Authors - Piyush Tewari, Rohit, Rujal Agarwal, Yanshi Sharma Abstract - Current Network Intrusion Detection Systems (NIDS) typically analyze traffic as independent tabular records, largely ignoring the relational and temporal dependencies inherent in real-world communications. This limitation is particularly critical for detecting botnets, which rely on coordinated, evolving interactions rather than isolated malicious packets. To address this, we propose a topology-aware framework that models network traffic as a sequence of dynamic communication graphs. Using the CICIDS2017 dataset, we construct sliding-window snapshots where IP addresses form nodes and flows form edges. A spatiotemporal graph neural network is employed to learn evolving structural representations, integrated with a novel learnable gated fusion mechanism that adaptively balances graph-based context with conventional flowlevel statistics. The model is optimized using a hybrid objective combining class-weighted cross-entropy and center loss to mitigate data imbalance. Experimental results demonstrate that the framework achieves improved performance on structural attacks, with botnet detection reaching an AUC of 0.999. Furthermore, the learned gating values reveal a strong model preference for topological features over static statistics, empirically validating that structural context is superior for identifying coordinated threats. These findings underscore the effectiveness of spatiotemporal modeling in enhancing the robustness and interpretability of next-generation NIDS.
Open Zoom