GAGA-Net: A GAN and GNN Hybrid Model for Enhanced Network Anomaly Detection in Cybersecurity

Abstract

As network threats increase in complexity, traditional signature- and rule-based detection systems find it challenging to recognize unexpected or zero-day attacks. This study presents GAGA-Net (Generative Adversarial and Graph-based Anomaly Network), an innovative hybrid framework for anomaly detection that combines Generative Adversarial Networks (GANs) to model benign traffic distributions with Graph Neural Networks (GNNs) to capture spatiotemporal relationships in network traffic. The GAN component is trained on benign samples to identify behavioral abnormalities, whereas the GNN employs graph-structured representations to categorize anomalies based on structural discrepancies. Upon evaluation using NSL-KDD, CICIDS 2017, and a real-world dataset, GAGA-Net attains an accuracy of 97.35%, a false positive rate of 2.10%, and a false negative rate of 1.80% on NSL-KDD, with an average inference time of 120 milliseconds per sample, thereby exhibiting real-time capability. These results substantially exceed the performance of traditional models such as CNN-LSTM and Autoencoder-IDS. The model has significant robustness in noisy and adversarial conditions, successfully detecting zero-day assaults with an efficacy of up to 92%. GAGA-Net provides a scalable and generalizable solution for contemporary intrusion detection issues.

References

. Lv, H., & Ding, Y. (2024). A hybrid intrusion detection system with K-means and CNN+ LSTM. ICST Trans. Scalable Inf. Syst, 11, 1-12.

. Giri, K., Gupta, M., & Dadheech, P. (2023). An Efficient Hybrid Approach for Intrusion Detection in Cyber Traffic Using Autoencoders. SN Computer Science, 4(5), 498.

. Chen, Z., Liu, J., Gu, W., Su, Y., & Lyu, M. R. (2021). Experience report: Deep learning-based system log analysis for anomaly detection. arXiv preprint arXiv:2107.05908.

. Xue, Y., Kang, C., & Yu, H. (2025). HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network. Computers & Security, 151, 104328.

. Yazdanypoor M, Cirillo S, Solimando G. Developing a hybrid detection approach to mitigating black hole and gray hole attacks in mobile Ad Hoc networks. Applied Sciences-Basel. 2024, 14(17):13.

. Ahmed A, Hameed S, Rafi M, Mirza QKA. An intelligent and time-efficient DDoS identification framework for real-time enterprise networks: SAD-F: Spark based anomaly detection framework. IEEE Access. 2020, 8:219483-502.

. Aljehane NO, Mengash HA, Hassine SBH, Alotaibi FA, Salama AS, Abdelbagi S. Optimizing intrusion detection using intelligent feature selection with machine learning model. Alexandria Engineering Journal. 2024, 91:39-49.

. Sudheera KLK, Divakaran DM, Singh RP, Gurusamy M. ADEPT: Detection and identification of correlated attack stages in IoT networks. IEEE Internet of Things Journal. 2021, 8(8):6591-607.

. Zerbini CB, Carvalho LF, Abrao T, Proenca ML. Wavelet against random forest for anomaly mitigation in software-defined networking. Applied Soft Computing. 2019, 80:138-53.

. Fu, J., Wang, L., Ke, J., Yang, K., & Yu, R. (2023). GANAD: A GAN-based method for network anomaly detection. World Wide Web, 26(5), 2727-2748.

. Almuqren L, Maray M, Alotaibi FA, Alzahrani A, Mahmud A, Rizwanullah M. Optimal deep learning empowered malicious user detection for spectrum sensing in cognitive radio networks. IEEE Access. 2024, 12:35300-8.

. Fathima, A. N., Ibrahim, S. S., & Khraisat, A. (2024). Enhancing Network Traffic Anomaly Detection: Leveraging Temporal Correlation Index in a Hybrid Framework. IEEE Access.

. Das T, Shukla RM, Sengupta S. What could possibly go wrong? Identification of current challenges and prospective opportunities for anomaly detection in internet of things. IEEE Network. 2023, 37(3):194-200.

. Fu J, Wang LA, Ke JP, Yang K, Yu RW. GANAD: A GAN-based method for network anomaly detection. World Wide Web-Internet and Web Information Systems. 2023, 26(5):2727-48.

. Fathima AHN, Ibrahim SPS, Khraisat A. Enhancing network traffic anomaly detection: leveraging temporal correlation index in a hybrid framework. IEEE Access. 2024, 12:136805-24.

. Yungaicela-Naula NM, Vargas-Rosales C, Pérez-Díaz JA, Zareei M. Towards security automation in Software Defined Networks. Computer Communications. 2022, 183:64-82.

. Bo XY, Qu ZY, Liu YW, Dong YC, Zhang ZM, Cui MS. Review of active defense methods against power CPS false data injection attacks from the multiple spatiotemporal perspective. Energy Reports. 2022, 8:11235-48.

. Antonius F, Sekhar JC, Rao VS, Pradhan R, Narendran S, Borda RFC, et al. Unleashing the power of Bat optimized CNN-BiLSTM model for advanced network anomaly detection: Enhancing security and performance in IoT environments. Alexandria Engineering Journal. 2023, 84:333-42.

. Xiao JC, Yang L, Zhong FL, Wang XL, Chen HB, Li DY. Robust anomaly-based insider threat detection using graph neural network. IEEE Transactions on Network and Service Management. 2023, 20(3):3717-33.

. 1. Ahmad H, Gulzar MM, Aziz S, Habib S, Ahmed I. AI-based anomaly identification techniques for vehicles communication protocol systems: Comprehensive investigation, research opportunities and challenges. Internet of Things. 2024, 27:33.

. Huang JC, Zeng GQ, Geng GG, Weng J, Lu KD, Zhang Y. Differential evolution-based convolutional neural networks: An automatic architecture design method for intrusion detection in industrial control systems. Computers & Security. 2023, 132:18.

. Rafique SH, Abdallah A, Musa NS, Murugan T. Machine learning and deep learning techniques for internet of things network anomaly detection-current research trends. Sensors. 2024, 24(6):32.

. Uszko K, Kasprzyk M, Natkaniec M, Cholda P. Rule-based system with machine learning support for detecting anomalies in 5G WLANs. Electronics. 2023, 12(11):28.

. Qi LY, Yang YH, Zhou XK, Rafique W, Ma JH. Fast anomaly identification based on multiaspect data streams for intelligent intrusion detection toward secure industry 4.0. IEEE Transactions on Industrial Informatics. 2022, 18(9):6503-11.

. Sovilj D, Budnarain P, Sanner S, Salmon G, Rao MH. A comparative evaluation of unsupervised deep architectures for intrusion detection in sequential data streams. Expert Systems with Applications. 2020, 159:18.

. Ning J, Wang JD, Liu JJ, Kato N. Attacker Identification and intrusion detection for in-vehicle networks. IEEE Communications Letters. 2019, 23(11):1927-30.

. Shafi Q, Basit A, Qaisar S, Koay A, Welch I. Fog-assisted SDN Controlled framework for enduring anomaly detection in an IoT network. IEEE Access. 2018, 6:73713-23.

. Khan RU, Zhang XS, Kumar R, Sharif A, Golilarz NA, Alazab M. An adaptive multi-layer botnet detection technique using machine learning classifiers. Applied Sciences-Basel. 2019, 9(11):22.

. Wang C, Zhu HY. Wrongdoing Monitor: A graph-based behavioral anomaly detection in cyber security. IEEE Transactions on Information Forensics and Security. 2022, 17:2703-18.

. Alkato, A. A., & Sakhnin, Y. (2025). Advanced real-time anomaly detection and predictive trend modelling in smart systems using deep belief networks architectures. PatternIQ Mining, 2(1), 97–107. https://doi.org/10.70023/sahd/250209

. Husainat, M. (2024). Exploiting graphics processing units to speed up subgraph enumeration for efficient graph pattern mining GraphDuMato. PatternIQ Mining, 1(2), 1–12. https://doi.org/10.70023/piqm24121.

Authors

  • Ying Li Wuhan College of Foreign Languages and Foreign Affairs

DOI:

https://doi.org/10.31449/inf.v49i36.9768

Downloads

Published

12/20/2025

How to Cite

Li, Y. (2025). GAGA-Net: A GAN and GNN Hybrid Model for Enhanced Network Anomaly Detection in Cybersecurity. Informatica, 49(36). https://doi.org/10.31449/inf.v49i36.9768

Issue

Vol. 49 No. 36 (2025): Online-only issue

Section

Online-only

License

I assign to Informatica, An International Journal of Computing and Informatics ("Journal") the copyright in the manuscript identified above and any additional material (figures, tables, illustrations, software or other information intended for publication) submitted as part of or as a supplement to the manuscript ("Paper") in all forms and media throughout the world, in all languages, for the full term of copyright, effective when and if the article is accepted for publication. This transfer includes the right to reproduce and/or to distribute the Paper to other journals or digital libraries in electronic and online forms and systems.

I understand that I retain the rights to use the pre-prints, off-prints, accepted manuscript and published journal Paper for personal use, scholarly purposes and internal institutional use.

In certain cases, I can ask for retaining the publishing rights of the Paper. The Journal can permit or deny the request for publishing rights, to which I fully agree.

I declare that the submitted Paper is original, has been written by the stated authors and has not been published elsewhere nor is currently being considered for publication by any other journal and will not be submitted for such review while under review by this Journal.  The Paper contains no material that violates proprietary rights of any other person or entity. I have obtained written permission from copyright owners for any excerpts from copyrighted works that are included and have credited the sources in my article. I have informed the co-author(s) of the terms of this publishing agreement.


Copyright ©  Slovenian Society Informatika