Enhancing Network Intrusion Detection with CNN-LSTM

Mohamed Hamed, Esraa Mokhtar; Omran, Nahla Fathy Ahmed; Donkol, Ahmed Abdel-Baset

doi:10.21608/svusrc.2025.374593.1281

Enhancing Network Intrusion Detection with CNN-LSTM

Document Type : Original research articles

Authors

¹ Computers and systems department, Faculty of computers and information, South valley university, Qena, Egypt.

² Vice Dean for Community Service and Environmental Development south valley university faculty of computers and information Department of computer science.

³ Communication and electronics department, Faculty of engineering, South Valley University, Qena, Egypt.

10.21608/svusrc.2025.374593.1281

Abstract

Intrusion Detection Systems (IDS) play a vital role in securing modern networks by identifying unauthorized access and malicious activities. However, challenges such as class imbalance and the limited ability of traditional approaches to capture temporal patterns hinder accurate detection, particularly for minority attack classes. This study introduces a hybrid deep learning model that integrates a Convolutional Neural Network (CNN) with Long Short-Term Memory (LSTM) layers and an attention mechanism. To address the class imbalance problem, the model is trained using the Synthetic Minority Oversampling Technique (SMOTE) and Focal Loss. Experimental evaluations conducted on the KDD Cup 99 dataset demonstrate that the proposed CNN-LSTM with Attention model achieves a classification accuracy of 97.09% and an F1-score of 97.46%, significantly outperforming the baseline CNN model. These findings highlight the effectiveness of incorporating temporal modeling and attention mechanisms in enhancing intrusion detection performance, particularly for rare attack types such as Remote to Local (R2L) and User to Root (U2R).

Keywords