<p>Network security depends significantly on intrusion detection, which requires the development of advanced detection methods to properly combat ever-changing cyber threats. This study examines the efficacy of a proposed hybrid deep learning model (CNN+LSTM) for the purpose of intrusion detection. We conducted a comprehensive comparative analysis utilizing the NSL-KDD dataset, which consists of both normal and attack instances. We evaluated the performance of the proposed CNN+LSTM model against nine well-known machine learning and deep learning classifiers. The proposed hybrid CNN–LSTM is evaluated under two explicit NSL-KDD protocols to avoid ambiguity: (i) Protocol-A, a stratified in-distribution split of KDDTrain+ (SEED=42, 70/15/15), and (ii) Protocol-B, the official benchmark setting that trains on KDDTrain+ and tests on KDDTest+. While Protocol-A yields near-ceiling performance for several learners on this mature benchmark, Protocol-B produces a substantially harder and more deployment-relevant generalization test. To reduce reliance on a legacy dataset, we further validate the trained CNN–LSTM on a contemporary intrusion detection dataset (CSE-CIC-IDS2018), reporting both effectiveness and efficiency indicators. This research provides a unique viewpoint in the field of network security, emphasizing the potential for using deep learning methods to create IDS that are more robust and adaptable. We also report a 5-class attack categorization (Normal/DoS/Probe/R2L/U2R) on NSL-KDD Protocol-B to assess attack-type discrimination under severe class imbalance. Future approaches involve investigating the scalability and suitability of the CNN+LSTM model in various network settings and cyber threat scenarios.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Optimizing intrusion detection using a hybrid CNN LSTM deep learning framework on the NSL KDD dataset

  • Vipin Jain,
  • Kirti Singh,
  • Suneet Joshi,
  • Lokesh Malviya,
  • Ruchi Patel,
  • Vaishali Gupta,
  • Preeti Narooka

摘要

Network security depends significantly on intrusion detection, which requires the development of advanced detection methods to properly combat ever-changing cyber threats. This study examines the efficacy of a proposed hybrid deep learning model (CNN+LSTM) for the purpose of intrusion detection. We conducted a comprehensive comparative analysis utilizing the NSL-KDD dataset, which consists of both normal and attack instances. We evaluated the performance of the proposed CNN+LSTM model against nine well-known machine learning and deep learning classifiers. The proposed hybrid CNN–LSTM is evaluated under two explicit NSL-KDD protocols to avoid ambiguity: (i) Protocol-A, a stratified in-distribution split of KDDTrain+ (SEED=42, 70/15/15), and (ii) Protocol-B, the official benchmark setting that trains on KDDTrain+ and tests on KDDTest+. While Protocol-A yields near-ceiling performance for several learners on this mature benchmark, Protocol-B produces a substantially harder and more deployment-relevant generalization test. To reduce reliance on a legacy dataset, we further validate the trained CNN–LSTM on a contemporary intrusion detection dataset (CSE-CIC-IDS2018), reporting both effectiveness and efficiency indicators. This research provides a unique viewpoint in the field of network security, emphasizing the potential for using deep learning methods to create IDS that are more robust and adaptable. We also report a 5-class attack categorization (Normal/DoS/Probe/R2L/U2R) on NSL-KDD Protocol-B to assess attack-type discrimination under severe class imbalance. Future approaches involve investigating the scalability and suitability of the CNN+LSTM model in various network settings and cyber threat scenarios.