Privacy-Aware Cyberterrorism Network Analysis using Graph Neural Networks and Federated Learning
Anas Ali, Mubashar Husain, Peter Hans
TL;DR
This work tackles privacy concerns in cyberterrorism network analysis where sensitive threat data are distributed across multiple authorities. It proposes PA-FGNN, a privacy-preserving federated graph neural network that merges Graph Attention Networks with differential privacy and homomorphic encryption, plus robust secure aggregation. Key contributions include (i) a hybrid PA-FGNN architecture with on-device local losses $\mathcal{L}^{(i)}$ and encrypted gradient updates, (ii) anomaly-tolerant aggregation to mitigate gradient poisoning, (iii) evaluation on simulated and real cyber threat graphs under non-IID settings, and (iv) empirical results showing high detection accuracy (>$91\%$) with manageable communication overhead and resilience to adversarial clients. This approach enables scalable, privacy-conscious cyber threat detection across decentralized agencies.
Abstract
Cyberterrorism poses a formidable threat to digital infrastructures, with increasing reliance on encrypted, decentralized platforms that obscure threat actor activity. To address the challenge of analyzing such adversarial networks while preserving the privacy of distributed intelligence data, we propose a Privacy-Aware Federated Graph Neural Network (PA-FGNN) framework. PA-FGNN integrates graph attention networks, differential privacy, and homomorphic encryption into a robust federated learning pipeline tailored for cyberterrorism network analysis. Each client trains locally on sensitive graph data and exchanges encrypted, noise-perturbed model updates with a central aggregator, which performs secure aggregation and broadcasts global updates. We implement anomaly detection for flagging high-risk nodes and incorporate defenses against gradient poisoning. Experimental evaluations on simulated dark web and cyber-intelligence graphs demonstrate that PA-FGNN achieves over 91\% classification accuracy, maintains resilience under 20\% adversarial client behavior, and incurs less than 18\% communication overhead. Our results highlight that privacy-preserving GNNs can support large-scale cyber threat detection without compromising on utility, privacy, or robustness.