Towards Autonomous Network Security: An AI-Based Comparative Framework for Intelligent Traffic Analysis and Threat Detection
DOI:
https://doi.org/10.65204/djes.v3i2.713Keywords:
Network Intrusion Detection, Machine Learning, Deep Learning, CNN-LSTM, Computer Networks, NSL-KDD DatasetAbstract
In this research, we compare the performance of traditional machine learning algorithms with a CNN-LSTM deep learning model for detecting intrusions into a network. We conducted our research using the NSL-KDD dataset, which is commonly used for evaluating the effectiveness of various intrusion detection methods. We evaluated seven traditional classifiers and a hybrid CNN-LSTM model, which captures both spatial and temporal patterns in network traffic. All models were trained using the KDDTrain subset and tested using the KDDTest subset. The KDDTest subset contains 17 types of attacks not present in KDDTrain to simulate the reality of zero-day vulnerability exploitation. The hybrid CNN-LSTM model produced the best classification results, achieving an overall accuracy rate of 81.21%, which was just slightly higher than the decision tree classifier at 80.90%. All models performed much worse (15-20% less accurately) when tested against attacks that had not been seen including tired methodologies, illustrating the difficulty in identifying new forms of attack. Attack classes with relatively low numbers of examples in the training set (such as R2L and U2R) exhibited very poor performance. These findings highlight the need for testing on actual unknown attacks to evaluate system performance; additionally, more sophisticated algorithms (like CNN-LSTMs) do not demonstrate significant advantages (compared to less sophisticated methods) when it comes to autonomous detection systems for protecting networks.
References
Adams, S. O., Azikwe, E., & Zubair, M. A. (2022). Artificial neural network analysis of some selected KDD CUP99 dataset for intrusion detection. Acta Informatica Malaysia (AIM).
Ali, M. L., Thakur, K., Schmeelk, S., Debello, J., & Dragos, D. (2025). Deep learning vs. machine learning for intrusion detection in computer networks: A comparative study. Applied Sciences, 15(4), 1903.
Alsirhani, A., Tariq, N., Humayun, M., Naif Alwakid, G., & Sanaullah, H. (2025). Intrusion detection in smart grids using artificial intelligence-based ensemble modelling. Cluster Computing, 28(4), 238.
Axelsson, S. (2000). The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security (TISSEC), 3(3), 186-205.
Bro, P. V. (1998). A system for detecting network intruders in real-time. In Proc. 7th USENIX Security Symposium.
Fatima, M., Rehman, O., Rahman, I. M., Ajmal, A., & Park, S. J. (2024). Towards ensemble feature selection for lightweight intrusion detection in resource-constrained IoT devices. Future Internet, 16(10), 368.
Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S.,& Bengio, Y. (2020). Generative adversarial networks. Communications of the ACM, 63(11), 139-144.
Halbouni, A., Gunawan, T. S., Habaebi, M. H., Halbouni, M., Kartiwi, M., & Ahmad, R. (2022). CNN-LSTM: hybrid deep neural network for network intrusion detection system. IEEE Access, 10, 99837-99849.
Hasan, Z., & Jishkariani, M. (2022). Machine learning and data mining methods for cyber security: a survey. Mesopotamian Journal of Cybersecurity, 2022, 47-56.
Hnamte, V., & Hussain, J. (2023). Dependable intrusion detection system using deep convolutional neural network: A novel framework and performance evaluation approach. Telematics and Informatics Reports, 11, 100077.
Lundberg, S. M., & Lee, S. I. (2017). A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems, 30, 4765-4774.
McHugh, J. (2000). Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security (TISSEC), 3(4), 262-294.
Al-Hitawi MAS and Máté GN. Enhancing Transformer-Based Language Models for Hungarian Handwritten Text Recognition [version 1; peer review: 1 approved with reservations]. F1000Research 2026, 15:181 (https://doi.org/10.12688/f1000research.176408.1).
Padhiar, S., & Patel, R. (2023). Outside the closed world: On using machine learning for network intrusion detection. In International Conference on Information and Communication Technology for Intelligent Systems (pp. 265-270). Singapore: Springer Nature Singapore.
Revathi, S., & Malathi, A. (2013). A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. International Journal of Engineering Research & Technology (IJERT), 2(12), 1848-1853.
Zhang, J., Zulkernine, M., & Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5), 649-659.
N. A. Mohammed et al., “Recognizing Phishing in Emails by Using Natural Language Processing and Machine Learning Techniques,” Proc. 3rd Int. Conf. on Cyber Resilience (ICCR), Dubai, United Arab Emirates, 2025, pp. 1–7, doi: 10.1109/ICCR67387.2025.11292212.
