GRAPH NEURAL NETWORK MODELS FOR PREDICTING CYBER ATTACK PATTERNS IN CRITICAL INFRASTRUCTURE SYSTEMS

Abstract

This study addresses the growing problem of predicting coordinated cyber-attack patterns in cloud enabled critical infrastructure enterprises, where conventional intrusion detection systems struggle to exploit the graph structured nature of assets, communications, and attack paths. The purpose is to quantify how technological and organizational conditions shape the effectiveness of graph neural network (GNN) models for cyber-attack prediction. A quantitative, cross sectional, case-based design was adopted using a structured Likert five-point survey in multiple critical infrastructure cases operating cloud based and on premises enterprise environments. From 280 distributed questionnaires, 236 valid responses were retained (84.3 percent) from security and OT professionals in energy, transportation, water, and industrial organizations. Key variables included network topology visibility, security data quality and completeness, analytics and AI capability maturity, governance and policy alignment, organizational readiness for AI based security, and perceived GNN based prediction effectiveness. Analysis involved data screening, reliability assessment, descriptive statistics, Pearson correlations, hierarchical multiple regression, mediation testing, and sectoral comparisons. All scales were reliable (Cronbach’s alpha 0.81–0.89), and the regression model was significant, explaining 53.2 percent of the variance in GNN effectiveness (adjusted R² = 0.512). Network topology visibility (β = 0.28, p < .001) and security data quality (β = 0.22, p < .001) were the strongest predictors, followed by analytics maturity (β = 0.18), organizational readiness (β = 0.20), and governance alignment (β = 0.13). Organizational readiness partially mediated the impact of technological capabilities, and energy sector cases reported the highest mean effectiveness (M = 3.98). The findings imply that successful GNN based cyber defense in critical infrastructures depends on accurate graph visibility, high quality telemetry, mature analytics pipelines, and institutionalized governance rather than model architecture alone.