DEVELOPMENT OF A HIERARCHICAL ANOMALY DETECTION MODEL IN A FEDERATED CLOUD INFRASTRUCTURE USING ENHANCED GRAPH SAMPLING AND AGGREGATION

Abstract

Modern distributed computing systems generate massive volumes of log data, making manual analysis infeasible. Existing methods treat log entries as independent events, failing to leverage structural dependencies and temporal correlations. This limitation is critical in federated cloud infrastructures where anomalies propagate across interconnected services. This research developed a hierarchical anomaly detection model that employs Federated Hierarchical Graph Sampling and Aggregation (Fed-HiGraphSAGE) techniques to enable multi-level anomaly classification in distributed cloud environments while preserving data privacy. FedHiGraphSAGE was built on an Enhanced Hierarchical GraphSAGE architecture, incorporating node features, edge attributes, and hierarchical structure to classify anomalies across five semantic levels: Anomaly, Anomaly-Type, Cloud Component, Application-Type and Specific-cloud-module. The model employs federated learning capabilities, dynamic graph management, hierarchical diagnostic capabilities, adaptive thresholding, and memory-efficient training. It also implemented a HierarchicalStratifiedBalancer to address class imbalance. The model was trained and evaluated using federated learning across three data-contributing regions: Afe Babalola University, Landmark University, and DRC_Congo, with Covenant University serving as the federated learning coordinator. A total of 54,919 system logs were processed from these three regions to simulate real-world federated deployment. The model demonstrated exceptional performance with region-specific accuracies of 91.97% (Afe Babalola), 98.27% (Landmark), and 98.76% (DRC_Congo). Hierarchical metrics confirmed effective multi-level classification with h-precision ranging from 91.82% to 98.99%, h-recall from 90.60% to 98.53%, and h-f1 from 89.95% to 98.66%. The model generated detailed hierarchical anomaly classifications and demonstrated significant performance adaptability across regions while maintaining global model coherence, with federated training reducing the global client’s loss from approximately 0.47 to 0.02 over 15 rounds. This research advances automated system monitoring by demonstrating that federated learning with graph-based representations and hierarchical classification significantly improves anomaly detection performance while enabling cross-regional knowledge sharing. The model’s ability to maintain exceptional performance across multiple classification levels while providing explainable results establishes a new benchmark for automated log analysis in complex distributed systems