Abstract
Advanced Persistent Threats (APTs) represent a significant challenge incybersecurity due to their sophisticated and stealthy nature. TraditionalIntrusion Detection Systems (IDS) often fall short in detecting thesemulti-stage attacks. Recently, Graph Neural Networks (GNNs) have been employedto enhance IDS capabilities by analyzing the complex relationships withinnetworked data. However, existing GNN-based solutions are hampered by highfalse positive rates and substantial resource consumption. In this paper, wepresent a novel IDS designed to detect APTs using a Spatio-Temporal GraphNeural Network Autoencoder. Our approach leverages spatial information tounderstand the interactions between entities within a graph and temporalinformation to capture the evolution of the graph over time. This dualperspective is crucial for identifying the sequential stages of APTs.Furthermore, to address privacy and scalability concerns, we deploy ourarchitecture in a federated learning environment. This setup ensures that localdata remains on-premise while encrypted model-weights are shared and aggregatedusing homomorphic encryption, maintaining data privacy and security. Ourevaluation shows that this system effectively detects APTs with lower falsepositive rates and optimized resource usage compared to existing methods,highlighting the potential of spatio-temporal analysis and federated learningin enhancing cybersecurity defenses.