Hybrid Deep Learning Model for Enhanced Intrusion Detection

Abstract

The rapid growth of cyberattacks, especially Distributed Denial of Service (DDoS), has exposed the limitations of conventional Intrusion Detection System (IDS). These systems often struggle to cope with evolving attack strategies. In recent years, deep learning has provided new opportunities for improving IDS, as it can automatically discover hidden structures in complex data without extensive manual feature engineering. This study develops and evaluates three models, Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and a Hybrid CNN-LSTM for intrusion detection using the CIC-DDoS2019 dataset. Preprocessing involved normalization, label encoding, and class balancing using Synthetic Minority Oversampling Technique (SMOTE). Feature selection was carried out using the information gain algorithm performance, the models were trained and evaluated using key metrics such as accuracy, precision, recall, f1-score and Area Under the Curve (AUC) to improve model performance. Experimental results shows that CNN achieved an accuracy of 99.94%, while LSTM performed slightly better with 99.96%, the hybrid CNN-LSTM outperformed both with 99.97% accuracy, precision, and recall, confirming that combining CNN’s spatial learning with LSTM’s temporal sequence modeling leads to superior detection. This study highlights the advantage of hybrid deep learning in network security, reducing both false positives and false negatives. It also provides a practical framework for building IDS capable of adapting to modern attack patterns. Future extensions could focus on real-time implementation, multi-class detection of different attack categories, and explainable AI for improved transparency.