With the expansion of network services and the continuous complexity of attack forms, intrusion detection systems face problems such as high false positive rate and difficult to distinguish boundary samples in high dynamic traffic scenarios. Focusing on the demand of false positive suppression in computer network intrusion detection, this paper proposes a temporal graph neural network model for complex traffic scenarios. The method establishes the network traffic temporal correlation graph by session reconstruction and time window division, and integrates topology dependence extraction, behavior evolution modeling, re-discrimination of easily confused samples and false alarm constrained loss optimization to enhance the ability to identify the difference between normal fluctuations and real attacks. The experimental results based on NSL-KDD, UNSW-NB15 and CIC-IDS2017 datasets show that the Accuracy of the model reaches 96.1%, the F1-score is 95.4%, the AUC is 0.986, the FAR is reduced to 3.2%, and the Specificity is improved to 96.6%. In the NSL-KDD fine-grained attack type analysis, it also maintains a good detection effect on R2L and U2R covert attacks. The research shows that this method can effectively compress the false positive propagation space while ensuring the detection accuracy, which provides a feasible path for intelligent intrusion detection in complex network environment.
