A step-by-step walkthrough of building a network intrusion detection system using Neo4j Graph Analytics for Snowflake. The pipeline combines K-Nearest Neighbours (KNN) to construct a similarity graph from IoT network flow data and GraphSAGE for supervised node classification to detect attacks (DDoS, DoS, Reconnaissance, Theft). All computation runs inside Snowflake via Snowpark Container Services on CPU and GPU instances, keeping data within the Snowflake enclave. The implementation reproduces results from an academic paper, achieving a weighted F1-score of 0.985 and macro-F1 of 0.811 on a 600K-node IoT dataset.
Table of contents
What do you need to follow alongAnatomy of the source data setStep 1: Data preparation, scaling dataStep 2: Install and configure Graph Analytics to use the data inside SnowflakeSort: