Optimizing intrusion detection using a hybrid CNN LSTM deep learning framework on the NSL KDD dataset
摘要
Network security depends significantly on intrusion detection, which requires the development of advanced detection methods to properly combat ever-changing cyber threats. This study examines the efficacy of a proposed hybrid deep learning model (CNN+LSTM) for the purpose of intrusion detection. We conducted a comprehensive comparative analysis utilizing the NSL-KDD dataset, which consists of both normal and attack instances. We evaluated the performance of the proposed CNN+LSTM model against nine well-known machine learning and deep learning classifiers. The proposed hybrid CNN–LSTM is evaluated under two explicit NSL-KDD protocols to avoid ambiguity: (i) Protocol-A, a stratified in-distribution split of KDDTrain+ (SEED=42, 70/15/15), and (ii) Protocol-B, the official benchmark setting that trains on KDDTrain+ and tests on KDDTest+. While Protocol-A yields near-ceiling performance for several learners on this mature benchmark, Protocol-B produces a substantially harder and more deployment-relevant generalization test. To reduce reliance on a legacy dataset, we further validate the trained CNN–LSTM on a contemporary intrusion detection dataset (CSE-CIC-IDS2018), reporting both effectiveness and efficiency indicators. This research provides a unique viewpoint in the field of network security, emphasizing the potential for using deep learning methods to create IDS that are more robust and adaptable. We also report a 5-class attack categorization (Normal/DoS/Probe/R2L/U2R) on NSL-KDD Protocol-B to assess attack-type discrimination under severe class imbalance. Future approaches involve investigating the scalability and suitability of the CNN+LSTM model in various network settings and cyber threat scenarios.