Efficacy of CNN-Bidirectional LSTM Hybrid Model for Network-Based Anomaly Detection

Abstract

With the development of the web and the internet, computer networks have become an important tool to transfer information digitally, that increases the system's threats and vulnerability. Cyber attackers can use the internet and tools to compromise the triad of the CIA (confidentiality, integrity, and confidentiality). Network anomaly detection is challenging while detecting anomalous behavior in a network due to the large-scale data, imbalance nature of attacks class, and huge numbers of features in the dataset. Traditional Machine learning methods are not very efficient in solving those problems. Deep learning has proven to be more efficient in detecting network-based anomalies. A Recurrent Neural Network (RNN) model is designed to recognize the sequential data characteristics to predict. We proposed a convolutional neural network with bidirectional long-short memory (CNN Bi-LSTM) model to analyze the hyperparameters, including optimizers (Nadam, Adam, RMSprop, Adamax, SGD, Adagrad, Ftrl), epochs, batch size, learning rate, and neural network model architecture of CNN-BLSTM algorithms. Those analyzed hyperparameters provide the highest anomaly detection accuracy of 98.27% and 99.87% on the NSL-KDD and UNSW-NB15, respectively. Performance assessment regarding the accuracy and F1-score revealed that the proposed CNN Bi-LSTM anomaly detection model exhibited better performance than the other existing anomaly detection methods.