Pemodelan Intrusion Detection System Menggunakan CNN-LSTM dengan Selective SMOTE Untuk Deteksi Serangan Pada Data Tidak Seimbang
DOI:
https://doi.org/10.30865/jurikom.v13i2.9662Keywords:
Intrusion Detection System, CNN-LSTM, Selective SMOTE, Imbalanced Data, Deep LearningAbstract
An Intrusion Detection System (IDS) is a critical component in safeguarding network security against increasingly complex cyberattacks. One of the main challenges in developing machine learning-based IDS is data imbalance, which reduces the model’s ability to detect attacks, particularly in the minority class. This study proposes improving the performance of deep learning-based IDS using a hybrid CNN-LSTM architecture combined with the prevalence ratio-based Selective SMOTE method, which is an oversampling approach performed selectively based on the imbalance level of each class. The dataset used is NSL-KDD, with preprocessing steps including categorical feature encoding and numerical feature normalization. Evaluation was conducted by comparing the baseline CNN–LSTM model and the CNN-LSTM with Selective SMOTE using the metrics accuracy, precision, recall, specificity, and F1-score. Experimental results show that the baseline model achieved an accuracy of 0.9947 with a macro recall of 0.8080, while the application of Selective SMOTE improved the macro recall to 0.8929 and the F1-score to 0.8515, particularly for minority classes such as U2R and R2L. Although accuracy decreased slightly to 0.9946, the specificity remained high at 0.9981 with a low false positive rate. These results indicate that the Selective SMOTE method is effective in improving attack detection sensitivity without significantly degrading the overall performance of the IDS system.
References
[1] H. Nandanwar and R. Katarya, “Securing Industry 5.0: An explainable deep learning model for intrusion detection in cyber-physical systems,” Comput. Electr. Eng., vol. 123, no. PC, p. 110161, 2025, doi: 10.1016/j.compeleceng.2025.110161.
[2] L. Wu, Y. Xie, J. Li, D. Feng, J. Liang, and Y. Wu, “Angus: efficient active learning strategies for provenance based intrusion detection,” Cybersecurity, vol. 8, no. 1, 2025, doi: 10.1186/s42400-024-00311-y.
[3] S. H. Mohammed et al., Dual-hybrid intrusion detection system to detect False Data Injection in smart grids, vol. 20, no. 1 January. 2025. doi: 10.1371/journal.pone.0316536.
[4] A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi, and R. Ahmad, “CNN-LSTM: Hybrid Deep Neural Network for Network Intrusion Detection System,” IEEE Access, vol. 10, pp. 99837–99849, 2022, doi: 10.1109/ACCESS.2022.3206425.
[5] P. Ananthi, K. Nirmaladevi, and S. Naveen Kumar, “Intrusion Detection Mechanism Using Deep Learning,” Proc. 5th Int. Conf. IoT Based Control Networks Intell. Syst. ICICNIS 2024, pp. 188–194, 2024, doi: 10.1109/ICICNIS64247.2024.10823331.
[6] D. Elreedy, A. F. Atiya, and F. Kamalov, “A theoretical distribution analysis of synthetic minority oversampling technique (SMOTE) for imbalanced learning,” Mach. Learn., vol. 113, no. 7, pp. 4903–4923, 2024, doi: 10.1007/s10994-022-06296-4.
[7] R. A. Disha and S. Waheed, “Performance analysis of machine learning models for intrusion detection system using Gini Impurity-based Weighted Random Forest (GIWRF) feature selection technique,” Cybersecurity, vol. 5, no. 1, pp. 1–22, 2022, doi: 10.1186/s42400-021-00103-8.
[8] Z. Wang, Y. Zhou, T. Takagi, J. Song, Y. S. Tian, and T. Shibuya, “Genetic algorithm-based feature selection with manifold learning for cancer classification using microarray data,” BMC Bioinformatics, vol. 24, no. 1, pp. 1–22, 2023, doi: 10.1186/s12859-023-05267-3.
[9] V. Hnamte, H. Nhung-Nguyen, J. Hussain, and Y. Hwa-Kim, “A Novel Two-Stage Deep Learning Model for Network Intrusion Detection: LSTM-AE,” IEEE Access, vol. 11, pp. 37131–37148, 2023, doi: 10.1109/ACCESS.2023.3266979.
[10] N. Hussen, S. M. Elghamrawy, M. Salem, and A. I. El-Desouky, “A Fully Streaming Big Data Framework for Cyber Security Based on Optimized Deep Learning Algorithm,” IEEE Access, vol. 11, pp. 65675–65688, 2023, doi: 10.1109/ACCESS.2023.3281893.
[11] H. Yu, C. Kang, Y. Xiao, and Y. Yang, “Network Intrusion Detection Method Based on Hybrid Improved Residual Network Blocks and Bidirectional Gated Recurrent Units,” IEEE Access, vol. 11, pp. 68961–68971, 2023, doi: 10.1109/ACCESS.2023.3271866.
[12] M. B. Umair, Z. Iqbal, M. A. Faraz, and M. A. Khan, “A Network Intrusion Detection System Using Hybrid Multilayer Deep Learning Model,” vol. 12, no. 5, pp. 367–376, 2024, doi: 10.1089/big.2021.0268.
[13] V. Mansotra, A. Mahajan, and K. Singh, “Hybrid CNN-LSTM Model Combined with Feature Selection and SMOTE for Detection of Network Attacks,” Int. J. Sens. Networks, vol. 43, no. 4, 2023, doi: 10.1504/ijsnet.2023.10060962.
[14] N. Zhu, G. Zhao, Y. Yang, H. Yang, and Z. Liu, “AEC_GAN: Unbalanced Data Processing Decision-Making in Network Attacks Based on ACGAN and Machine Learning,” IEEE Access, vol. 11, no. May, pp. 52452–52465, 2023, doi: 10.1109/ACCESS.2023.3280421.
[15] S. Montaha, S. Azam, A. K. M. R. H. Rafid, M. Z. Hasan, A. Karim, and A. Islam, “TimeDistributed-CNN-LSTM: A Hybrid Approach Combining CNN and LSTM to Classify Brain Tumor on 3D MRI Scans Performing Ablation Study,” IEEE Access, vol. 10, pp. 60039–60059, 2022, doi: 10.1109/ACCESS.2022.3179577.
[16] S. Prasath, K. Sethi, D. Mohanty, P. Bera, and S. R. Samantaray, “Analysis of Continual Learning Models for Intrusion Detection System,” IEEE Access, vol. 10, pp. 121444–121464, 2022, doi: 10.1109/ACCESS.2022.3222715.
[17] S. Suman et al., “Attention Based CNN-LSTM Network for Pulmonary Embolism Prediction on Chest Computed Tomography Pulmonary Angiograms,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 12907 LNCS, pp. 356–366, 2021, doi: 10.1007/978-3-030-87234-2_34.
[18] Ian Goodfellow and Yoshua Bengio and Aaron Courville, Deep Learning. MIT Press, 2016. [Online]. Available: http://www.deeplearningbook.org
[19] C. Wang, X. Wang, X. Jing, H. Yokoi, W. Huang, and M. Zhu, “Towards high-accuracy classifying attention- deficit / hyperactivity disorders using CNN-LSTM model Towards high-accuracy classifying attention-deficit / hyperactivity disorders using CNN-LSTM model,” 2022.
[20] A. Géron, Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow: Concepts, Tools, and Techniques to Build Intelligent Systems. O’Reilly Media, 2019. [Online]. Available: https://books.google.co.id/books?id=HHetDwAAQBAJ
