Hybrid GNN-Driven Framework for Intelligent Malware Detection and Cryptojacking Prevention in Heterogeneous Cloud Environments
摘要
Cloud environments are increasingly targeted by cryptojackers who use the computers’ processing capabilities for mining cryptocurrency without authorization. This research aims to enhance the security features that protect against cyber attackers by implementing deep learning techniques that help to detect anomalous behaviors in the cloud through analysis of data from typical system transactions. The hybrid HGCN-SIEM Fusion architecture for cryptojacking prevention and malware detection incorporates four types of Graph Neural Network (GNN) approaches: GCN, GAT, GIN, and GraphSAGE. The proposed technique achieves superior malware detection accuracy compared to all baseline models. After experiments on the standard SoK cryptojacking malware dataset, GAT and GraphSAGE demonstrated an accuracy average of 97.5%, GCN and GIN achieved similar accuracy, with an average score of 95.5%. The HGCN-SIEM model outperforms with an optimum accuracy of 98.8%, ensures low latency, and provides a well-balanced mix of rapid attack detection and the best utilization of the network bandwidth. SHA-256 is used to hash all process, instance, and event identifiers to protect privacy and ensure distinct, impenetrable node representations. Graph sampling, edge pruning, and adaptive batching are used to manage computational scalability in heterogeneous cloud networks, which reduces latency, increases throughput, and optimizes resource utilization during inference. This research work points out those GNN architectures that combine different node types that are extremely useful for security monitoring and malware detection in various network settings, demonstrating reliability and practicality in cybersecurity contexts.