To address severe class imbalance and challenges in spatiotemporal feature modeling for network intrusion detection, this paper proposes a deep learning framework integrating graph-structured and sequential representations. Methodologically, it introduces a residual connection mechanism based on Graph Attention Networks (GAT) to mitigate feature degradation during fusion of Graph Neural Networks (GNNs) and Temporal Convolutional Networks (TCNs); employs Gated Temporal Convolutional Networks (G-TCN) for hierarchical temporal feature extraction; and leverages Graph Convolutional Networks (GCNs) to model traffic topology. Its key innovation lies in the first application of GAT-based residual learning to intrusion detection, substantially improving sensitivity to minority-class attacks. Experiments on UNSW-NB15 and ToN-IoT demonstrate state-of-the-art performance in both binary and multiclass classification tasks, achieving average F1-score improvements of 3.2–5.7 percentage points over leading baselines.

The escalating complexity of network threats and the inherent class imbalance in traffic data present formidable challenges for modern Intrusion Detection Systems (IDS). While Graph Neural Networks (GNNs) excel in modeling topological structures and Temporal Convolutional Networks (TCNs) are proficient in capturing time-series dependencies, a framework that synergistically integrates both while explicitly addressing data imbalance remains an open challenge. This paper introduces a novel deep learning framework, named Gated Temporal Convolutional Network and Graph (GTCN-G), engineered to overcome these limitations. Our model uniquely fuses a Gated TCN (G-TCN) for extracting hierarchical temporal features from network flows with a Graph Convolutional Network (GCN) designed to learn from the underlying graph structure. The core innovation lies in the integration of a residual learning mechanism, implemented via a Graph Attention Network (GAT). This mechanism preserves original feature information through residual connections, which is critical for mitigating the class imbalance problem and enhancing detection sensitivity for rare malicious activities (minority classes). We conducted extensive experiments on two public benchmark datasets, UNSW-NB15 and ToN-IoT, to validate our approach. The empirical results demonstrate that the proposed GTCN-G model achieves state-of-the-art performance, significantly outperforming existing baseline models in both binary and multi-class classification tasks.