1. Introduction
With the rapid development of information and communication technologies, computer networks have become critical infrastructure in modern society. At the same time, the expansion of IoT, 5G, cloud computing, and industrial control systems has increased cybersecurity risks and created new challenges for intrusion detection [
1]. In this context, a network intrusion detection system (NIDS) plays a crucial role in identifying malicious traffic and suspicious activities.
Traditional signature-based NIDSs are effective for detecting known attacks with low false alarm rates, but they struggle to identify unknown or zero-day attacks. In contrast, anomaly-based methods can detect previously unseen attack patterns, but they often suffer from high false positive rates [
2]. These limitations have encouraged the development of advanced intrusion detection approaches based on artificial intelligence and deep learning.
Recent studies have shown that graph neural networks (GNNs) are effective for learning structural relationships in network traffic, while Transformer-based models are strong at capturing global context and long-range dependencies [
1,
2]. More recently, hybrid GNN–Transformer approaches have also been explored in the intrusion detection literature. However, several limitations remain. Existing studies often do not sufficiently integrate explicit graph structure with long-range contextual modeling, do not clearly discuss leakage-aware data splitting and evaluation settings, and do not fully validate how fusion mechanisms and graph-construction choices contribute to final detection performance. In addition, although hybrid architectures are increasingly reported, rigorous experimental validation through repeated runs, ablation analysis, sensitivity analysis, and fair baseline comparison is still limited in many settings.
To address these issues, this study proposes a hybrid model, HybridSAGETransformerGlobal, which combines a SAGEConv-based GNN and a Transformer encoder through a gated fusion mechanism. The contribution of this study does not lie simply in combining a GNN and a Transformer, but in the coordinated design of three components for flow-based network intrusion detection. First, the proposed architecture jointly captures local structural relationships through a SAGEConv-based GraphSAGE branch and global contextual dependencies through a Transformer encoder. Second, network flows are represented as graph nodes, and edges are constructed using IP-group-aware k-nearest neighbors (KNNs) together with a temporal chain in order to reflect both relational proximity and traffic continuity. Third, a gated fusion mechanism is used to adaptively integrate structural and contextual representations rather than relying on a fixed fusion strategy.
The proposed model was evaluated under a unified preprocessing and training pipeline on two benchmark datasets, UNSW-NB15 and CIC-IDS2017, using up to approximately 100,000 flow samples per dataset, and was compared with graph convolutional networks (GCNs), graph attention networks (GATs), GraphSAGE, and a Transformer-only baseline. In the revised manuscript, additional repeated-run statistical validation, ablation analysis, sensitivity analysis of the graph-construction parameter k, and lightweight baseline re-optimization were further conducted on the main UNSW-NB15 setting to strengthen the robustness and fairness of the experimental evaluation. The results indicate that the proposed approach achieves strong detection performance with a low false alarm rate while preserving its advantage under a more rigorous validation setting. Overall, this study aims to demonstrate that a carefully coordinated hybrid design integrating graph construction, structural learning, global contextual modeling, and adaptive fusion can provide an effective and generalizable framework for robust network intrusion detection under imbalanced data conditions.
The remainder of this paper is organized as follows.
Section 2 reviews related work.
Section 3 describes the datasets, graph construction strategy, and the proposed model.
Section 4 presents the experimental results, including additional robustness analyses introduced in this revision.
Section 5 discusses the findings, limitations, and practical implications. Finally,
Section 6 concludes the paper and outlines future work.
2. Related Work and Theoretical Background
2.1. Overview of NIDS
An intrusion detection system (IDS) monitors network traffic and devices to identify malicious activity, suspicious behavior, or security policy violations. It generates alerts for security administrators and can forward events to centralized platforms such as security information and event management (SIEM) systems to support incident response [
3,
4]. Among the different IDS categories, this study focuses specifically on network intrusion detection systems (NIDSs), which analyze network-level traffic rather than host-level events [
4].
An NIDS monitors inbound and outbound traffic across network devices and typically operates passively by analyzing mirrored or observed traffic rather than directly blocking packets [
4]. In many deployments, blocking is handled by an intrusion prevention system (IPS), whereas the NIDS focuses on detection, alerting, and forwarding events for further investigation [
4]. NIDSs may be deployed behind perimeter firewalls or within internal network segments in order to detect both external attacks and insider threats [
3,
4].
Threat detection methods are broadly divided into signature-based and anomaly-based approaches. Signature-based detection compares traffic against known attack signatures and generally achieves low false positive rates for previously observed threats, but it cannot detect unknown or zero-day attacks unless signatures are continuously updated [
4]. In contrast, anomaly-based detection models normal behavior and flags deviations from that baseline, which improves the ability to detect previously unseen attacks but often increases false positive rates and requires additional validation by security operators [
4]. Because of this trade-off, recent NIDS research has increasingly shifted toward machine learning and deep learning approaches that aim to improve generalization to unknown attacks while controlling false alarms [
5].
2.2. Architecture and Characteristics of GNNs and Transformers
Graph neural networks (GNNs) are deep learning architectures designed for relational or graph-structured data, where objects are represented as nodes and relationships are represented as edges [
6]. Most GNNs follow a message-passing framework in which each node aggregates information from its neighbors and updates its representation accordingly [
6]. Through this process, GNNs can support tasks such as node classification, link prediction, and graph classification [
6,
7]. A GCN is a widely used baseline that combines node features with neighborhood information through graph convolution [
8]. GAT extends this idea by assigning different attention weights to different neighbors [
9]. GraphSAGE improves scalability by sampling a subset of neighbors instead of aggregating over all adjacent nodes, which makes it especially suitable for large or dense graphs and for inductive learning settings [
7]. Although GNNs are effective for non-Euclidean structures and local neighborhood modeling, they also face limitations related to depth, dynamic graph evolution, and computational cost in large-scale applications [
6]. In particular, GraphSAGE is especially relevant in flow-based intrusion detection settings because its sampling-based aggregation is well suited to inductive learning and mini-batch training on large traffic graphs.
Transformers were originally introduced for sequence modeling and are based on attention mechanisms that capture contextual relationships and long-range dependencies [
10]. Their key components include self-attention, multi-head attention, and positional encoding [
10]. Unlike recurrent neural networks, Transformers process sequences in parallel, which improves training efficiency and enables long-range dependency modeling within a single forward pass [
10]. However, the computational complexity of self-attention scales as
with sequence length, which can lead to increased computational and memory cost for long inputs [
10]. In addition, Transformers do not inherently encode explicit graph or relational structure, which motivates their integration with graph-based models when the task contains structured dependencies among entities [
6,
10]. Accordingly, Transformers are effective for capturing global contextual dependencies, but they may benefit from integration with graph-based models when the target problem contains explicit relational structure.
2.3. Comparative Analysis of GraphSAGE and Transformer Encoder
2.3.1. GraphSAGE
GraphSAGE (Graph SAmple and aggreGatE) learns node embeddings by sampling a fixed number of neighbors and aggregating their features, which improves efficiency on large graphs [
7,
11]. Its SAGEConv update combines self-features with aggregated neighbor features using permutation-invariant aggregators such as mean or max [
7]. A common formulation is given in Equation (1):
Accordingly, GraphSAGE offers an effective balance between structural representation learning and computational practicality, particularly in sampled subgraph settings.
2.3.2. Transformer Encoder
The Transformer encoder captures global context in sequences using stacked layers of multi-head self-attention and position-wise feed-forward networks, with residual connections and layer normalization for stable training [
10,
12]. Scaled dot-product attention can be written as Equation (2):
In graph-based architectures, stacking many layers can also lead to over-smoothing [
13]. Unlike GNNs, which require multi-hop propagation, self-attention provides a global receptive field in a single step, while positional encoding injects order information [
14,
15]. Multi-head attention attends to different subspaces in parallel [
15]. However, such architectures may still involve substantial computational and energy costs in practice [
16]. Therefore, GraphSAGE and Transformer encoders have complementary strengths: GraphSAGE is effective for modeling local structural relationships, whereas the Transformer encoder is effective for capturing global and long-range contextual dependencies. This complementarity motivates hybrid architectures that combine the two branches within a unified intrusion detection framework.
2.4. Research Trends in Fusion-Based Intrusion Detection Models
Recent NIDS research has shifted from single-model designs toward fusion-based approaches that integrate multiple deep learning techniques to improve accuracy and generalization. Common strategies include GNN + Transformer, CNN + RNN/attention, machine learning + deep learning pipelines with feature selection or optimization, and Transformer-only IDS architectures. These hybrid models aim to exploit complementary strengths in order to overcome the limitations of standalone approaches.
Several recent studies illustrate this trend. Govindarajan et al. [
17] proposed a graph-informed hybrid framework combining Transformer-based modeling with auxiliary representation learning and contrastive learning on intrusion detection benchmarks, and reported very high accuracy. However, their method relies on graph-derived features rather than an explicit message-passing GNN branch, making it methodologically different from a direct GNN–Transformer fusion design. Hnamte et al. [
18] introduced a two-stage LSTM + Autoencoder model on CIC-IDS2017 and CSE-CIC-IDS2018, demonstrating strong temporal and anomaly-learning capability, although the evaluation was limited to datasets published up to 2018 and required extensive tuning. Henry et al. [
19] combined CNN, GRU, and genetic algorithm-based feature optimization on CIC-IDS2017, improving spatial and temporal feature modeling, but with longer training time and less emphasis on structural relationships in network traffic. Talukder et al. [
20] proposed an XGBoost + deep learning hybrid and reported very high performance, although the reliance on older benchmark settings raises concerns regarding overfitting and cross-dataset generalization. Wang et al. [
21] developed a Random Forest + Autoencoder model for zero-day-oriented detection, but the study focused mainly on binary classification and did not explicitly model graph structure.
Farhan et al. [
22] used a DNN + Extra Trees approach on UNSW-NB15 and showed that feature reduction and hybrid classification can improve detection performance, although the work remained limited to tabular binary classification settings. Rizvi et al. [
23] applied a 1D-DCNN model and reported very high accuracy on CIC-IDS2017 and CSE-CIC-IDS2018, but the evaluation was again largely restricted to binary settings. Ullah et al. [
24] presented a Transformer-based NIDS for MQTT-IoT-IDS2020 and demonstrated the benefit of parallel sequence modeling in IoT environments, although the evaluation was limited to a single dataset and provided only limited false-positive analysis. Sun et al. [
25] explored GNN-based intrusion detection using GCN and GAT, emphasizing graph interpretability and potential real-time applicability, but temporal and long-range contextual modeling were not sufficiently addressed. Alashjaee [
26] proposed a CNN + LSTM + Attention architecture, showing effective integration of spatial, temporal, and attention-based learning, but still relying partly on older benchmark datasets. Dash et al. [
27] used an LSTM model optimized with metaheuristics across several IDS datasets, but the performance gap across datasets suggested that robust generalization across heterogeneous environments remains an open challenge.
More recent hybrid IDS studies suggest that combining heterogeneous learning modules can be beneficial, but direct performance comparison across studies remains difficult. A more systematic interpretation requires that prior work be compared along several methodological dimensions, including the dataset used, whether the task is formulated as binary or multi-class classification, the preprocessing and feature-construction pipeline, the train/validation/test split strategy, the treatment of class imbalance, and the evaluation metrics and reporting protocol. Because these factors differ substantially across studies, very high reported performance values, including results close to 100%, should not be interpreted as directly comparable evidence of superiority on their own. Instead, such results should be understood in the context of the corresponding experimental design and validation setting.
Overall, the literature suggests three main trends. First, hybrid IDS models often outperform single-branch baselines when they combine complementary inductive biases such as temporal learning, structural learning, and feature optimization. Second, many prior studies still rely on sequence-only or tabular formulations and do not explicitly integrate graph structure with long-range contextual modeling in a unified architecture. Third, even when hybrid GNN–Transformer models are explored, their design rationale, fusion behavior, and experimental comparability are often not analyzed within a sufficiently consistent comparison framework. These observations motivate the present study, which focuses not only on hybrid architectural design but also on evaluation under a unified preprocessing, graph construction, data-splitting, training, and evaluation pipeline.
2.5. Limitations of Prior Work and the Distinctiveness of This Study
Although hybrid NIDS approaches have improved performance, several gaps remain. First, many studies still depend on older or limited benchmark settings, such as KDD99, NSL-KDD, or single-dataset evaluations, which may not fully reflect modern threats such as complex multi-stage attacks, zero-day exploitation attempts, and large-scale distributed traffic patterns in contemporary enterprise, IoT, and cloud environments [
18,
20,
22]. Second, CNN-, LSTM-, and autoencoder-based hybrids can model sequential behavior effectively, but they often do not explicitly capture structural relationships among network entities such as IPs, ports, and flows [
19,
25,
26]. Third, GNN-based models are well suited to relational learning, but their scalability and practical behavior under large-scale or sampled graph settings are not always sufficiently validated [
17,
24]. Fourth, class imbalance remains a persistent issue, as rare but critical classes may still show reduced recall or F1-score despite high overall accuracy [
19,
26]. In addition, even when prior studies report very high performance, differences in datasets, task formulation, preprocessing, and data-splitting strategies often make direct comparison difficult.
To address these gaps, this study proposes a hybrid flow-based NIDS that fuses SAGEConv-GNN and a Transformer encoder. SAGEConv efficiently learns structural representations from traffic graphs, while the Transformer captures long-range dependencies and global context beyond the local receptive field of GNNs. Rather than relying on a fixed fusion strategy such as simple addition or concatenation, the proposed model employs a gated fusion mechanism to adaptively integrate structural and contextual features. Furthermore, the proposed framework combines three coordinated design elements: a SAGEConv-based structural branch, an IP-group-aware graph construction strategy using k-nearest neighbors (KNNs) together with a temporal chain, and an adaptive gated fusion module.
In addition, the present study aims to improve not only architectural integration but also experimental interpretability. Rather than comparing raw performance values from heterogeneous prior studies as if they were directly equivalent, this work evaluates all compared models under the same preprocessing procedure, graph construction strategy, data-splitting protocol, training setting, and evaluation framework. This design does not eliminate all comparability issues in the broader literature, but it provides a more internally consistent basis for assessing the contribution of the proposed hybrid architecture. To further strengthen generalization-oriented validation, the proposed approach is evaluated under the same unified pipeline on both UNSW-NB15 and CIC-IDS2017. In the revised manuscript, additional repeated-run statistical validation, ablation analysis, sensitivity analysis of the graph-construction parameter k, and lightweight baseline re-optimization are also included to strengthen the robustness and fairness of the experimental evaluation.
3. Materials and Methods
3.1. Dataset and Preprocessing
This study used two benchmark flow-based intrusion detection datasets, UNSW-NB15 and CIC-IDS2017. UNSW-NB15 contains both benign and malicious network traffic and is widely used for evaluating network intrusion detection systems [
28]. The dataset includes modern attack categories and a mixture of numerical and categorical flow features. CIC-IDS2017 was additionally included to examine whether the proposed model maintains consistent performance under a different traffic generation process and attack composition [
29]. For the experiments in this study, up to approximately 100,000 flow samples were used for each dataset. To construct the experimental subset, flow samples were selected using a stratified sampling strategy designed to preserve the original label distribution as much as possible within the selected data. In this way, the subset was intended to remain representative of the original class composition while keeping the experimental setting computationally manageable.
During preprocessing, unnecessary attributes were removed, and invalid records containing NaN or Inf values were excluded. Categorical features were converted into numerical form using LabelEncoder, and continuous features were normalized using StandardScaler to improve training stability and ensure consistent feature scaling. To reduce the possibility of data leakage, the scaler was fitted only on the training split and then applied to the validation and test splits using the same transformation. To address class imbalance, class weights were computed from the training-set label distribution, and label smoothing was applied during training to reduce overconfidence and improve robustness under imbalanced conditions. In the revised manuscript, additional repeated-run statistical validation, ablation analysis, sensitivity analysis, and baseline re-optimization were conducted on the main UNSW-NB15 setting to strengthen experimental rigor, while CIC-IDS2017 was retained as a complementary cross-dataset benchmark for generalization-oriented evaluation.
3.2. Graph Construction and Input Representation
To represent network traffic as graph-structured data, each network flow was treated as a node. Edges were constructed by combining IP-group-aware k-nearest neighbors (KNN) with k = 6 and a temporal chain linking consecutive flows within each group. This graph construction strategy was designed to capture both structural relationships among related flows and temporal continuity in network behavior.
For the main experimental setting adopted in this study, the data were divided using a time-based split to better reflect a realistic intrusion detection scenario in which earlier traffic is used for training and later traffic is used for validation and testing. This design reduces the possibility of direct temporal leakage from future observations into the training stage and provides a more practically oriented evaluation setting than simple random splitting. However, although this strategy is stricter than random partitioning, it does not eliminate all possible indirect dependencies, such as broader traffic-pattern similarity or latent shared feature structure across splits.
The final graph input consisted of node features, labels, and an edge index. To further enhance representational capacity, multiple positional encodings were incorporated, including learnable positional encoding, sinusoidal positional encoding, and degree-based encoding. These encodings were intended to improve both sequential awareness and topological sensitivity in the model. In addition, graph-based models were trained using sampled mini-batches rather than the full graph, so that both graph propagation and Transformer-based contextual modeling were performed on bounded subgraphs within the experimental setting. In the revised manuscript, additional sensitivity analysis over k ∈ {2, 4, 6, 8, 10} was conducted on the main UNSW-NB15 setting to examine how the neighborhood parameter affects graph density and downstream detection performance.
3.3. Proposed Hybrid Architecture
The proposed model, HybridSAGETransformerGlobal, integrates local structural learning and global contextual modeling in a unified framework, as illustrated in
Figure 1.
First, GraphSAGE layers extract structural features from the traffic graph by aggregating neighborhood information. In the proposed implementation, three SAGEConv-based GraphSAGE layers with residual connections and batch normalization were used to improve feature propagation and training stability. These layers enable the model to learn discriminative local structural representations from graph-based traffic data.
Next, the output embeddings from the GraphSAGE backbone are processed by a Transformer encoder to capture long-range dependencies and global contextual patterns. The Transformer branch uses a [CLS] token and multi-head self-attention, while positional encodings are incorporated to preserve order and graph-related information. Specifically, the proposed model incorporates learnable positional encoding, sinusoidal positional encoding, and degree-based encoding to improve both sequential awareness and structural sensitivity. In addition, global contextual information is summarized through attentional aggregation and broadcast back to each node representation.
Finally, the outputs of the GraphSAGE and Transformer branches are integrated through a gated fusion mechanism. Let
denote the structural embedding learned from the GraphSAGE branch and
denote the contextual embedding learned from the Transformer branch for node
. The gate vector
computed as follows:
The final fused representation is then defined as
where
denotes the sigmoid activation function, ∥ denotes vector concatenation, and ⊙ denotes element-wise multiplication. In this way, the gated fusion module adaptively controls the relative contribution of local structural information and global contextual information for each node representation. The fused features are then passed through a fully connected layer with ReLU activation and dropout, followed by a Softmax layer for final intrusion detection classification.
In the revised manuscript, the interpretive role of this fusion mechanism is further examined through ablation analysis and gate-value statistics, which help clarify how the model balances structural and contextual representations under the evaluated setting.
3.4. Training Setup and Evaluation Metrics
Model training was conducted using the AdamW optimizer with a OneCycleLR scheduler. A class-weighted cross-entropy loss with label smoothing was adopted to address class imbalance and improve generalization. Gradient clipping was applied to stabilize training, and automatic mixed precision (AMP) was enabled to improve computational efficiency. Mini-batch sampling was performed using PyG NeighborLoader. For graph-based models, the mini-batch size was set to 4096 and the neighborhood sampling size was set to (25, 25), so that model training was performed on sampled subgraphs rather than on the full traffic graph. Early stopping was applied based on the macro-F1 score, with a minimum of 60 epochs and a patience of 20.
For internally consistent comparison, all baseline models and the proposed model were trained and evaluated under the same overall preprocessing procedure, graph construction strategy, data-splitting protocol, training framework, and evaluation pipeline. The proposed model was compared against GCN, GAT, GraphSAGE, and a Transformer-only baseline in order to assess the effectiveness of the hybrid design. Macro-averaged precision, macro-averaged recall, and macro-averaged F1-score were used as the main comparison metrics because they better reflect performance under class-imbalanced conditions, where raw confusion-matrix counts and accuracy alone may lead to incomplete interpretation. Additional evaluation indicators included confusion matrix analysis and ROC-AUC.
Because the proposed model was trained on sampled mini-batches, the Transformer branch did not operate on the full graph at once. Instead, self-attention was computed on the bounded node set within each sampled subgraph. Accordingly, if a sampled mini-batch contains B nodes and hidden dimension d, the computational cost of the Transformer self-attention branch can be approximated as per layer. Thus, the computational burden depends primarily on the sampled subgraph size rather than on the size of the full dataset.
In the revised manuscript, additional robustness-oriented evaluation was conducted on the main UNSW-NB15 setting. First, repeated-run experiments over five random seeds were performed, and mean–standard deviation statistics were reported. Second, paired statistical testing was conducted to examine whether the observed performance improvement over the strongest baseline was statistically significant. Third, ablation analysis was introduced to isolate the contribution of the main architectural components. Fourth, sensitivity analysis over the graph-construction parameter k was conducted to examine how neighborhood size influences graph density and downstream detection performance. Finally, a lightweight hyperparameter re-optimization of the main baselines was performed over learning rate, hidden dimension, and dropout to strengthen comparison fairness. In addition, the same overall evaluation framework was retained on both UNSW-NB15 and CIC-IDS2017 in order to examine whether the proposed architecture maintained consistent effectiveness across different flow-based intrusion detection settings.
4. Results
4.1. Overall Performance on UNSW-NB15
The performance of the proposed HybridSAGETransformerGlobal model was evaluated on the UNSW-NB15 dataset under the preprocessing, graph construction, and training pipeline described in
Section 3. In the revised manuscript, additional repeated-run evaluation over five random seeds was conducted on the main UNSW-NB15 setting in order to strengthen statistical robustness. Across these runs, the proposed hybrid model achieved an accuracy of 0.9841 ± 0.0006, a macro-precision of 0.9684 ± 0.0010, a macro-recall of 0.9818 ± 0.0026, and a macro-F1-score of 0.9749 ± 0.0011. These results indicate that the proposed model not only provides strong intrusion detection performance but also remains highly stable across different random initializations.
For interpretive clarity, a representative run is also presented through confusion-matrix analysis, as shown in
Figure 2. In the run with seed = 42, the model produced 15,794 true negatives (TNs), 3884 true positives (TPs), 229 false positives (FPs), and 93 false negatives (FNs), corresponding to an accuracy of 0.9839, a macro-precision of 0.9692, a macro-recall of 0.9812, and a macro-F1-score of 0.9751. These values indicate that the proposed model maintained strong attack detection capability while keeping the false alarm rate low under the evaluated setting.
However, these raw counts should not be interpreted in isolation. Because the evaluation setting is class-imbalanced, the apparent magnitude of false positives and false negatives must be considered together with macro-averaged precision, recall, and F1-score rather than with accuracy alone. For this reason, macro-averaged metrics were treated as the main indicators of comparative performance in this study. This interpretation is also supported by the low false-positive rate and false-negative rate observed in the representative run, suggesting that the model preserved a favorable balance between attack detection and false-alarm control.
At the class level, the proposed model also showed balanced behavior. Benign traffic was classified with high reliability, while the attack class maintained strong recall, indicating that the model rarely missed malicious flows. This pattern suggests a slightly conservative detection tendency in which a limited number of benign flows are flagged as attacks in order to reduce missed attacks. From an intrusion detection perspective, this trade-off is acceptable because false negatives are often more costly than a small increase in false positives.
4.2. Training and Validation Behavior on UNSW-NB15
In addition to the repeated-run test results reported above, we examined the training and validation behavior of the proposed model on UNSW-NB15 using a representative run. As shown in
Figure 3, both training and validation accuracy increased rapidly during the early epochs and then converged to a stable high-performance region. The validation curve remained close to the training curve throughout most of the optimization process, indicating stable convergence and good generalization behavior under the adopted training setting.
More specifically, the model reached a high validation accuracy early in training and then remained close to the saturated region, with only a small gap between the two curves. This pattern suggests that the adopted training strategy, including class-weighted learning, label smoothing, gradient clipping, AMP, and early stopping, contributed to stable optimization without strong signs of overfitting. The repeated-run results presented in
Section 4.1 further support this interpretation by showing very small standard deviations across five random seeds, indicating that the model behavior was not only strong in a single run but also stable across repeated trials.
Overall, the training and validation curves suggest that the proposed HybridSAGETransformerGlobal model can be optimized reliably under the evaluated UNSW-NB15 setting and that its final performance is supported by stable learning dynamics rather than by an isolated favorable run.
4.3. Class-Wise Metrics and ROC Analysis on UNSW-NB15
The class-wise behavior of the proposed model on UNSW-NB15 further clarifies its detection characteristics. In the representative run shown for interpretive analysis, benign traffic was classified with high reliability, while the attack class maintained strong recall, indicating that most malicious flows were correctly detected. This pattern is consistent with the confusion-matrix analysis in
Section 4.1, where the number of false negatives remained low relative to the number of correctly detected attack samples.
From an intrusion detection perspective, this result is meaningful because missed attacks are often more costly than a limited increase in false alarms. At the same time, the model did not simply maximize recall at the expense of uncontrolled false positives. Instead, the representative run still preserved a low false-positive rate together with strong macro-level precision and F1-score, indicating a balanced detection tendency rather than an overly aggressive classification strategy.
To further assess the discriminative power of the proposed model, the Receiver Operating Characteristic (ROC) curve was calculated and is shown in
Figure 4. The corresponding AUC value was 0.9987, and the ROC curve remained close to the top-left corner, indicating strong separability between benign and malicious traffic over a wide range of decision thresholds. This result suggests that the proposed hybrid model can preserve high true positive rates while keeping false positive rates relatively low under the evaluated setting.
Taken together, the class-wise interpretation and ROC analysis indicate that the proposed model not only achieves strong overall performance on UNSW-NB15 but also maintains robust attack detection capability across different decision thresholds. This is especially important in practical intrusion detection scenarios, where the operating threshold may need to be adjusted depending on the balance between false alarms and missed attacks.
4.4. Comparison with Baseline Models on UNSW-NB15
To validate the effectiveness of the proposed HybridSAGETransformerGlobal model, we compared its performance with several baseline models, including MLP (no graph), GCN, GAT, GraphSAGE, and TransformerEncoderOnly. As shown in
Table 1, the proposed hybrid model achieved the strongest overall performance among the compared models on UNSW-NB15 under the main evaluation setting.
Among the compared baselines, GraphSAGE and TransformerEncoderOnly showed relatively strong performance, indicating that both local structural modeling and global contextual modeling are useful for flow-based intrusion detection. However, the proposed hybrid model further improved these results, suggesting that the coordinated combination of structural representation learning and global contextual modeling provides complementary benefits beyond either branch alone. By contrast, GCN and GAT remained substantially lower under the same overall experimental setting. The lower performance of GCN and GAT should not be interpreted as evidence that these architectures are inherently weak or universally inferior to GraphSAGE. Rather, under the sampled graph setting adopted in this study, GraphSAGE appears more compatible with inductive neighborhood aggregation, whereas GCN and GAT may be more sensitive to sparse or sampled neighborhood propagation and, in the case of GAT, to the stability of attention estimation under mini-batch subgraph training.
At the same time, the original single-setting comparison shown in
Table 1 does not by itself provide a complete picture of robustness or baseline fairness. For this reason, the revised manuscript further includes repeated-run statistical validation, ablation analysis, sensitivity analysis over the graph-construction parameter
k, and lightweight baseline re-optimization on the main UNSW-NB15 setting. These additional analyses are presented in the following subsections in order to strengthen the interpretation of the proposed model’s advantage under a more rigorous evaluation protocol.
Overall, the UNSW-NB15 results indicate that the proposed hybrid architecture provides the strongest and most consistent performance among the compared models under the same preprocessing, graph construction, and evaluation framework.
4.5. Repeated-Run Statistical Validation on UNSW-NB15
To strengthen the statistical robustness of the evaluation, additional repeated-run experiments were conducted on UNSW-NB15 using five different random seeds.
Table 2 reports the mean and standard deviation of the main evaluation metrics for GraphSAGE, TransformerEncoderOnly, and the proposed HybridSAGETransformerGlobal model.
The proposed hybrid model achieved the strongest overall repeated-run performance, with an accuracy of 0.98408 ± 0.00059, a macro-precision of 0.96843 ± 0.00098, a macro-recall of 0.98175 ± 0.00259, and a macro-F1-score of 0.97491 ± 0.00111. By comparison, GraphSAGE achieved an accuracy of 0.98084 ± 0.00049 and a macro-F1-score of 0.97046 ± 0.00078, while TransformerEncoderOnly achieved a macro-F1-score of 0.96681 ± 0.00331. These results indicate that the proposed model not only achieves the highest mean performance but also remains highly stable across repeated runs.
To further assess whether the observed improvement over the strongest baseline was statistically meaningful, paired
t-tests were conducted between the proposed hybrid model and GraphSAGE across all seeds. The paired statistical comparison results are summarized in
Table 3. The results showed statistically significant differences in accuracy (
p = 0.00023), macro-precision (
p = 1.50 × 10
−5), macro-recall (
p = 0.00583), and macro-F1-score (
p = 0.00047). Although GraphSAGE showed slightly higher recall on average, the proposed hybrid model achieved higher precision and a higher overall macro-F1-score, indicating a better balance between attack detection and false-alarm control.
These repeated-run results support the conclusion that the proposed model provides a statistically robust improvement over the strongest baseline under the evaluated UNSW-NB15 setting.
4.6. Ablation Study on UNSW-NB15
To isolate the contribution of the main architectural components, an ablation study was conducted on the main UNSW-NB15 setting. The evaluated variants included GraphSAGE-only, Transformer-only, the full hybrid model, and several hybrid variants in which one major component was removed or simplified, including degree-based positional encoding, global context aggregation, temporal chain construction, and gated fusion. The ablation results are summarized in
Table 4.
The results show that the full hybrid design remained among the best-performing configurations, outperforming the single-branch GraphSAGE-only and Transformer-only models. Removing degree-based positional encoding led to a small performance decrease, indicating that this component provides an auxiliary structural benefit. Removing global context aggregation also reduced performance, confirming that long-range contextual modeling contributes beyond local neighborhood aggregation alone. Likewise, removing the temporal chain caused a measurable decline, suggesting that temporal continuity is useful for representing flow interactions in the graph.
Replacing gated fusion with average fusion produced closely related performance, suggesting that the overall hybrid structure is more important than any single minor enhancement in isolation. Even so, the gated mechanism remains useful because it provides adaptive rather than fixed integration of structural and contextual information. This interpretation is supported by the observed gate statistics, which indicate that the model dynamically balances local and global representations depending on the input samples.
Taken together, the ablation results support the view that the proposed performance gain is not attributable to a single isolated trick, but rather to the coordinated interaction of structural learning, contextual modeling, graph design, and adaptive fusion.
4.7. Sensitivity Analysis of the Graph-Construction Parameter k
To examine how graph construction affects downstream detection performance, a sensitivity analysis was conducted by varying the KNN neighborhood parameter k in {2, 4, 6, 8, 10} on the main UNSW-NB15 setting. The sensitivity analysis results are summarized in
Table 5. The results indicate that the proposed hybrid model remains relatively stable across a moderate range of
k values. The best accuracy was obtained at
k = 4, while
k = 6, which was used in the main configuration, achieved nearly identical performance.
Importantly, increasing k substantially increased graph density and computational burden. As k increased from 2 to 10, the number of edges rose from approximately 700,776 to 3,491,480, and the average graph degree increased from about 7.0 to 34.9. However, these large increases in graph density did not produce corresponding performance gains. Instead, very large k values showed slightly lower performance, suggesting that overly dense graphs may introduce redundant relations or additional noise.
These findings indicate that the proposed model is robust to moderate variation in k, while also showing that moderate neighborhood sizes provide the best trade-off between performance and graph complexity. Accordingly, the use of k = 6 in the main configuration is justified as a balanced choice rather than as an arbitrarily selected parameter.
4.8. Re-Optimized Baseline Comparison on UNSW-NB15
To address fairness concerns in the baseline comparison, an additional lightweight hyperparameter re-optimization was conducted for the main graph-based baselines over learning rate, hidden dimension, and dropout. The best re-optimized baseline configurations are summarized in
Table 6. The strongest re-optimized baseline was GraphSAGE, which achieved an accuracy of 0.9824 and a macro-F1-score of 0.97318 under the best recovered configuration (lr = 0.0005, hidden dim = 256, dropout = 0.1). Re-optimized GCN and GAT remained substantially lower, with best macro-F1-scores of 0.78819 and 0.78695, respectively.
These results show that the strongest baseline became more competitive after re-optimization, especially in the case of GraphSAGE. Nevertheless, the proposed hybrid model still remained the best overall under the revised evaluation, as reflected by its repeated-run mean macro-F1-score of 0.97491. The remaining margin over the strongest tuned baseline is modest, but it is consistent with the broader interpretation of the model: the proposed hybrid design provides a better balance of local structural learning and global contextual modeling than either branch alone.
Accordingly, the revised comparison suggests that the advantage of the proposed model is not merely a consequence of under-tuned baselines, but rather reflects a genuine, although moderate, benefit of the coordinated hybrid architecture under the evaluated setting.
4.9. Overall Performance on CIC-IDS2017
To further examine the generalization capability of the proposed HybridSAGETransformerGlobal model, an additional evaluation was conducted on the CIC-IDS2017 dataset under the same overall preprocessing, graph construction, and training pipeline described in
Section 3. While the additional robustness analyses introduced in this revision were conducted on the main UNSW-NB15 setting, CIC-IDS2017 was retained as a complementary cross-dataset benchmark to assess whether the proposed architecture maintained strong performance under a different traffic generation process and attack composition.
On CIC-IDS2017, the proposed hybrid model achieved an accuracy of 0.9749, a macro-precision of 0.9513, a macro-recall of 0.9722, and a macro-F1-score of 0.9613. These results indicate that the proposed architecture maintained strong intrusion detection performance even under a different traffic environment and attack composition.
As shown in
Figure 5, the confusion matrix of the proposed model on CIC-IDS2017 further supports this result. The model correctly classified 15,686 benign flows as benign and 3813 attack flows as attacks, while producing 374 false positives and 127 false negatives. This pattern suggests that the model preserved high recall for malicious traffic while maintaining a manageable false alarm level. As in the UNSW-NB15 results, these values should be interpreted together with the class distribution of the evaluation set and the macro-averaged metrics rather than in isolation.
At the class level, the proposed model also showed balanced behavior on CIC-IDS2017. The benign class was classified with high reliability, while the attack class maintained strong recall, indicating that the model rarely missed malicious flows. Although a limited number of benign samples were flagged as attacks, the overall pattern suggests a conservative detection tendency that prioritizes attack detection over a minimal reduction in false alarms.
4.10. Training and Validation Behavior on CIC-IDS2017
As shown in
Figure 6, The training and validation curves on CIC-IDS2017 showed stable convergence behavior throughout the training process. Both curves increased rapidly during the early epochs and then converged around a high-performance region, with only a small gap between training and validation accuracy. This result indicates that the proposed hybrid model learned effectively without showing strong signs of overfitting under the adopted optimization setting.
Compared with UNSW-NB15, the convergence trend on CIC-IDS2017 was slightly more gradual, which is consistent with the more heterogeneous traffic composition and the different attack-generation characteristics of CIC-IDS2017. Nevertheless, the model still converged stably and retained strong generalization performance on the validation set.
4.11. Class-Wise Metrics and ROC Analysis on CIC-IDS2017
The class-wise performance on CIC-IDS2017 further clarifies the detection behavior of the proposed model. For the benign class, the model showed high classification reliability, while for the attack class it achieved strong recall together with good precision. These results indicate that the proposed model successfully detected most malicious flows while maintaining strong overall class-level performance. The slightly lower precision for the attack class suggests that a limited number of benign flows were conservatively flagged as attacks, whereas the high recall indicates that the model rarely missed malicious traffic. From an intrusion detection perspective, this trade-off is acceptable because false negatives are often more costly than a moderate increase in false positives.
To further evaluate the discriminative power of the proposed model, the ROC curve was calculated and is shown in
Figure 7. The corresponding AUC value was 0.9957, indicating strong separability between benign and malicious traffic across a wide range of decision thresholds. The ROC curve remained close to the top-left corner, demonstrating that the proposed model can maintain high true positive rates while keeping false positive rates relatively low. Together with the overall performance on CIC-IDS2017, these results confirm that the proposed hybrid model preserves strong attack detection capability under a different traffic environment and attack composition.
4.12. Comparison with Baseline Models on CIC-IDS2017
To validate the effectiveness of the proposed hybrid design on a second dataset, the proposed model was compared with MLP (no graph), GCN, GAT, GraphSAGE, and TransformerEncoderOnly on CIC-IDS2017. As shown in
Table 7, the proposed model achieved the best overall performance among all compared models, with accuracy = 0.97495, macro-precision = 0.95132, macro-recall = 0.97224, and macro-F1-score = 0.96132.
Among the compared baselines, GraphSAGE was the strongest single-branch graph-based baseline, achieving accuracy = 0.96435 and macro-F1 = 0.94660. However, the proposed hybrid model further improved these results, suggesting that the Transformer branch provides complementary global contextual information beyond the structural information captured by GraphSAGE alone. By contrast, GCN, GAT, and TransformerEncoderOnly remained substantially lower, showing that either structure-only propagation or context-only modeling was less effective than the coordinated hybrid architecture in this setting.
These results indicate that the proposed hybrid architecture preserved its advantage over both conventional graph baselines and a Transformer-only baseline on a second flow-based intrusion detection dataset. Although the additional robustness-oriented analyses in this revision were conducted on the main UNSW-NB15 setting, the CIC-IDS2017 results remain important because they provide complementary evidence that the proposed architecture is not limited to a single dataset or traffic distribution.
These results indicate that the proposed hybrid architecture consistently preserves its advantage over both conventional graph baselines and a Transformer-only baseline on a second flow-based intrusion detection dataset.
4.13. Cross-Dataset Comparative Discussion
Taken together, the results on UNSW-NB15 and CIC-IDS2017 provide stronger evidence of generalization than single-dataset validation alone. On both datasets, the proposed HybridSAGETransformerGlobal model achieved the strongest overall performance among the compared models, particularly in terms of macro-level detection quality, while also maintaining high recall for attack detection. This overall pattern suggests that the proposed architecture benefits from the coordinated integration of local structural learning through GraphSAGE, global contextual modeling through the Transformer encoder, and adaptive representation integration through gated fusion.
At the same time, the two datasets highlight different characteristics. Under the main UNSW-NB15 setting, the proposed model achieved highly stable performance across repeated runs, with small standard deviations and statistically significant improvements over the strongest baseline. By contrast, CIC-IDS2017 served as a complementary benchmark for examining whether the proposed architecture maintained strong performance under a different traffic generation process and attack composition. Although the additional robustness-oriented analyses introduced in this revision were conducted on the main UNSW-NB15 setting, the CIC-IDS2017 results remain important because they show that the proposed model is not limited to a single dataset or a single traffic environment.
The cross-dataset comparison also supports a more specific interpretation of the baselines. In both settings, GraphSAGE emerged as the strongest single-branch graph-based baseline, while the proposed hybrid model further improved upon it. This pattern suggests that local structural aggregation alone is highly effective in sampled traffic graphs, but that additional gains can still be obtained by incorporating long-range contextual dependencies through the Transformer branch. Accordingly, the advantage of the proposed model should be interpreted not as a replacement of graph-based learning, but as a coordinated extension that improves the balance between structural and contextual representation learning under the evaluated conditions.
Overall, the combined evidence from UNSW-NB15 and CIC-IDS2017 supports the main claim of this study: a carefully coordinated hybrid design can provide a more effective and more generalizable framework for flow-based intrusion detection than graph-only or Transformer-only modeling under the evaluated settings. At the same time, the revised results also suggest an important nuance: the strongest gains are most clearly supported in the main UNSW-NB15 setting through repeated-run and robustness-oriented validation, while the CIC-IDS2017 results provide complementary cross-dataset support for generalization rather than a second full robustness benchmark.
5. Discussion
The experimental results show that the proposed HybridSAGETransformerGlobal model achieved the strongest overall performance among the compared models on both UNSW-NB15 and CIC-IDS2017. In particular, the hybrid architecture consistently produced the highest macro-level performance while also maintaining strong recall for attack detection. This result suggests that the coordinated integration of local structural learning through GraphSAGE, global contextual modeling through the Transformer encoder, and adaptive representation fusion through the gating mechanism is more effective than relying on either branch alone. On UNSW-NB15, the model showed highly stable performance across repeated runs, while on CIC-IDS2017 it still preserved a clear advantage over the compared baselines despite the more heterogeneous traffic composition and the more visible trade-off between false positives and false negatives. Taken together, these findings provide stronger evidence of robustness and generalization than single-dataset validation alone.
A key observation of this study is that GraphSAGE was the strongest single-branch graph-based baseline, while the proposed hybrid model further improved upon it. This pattern suggests that the sampled graph setting adopted in this study is particularly compatible with inductive neighborhood aggregation. By contrast, GCN and GAT showed substantially lower performance under the same overall preprocessing, graph construction, splitting, and evaluation framework. This result should not be interpreted as indicating that GCN or GAT are inherently weak architectures. Rather, under the sampled graph construction and mini-batch neighborhood propagation used here, GraphSAGE appears more robust to the adopted inductive setting, whereas GCN and GAT may be more sensitive to the stability of neighborhood propagation and attention estimation. Therefore, the observed performance gap is better understood as a consequence of architecture–setting compatibility within the present experimental pipeline rather than as a universal ranking of graph neural network models.
The revised evaluation also strengthens the interpretation of the proposed model from a statistical perspective. Additional repeated-run experiments on UNSW-NB15 showed that the proposed hybrid model achieved an accuracy of 0.98408 ± 0.00059, a macro-precision of 0.96843 ± 0.00098, a macro-recall of 0.98175 ± 0.00259, and a macro-F1-score of 0.97491 ± 0.00111. Paired statistical testing further showed significant improvements over the strongest baseline, GraphSAGE, particularly in terms of accuracy, macro-precision, and macro-F1-score. Although GraphSAGE showed slightly higher recall on average, the hybrid model achieved a better overall balance between attack detection and false-alarm control, which is reflected in its higher macro-F1-score. These findings indicate that the advantage of the proposed model is not limited to a single favorable run, but is supported by repeated evaluation under the same setting.
The confusion-matrix and ROC-based analyses further clarify the detection behavior of the proposed model. On UNSW-NB15, the representative run showed 15,794 true negatives, 3884 true positives, 229 false positives, and 93 false negatives, indicating that the model maintained strong attack detection capability while preserving a low false alarm rate. The corresponding ROC curve also remained close to the top-left corner, with an AUC of 0.9987, suggesting strong separability between benign and malicious traffic across a wide range of thresholds. On CIC-IDS2017, the model likewise preserved strong attack recall while maintaining a manageable false alarm level, although the trade-off between false positives and false negatives became more visible than on UNSW-NB15. This difference is meaningful because it indicates that the proposed model performs strongly under both datasets, but does not behave as a uniformly saturated classifier across all traffic environments.
The ablation results support the interpretation that the proposed performance gain does not arise from a single isolated component. Instead, the full hybrid design remained among the best-performing configurations, while removing degree-based positional encoding, global context aggregation, or the temporal chain led to small but consistent performance degradation. These findings suggest that structural learning, contextual modeling, and graph design all contribute to the final result. At the same time, the ablation analysis also indicates that some enhancements play a supporting rather than dominant role. In particular, replacing gated fusion with average fusion yielded closely related performance, suggesting that the overall hybrid structure is more important than any single minor enhancement in isolation. Even so, the gate statistics support the interpretation that the fusion module provides adaptive rather than fixed integration of structural and contextual information, which remains valuable from both architectural and interpretive perspectives.
From a methodological perspective, the results should also be interpreted in light of the adopted graph construction strategy. The proposed approach combines IP-group-aware k-nearest neighbors with a temporal chain in order to reflect both relational proximity and traffic continuity. In the revised manuscript, additional sensitivity analysis over k ∈ {2, 4, 6, 8, 10} showed that the proposed model remained relatively stable across moderate values of k, while graph density increased substantially as k became larger. The best accuracy was observed at k = 4, whereas k = 6, which was used in the main configuration, achieved nearly identical performance. This pattern suggests that moderate neighborhood sizes provide the most favorable trade-off between performance and graph complexity, while overly dense graphs may introduce redundant relations or additional noise without clear performance gains. Accordingly, the main choice of k = 6 is justified as a balanced configuration rather than as an arbitrarily selected parameter.
The revised baseline comparison also provides a more careful interpretation of fairness. A lightweight hyperparameter re-optimization over learning rate, hidden dimension, and dropout showed that GraphSAGE became more competitive under its best recovered setting, achieving a macro-F1-score of 0.97318 on UNSW-NB15. Even so, the proposed hybrid model still remained the best overall, with a repeated-run mean macro-F1-score of 0.97491. The remaining margin over the strongest tuned baseline is modest, but it is still consistent with the broader interpretation of the model: combining structural and contextual learning yields a small but genuine improvement over the strongest single-branch alternative under the evaluated setting. This result is important because it suggests that the observed advantage of the proposed model is not merely a consequence of under-tuned baselines, although it should also be acknowledged that the present re-optimization was lightweight rather than exhaustive.
The computational implications of the proposed hybrid architecture must also be considered. Compared with single-branch baselines, the proposed model introduces additional complexity by combining a GraphSAGE branch, a Transformer branch, and a gated fusion module. However, this cost should be interpreted within the mini-batch graph-learning setting adopted in this study. In our implementation, graph-based models were trained on sampled subgraphs rather than on the full traffic graph, and the Transformer branch likewise operated on bounded node sets within each sampled mini-batch. From this perspective, the computational burden depends primarily on sampled subgraph size rather than on the full dataset size. Even so, the present study should not be interpreted as a full real-time deployment benchmark. The main objective of this work was to validate detection performance, architectural contribution, and comparative robustness rather than to optimize hardware-level latency or throughput in operational environments. Accordingly, inference latency, memory usage, and deployment scalability remain important considerations for future work.
Several limitations of the current study should still be acknowledged. First, although evaluation on both UNSW-NB15 and CIC-IDS2017 provides stronger support for generalization than single-dataset validation alone, broader validation on additional datasets such as BoT-IoT, NF-BoT-IoT, NF-ToN-IoT, Edge-IIoTset, or CIC-IDS2018 would further strengthen the generality of the conclusions. Second, while the revised manuscript now includes repeated-run statistical validation, ablation analysis, sensitivity analysis of the graph-construction parameter, and lightweight baseline re-optimization on the main UNSW-NB15 setting, not every possible enhancement component or baseline configuration was exhaustively explored under every dataset and protocol combination. Third, although the hybrid model achieved the strongest overall performance, the margin over the strongest tuned baseline was relatively small, which suggests that the practical value of the hybrid design lies in a consistent and balanced gain rather than in a dramatic performance jump under all settings. These limitations should be considered when interpreting the present findings.
Overall, the revised results support the main claim of this study: a carefully coordinated hybrid design combining GraphSAGE-based structural learning, Transformer-based contextual modeling, and adaptive fusion can provide a more effective and more generalizable framework for flow-based intrusion detection than graph-only or Transformer-only models under the evaluated settings. At the same time, the present findings should be interpreted as strong model-validation evidence rather than as a final demonstration of deployment readiness. Future work should therefore focus on broader cross-dataset validation, more exhaustive component-wise analysis, lightweight model design, and deployment-oriented efficiency evaluation.
6. Conclusions
This study proposed HybridSAGETransformerGlobal, a hybrid flow-based network intrusion detection model that integrates a SAGEConv-based GraphSAGE branch, a Transformer encoder, and a gated fusion mechanism in order to jointly capture local structural relationships and global contextual dependencies in network traffic. In the proposed framework, network flows were represented as graph nodes, and edges were constructed using IP-group-aware k-nearest neighbors (KNNs) together with a temporal chain, enabling the model to reflect both relational proximity and traffic continuity within flow-based intrusion detection settings.
The proposed architecture was evaluated under a unified preprocessing and training pipeline on two benchmark datasets, UNSW-NB15 and CIC-IDS2017, using up to approximately 100,000 flow samples per dataset. On the main UNSW-NB15 setting, an additional repeated-run evaluation over five random seeds showed that the proposed hybrid model achieved an accuracy of 0.98408 ± 0.00059, a macro-precision of 0.96843 ± 0.00098, a macro-recall of 0.98175 ± 0.00259, and a macro-F1-score of 0.97491 ± 0.00111. On CIC-IDS2017, the model achieved an accuracy of 0.97495, a macro-precision of 0.95132, a macro-recall of 0.97224, and a macro-F1-score of 0.96132. Across both datasets, the proposed model consistently showed the strongest overall performance among the compared models under the evaluated settings.
The revised experiments further strengthened the interpretation of the proposed model. Repeated-run statistical validation on UNSW-NB15 showed that the performance advantage over the strongest baseline was stable across seeds and statistically significant. The ablation study indicated that the effectiveness of the model does not arise from a single isolated component but from the coordinated interaction of structural learning, contextual modeling, graph design, and adaptive fusion. The sensitivity analysis over the graph-construction parameter k showed that moderate neighborhood sizes provided the best trade-off between performance and graph complexity, thereby supporting the use of k = 6 as a balanced main configuration. In addition, lightweight baseline re-optimization showed that GraphSAGE became more competitive under tuning, but the proposed hybrid model still remained the best overall under the revised evaluation setting.
Taken together, the results support the main conclusion of this study: a carefully coordinated hybrid design combining GraphSAGE-based structural learning, Transformer-based contextual modeling, and adaptive fusion can provide an effective and generalizable framework for flow-based intrusion detection under the evaluated conditions. At the same time, the present work should still be interpreted primarily as a model-validation study rather than as a full deployment benchmark. Although the revised manuscript strengthens robustness-oriented evaluation on the main UNSW-NB15 setting and retains CIC-IDS2017 as a complementary cross-dataset benchmark, further validation on additional datasets and under broader operational settings would strengthen the generality of the conclusions.
Future work should therefore focus on broader cross-dataset validation on newer benchmarks, more exhaustive component-wise and baseline-specific analysis, lightweight model design, and deployment-oriented efficiency evaluation, including latency, memory usage, and scalability in practical intrusion detection environments.