GAT-AID: A Graph Attention-Based Dual-Branch Framework for Scalable Anomaly and Intrusion Detection

Wankhade, Nitin Wasudeorao; Khandare, Anand V

doi:10.22042/isecure.2026.542048.1244

GAT-AID: A Graph Attention-Based Dual-Branch Framework for Scalable Anomaly and Intrusion Detection

Articles in Press

Document Type : Research Article

Authors

Nitin Wasudeorao Wankhade ¹

Anand V Khandare ²

¹ Thakur College of Engineering and Technology. Mumbai, Maharashtra.

² professor, Thakur college of engineering, Mumbai

10.22042/isecure.2026.542048.1244

Abstract

Intrusion Detection Systems (IDS) are vital for defending modern networks against emerging cyber threats, including zero-day attacks. In this article, we introduce GAT-AID (Graph Attention-based Anomaly and Intrusion Detection), an IDS architecture that integrates Graph Attention Networks (GATs), Multi-Layer Perceptron (MLP) classifiers, and Autoencoders. The proposed methodology represents network traffic as a graph, allowing GAT to extract complex node-wise associations across traffic flows. The embeddings generated are further processed through a dual-branch architecture, an MLP-based classifier for identifying known attack types, and an Autoencoder-based anomaly detector for flagging zero-day intrusions. The proposed GAT-AID methodology is evaluated on two widely used benchmark datasets, namely CICIDS2017 and UNSW-NB15. The experiment results demonstrate that it outperforms conventional IDS baselines, including SVM, Random Forest, CNN, and GCN models, achieving higher detection rates, improved robustness against unseen threats, and greater adaptability to evolving network environments. These findings suggest that GAT-AID is an effective and scalable solution for intelligent, real-time intrusion detection.

Keywords

Anomaly Detection

Autoencoder

Graph Neural Networks

Intrusion Detection Systems

Zero-Day Attacks