Hybrid AI for Predictive Cyber Risk Assessment: Federated Graph-Transformer Architecture with Explainability

The increasing complexity and dynamism of modern digital infrastructures have significantly elevated the difficulty of anticipating and mitigating cyber threats. Traditional risk assessment methods, often based on static rules and signature matching, fail to provide sufficient predictive capabilities in scenarios characterized by high-volume, heterogeneous data and evolving attack patterns. Furthermore, conventional machine learning models lack architectural flexibility and contextual awareness to detect stealthy or multi-stage attacks across distributed environments. This paper proposes a hybrid model for predictive cyber risk assessment that integrates Graph Neural Networks (GNNs) for relational pattern modeling, a Transformer-based language model (CyberBERT) for semantic representation of logs and traffic data, and a Federated Learning framework to preserve data privacy during training. The model was trained and evaluated using public datasets (CIC-IDS2017, UNSW-NB15, MITRE ATT&CK, TON_IoT) and synthetically generated traffic from honeypots and real anonymized networks. The system achieved an average F1-score of 0.947, significantly outperforming traditional classifiers such as SVM (0.836), Random Forest (0.873), and standard deep neural networks (0.901). Including adversarial training improved attack detection by 21.3 % under evasion scenarios. Furthermore, the model supports interpretability through SHAP and LIME, reaching an 83.5 % concordance in explanation consistency. The architecture demonstrates scalability and low-latency inference on edge and cloud platforms, making it suitable for real-time deployment in heterogeneous environments. These results highlight the model’s capability to deliver accurate, resilient, and privacy-preserving predictions of cyber risks across dynamic and distributed infrastructures.