sis 23(6):

Research Article

A hybrid intrusion detection system with K-means and CNN+LSTM

Download95 downloads
  • @ARTICLE{10.4108/eetsis.5667,
        author={Haifeng Lv and Yong Ding},
        title={A hybrid intrusion detection system with K-means and CNN+LSTM},
        journal={EAI Endorsed Transactions on Scalable Information Systems},
        volume={11},
        number={6},
        publisher={EAI},
        journal_a={SIS},
        year={2024},
        month={6},
        keywords={Intrusion detection systems, anomaly detection, NSL-KDD, K-means, CNN, LSTM},
        doi={10.4108/eetsis.5667}
    }
    
  • Haifeng Lv
    Yong Ding
    Year: 2024
    A hybrid intrusion detection system with K-means and CNN+LSTM
    SIS
    EAI
    DOI: 10.4108/eetsis.5667
Haifeng Lv1,*, Yong Ding2
  • 1: Wuzhou University
  • 2: Guilin University of Electronic Technology
*Contact email: hfenglv@foxmail.com

Abstract

Intrusion detection system (IDS) plays an important role as it provides an efficient mechanism to prevent or mitigate cyberattacks. With the recent advancement of artificial intelligence (AI), there have been many deep learning methods for intrusion anomaly detection to improve network security. In this research, we present a novel hybrid framework called KCLSTM, combining the K-means clustering algorithm with convolutional neural network (CNN) and long short-term memory (LSTM) architecture for the binary classification of intrusion detection systems. Extensive experiments are conducted to evaluate the performance of the proposed model on the well-known NSL-KDD dataset in terms of accuracy, precision, recall, F1-score, detection rate (DR), and false alarm rate (FAR). The results are compared with traditional machine learning approaches and deep learning methods. The proposed model demonstrates superior performance in terms of accuracy, DR, and F1-score, showcasing its effectiveness in identifying network intrusions accurately while minimizing false positives.