CAG and CBG Network Model for Cybersecurity Intrusion Detection

Traditional cyber security  intrusion detection methods primarily rely on machine learning, yet most overlook the temporal correlations inherent in intrusion behaviors. To address this limitation, this study employs a Context-Aware Attention (CAA)  and BiGRU-GELU  model for network traffic intrusion detection. In practice, datasets are inherently imbalanced, which often leads models to bias toward learning features from the majority classes while disregarding those of the minority classes. To mitigate this issue, this paper integrates the CNN-ADASYN-GNGS (CAG) algorithm to perform preliminary resampling of the training data. This approach examines the distribution of the minority class and alleviates edge distribution problems.We propose a Context-Aware Attention (CAA) mechanism based on the Transformer architecture to capture global dependencies and extract discriminative data features. This mechanism leverages contextual information to rectify deviations in interpretation caused by feature similarity, thereby enhancing feature relevance through dynamic weight allocation. We proposed a Bi GRU-GELU model that captures contextual dependencies between words through the GELU activation, thereby generating more discriminative feature representations. By integrating a context-aware attention network module with a bottom-up attention mechanism, the model establishes an encoder–decoder framework for cybersecurity detection. The proposed CAA-BiGRU-GELU (CBG) model is evaluated against multiple baseline algorithms (SVM, RF, BiGRU, Transformer) using the NSL-KDD dataset. It achieves an accuracy of  99% for major-class and, notably, over 94% precision  on minority-class samples—a substantial improvement over prior studies where such classes were often poorly detected. The model also demonstrates robust generalization across the CICIDS2017 and KDD99 datasets, confirming its effectiveness and broad applicability.