CNN-LSTM Powered Network IDS for Adaptive Cyber Defence
DOI:
https://doi.org/10.1807/jyexrc77Keywords:
IDS, DL, CNN, LSTM, Hybrid Model, False Alarm Rate, Cyber ThreatsAbstract
A Network IDS (NIDS) is devised to examine network traffic to detect signs of malicious behaviour or violations of protection policies. It is an essential piece of equipment in the fight to improve cybersecurity via early threat detection and response. Existing machine learning approaches, though efficient, are generally bogged down by significant manual feature engineering, which restricts their flexibility to adapt to dynamic attack scenarios. Deep learning approaches, with the ability to automatically learn high-level features, provide a robust alternative to designing effective IDS. This work proposes a novel hybrid deep learning architecture to synergistically integrate CNN and LSTM networks for tackling the complexity of network intrusion detection. The CNN module performs well in detecting spatial patterns of network traffic data, and the LSTM module incorporates temporal dependencies to facilitate exhaustive analysis of sequential attack patterns. To improve model efficiency and avoid overfitting, batch normalization and dropout layers are strategically integrated in the architecture. The model is extensively tested on three diverse datasets, CIC-IDS2017, UNSW-NB15, and NSL-KDD, covering a broad range of contemporary attack types. Experiments are performed for binary and multiclass classification tasks, and performance metrics are evaluated based on a confusion matrix. Key performance metrics, like false alarm rate, accuracy, F1 score and detection rate, define the model’s performance in intrusion detection with high accuracy while avoiding a high false positive rate. The outcome proves the model’s robust performance across diverse network environments, varying from wired to wireless networks, and its applicability in detecting known and novel threats. By tapping the power of automated feature extraction and sophisticated neural network design, the work critically contributes to a scalable and efficient solution to existing network security, opening the door to real-time, adaptive intrusion detection across complex digital terrain.
References
[1] N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE transactions on emerging topics in computational intelligence, vol. 2, no. 1, pp. 41–50, 2018.
[2] N. Faruqui, M. A. Yousuf, M. Whaiduzzaman, A. Azad, S. A. Alyami, P. Li`o, M. A. Kabir, and M. A. Moni, “Safetymed: A novel iomt intrusion detection system using cnn-lstm hybridization,” Electronics, vol. 12, no. 17, p. 3541, 2023.
[3] M. Abdallah, N. An Le Khac, H. Jahromi, and A. Delia Jurcut, “A hybrid cnn-lstm based approach for anomaly detection systems in sdns,” in Proceedings of the 16th International Conference on Availability, Reliability and Security, 2021, pp. 1–7.
[4] A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi, and R. Ahmad, “Cnn-lstm: hybrid deep neural network for network intrusion detection system,” IEEE Access, vol. 10, pp. 99 837–99 849, 2022.
[5] H. Alkahtani and T. H. Aldhyani, “Botnet attack detection by using cnn-lstm model for internet of things applications,” Security and Communication Networks, vol. 2021, no. 1, p. 3806459, 2021.
[6] H. Sun, M. Chen, J. Weng, Z. Liu, and G. Geng, “Anomaly detection for in-vehicle network using cnn-lstm with attention mechanism,” IEEE Transactions on Vehicular Technology, vol. 70, no. 10, pp. 10 880–10 893, 2021.
[7] R. Jablaoui and N. Liouane, “An effective deep cnn-lstm based intrusion detection system for network security,” in 2024 International Conference on Control, Automation and Diagnosis (ICCAD). IEEE, 2024, pp. 1–6.
[8] A. Taneja and G. Kumar, “Attention-cnn-lstm based intrusion detection system (acl-ids) for in-vehicle networks,” Soft Computing, vol. 28, no. 23, pp. 13 429–13 441, 2024.
[9] M. K. Putchala, “Deep learning approach for intrusion detection system (ids) in the internet of things (iot) network using gated recurrent neural networks (gru),” Master’s thesis, Wright State University, 2017.
[10] B. Deore and S. Bhosale, “Hybrid optimization enabled robust cnn-lstm technique for network intrusion detection,” Ieee Access, vol. 10, pp. 65 611–65 622, 2022.
[11] A. Gueriani, H. Kheddar, and A. C. Mazari, “Enhancing iot security with cnn and lstm-based intrusion detection systems,” in 2024 6th International Conference on Pattern Analysis and Intelligent Systems (PAIS). IEEE, 2024, pp. 1–7.
[12] S. S. Bamber, A. V. R. Katkuri, S. Sharma, and M. Angurala, “A hybrid cnn-lstm approach for intelligent cyber intrusion detection system,” Computers & Security, vol. 148, p. 104146, 2025.
[13] P. Rajak, J. Lachure, and R. Doriya, “Cnn-lstm-based ids on precision farming for iiot data,” in 2022 IEEE 4th International Conference on Cybernetics, Cognition and Machine Learning Applications (ICCCMLA). IEEE, 2022, pp. 99–103.
[14] V. Poornachander, K. S. Kumar, and S. Jagadish, “Ddos attack intrusion detection system with cnn and lstm hybridization,” in 2024 2nd International Conference on Sustainable Computing and Smart Systems (ICSCSS). IEEE, 2024, pp. 1–6.
[15] N. S. Bhati, M. Khari, V. Garc´ıa-D´ıaz, and E. Verd´u, “A review on intrusion detection systems and techniques,” International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 28, no. Supp02, pp. 65–91, 2020.
[16] H. Sharma, P. Kumar, and K. Sharma, “Recurrent neural network based incremental model for intrusion detection system in iot,” Scalable Computing: Practice and Experience, vol. 25, no. 5, pp. 3778–3795, 2024.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Revolutionary Advances in Computing and Electronics: An International Journal
This work is licensed under a Creative Commons Attribution 4.0 International License.
This work is licensed under a Creative Commons Attribution 4.0 International License.
