GATv2-NS3 Hybrid IDS: Self-Focusing Simulations for Network Intrusion Detection

Buyantuev Alexander; Aliaksei Korshuk; Aleksei Stepin; Ilya Gusev; Vladimir Kubasov; Vladislav Kulikov; Artyom Kabanov; Mikhail Mozikov; Ilya Makarov

GATv2-NS3 Hybrid IDS: Self-Focusing Simulations for Network Intrusion Detection

Buyantuev Alexander, Aliaksei Korshuk, Aleksei Stepin, Ilya Gusev, Vladimir Kubasov, Vladislav Kulikov, Artyom Kabanov, Mikhail Mozikov, Ilya Makarov

16 Sept 2025 (modified: 17 Oct 2025)Agents4Science 2025 Conference Withdrawn SubmissionEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Intrusion Detection Systems, Graph Attention Networks, Uncertainty-driven simulation control

TL;DR: This work introduces a hybrid IDS framework combining GATv2 with uncertainty-driven simulation triggers in NS-3, delivering realistic, leakage-aware evaluation and improved efficiency under constrained compute.

Abstract: Network intrusion detection faces critical challenges from data leakage and artificial performance inflation in static evaluation protocols. We introduce GATv2-NS3 Hybrid IDS, combining Graph Attention Networks v2 with adaptive NS-3 simulation. Our key innovation, Self-Focusing Simulations, uses attention uncertainty to dynamically allocate simulation resources to ambiguous network regions. The system triggers focused NS-3 simulations when attention entropy exceeds adaptive thresholds, creating efficient feedback loops. Evaluation on NSL-KDD and Cisco datasets reveals realistic IDS performance is significantly lower than commonly reported—our method achieves F1=0.711 while traditional approaches reach F1$\approx$0.75 on NSL-KDD. The self-focusing mechanism reduces computational overhead by 40\% compared to uniform simulation while maintaining detection quality. Our findings demonstrate that rigorous evaluation yields substantially lower but more honest performance metrics, highlighting the gap between academic claims and practical deployment realities.

Supplementary Material: zip

Submission Number: 308

Loading