A Hybrid Deep Learning Model for Network Intrusion Detection System Using Seq2Seq and ConvLSTM-Subnets

Abstract

Network Intrusion Detection Systems (NIDS) are essential for identifying and mitigating malicious activities in network environments. As cyber threats evolve in complexity, traditional NIDSs often struggle to detect sophisticated attacks effectively, especially those involving intricate temporal and spatial dependencies within network traffic. The ability to capture these dependencies is crucial for reducing false positive rates and improving detection accuracy. However, existing models face significant challenges, including handling varying sequence lengths and capturing long-range dependencies, which are essential for accurate anomaly detection. This paper proposes a hybrid model that combines Sequence to Sequence (Seq2Seq) architecture with Convolutional Long Short-Term Memory (ConvLSTM) units to address these challenges. This hybrid model handles spatial and temporal dependencies by incorporating convolutional layers within LSTM cells. This enables the model to leverage the spatial feature extraction capabilities of Convolutional Neural Networks (CNN) alongside the sequential learning strengths of LSTM networks. In addition, to enhance the interpretability of the model, the proposed architecture integrates Explainable Artificial Intelligence (XAI) through Local Interpretable Model-agnostic Explanations (LIME). This approach provides insights into the model's decision-making process, highlighting the temporal and spatial features that influence predictions, and improving transparency in detecting anomalies. Experimental evaluations on benchmark datasets, including CIC-IDS 2017, CIC- ToN-IoT, and UNSW-NB15, demonstrate that the proposed hybrid ConvLSTM-Seq2Seq model outperforms existing methods in reducing false positives and achieving higher accuracy. This model offers a promising solution for NIDSs by improving detection capabilities and better handling complex temporal and spatial relationships in network data.