Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning
Abstract This paper presents a modular and scalable intrusion detection framework that combines graph-based feature extraction, Transformer-based autoencoding, and contrastive learning to improve detection accuracy in cloud environments. Network flows are modeled as graphs to capture relational patt...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-07-01
|
| Series: | Scientific Reports |
| Online Access: | https://doi.org/10.1038/s41598-025-07956-w |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849402810444021760 |
|---|---|
| author | Vijay Govindarajan Junaid Hussain Muzamal |
| author_facet | Vijay Govindarajan Junaid Hussain Muzamal |
| author_sort | Vijay Govindarajan |
| collection | DOAJ |
| description | Abstract This paper presents a modular and scalable intrusion detection framework that combines graph-based feature extraction, Transformer-based autoencoding, and contrastive learning to improve detection accuracy in cloud environments. Network flows are modeled as graphs to capture relational patterns among IP addresses and services, and a Graph Neural Network (GNN) is used to extract structured embeddings. These embeddings are refined through a Transformer-based autoencoder to preserve contextual information, while contrastive learning enforces clear class separation during classification. The system is evaluated on NSL-KDD and CIC-IDS2018 datasets under both binary and multi-class scenarios. Experimental results show an average accuracy of 99.97%, with high precision and recall across all attack types, including minority classes such as U2R and R2L. The model achieves low false-positive rates and demonstrates real-time inference performance with modest resource requirements. Key contributions include an interpretable pipeline using SHAP for feature attribution, a strategy for mitigating class imbalance, and validation across datasets with detailed security and generalizability analyses. These results support the practical applicability of the proposed approach in high-throughput, cloud-based network environments. |
| format | Article |
| id | doaj-art-8bfecf7f65164fda830464cabc3b5f4d |
| institution | Kabale University |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-8bfecf7f65164fda830464cabc3b5f4d2025-08-20T03:37:28ZengNature PortfolioScientific Reports2045-23222025-07-0115112010.1038/s41598-025-07956-wAdvanced cloud intrusion detection framework using graph based features transformers and contrastive learningVijay Govindarajan0Junaid Hussain Muzamal1Colorado State UniversityNational University of Computer and Emerging SciencesAbstract This paper presents a modular and scalable intrusion detection framework that combines graph-based feature extraction, Transformer-based autoencoding, and contrastive learning to improve detection accuracy in cloud environments. Network flows are modeled as graphs to capture relational patterns among IP addresses and services, and a Graph Neural Network (GNN) is used to extract structured embeddings. These embeddings are refined through a Transformer-based autoencoder to preserve contextual information, while contrastive learning enforces clear class separation during classification. The system is evaluated on NSL-KDD and CIC-IDS2018 datasets under both binary and multi-class scenarios. Experimental results show an average accuracy of 99.97%, with high precision and recall across all attack types, including minority classes such as U2R and R2L. The model achieves low false-positive rates and demonstrates real-time inference performance with modest resource requirements. Key contributions include an interpretable pipeline using SHAP for feature attribution, a strategy for mitigating class imbalance, and validation across datasets with detailed security and generalizability analyses. These results support the practical applicability of the proposed approach in high-throughput, cloud-based network environments.https://doi.org/10.1038/s41598-025-07956-w |
| spellingShingle | Vijay Govindarajan Junaid Hussain Muzamal Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning Scientific Reports |
| title | Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning |
| title_full | Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning |
| title_fullStr | Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning |
| title_full_unstemmed | Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning |
| title_short | Advanced cloud intrusion detection framework using graph based features transformers and contrastive learning |
| title_sort | advanced cloud intrusion detection framework using graph based features transformers and contrastive learning |
| url | https://doi.org/10.1038/s41598-025-07956-w |
| work_keys_str_mv | AT vijaygovindarajan advancedcloudintrusiondetectionframeworkusinggraphbasedfeaturestransformersandcontrastivelearning AT junaidhussainmuzamal advancedcloudintrusiondetectionframeworkusinggraphbasedfeaturestransformersandcontrastivelearning |