrusion Detection Systems. Applied and Computational Engineering. 2024;109:179–188. https://doi.org/10.54254/2755-2721/2024.18104

9. Fink O., Wang Q., Svensén M., Dersin P., Lee W.-J., Ducoffe M. Potential, Challenges and Future Directions for Deep Learning in Prognostics and Health Management Applications. Engineering Applications of Artificial Intelligence. 2020;92. https://doi.org/10.1016/j.engappai.2020.103678

10. Sozol M.S., Saki G.M., Rahman M.M. Anomaly Detection in Cybersecurity with Graph-Based Approaches. International Journal of Scientific Research in Engineering and Management. 2024;8(8). https://doi.org/10.55041/IJSREM37061

11. Kalluri K. Federated Learning: A Privacy-Preserving Approach to Decentralized AI Systems. [Preprint]. ResearchGate. URL: https://www.researchgate.net/publication/388007124 [Accessed 13th March 2025].

12. Ennaji S., De Gaspari F., Hitaj D., Kbidi A., Mancini L.V. Adversarial Challenges in Network Intrusion Detection Systems: Research Insights and Future Prospects. arXiv. URL: https://doi.org/10.48550/arXiv.2409.18736 [Accessed 13th March 2025].

13. Tarlow D., Moitra S., Rice A., et al. Learning to Fix Build Errors with Graph2Diff Neural Networks. In: ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, 27 June – 19 July 2020, Seoul, Republic of Korea. New York: Association for Computing Machinery; 2020. P. 19–20. https://doi.org/10.1145/3387940.3392181

14. Vinayakumar R., Alazab M., Soman K.P., Poornachandran P., Al-Nemrat A., Venkatraman S. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access. 2019;7:41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334

15. Zavrak S., İskefiyeli M. Anomaly-Based Intrusion Detection from Network Flow Features Using Variational Autoencoder. IEEE Access. 2020;8:108346–108358. https://doi.org/10.1109/ACCESS.2020.3001350

16. Gan G., Kong W. Research on Network Intrusion Detection Based on Transformer. Frontiers in Computing and Intelligent Systems. 2023;3(3):22–26. https://doi.org/10.54097/fcis.v3i3.7987

17. Yao R., Wang N., Chen P., Ma D., Sheng X. A CNN-Transformer Hybrid Approach for an Intrusion Detection System in Advanced Metering Infrastructure. Multimedia Tools and Applications. 2023;82(13):19463–19486. https://doi.org/10.1007/s11042-022-14121-2