To address data scarcity, severe class imbalance, and poor detectability of novel attacks in network intrusion detection, this paper proposes TrailGate—a hybrid deep learning framework integrating Transformer-based global attention with BiGRU-based local temporal modeling. TrailGate further incorporates confidence-based noisy label correction, lightweight feature selection, and attack-specific data augmentation. By preserving model interpretability, the framework significantly enhances robustness against rare and previously unseen threats. Evaluated on benchmark datasets including CIC-IDS2017, TrailGate achieves 99.2% accuracy and 98.7% F1-score overall. Notably, its F1-score improves by over 12 percentage points on minority-class attacks (e.g., DoS Hulk, Web Attack) compared to state-of-the-art deep learning methods, demonstrating superior performance in detecting low-frequency and emerging attack patterns.

In today's fast-paced digital communication, the surge in network traffic data and frequency demands robust and precise network intrusion solutions. Conventional machine learning methods struggle to grapple with complex patterns within the vast network intrusion datasets, which suffer from data scarcity and class imbalance. As a result, we have integrated machine learning and deep learning techniques within the network intrusion detection system to bridge this gap. This study has developed TrailGate, a novel framework that combines machine learning and deep learning techniques. By integrating Transformer and Bidirectional Gated Recurrent Unit (BiGRU) architectures with advanced feature selection strategies and supplemented by data augmentation techniques, TrailGate can identifies common attack types and excels at detecting and mitigating emerging threats. This algorithmic fusion excels at detecting common and well-understood attack types and has the unique ability to swiftly identify and neutralize emerging threats that stem from existing paradigms.