1. Introduction
Security is essential for modern information systems, networks, storage infrastructures, and various cyberspace-linked facilities. Considering the rise in system assaults and enterprises each year, it is crucial to enhance security levels continuously. It is not a one-time task but rather a continuous process to keep up with adversaries who are constantly developing new methods to compromise systems. Quantum computing is expected to pose a potential threat to system security in the near future if misused by hackers. The appearance of AI (artificial intelligence), deep learning, and machine learning technologies has paved the way for an additional layer of security for information systems and networks. With a learning-based approach, it becomes dynamic and effective in understanding real-time situations and detecting various cyberattacks. Although existing cryptographic methods effectively protect information systems and data, learning-based approaches can aid in analyzing network traffic in real time to detect attacks. Therefore, it is essential to harness artificial intelligence to develop security mechanisms that enhance overall cybersecurity. A literature review has found that deep learning models are extensively utilized for developing an IDS, as explored in references [
1,
2,
3], to name a few. There are several drawbacks to the deep learning-based IDS systems that are in use today. For example, feature engineering, layer enhancement, and hyperparameter tuning are not available. The improved CNN model and deep learning framework for effective intrusion detection are presented in this study.
Deep learning models, especially Convolutional Neural Networks (CNNs), are known for their computationally expensive operations, particularly in the convolutional and pooling layers. Given the relevance of time complexity for real-time applications such as intrusion detection, it is crucial to analyze the time complexity of our proposed Intelligent Intrusion Detection Network (IIDNet). The primary computational cost in CNN models arises from the convolutional layers, where the time complexity is approximately , where n is the number of input feature maps, f is the filter size, and m is the spatial size of the output feature map. This complexity can become a bottleneck in real-time applications such as intrusion detection, where timely responses are critical.
Deep Learning Framework with Enhanced CNN Architecture (IIDNet): The deep learning framework is presented in this study with optimizations for automatically detecting and classifying cyberattacks. To effectively identify and categorize assaults, this system makes use of an improved version of Convolutional Neural Networks (CNNs) known as Intelligent Intrusion Detection Network (IIDNet). IIDNet uses optimized layers and hyperparameters to enhance attack detection performance. We have made the following contributions:
The LBIID algorithm is a learning-based and intelligent intrusion detection approach that combines feature engineering, hyperparameter adjustment, and lowering of dimensionality to enhance the precision and effectiveness of the IDS.
Good Accuracy and Efficiency: Based on empirical research with the UNSW-NB15 dataset, IIDNet outperforms existing models with an amazing 95.47% accuracy, proving its usefulness for practical applications.
IIDNet reduces training time compared with other models, efficiently handling large datasets with minimal resource consumption.
The rest of the document is organized as follows: The
Section 2 examines the literature on the various methods currently used for detecting cyberattacks.
Section 3 introduces the proposed deep learning framework, its mechanisms for enhancing the CNN architecture, and the algorithm for automatic detection and categorization of cyberattacks.
Section 4 presents the results of our empirical study using a benchmark dataset.
Section 5 concludes our research on enhancing cybersecurity and the ability to detect intrusions and provides directions for a future research scope.
2. Related Work
Numerous researchers have contributed to the development of deep learning techniques for intrusion detection applications. For more accuracy, Costa et al. [
4] proposed a collaborative Feature Selection method to achieve efficient intrusion detection in cloud networks with time series data. The proposed method improved forecast accuracy by reducing the number of input predictors, which in turn reduced training time and saved resources. Liang et al. [
5] to simplify calculations and achieve better results in Intrusion Detection Systems, the authors standardised the NSL-KDD dataset attributes using dummy variables and z-scores. They compared different optimizers, initialization modes, and activation functions to find a good Deep Neural Network model using the NSL-KDD dataset. According to Ashraf et al. [
6], presents a detailed review of network threats from Internet of Things networks and machine learning and deep learning based attack detection techniques for an effective IDS.
Farhan and Jasim [
7] identified fresh threats; deep learning improves Internet of Things security, and they use real-world traffic datasets to assess intrusion detection systems. Thamilarasu and Chawla [
8] proposed an anomaly-based intrusion detection model for IoT networks using deep learning. The authors implemented and evaluated the model using a Raspberry Pi and the Cooja network simulator with a testbed of Texas Instruments sensor tags CC2650. Khan et al. [
9] presented a deep neural network for intrusion detection in IoT networks based on classifying intruded patterns. They used three datasets to train and test their network and were able to achieve 90% accuracy on each dataset. Ge et al. [
10] proposed an intrusion detection approach for IoT networks using a feed forward neural network for both binary and multi-class classification. They used the BoT-IoT dataset, and achieved 98% accuracy, for the multi-class classification.
Dawoud et al. [
11] explores a deep learning (DL) based framework for network anomaly detection (AD) and compares two unsupervised DL algorithms: Restricted Boltzmann Machines (RBMs) and Autoencoders (AEs). The framework achieved over 99% detection accuracy, outperforming related works. Pampathi et al. [
12] explored distributed sensor networks, which are essential, particularly for the IoT. The primary emphasis is on the advancement of an anomaly detection system’s intrusion detection capabilities. According to Qaddoura et al. [
13], IoT network security must be guaranteed for user privacy and service availability. Unlike other methods with a higher G-mean, intrusion detection is improved via a deep multi-layer classification strategy. Awotunde et al. [
14] developed it in response to the cyber risks that IoT faces. High assault detection accuracy is attained with a deep learning-based model. Saheed et al. [
15] tested the machine learning models for both binary and multi-class classification scenarios. They conclude Random Forest, Decision Tree, and KNN are the best machine learning models for the KDD99 dataset.
Susilo and Sari [
16] proposed an Intrusion Detection System (IDS) for IoT applications, tailored to IoT protocol requirements using the UNSW-NB15 dataset. It employs Min-Max normalization for feature scaling and Principal Component Analysis (PCA) for dimensionality reduction. According to Amouri et al. [
17], particularly with MANETs and WSNs, intrusion detection systems are essential for identifying network threats. The proposed IDS attains high detection rates. Salman et al. [
18] expanded telecommunications, necessitating safe data transfer. IoT networks need intrusion detection systems since they are vulnerable. Two deep learning models outperform Logistic Regression. Elsayed et al. [
19] used LSTM-RNN and MRMR feature selection. SATIDS, a unique IDS, can identify anomalies in IoT networks and increase efficiency and security. Rani and Kaushal [
20] suggested utilizing Random Forest for supervised machine learning. Proactive intrusion prediction and actual traffic implementation are part of the upcoming development. The NSL-KDD and KDDCUP99 datasets were used for testing and achieved high accuracy.
Alkahtani et al. [
21] used cutting-edge AI algorithms like CNN, LSTM, and CNN-LSTM; a robust intrusion detection framework for IoT was able to achieve high accuracy. Murat and Ozcanhan [
22] became vulnerable to attacks with Internet-connected IoT devices. High intrusion detection accuracy is attained with a hybrid BLSTM-GRU model. Gumusbas et al. [
23] examined cybersecurity intrusion detection techniques, machine learning, intense learning, benchmark datasets, procedures, constraints, and analysis. Liu and Lang [
24] used the KDD99 dataset and a sparse autoencoder in its simulation studies to improve the detection accuracy of classical machine learning algorithms using deep learning. According to Abdulhammed et al. [
25], with high precision, different approaches address class imbalance in the CIDDS-001 dataset. Robust intrusion detection is necessary due to the increase in cyber threats. Dini et al. [
26] highlighted the challenges posed by unbalanced databases. Intrusion Detection Systems (IDS) play a crucial role in maintaining cybersecurity. The study investigates machine learning techniques using KDD 99, UNSWNB15, and CSE-CIC-IDS 2018. Compared with standard ML techniques. According to Vigneswaran et al. [
27], DNNs for N-IDS outperformed KDDCup-99. IDS is essential to ensure cyber safety in ICT systems. According to Liu et al. [
28], unbalanced network traffic makes intrusion detection difficult. The DSSTE method uses deep learning and machine learning to obtain better classification accuracy by addressing class imbalance. Dini et al. [
26] explores and tests numerous machine learning models for both binary and multi-class classification scenarios to address data traffic security issues. Jaimes et al. [
29], reviews intrusion detection systems (IDSs) in Internet of Medical Things (IoMT) environments that utilise artificial intelligence (AI) based methods. They classify cyberattacks based on the targeted IoMT layer and the threatened Confidentiality, Integrity, and Availability (CIA) security aspects.
Keshk et al. [
30] enhanced DL-based IDS for IoT provided by the proposed SPIP architecture, ensuring precise and comprehensible threat detection. A cybersecurity research on XAI is needed. Al-Ghuwairi et al. [
31] used the CSE-CIC-IDS2018 dataset to evaluate a collaborative Features Selection method for intrusion detection. The results showed an improvement in forecast accuracy, a reduction in the number of input predictors, and reduced resource usage due to a reduction in training time. Anthi et al. [
32] designed a supervised intrusion detection system for smart home IoT devices. The system successfully distinguishes between IoT devices on the network, malicious or benign activity, and the type of attack on each device, achieving an F-measure of 96.2% for device classification, 90.0% for activity classification, and 98.0% for attack classification. Pawlicki et al. [
33] prevented assaults on machine learning-based cyberattack detectors. Adversarial assaults are assessed, and suggestions for detection are made. Ferrag et al. [
34] examined seven deep learning approaches for intrusion detection, including recurrent neural networks, deep neural networks, restricted Boltzmann machines, deep belief networks, convolutional neural networks, deep Boltzmann machines, and deep autoencoders. The results indicate that these approaches, evaluated on the CSE-CIC-IDS2018 and Bot-IoT datasets, demonstrate effectiveness in detecting intrusions, with performance measured using accuracy, false alarm rate, and detection rate. Firoz [
35] proposed an intrusion detection and prevention system prototype using Snort rules and indexing methods to reduce false positives. Testing showed that their prototype had a 2.28 times higher detection rate with a lower false-positive rate, indicating improved performance compared to a standard Snort sensor.
Kocher and Kumar [
36] used the NSL-KDD dataset and a deep learning approach, sparse autoencoder, for intrusion detection as it achieved an F-measure of 98.84% and 96.79% for the sparse restricted Boltzmann machine. Tama [
37] used a systematic mapping study to provide an overview of how ensemble learners are used in intrusion detection systems. The study also performed an empirical investigation of a new classifier ensemble approach, called a stack of ensembles, that combined three individual ensemble learners and achieved significant performance improvements in intrusion detection. Alkadi et al. [
38] examined blockchain, cloud computing, and intrusion detection in cybersecurity. Future directions and challenges are emphasized. Santos et al. [
39] used a taxonomy based on the characteristics of placement strategy, detection method, and security threat. The results showed that research on IDS solutions in IoT is still in its early stages and lacks consensus on the best options for placement strategies and detection methods. Macas et al. [
40] reviews deep learning methods for intrusion detection, including restricted Boltzmann machines, deep belief networks, and convolutional neural networks. The findings suggest that deep learning, especially with autoencoders, enhances intrusion detection accuracy by reducing data dimensionality and extracting key features. Ashiku and Dagli [
41] suggested using deep learning to identify network intrusions to successfully fend off changing security threats. Azam et al. [
42] proposed a novel Machine-to-Machine (M2M) service architecture and gateway selection process to improve the Quality of Service (QoS) in M2M networks. Real-life experiments using Bluetooth Low Energy (BLE) signals transmitted by M2M devices and received by smartphones acting as M2M gateways demonstrated that the proposed selection method achieved 97.8% service availability, surpassing alternative methods like selecting based on the strongest signal or maintaining the current connection. Sarhan et al. [
43] demonstrated the requirement for universal benchmark features by examining different ML algorithms and feature reduction strategies for NIDS across various datasets. The literature review indicates that DL models are extensively utilized in the creation of IDS, as explored in references [
1,
3,
6], to name a few. However, existing IDSs based on DL have limitations, such as the lack of optimizations like hyperparameter tuning, effective preprocessing techniques, and a lightweight architectural approach.
3. Methods and Techniques
This section details the proposed deep learning framework, including the optimizations incorporated, the enhanced CNN model, dataset details, the proposed algorithm, and the performance evaluation methodology.
3.1. Problem Definition
The proliferation of IoT environments necessitates lightweight systems to manage large-scale, distributed devices. Traditional IDSs often rely on substantial data communications to identify anomalous patterns, presenting a challenge in IoT settings where resource constraints and minimal data communication are essential. In IoT environments, since there are so many networks and devices, high dimensionality, hyper-tuning, and feature engineering pose a significant challenge in automated intrusion detection. In this research work, the stated problem can be addressed with the help of a DL solution that uses a lightweight approach at multiple stages at the architectural level. These types of solutions not only provide an outcome but also improve performance and efficiency, especially in an IoT environment.
3.2. Methodology for the Proposed Framework
Our deep learning framework has been created to automatically detect and classify cyberattacks. The framework, illustrated in
Figure 1, is designed to detect cyberattacks efficiently. In other words,
Figure 1 shows a workflow illustrating the intrusion detection system with an improved CNN model. The process begins with the dataset, followed by Exploratory Data Analysis (EDA), preprocessing, and dimensionality reduction using t-SNE (t-distributed stochastic neighbor embedding) and PCA (principal component analysis). Next, there are separate test and train sets in the dataset, and then feature selection and hyperparameter tuning are implemented. The model is then configured, compiled, trained, and finally used for intrusion detection and classification. First, we perform exploratory data analysis on the given dataset to understand its distribution and dynamics. Based on the findings from the data analysis, we carry out preprocessing, which may include data improvement mechanisms and measures to prevent overfitting. After the preprocessing is finished, we use methods like PCA and t-SNE to reduce dimensionality. Following dimensionality reduction, we carry out hyperparameter tuning to enhance the deep learning framework that was employed in the framework by setting appropriate values to different hyperparameters. The goal is to optimize the model’s performance for cyberattack detection.
In addition to hyperparameter tuning, we apply feature engineering in the framework. Features extracted from the dataset undergo a feature selection methodology to identify contributing features after computing the importance of each feature. Subsequently, 80% of the dataset is labeled, while the remaining 20% is unlabeled, making up the training set. As shown in
Figure 1, the improved CNN model is set up, organized, and taught using the instruction package. Following the completion of the training, the model and its weights are saved for future retrieval and reuse. The trained model is then used for intrusion detection to enhance cybersecurity. The framework uses the enhanced CNN model for multi-class classification, detecting cyberattacks and classifying them to aid network administrators in making well-informed decisions. This approach may be used, all things considered, to protect networks and information systems from cyberattacks.
3.3. Dimensionality Reduction
Dimensionality reduction methods like PCA and t-SNE are widely employed in intrusion detection to improve the precision and efficacy of systems that detect irregularities. PCA aims to reduce a dataset’s feature count while maintaining critical information. It is a linear technique to reduce dimensionality. The initial characteristics are changed into a new collection of uncorrelated variables known as principal components throughout the principal component analysis (PCA) process. These may be used to more effectively spot patterns and abnormalities in high-dimensional data. The second method is a non-linear way of lowering the dimensionality of the data, called t-SNE. When displaying high-dimensional data in fewer dimensions, it works very well because of its emphasis on maintaining its usefulness as a tool for analyzing the local structure of the data points examining and comprehending intricate datasets. Combining PCA with t-SNE in intrusion detection can aid in data preprocessing, noise reduction, and visualization, making it simpler to spot anomalies or suspicious patterns. Intrusion detection systems can become more effective and precise in identifying possible security risks by employing these strategies in order to decrease the data’s dimensionality.
3.4. Hyperparameter Tuning
Tweaking the hyperparameters is essential to maximize the performance of CNNs. The network’s learning process and performance are greatly impacted by hyperparameters, which are model-external values that cannot be learned during training. When fine-tuning CNNs, take into account the following important hyperparameters. Since the learning rate dictates the number of steps performed during optimization, it has an impact on both the pace of learning and the convergence to a solution. Changing the learning rate can improve convergence and prevent the model from becoming stuck in local minima. The number of samples is determined by the batch size handled prior to updating the model’s parameters. The model’s rate of generalization and convergence can be affected by changing the batch size. One important hyperparameter that affects a CNN’s capacity to learn how many intricate layers there are in the model is called patterns. The efficiency of the network in extracting features can be affected by the addition or deletion of layers. The receptive field and the amount of information in the features that are collected are impacted by the filter size in a CNN. Filter sizes are adapted to enhance the model’s ability to capture significant input data characteristics. By arbitrarily deactivating certain input units during training, overfitting is prevented in part by the dropout rate. The capacity of the model to generalize may be improved by varying the dropout rate.
It is important to consider the learning potential of the model while selecting activation functions (such as ReLU, Sigmoid, and Tanh) for the various CNN layers. The capabilities of the model can be improved by experimenting with various activation functions. The model’s parameter adjustments during training may be influenced by the optimizer selected, such as Adam, SGD, or RMSprop. Changing the optimizer’s settings or experimenting with other optimizers can affect the model’s ultimate performance and rate of convergence. When modifying CNN hyperparameters, it is imperative to employ methods like grid search, random search, or Bayesian optimization. They are essential for delving deep into the hyperparameter space and finding the best set of parameters to improve model performance. Utilizing programs like GridSearchCV from scikit-learn or Keras Tuner from TensorFlow can also assist in speeding up the hyperparameter tuning process. We tuned the hyperparameters in this study using the GridSearchCV approach.
3.5. Feature Selection
When developing efficient intrusion detection algorithms, feature selection is crucial when working with the UNSW-NB15 dataset. Researchers often use this dataset to study intrusion detection since it includes network traffic data that display both normal activity and different sorts of attacks. It is crucial to prioritize features that can discriminate between malicious and valid network traffic when selecting features for intrusion detection in the UNSW-NB15 dataset. Several feature selection strategies may be used to identify the most important features for creating a potent intrusion detection model. Filter, wrapper, and embedded methods are some of these tactics. Wrapper approaches assess feature subsets that maximize model performance using a particular machine learning algorithm. To choose the most important features for training, embedded methods such as decision trees and random forests integrate feature selection during model construction. These methods evaluate features based on their importance during the learning process, which improves the model’s accuracy and efficiency. Filter approaches use statistical measurements like correlation or information gain to assess the significance of features. It is recommended that different feature selection techniques be experimented with and that the intrusion detection model performance be assessed using selected features through metrics like F1-score, precision, recall, and accuracy. This step-by-step method is useful for identifying the most important characteristics to accurately identify breaches within the UNSW-NB15 dataset. In this study, feature selection is performed by feature significance computation using the XGBoost model.
3.6. Enhanced CNN Model
We have developed a new architecture for intrusion detection based on a CNN model. We chose a CNN variant because it has proven efficient in extracting features and learning from training data, which is crucial for intelligent cyberattack detection. We used a multi-class classification approach with the softmax function. The model we developed is IIDNet and includes customized layers and hyperparameter optimization to improve its performance in intrusion detection. Optimizing the hyperparameters of IIDNet can help determine the best values for its performance.
Figure 2 illustrates the proposed architecture for effective detection. The architecture has a number of layers.
Convolutional layers play a crucial role in developing an effective CNN model. They are widely utilized DL models for handling data and tasks related to computer vision. In these layers, convolution operations are applied to the input data, typically images (textual data in this paper), to extract features through filters or kernels. These filters move across the input information, carrying out multiplication and aggregation on each element to create feature maps highlighting patterns and structures within the data. The layers of convolution are essential for capturing spatial hierarchies and allowing the network to develop hierarchical representations of the input data, resulting in enhanced performance in activities like object detection, image classification, segmentation, and intrusion detection (the focus of this paper).
CNNs frequently employ max pooling layers to decrease the spatial dimensions of the input volume. After splitting the input data into non-overlapping rectangles, this layer outputs the maximum value from each rectangle. The most crucial characteristics within the designated area are preserved by the max pooling layer through the selection of the maximum value. This process reduces the network’s computational complexity and increases the network’s resistance to changes in the input data.
CNNs use the flatten layer to transform the output of the convolutional or pooling layer before it into a one-dimensional array. The neural network’s topology has to be changed in order to provide a link between the fully connected levels and the pooling/convolutional layers. Flattening the output reduces the spatial dimensions of the data to a single dimension, enabling data processing by conventional fully connected layers. In essence, the flatten layer converts the 2D or 3D output into a 1D vector to allow for further processing for tasks such as regression or classification. An entirely connected layer in a CNN model is also known as a dense layer. In a layer, every neuron is connected to every other neuron in the layer above it. The layer may learn intricate patterns by taking into account the interactions between each feature, thanks to this connectedness. In order to complete classification tasks using the features that were derived from the pooling and convolution layers earlier in the architecture, fully connected layers are usually employed at the conclusion of a CNN design. For tasks like intrusion detection, the mapping of high-level characteristics to the output classes requires the existence of these layers.
The improved architecture of the CNN is utilized to classify different types of network attacks. It starts with an input sample of a 9 × 9 matrix with 77 features and 4 zero pads. Max pooling is used to minimize spatial dimensions after the first layer creates 16 feature maps using a 9 × 9 convolution kernel. After applying a 5 × 5 kernel, 32 feature maps and an additional max pooling layer are produced in the next layer. A total of 32 feature maps are produced by the 3 × 3 kernel used in the third layer. Following flattening, turning the result into a single, completely linked vector layer is provided with the vector to facilitate pattern recognition and classification. The neurons in the final output layer, which reflect the likelihood that the input sample falls into one of these categories, are classified as Benign, DDoS, DoS, Portscan, and Webattack. An improved deep learning-based CNN model for intrusion detection is described in
Table 1, along with the kind and functions of each layer.
3.7. Proposed Algorithm
Utilizing the suggested deep learning architecture and improvements, we presented the Learning-Based Intelligent Intrusion Detection (LBIID) method.
The dataset UNSW-NB15 is used by the intrusion detection Algorithm 1, sometimes referred to as Learning-Based Intelligent Intrusion Detection (LBIID). The procedure has multiple step and includes preprocessing data, dimensionality reduction, feature selection, neural network model (IIDNet) configuration and training, hyperparameter tweaking, and performance evaluation. Prior to using dimensionality reduction techniques like t-SNE and PCA on the preprocessed dataset, the LBIID algorithm first preprocesses the UNSW-NB15 dataset (D). (D’). XGBoost is used for feature selection, and its threshold (th) is specified. According to
Figure 2, the IIDNet model has been set up and built. Using Grid Search with Cross-Validation (GridSearchCV), the method continues with hyperparameter tweaking of the IIDNet model. A testing set (T1) and a training set (T2) are separated out of the dataset. After the model has been trained using T2, it is stored for further use. When the model is loaded and trained, it can identify intrusions in the test set (T2). The detection results (R) and the ground truth are compared in the performance evaluation. The intrusion detection findings (R) and performance statistics (P) are printed out when the process comes to an end. In conclusion, the LBIID algorithm provides a systematic approach to intrusion detection that includes training, feature selection, model construction, data preprocessing, and performance assessment. To optimize the model’s performance, hyperparameters are optimized. Neural networks (IIDNet) are used for intrusion detection, while machine learning methods like XGBoost are used for feature selection.
Algorithm 1 Learning-Based Intelligent Intrusion Detection (LBIID) |
Require: UNSW-NB15 dataset D, threshold th Ensure: Intrusion detection results R, performance statistics P 1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: |
3.8. Dataset
The UNSW-NB15 [
44] dataset was used in this investigation. The dataset consists of 49 features and is used to evaluate the performance of intrusion detection systems [
45]. It contains realistic network traffic, simulating both normal and malicious activities. This dataset is significant because it reflects modern-day cyberattack scenarios, making it suitable for testing the efficacy of detection models. To replicate both typical actions and other kinds of assaults, these data are created in a controlled setting. Among other things, included in the dataset are protocol types, port numbers, and source and destination IP addresses. In order to improve cybersecurity safeguards, researchers utilize this information to create and assess intrusion detection systems.
3.9. Performance Evaluation
Since we utilized a learning-based strategy, as shown in
Figure 3, metrics obtained from the confusion matrix are utilized to evaluate our methodology.
A number between 0 and 1 is produced by the performance evaluation metrics. In machine learning research, these measures are often employed.
5. Discussion
A new intelligent intrusion detection framework, grounded in deep learning, is proposed by this study. The framework is equipped with several optimizations to leverage performance in the intrusion detection process. The quality of training data is critical for the model’s performance as it is a supervised learning-based approach. High-quality data help the model learn meaningful patterns, while noisy or imbalanced data lead to inaccurate predictions. The training process needs to be optimized to be feasible. In this research, data preprocessing steps such as normalization and feature scaling were implemented to improve the dataset quality. The framework utilizes dimensionality reduction, feature engineering, and hyperparameter tuning. Additionally, a CNN model named IIDNet is optimized with layers and parameters to improve performance. In this research, feature engineering is based on the XGBoost model, which selects features contributing to the class label prediction for intrusion detection. The proposed deep learning model uses a softmax function for multi-class classification. It has several layers to process input data and generate different class labels.
The proposed IIDNet model outperformed existing intrusion detection models, as demonstrated by our empirical results. Compared with traditional CNNs and other deep learning models, IIDNet achieved higher accuracy, precision, recall, and F1-scores. The ability of IIDNet to maintain a balance between detecting attacks and minimizing false positives and false negatives is particularly notable. This demonstrates the model’s robustness in real-world scenarios, where the imbalance between benign and malicious network traffic poses significant challenges for detection systems.
By optimizing the CNN layers and hyperparameters, IIDNet can handle large-scale datasets efficiently. Empirical analysis showed that IIDNet scales well with increasing dataset sizes, with reasonable resource consumption (GPU memory and CPU usage). This scalability makes IIDNet suitable for deployment in environments with limited computational resources, such as edge computing devices in IoT networks. The use of dimensionality reduction techniques also aids in managing the computational complexity, ensuring that the model remains efficient even when the dataset grows significantly.
The findings from this research have practical implications for the cybersecurity domain, particularly in the context of IoT environments. The proposed IIDNet model not only excels in detecting intrusions but also offers a framework that can be adapted to various network configurations. The high accuracy and scalability make it a viable option for real-time intrusion detection in critical infrastructures, where latency and accuracy are of utmost importance. The system is adequate for intrusion detection and classification, although its restrictions are outlined in
Section 5.1.
5.1. Limitations
There are several restrictions on the system that this study suggests.The dataset used for this research is commonly employed for intrusion detection tasks. Nonetheless, depending just on a single, diversified dataset might support the establishment of broadly applicable conclusions for the suggested methodology. The lack of hybrid techniques in the feature selection procedure is another area in need of development. Furthermore, real-time network traffic data have not been used to assess the suggested CNN model upgrade. Only a synthetic dataset has been used to test the model, as opposed to a real-time dataset for validation.