Integrating CNN & Bidirectional LSTM for Efficient Anomaly Detection In Networks

Abstract

The spread of internet and computer networks has revolutionized information exchange, but it has also introduced significant security risks. Cyber attackers exploit vulnerabilities within these networks to compromise data confidentiality, integrity, and availability. Detecting anomalous activities in networks is critical for maintaining security but presents challenges due to the volume of data and the complexity of attacks. The objective of this study is to develop an effective anomaly detection system for computer networks using deep learning techniques. Specifically, we aim to design a Convolutional Neural Network with Bidirectional Long Short-Term Memory (CNN Bi-LSTM) model. The goal is to achieve high accuracy in identifying network-based anomalies while considering various hyperparameters and optimizing model performance. The approach involves designing and training a CNN Bi-LSTM model for network anomaly detection. We experiment with different hyperparameters, including optimizers (Nadam, Adam, RMSprop, Adamax, SGD, Adagrad, Ftrl), epochs, batch size, and learning rate. We utilize the NSL-KDD and UNSW-NB15 datasets for training and evaluation. Performance metrics such as accuracy and F1-score are used to assess the effectiveness of the model. The CNN Bi-LSTM model demonstrates outstanding performance in detecting network anomalies, achieving high accuracy . Through meticulous analysis of hyperparameters, we identify the optimal configuration that maximizes detection accuracy. Comparative analysis with existing anomaly detection methods confirms the superiority of our proposed approach. In conclusion, our study highlights the efficacy of deep learning, particularly CNN Bi-LSTM models, in detecting network-based anomalies. And also added CNN and a hybrid CNN-LSTM method are implemented to improve prediction accuracy, with the CNN-LSTM achieving an impressive 99% accuracy rate. A user-friendly front end using Flask is developed, allowing easy access for testing, with integrated user authentication for secure access, enhancing usability and reliability.

Introduction

The text discusses the growing importance of cybersecurity and anomaly detection in modern digital systems, where most data is transmitted in binary form and protecting it from unauthorized access is critical. It introduces the concept of anomalies (outliers) as deviations from normal patterns, which are essential for detecting threats in fields like fraud detection, healthcare, and especially cybersecurity.

In cybersecurity, anomaly detection is closely tied to the CIA triad (Confidentiality, Integrity, Availability), which defines the core requirements of a secure system. Intrusion Detection Systems (IDS) are used to monitor network and system activity and are broadly classified into:

• Signature-Based IDS (SIDS): Detect known attacks using predefined patterns.
• Anomaly-Based IDS (AIDS): Detect unknown or new attacks by learning normal behavior patterns.

AIDS approaches are further divided into host-based and network-based systems and can use supervised, unsupervised, or semi-supervised machine learning methods. The text emphasizes that deep learning (DL) techniques outperform traditional machine learning in complex, high-dimensional environments.

Key deep learning models discussed include:

• Convolutional Neural Networks (CNNs) for extracting spatial features (useful in image or structured data).
• Long Short-Term Memory (LSTM) networks for sequential data like time series or network traffic.
• Bidirectional LSTM (BiLSTM) for better context understanding in both forward and backward directions.

A major proposed solution is a CNN–BiLSTM hybrid model for intrusion detection, designed to improve accuracy and adaptability. Performance depends heavily on hyperparameters like learning rate, batch size, epochs, and architecture design.

The methodology includes:

1. Data collection and modeling
2. Preprocessing
3. Train-test splitting
4. Model training (CNN, LSTM, BiLSTM variants)
5. Evaluation and anomaly detection
6. Comparison and final decision-making

The system is tested using two major benchmark datasets:

• NSL-KDD (improved version of KDD Cup 99 with reduced redundancy)
• UNSW-NB15 (contains multiple modern attack types)

The datasets are used to evaluate model performance under realistic conditions, including issues like class imbalance and duplicate records.

Finally, the system also includes a simple Flask-based web interface with authentication to make the intrusion detection model accessible in real-world scenarios. Feature selection and data preprocessing are highlighted as important steps for improving efficiency and reducing computational cost.

Conclusion

The investigation of different architectures of neural networks and optimization methods showed that the CNN + BiLSTM model [13, 14, 15], combined with a well-chosen optimizer, is the best solution for intrusion detection from network traffic data. Thorough evaluation metrics, such as accuracy, precision, recall, and F1 score, not only confirmed the strength of the selected model but also proved its ability to find an equilibrium between precise anomaly detection and not being too liberal with false positives. The project also highlights the sensitivity of the performance of the model to hyperparameters and the importance of careful tuning. Apart from algorithmic decisions, the theoretical aspects of choosing hyperparameters, such as architecture design and learning rates, are instrumental in realizing the best intrusion detection results. The algorithm significantly enhances the performance of the CNN Bi-LSTM model, showing outstanding accuracy in the detection of network abnormality. Front-end testing confirms its effectiveness in precise interpretation and analysis of feature values, highlighting its stability for real-world use. The results of the project have far-reaching implications for network security in the real world. The successful use of deep learning models for anomaly detection holds the promise to improve the resistance of computer networks against adaptive threats. The theoretical insight into model architecture and hyperparameter tuning contributes to a more comprehensive design of intrusion detection systems. This project breaks ground for further research and deployment in the field of cybersecurity, highlighting the real-world value of the project\'s results.

References

[1] N. Moustafa, J. Hu and J. Slay, \"A holistic review of network anomaly detection systems: A comprehensive survey,\" Journal of Network and Computer Applications, vol. 128, p. 33–55, 2019. [2] S. Samonas and D. Coss, \"The CIA strikes back: Redefining confidentiality, integrity and availability in security.,\" Journal of Information System Security, vol. 10, 2014. [3] Y. Fu, Y. Du, Z. Cao, Q. Li and W. Xiang, \"A Deep Learning Model for Network Intrusion Detection with Imbalanced Data,\" Electronics, vol. 11, p. 898, 2022. [4] K. Jiang, W. Wang, A. Wang and H. Wu, \"Network intrusion detection combined hybrid sampling with deep hierarchical network,\" IEEE Access, vol. 8, p. 32464–32476, 2020. [5] W. Xu, J. Jang-Jaccard, T. Liu, F. Sabrina and J. Kwak, \"Improved Bidirectional GAN-Based Approach for Network Intrusion Detection Using One-Class Classifier,\" Computers, vol. 11, p. 85, 2022. [6] L. Vu and Q. U. Nguyen, \"Handling imbalanced data in intrusion detection systems using generative adversarial networks,\" Journal on Information Technologies & Communications, vol. 2020, p. 1–13, 2020. [7] T. Acharya, I. Khatri, A. Annamalai and M. F. Chouikha, \"Efficacy of Heterogeneous Ensemble Assisted Machine Learning Model for Binary and Multi-Class Network Intrusion Detection,\" in 2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS), 2021. [8] T. Acharya, I. Khatri, A. Annamalai and M. F. Chouikha, \"Efficacy of Machine Learning-Based Classifiers for Binary and Multi-Class Network Intrusion Detection,\" in 2021 IEEE International Conference on Automatic Control & Intelligent Systems (I2CACIS), 2021. [9] C. Yin, Y. Zhu, J. Fei and X. He, \"A deep learning approach for intrusion detection using recurrent neural networks,\" Ieee Access, vol. 5, p. 21954– 21961, 2017. [10] Z. Chen, C. K. Yeo, B. S. Lee and C. T. Lau, \"Autoencoder-based network anomaly detection,\" in 2018 Wireless telecommunications symposium (WTS), 2018. [11] M. Ganesh, A. Kumar and V. Pattabiraman, \"Autoencoder Based Network Anomaly Detection,\" in 2020 IEEE International Conference on Technology, Engineering, Management for Societal impact using Marketing, Entrepreneurship and Talent (TEMSMET), 2020. [12] W. Xu, J. Jang-Jaccard, A. Singh, Y. Wei and F. Sabrina, \"Improving performance of autoencoder-based network anomaly detection on nsl-kdd dataset,\" IEEE Access, vol. 9, p. 140136–140146, 2021. [13] J. Gao, \"Network Intrusion Detection Method Combining CNN and BiLSTM in Cloud Computing Environment,\" Computational Intelligence and Neuroscience, vol. 2022, 2022. [14] A. G. Salman, Y. Heryadi, E. Abdurahman and W. Suparta, \"Single layer & multi-layer long short-term memory (LSTM) model with intermediate variables for weather forecasting,\" Procedia Computer Science, vol. 135, p. 89–98, 2018.

Copyright

Copyright © 2026 Dr. R. Obulakonda Reddy, M. Varun, B. Vigneshwar, P. V. Rishyanth. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.