Theoretical Exploration of a Graph-Based Framework for Automated Cyberattack Classification in Client-Server Models with Emphasis on Computational Cost Optimization

Abstract

Client-server architectures, foundational to modern networked systems, face escalating cyber threats such as Distributed Denial-of-Service (DDoS) attacks, SQL injections, and Advanced Persistent Threats (APTs). Traditional intrusion detection systems (IDS) struggle with zero-day and polymorphic attacks due to reliance on static signatures, necessitating adaptive and scalable solutions. This paper proposes a theoretical graph-based framework for automated cyberattack classification in client-server environments, leveraging bipartite graphs to model network entities and interactions. By employing subgraph pattern matching and spectral analysis, the framework achieves high-precision classification of attack types. A core focus is computational cost optimization, using adaptive pruning, Lanczos-based spectral approximation, and parallelizable greedy algorithms to reduce time complexity from O(n³) to , where k is a small constant, while maintaining classification accuracy above 95%. Drawing on established models like CyGraph and KRYSTAL, the framework integrates Graph Neural Networks (GNNs) for enhanced embeddings, offering scalability for real-time threat assessment in enterprise networks and IoT ecosystems. Theoretical proofs validate accuracy and efficiency, with future empirical validation proposed on datasets like CIC-IDS2017.