Research Article
A hybrid intrusion detection system with K-means and CNN+LSTM
@ARTICLE{10.4108/eetsis.5667, author={Haifeng Lv and Yong Ding}, title={A hybrid intrusion detection system with K-means and CNN+LSTM}, journal={EAI Endorsed Transactions on Scalable Information Systems}, volume={11}, number={6}, publisher={EAI}, journal_a={SIS}, year={2024}, month={6}, keywords={Intrusion detection systems, anomaly detection, NSL-KDD, K-means, CNN, LSTM}, doi={10.4108/eetsis.5667} }- Haifeng Lv
Yong Ding
Year: 2024
A hybrid intrusion detection system with K-means and CNN+LSTM
SIS
EAI
DOI: 10.4108/eetsis.5667
Abstract
Intrusion detection system (IDS) plays an important role as it provides an efficient mechanism to prevent or mitigate cyberattacks. With the recent advancement of artificial intelligence (AI), there have been many deep learning methods for intrusion anomaly detection to improve network security. In this research, we present a novel hybrid framework called KCLSTM, combining the K-means clustering algorithm with convolutional neural network (CNN) and long short-term memory (LSTM) architecture for the binary classification of intrusion detection systems. Extensive experiments are conducted to evaluate the performance of the proposed model on the well-known NSL-KDD dataset in terms of accuracy, precision, recall, F1-score, detection rate (DR), and false alarm rate (FAR). The results are compared with traditional machine learning approaches and deep learning methods. The proposed model demonstrates superior performance in terms of accuracy, DR, and F1-score, showcasing its effectiveness in identifying network intrusions accurately while minimizing false positives.
Copyright © 2024 Lv et al., licensed to EAI. This is an open access article distributed under the terms of the CC BY-NC-SA 4.0, which permits copying, redistributing, remixing, transformation, and building upon the material in any medium so long as the original work is properly cited.
