DEEP LEARNING AND GRAPH NEURAL NETWORKS FOR REAL-TIME CYBERSECURITY THREAT DETECTION

Abstract

This study addresses the problem that many cloud and enterprise security operations still struggle to achieve reliable real-time threat detection because advanced analytics (deep learning and graph neural networks) often fail to translate into operational effectiveness when data pipelines, infrastructure, workflow integration, and analyst trust are weak. The purpose was to quantify how Deep Learning Capability (DLC), Graph Neural Network Capability (GNNC), Data Readiness (DR), Infrastructure Adequacy (IA), Integration Readiness (IR), and Analyst Trust and Actionability (ATA) predict Real-Time Threat Detection Effectiveness (RTTDE) in a quantitative cross-sectional, case-based design anchored in operational monitoring contexts. A structured 5-point Likert survey was used with a sample of N = 180 respondents across cloud and enterprise security cases (SOC analysts 38.9%, security engineers 27.8%, incident responders 18.9%, managers 14.4%). Constructs showed strong reliability (α = .82–.89), with RTTDE rated above neutral (M = 3.74, SD = 0.64), while IR was the lowest readiness area (M = 3.48, SD = 0.73). The analysis plan applied descriptive statistics, Cronbach’s alpha, Pearson correlations, and multiple regression with RTTDE as the dependent variable. Correlations were positive and significant for all predictors (e.g., DLC r = .62, GNNC r = .55, ATA r = .58; all p < .001). In regression, the model explained 57% of RTTDE variance (R² = .57; F(6,173) = 38.6, p < .001), with DLC (β = .29, p < .001), ATA (β = .21, p = .001), GNNC (β = .17, p = .006), DR (β = .12, p = .042), and IA (β = .14, p = .020) as significant predictors, while IR was positive but not significant at .05 (β = .09, p = .099). These findings imply that improving real-time detection requires combined investment in hybrid DL plus GNN capability and in operational enablers, especially telemetry readiness, low-latency infrastructure, and analyst-facing trust and actionability.