1. Project Overview

2. What’s New / Key Features

3. Repository Structure

4. Getting Started

   • Prerequisites
   • Installation
   • Configuration
   • Running the Pipeline
   • Usage Examples

5. Development Status

6. Contribution

7. License

8. Contact

This project explores the use of Graph Neural Networks (GNNs) for cybersecurity, specifically for network intrusion detection using datasets such as CICIDS2017.

Unlike traditional ML models, this project models network traffic as graphs, where nodes represent entities (hosts, servers) and edges represent interactions (flows). This approach allows the detection of multi-step attacks and complex intrusion patterns that are difficult to capture with standard classifiers.

⚠ Note: The project is still under active development. The codebase, models, and pipeline are continuously being refined.

• Graph-based approach: Captures relationships between network entities for enhanced threat detection.
• Custom architectures: Includes novel GNN layers designed specifically for cybersecurity datasets.
• Modular pipeline: Separates preprocessing, graph construction, training, and evaluation.
• Configurable & scalable: Supports different datasets and hyperparameters through config.yaml.
• Lightweight repository: Only code and configuration tracked; large datasets excluded.
• Visualization support: Generates graphs, metrics, and performance plots for analysis.

gnn-cyber-project/
├── main_pipeline.py          # Main pipeline entry point
├── requirements.txt          # Python dependencies
├── config.yaml               # Configuration file
├── data/                     # Raw & processed data (ignored in repo)
├── logs/                     # Logs (ignored in repo)
├── src/                      # Source code
│   ├── preprocessing/        # Data loading & graph construction
│   │   ├── cicids_loader.py
│   │   └── graph_constructor.py
│   ├── training/             # Training & evaluation
│   │   └── trainer.py
│   └── models/               # GNN model definitions
│       └── gnn_models.py
└── .gitignore                # Excludes large files, logs, checkpoints

• Python 3.11
• pip / virtualenv
• PyTorch, DGL, NetworkX, and other dependencies in requirements.txt

git clone https://github.com/ze3tar/gnn-cyber-project.git
cd gnn-cyber-project
pip install -r requirements.txt

Modify config.yaml to set dataset paths, model hyperparameters, and training options.

python main_pipeline.py

• Train a new GNN model on CICIDS2017:

python main_pipeline.py --mode train --dataset cicids2017

• Evaluate a saved model:

python main_pipeline.py --mode eval --model_path checkpoints/model.pth

🚧 Active development. Expect frequent updates, changes in APIs, and new features.

Contributions are welcome! Please follow these steps:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/your-feature)
3. Commit your changes (git commit -m 'Add new feature')
4. Push to the branch (git push origin feature/your-feature)
5. Open a Pull Request

This project is licensed under the MIT License – see the LICENSE file for details.

• GitHub: ze3tar
• Project Repository: gnn-cyber-project