AI Enhanced Intrusion Detection System Using Deep Learning on NSLKDD Dataset

Abstract

With the rise in cyberattacks targeting modern networks, Intrusion Detection Systems (IDS) have become a critical component of cybersecurity. Traditional IDS approaches relying on signature-based methods often fail to detect zero-day attacks or novel intrusion patterns. This paper presents a comprehensive review of AI-enhanced Intrusion Detection Systems using deep learning, focusing on the NSL-KDD dataset. The study explores state-of-the-art architectures including Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), Long Short-Term Memory (LSTM), Autoencoders, and hybrid deep learning approaches. Performance metrics such as accuracy, detection rate, false-positive rate, and computational efficiency are analyzed to evaluate system effectiveness.

Introduction

The text presents a comprehensive study on AI-based Intrusion Detection Systems (IDS) that use deep learning to improve cybersecurity in modern network environments.

It begins by explaining that with increasing internet usage and connected devices, cybersecurity threats such as DoS, probing, and privilege escalation attacks have become more common. Traditional IDS approaches based on rules or signatures struggle to detect new or evolving attacks and often suffer from high false alarm rates. As a result, research has shifted toward machine learning and deep learning-based IDS solutions, which can learn complex attack patterns automatically.

The paper uses benchmark datasets such as NSL-KDD, along with others like CICIDS2017 and UNSW-NB15, to evaluate IDS performance under different attack scenarios. Prior research is reviewed extensively, showing the evolution from simpler models like autoencoders and DBNs to advanced architectures including RNNs, CNNs, LSTMs, attention mechanisms, transformers, and hybrid deep learning systems. While these models improve detection accuracy, challenges remain in computational cost, class imbalance handling, interpretability, and real-time deployment.

The proposed system introduces a hybrid CNN–LSTM–Attention architecture for intrusion detection:

• CNN layers extract spatial features from network data
• LSTM layers capture sequential/temporal dependencies
• Attention mechanism highlights the most important features
• Fully connected and softmax layers perform final classification into normal or attack categories

To make the system scalable and production-ready, it is deployed using a three-layer architecture:

1. Detection layer: real-time ML models running in containerized environments (e.g., Kubernetes)
2. Response layer: serverless functions for automatic actions like alerts and isolation
3. Management layer: orchestration, monitoring, and continuous learning

The methodology also includes preprocessing steps like normalization, feature selection using RFE, and encoding. The system combines multiple models such as Random Forest, XGBoost, and autoencoders in an ensemble approach to improve robustness.

A major contribution is the inclusion of a strong security framework for data handling, which applies:

• TLS 1.3 and mutual TLS for secure communication
• AES-256 encryption for stored data and logs
• KMS-based key management and rotation
• Secure container practices (image signing, runtime protection, access control)
• Serverless encryption for runtime operations

Conclusion

AI-enhanced IDS using deep learning provides robust, scalable, and adaptive protection against modern cyber threats. The proposed CNN-LSTM-Attention hybrid model demonstrated superior performance on the NSL-KDD dataset, making it a strong candidate for real-world deployment.

References

[1] J. Kim, N. Shin, S. Y. Jo, and S. H. Kim, “Method for intrusion detection using deep learning,” IEICE Transactions on Information and Systems, vol. E99.D, no. 7, pp. 1874–1876, 2016. [2] W. Hu and Y. Li, “Deep belief network for network intrusion detection,” International Journal of Computational Intelligence Systems, vol. 10, pp. 1–8, 2017 [3] C. Yin, Y. Zhu, J. Fei, and X. He, “A deep learning approach for intrusion detection using recurrent neural networks,” IEEE Access, vol. 5, pp. 21954–21961, 2018. [4] N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41–50, 2018. [5] M. Javaid, M. Niyaz, W. Sun, and M. Alam, “A deep learning approach for network intrusion detection system,” Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), 2019, pp. 21–26. [6] M. Lotfi, A. Dehghantanha, and K.-K. R. Choo, “Anomaly detection in network traffic using recurrent neural networks with attention,” Journal of Information Security and Applications, vol. 48, pp. 102–109, 2019. [7] M. Lopez-Martin, B. Carro, and A. Sanchez-Esguevillas, “Application of deep reinforcement learning to intrusion detection for supervised problems,” IEEE Access, vol. 8, pp. 219263–219273, 2020. [8] Z. Wang, X. Jiang, and W. Wang, “An unsupervised feature learning method for intrusion detection based on autoencoder and one-class SVM,” IEEE Access, vol. 8, pp. 74879–74890, 2020. [9] M. Al-Haija and A. Al Jaghoub, “Bidirectional LSTM networks with attention mechanism for intrusion detection,” Electronics, vol. 10, no. 18, pp. 2230–2242, 2021. [10] S. Abbas and M. A. Khan, “Network intrusion detection using transformer encoder,” Computers, Materials & Continua, vol. 67, no. 2, pp. 2251–2268, 2021. [11] Y. Zhang and Q. Liu, “Residual convolutional neural network and LSTM based hybrid model for intrusion detection,” IEEE Access, vol. 10, pp. 7455–7466, 2022. [12] R. Kumar, S. Kumar, and P. Singh, “Graph neural network-based intrusion detection for flow-based IoT data,” IEEE Internet of Things Journal, vol. 9, no. 4, pp. 3056–3068, 2022. [13] J. Li, T. Chen, and Z. Yang, “Contrastive self-supervised learning for network intrusion detection,” IEEE Transactions on Network and Service Management, vol. 20, no. 1, pp. 140–151, 2023. [14] Y. Zhang, Y. Liu, and J. Wang, “Hybrid Transformer-CNN model for intrusion detection system,” IEEE Access, vol. 11, pp. 25410–25420, 2023. [15] H. Chen, K. Xu, and M. Lin, “Federated learning-based privacy-preserving network intrusion detection,” IEEE Transactions on Information Forensics and Security, vol. 19, pp. 1123–1135, 2024 [2] J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, pp.68–73. .

Copyright

Copyright © 2026 Bhagyashree D Kale, Dr. Sushma V. Telrandhe , Prof. Ram Madhav Deshmukh . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.