A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering

Zohar Simhon; Matan Weiss; Chen Hajaj; Revital Marbel; Ran Dubin; Amit Dvir

doi:10.1109/icc52391.2025.11160734

A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering

Zohar Simhon
, Matan Weiss
, Chen Hajaj
, Revital Marbel
, Ran Dubin
, Amit Dvir

Ariel University
Holon Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The increasing sophistication and frequency of cyberattacks have made Network Intrusion Detection Systems (NIDS) a critical component of modern cybersecurity. This work presents D-MAGIC, a novel real-time NIDS that leverages zero-shot learning and graph-based dynamic clustering to detect known and unknown threats. Unlike traditional systems that rely on labeled datasets and predefined attack signatures, D-MAGIC operates unsupervised, identifying anomalies by detecting deviations from normal network behavior. By embedding the relationships between network flows into a graph structure and dynamically clustering similar patterns, D-MAGIC can detect coordinated attacks and emerging threats with minimal delay. Experimental results on the CIC-IDS-2017 and CSE-CIC-IDS-2018 datasets demonstrate that D-MAGIC achieves an improvement of up to 12% based on the standard F1 score compared to state-of-the-art methods, while significantly reducing false positives and ensuring rapid, real-time detection with minimal detection latency.

Original language	English
Title of host publication	ICC 2025 - IEEE International Conference on Communications
Editors	Matthew Valenti, David Reed, Melissa Torres
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	6771-6776
Number of pages	6
ISBN (Electronic)	9798331505219
DOIs	https://doi.org/10.1109/icc52391.2025.11160734
State	Published - 2025
Externally published	Yes
Event	2025 IEEE International Conference on Communications, ICC 2025 - Montreal, Canada Duration: 8 Jun 2025 → 12 Jun 2025

Publication series

Name	IEEE International Conference on Communications
ISSN (Print)	1550-3607

Conference

Conference	2025 IEEE International Conference on Communications, ICC 2025
Country/Territory	Canada
City	Montreal
Period	8/06/25 → 12/06/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

Anomaly detection
Clustering
Deep learning
GNNs
Real-time Network Intrusion Detection Systems
Unsupervised-learning

Access to Document

10.1109/icc52391.2025.11160734

Cite this

Simhon, Z., Weiss, M., Hajaj, C., Marbel, R., Dubin, R., & Dvir, A. (2025). A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering. In M. Valenti, D. Reed, & M. Torres (Eds.), ICC 2025 - IEEE International Conference on Communications (pp. 6771-6776). (IEEE International Conference on Communications). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/icc52391.2025.11160734

Simhon, Zohar ; Weiss, Matan ; Hajaj, Chen et al. / A New D-MAGIC : Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering. ICC 2025 - IEEE International Conference on Communications. editor / Matthew Valenti ; David Reed ; Melissa Torres. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 6771-6776 (IEEE International Conference on Communications).

@inproceedings{907dce4ef6ff4a35bca38c71d720f045,

title = "A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering",

abstract = "The increasing sophistication and frequency of cyberattacks have made Network Intrusion Detection Systems (NIDS) a critical component of modern cybersecurity. This work presents D-MAGIC, a novel real-time NIDS that leverages zero-shot learning and graph-based dynamic clustering to detect known and unknown threats. Unlike traditional systems that rely on labeled datasets and predefined attack signatures, D-MAGIC operates unsupervised, identifying anomalies by detecting deviations from normal network behavior. By embedding the relationships between network flows into a graph structure and dynamically clustering similar patterns, D-MAGIC can detect coordinated attacks and emerging threats with minimal delay. Experimental results on the CIC-IDS-2017 and CSE-CIC-IDS-2018 datasets demonstrate that D-MAGIC achieves an improvement of up to 12\% based on the standard F1 score compared to state-of-the-art methods, while significantly reducing false positives and ensuring rapid, real-time detection with minimal detection latency.",

keywords = "Anomaly detection, Clustering, Deep learning, GNNs, Real-time Network Intrusion Detection Systems, Unsupervised-learning",

author = "Zohar Simhon and Matan Weiss and Chen Hajaj and Revital Marbel and Ran Dubin and Amit Dvir",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 2025 IEEE International Conference on Communications, ICC 2025 ; Conference date: 08-06-2025 Through 12-06-2025",

year = "2025",

doi = "10.1109/icc52391.2025.11160734",

language = "אנגלית",

series = "IEEE International Conference on Communications",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "6771--6776",

editor = "Matthew Valenti and David Reed and Melissa Torres",

booktitle = "ICC 2025 - IEEE International Conference on Communications",

address = "ארצות הברית",

}

Simhon, Z, Weiss, M, Hajaj, C, Marbel, R, Dubin, R & Dvir, A 2025, A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering. in M Valenti, D Reed & M Torres (eds), ICC 2025 - IEEE International Conference on Communications. IEEE International Conference on Communications, Institute of Electrical and Electronics Engineers Inc., pp. 6771-6776, 2025 IEEE International Conference on Communications, ICC 2025, Montreal, Canada, 8/06/25. https://doi.org/10.1109/icc52391.2025.11160734

A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering. / Simhon, Zohar; Weiss, Matan; Hajaj, Chen et al.
ICC 2025 - IEEE International Conference on Communications. ed. / Matthew Valenti; David Reed; Melissa Torres. Institute of Electrical and Electronics Engineers Inc., 2025. p. 6771-6776 (IEEE International Conference on Communications).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A New D-MAGIC

T2 - 2025 IEEE International Conference on Communications, ICC 2025

AU - Simhon, Zohar

AU - Weiss, Matan

AU - Hajaj, Chen

AU - Marbel, Revital

AU - Dubin, Ran

AU - Dvir, Amit

PY - 2025

Y1 - 2025

N2 - The increasing sophistication and frequency of cyberattacks have made Network Intrusion Detection Systems (NIDS) a critical component of modern cybersecurity. This work presents D-MAGIC, a novel real-time NIDS that leverages zero-shot learning and graph-based dynamic clustering to detect known and unknown threats. Unlike traditional systems that rely on labeled datasets and predefined attack signatures, D-MAGIC operates unsupervised, identifying anomalies by detecting deviations from normal network behavior. By embedding the relationships between network flows into a graph structure and dynamically clustering similar patterns, D-MAGIC can detect coordinated attacks and emerging threats with minimal delay. Experimental results on the CIC-IDS-2017 and CSE-CIC-IDS-2018 datasets demonstrate that D-MAGIC achieves an improvement of up to 12% based on the standard F1 score compared to state-of-the-art methods, while significantly reducing false positives and ensuring rapid, real-time detection with minimal detection latency.

AB - The increasing sophistication and frequency of cyberattacks have made Network Intrusion Detection Systems (NIDS) a critical component of modern cybersecurity. This work presents D-MAGIC, a novel real-time NIDS that leverages zero-shot learning and graph-based dynamic clustering to detect known and unknown threats. Unlike traditional systems that rely on labeled datasets and predefined attack signatures, D-MAGIC operates unsupervised, identifying anomalies by detecting deviations from normal network behavior. By embedding the relationships between network flows into a graph structure and dynamically clustering similar patterns, D-MAGIC can detect coordinated attacks and emerging threats with minimal delay. Experimental results on the CIC-IDS-2017 and CSE-CIC-IDS-2018 datasets demonstrate that D-MAGIC achieves an improvement of up to 12% based on the standard F1 score compared to state-of-the-art methods, while significantly reducing false positives and ensuring rapid, real-time detection with minimal detection latency.

KW - Anomaly detection

KW - Clustering

KW - Deep learning

KW - GNNs

KW - Real-time Network Intrusion Detection Systems

KW - Unsupervised-learning

UR - https://www.scopus.com/pages/publications/105018471456

U2 - 10.1109/icc52391.2025.11160734

DO - 10.1109/icc52391.2025.11160734

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:105018471456

T3 - IEEE International Conference on Communications

SP - 6771

EP - 6776

BT - ICC 2025 - IEEE International Conference on Communications

A2 - Valenti, Matthew

A2 - Reed, David

A2 - Torres, Melissa

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 8 June 2025 through 12 June 2025

ER -

Simhon Z, Weiss M, Hajaj C, Marbel R, Dubin R, Dvir A. A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering. In Valenti M, Reed D, Torres M, editors, ICC 2025 - IEEE International Conference on Communications. Institute of Electrical and Electronics Engineers Inc. 2025. p. 6771-6776. (IEEE International Conference on Communications). doi: 10.1109/icc52391.2025.11160734

A New D-MAGIC: Dynamic Model for Cybersecurity Attack Detection Using GNNs into Clustering

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this