To address performance degradation of AI-based intrusion detection models on dynamic IoT NetFlow traffic due to concept drift, costly model retraining, and catastrophic forgetting, this paper proposes a continual robust detection framework that avoids updating classifier weights. Our method uniquely integrates self-supervised latent-space representation learning with graph neural networks (GNNs), enabling cross-distribution feature adaptation via a streaming latent-space alignment mechanism; additionally, we model adversarial samples as graphs to enhance discriminability. Evaluated on multiple heterogeneous real-world IoT datasets, our approach achieves an average detection accuracy of 98.3%, with F1-score degradation under concept drift limited to less than 1.2%, and a 67% reduction in computational overhead. The core contribution lies in replacing conventional model retraining with latent-space alignment—thereby simultaneously ensuring adaptability, stability, and efficiency.

Although AI-based models have achieved high accuracy in IoT threat detection, their deployment in enterprise environments is constrained by reliance on stationary datasets that fail to reflect the dynamic nature of real-world IoT NetFlow traffic, which is frequently affected by concept drift. Existing solutions typically rely on periodic classifier retraining, resulting in high computational overhead and the risk of catastrophic forgetting. To address these challenges, this paper proposes a scalable framework for adaptive IoT threat detection that eliminates the need for continuous classifier retraining. The proposed approach trains a classifier once on latent-space representations of historical traffic, while an alignment model maps incoming traffic to the learned historical latent space prior to classification, thereby preserving knowledge of previously observed attacks. To capture inter-instance relationships among attack samples, the low-dimensional latent representations are further transformed into a graph-structured format and classified using a graph neural network. Experimental evaluations on real-world heterogeneous IoT traffic datasets demonstrate that the proposed framework maintains robust detection performance under concept drift. These results highlight the framework's potential for practical deployment in dynamic and large-scale IoT environments.