The growing reliance of enterprises on internal and information systems has led to an increased risk of cyber attacks, which pose serious threats to the confidentiality, integrity and availability of data. Intrusion Detection Systems (IDS) are essential for identifying malicious activities; however, conventional IDS approaches often struggle with evolving and sophisticated attack vectors. Recent advances in machine learning (ML) offer new opportunities to enhance IDS capabilities through adaptive and data-driven models. This study proposes a hybrid architecture that integrates convolutional neural networks (CNN), long-short-term memory (LSTM), and gradient boosting machines (GBM), leveraging both supervised learning and advanced feature representation techniques, addressing key challenges such as limited labeled data, diverse traffic patterns, and resource constraints in small and medium enterprises (SMEs). The proposed approach includes an end-to-end pipeline for data collection, preprocessing, feature extraction, and data labeling, combined with augmentation techniques to improve model generalization. Experimental evaluation across different network scales demonstrates the effectiveness of the method in detecting both known and novel attack types, while maintaining computational efficiency. The findings contribute to a practical and scalable solution for enterprise network security, with implications for real-world IDS deployment and future research in ML-driven cybersecurity.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enterprise Intrusion Detection Using Ensemble CNN-LSTM-GBM: Cross-Scale Performance Analysis

  • Minh-Tam Nguyen,
  • Thanh-Tai Vu,
  • Quynh Chi Truong,
  • Thi Ai Thao Nguyen

摘要

The growing reliance of enterprises on internal and information systems has led to an increased risk of cyber attacks, which pose serious threats to the confidentiality, integrity and availability of data. Intrusion Detection Systems (IDS) are essential for identifying malicious activities; however, conventional IDS approaches often struggle with evolving and sophisticated attack vectors. Recent advances in machine learning (ML) offer new opportunities to enhance IDS capabilities through adaptive and data-driven models. This study proposes a hybrid architecture that integrates convolutional neural networks (CNN), long-short-term memory (LSTM), and gradient boosting machines (GBM), leveraging both supervised learning and advanced feature representation techniques, addressing key challenges such as limited labeled data, diverse traffic patterns, and resource constraints in small and medium enterprises (SMEs). The proposed approach includes an end-to-end pipeline for data collection, preprocessing, feature extraction, and data labeling, combined with augmentation techniques to improve model generalization. Experimental evaluation across different network scales demonstrates the effectiveness of the method in detecting both known and novel attack types, while maintaining computational efficiency. The findings contribute to a practical and scalable solution for enterprise network security, with implications for real-world IDS deployment and future research in ML-driven cybersecurity.