Enhanced detection of network intrusions and anomalies in internet of things applications using a hybrid artificial intelligence model combining CNN and LSTM
摘要
The rapid development of the internet of things (IoT) has made an increasing number of large-scale, interconnected networks more vulnerable to advanced attacks. There are increased risks of hidden intrusions and compromised security in IoT environments, resulting from class imbalance in network traffic datasets, high-dimensional feature spaces, and the requirement for spatial and temporal anomaly detection. Traditional intrusion detection systems (IDS) fail to address these problems. This research work presents IaADS, an intrusion and anomaly detection system integrating 3 balancing components: a conditional generative adversarial network (cGAN) for minority-class data balancing, the slime mould algorithm (SMA) for wrapper-based feature selection (FS), and a dual convolutional neural network and long short-term memory (CNN+LSTM) for spatiotemporal feature extraction (FE). The cGAN generates class-conditioned synthetic samples for under-represented attack types, and SMA reduces training overhead by 18.0% using principled feature dimensionality reduction from 41 to an optimal discriminative subset. Evaluated on the NSL-KDD benchmark dataset against 6 baseline models—SVM, RF, KNN, MLP, LSTM, and CNN—IaADS achieves 97.1% accuracy on DoS detection, 81.5% on R2L, and 70.4% on U2R attack types, with a false positive rate of 3.2% on DoS and 17.4% on U2R. Five-fold cross-validation provides a mean accuracy of 96.4 ± 0.4% and a mean F1-score of 96.0 ± 0.4%, with statistical significance confirmed at p < 0.01 against all baselines. Inference latency of 2.3 ms per sample confirms suitability for near-real-time IoT gateway deployment. The attack taxonomy of NSL-KDD aligns directly with attack types documented in IoT network security, and validation on IoT-native datasets is a direction for future work.