Authors: Sneha Pillai
Abstract: The increasing complexity and interconnectedness of modern digital infrastructures have rendered traditional, point-based network security measures largely ineffective. Conventional machine learning models often treat network traffic as independent, identically distributed (IID) data points, failing to capture the structural dependencies and relational context inherent in sophisticated cyber-attacks. This review explores the paradigm shift toward Graph-Based Machine Learning (GML) for network attack detection. By representing network entities—such as IP addresses, MAC addresses, and service ports—as nodes, and their interactions as edges, graph-based models can effectively map the "topology of intent" behind malicious activity. This article categorizes current GML methodologies, including Graph Convolutional Networks (GCNs), Graph Attention Networks (GATs), and Temporal Graphs, which account for the dynamic nature of traffic flows. We examine how these models excel at detecting "lateral movement," "botnet command-and-control," and "distributed denial-of-service" (DDoS) attacks by identifying anomalous structural patterns that are invisible to tabular analysis. Furthermore, the review addresses the challenges of scalability in massive-scale networks and the necessity for real-time graph processing. By synthesizing recent academic breakthroughs and industrial applications, this paper provides a strategic roadmap for deploying graph-based "Relational Intelligence" within Security Operations Centers. The findings suggest that GML significantly reduces false positives by providing contextual awareness, making it a cornerstone for the next generation of resilient, self-aware network defense systems.
DOI: https://doi.org/10.5281/zenodo.19427318
