Saved in:
Bibliographic Details
Main Authors: Wang, Lingzhi, Yegneswaran, Vinod, Shi, Xinyi, Li, Ziyu, Gehani, Ashish, Chen, Yan
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.10554
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912707302653952
author Wang, Lingzhi
Yegneswaran, Vinod
Shi, Xinyi
Li, Ziyu
Gehani, Ashish
Chen, Yan
author_facet Wang, Lingzhi
Yegneswaran, Vinod
Shi, Xinyi
Li, Ziyu
Gehani, Ashish
Chen, Yan
contents Provenance-based intrusion detection is an increasingly popular application of graphical machine learning in cybersecurity, where system activities are modeled as provenance graphs to capture causality and correlations among potentially malicious actions. Graph Neural Networks (GNNs) have demonstrated strong performance in this setting. However, traditional statically-provisioned GNN inference architectures fall short in meeting two crucial demands of intrusion detection: (1) maintaining consistently low detection latency, and (2) handling highly irregular and bursty workloads. To holistically address these challenges, we present GraphFaaS, a serverless architecture tailored for GNN-based intrusion detection. GraphFaaS leverages the elasticity and agility of serverless computing to dynamically scale the GNN inference pipeline. We parallelize and adapt GNN workflows to a serverless environment, ensuring that the system can respond in real time to fluctuating workloads. By decoupling compute resources from static provisioning, GraphFaaS delivers stable inference latency, which is critical for dependable intrusion detection and timely incident response in cybersecurity operations. Preliminary evaluation shows GraphFaaS reduces average detection latency by 85% and coefficient of variation (CV) by 64% compared to the baseline.
format Preprint
id arxiv_https___arxiv_org_abs_2511_10554
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle GraphFaaS: Serverless GNN Inference for Burst-Resilient, Real-Time Intrusion Detection
Wang, Lingzhi
Yegneswaran, Vinod
Shi, Xinyi
Li, Ziyu
Gehani, Ashish
Chen, Yan
Cryptography and Security
Provenance-based intrusion detection is an increasingly popular application of graphical machine learning in cybersecurity, where system activities are modeled as provenance graphs to capture causality and correlations among potentially malicious actions. Graph Neural Networks (GNNs) have demonstrated strong performance in this setting. However, traditional statically-provisioned GNN inference architectures fall short in meeting two crucial demands of intrusion detection: (1) maintaining consistently low detection latency, and (2) handling highly irregular and bursty workloads. To holistically address these challenges, we present GraphFaaS, a serverless architecture tailored for GNN-based intrusion detection. GraphFaaS leverages the elasticity and agility of serverless computing to dynamically scale the GNN inference pipeline. We parallelize and adapt GNN workflows to a serverless environment, ensuring that the system can respond in real time to fluctuating workloads. By decoupling compute resources from static provisioning, GraphFaaS delivers stable inference latency, which is critical for dependable intrusion detection and timely incident response in cybersecurity operations. Preliminary evaluation shows GraphFaaS reduces average detection latency by 85% and coefficient of variation (CV) by 64% compared to the baseline.
title GraphFaaS: Serverless GNN Inference for Burst-Resilient, Real-Time Intrusion Detection
topic Cryptography and Security
url https://arxiv.org/abs/2511.10554