Network Intrusion Detection Method Based on Convolutional Neural Networks with convLSTM

doi:10.3969/j.issn.1006-2475.2025.03.018

Abstract

Abstract: In the field of network intrusion detection， machine learning methods that manually extract features in feature engineering are generally used， but the manual feature extraction method is prone to losing important feature information； In addition， different types of attack traffic play different roles in detection， and existing algorithms generally suffer from important information loss and low accuracy in identifying attack types. A hybrid algorithm based on Convolutional Long-Short Term Memory （convLSTM） and Convolutional Neural Networks （CNN） is proposed for anomaly traffic detection in response to the aforementioned issues， Which directly use the payload of network traffic as data samples without manual extraction of complex traffic features， fully explores the structural features of traffic， extracts temporal and spatial features， and generates accurate intrusion detection feature vectors. The experimental results show that on the CIC-ISDS2017 dataset， the accuracy of the hybrid algorithm convLSTM-CNN in network intrusion detection reaches 99.39%. Compared with the simple DNN， SVM， LSTM， GRU-CNN and other models， it has a higher accuracy and lower false alarm rate， indicating that the algorithm improves the efficiency of abnormal traffic detection.

Key words: , network security, intrusion detection, convolutional long-short term networks, convolutional neural network, deep learning

CLC Number:

TP309

ZHANG Yue, GUO Zixin, HUANG Yibin, YAN Tao. Network Intrusion Detection Method Based on Convolutional Neural Networks with convLSTM[J]. Computer and Modernization, 2025, 0(03): 119-126.

References

［1］徐温雅. 基于机器学习的网络入侵检测研究［D］. 北京：北京交通大学， 2018.
［2］杜臻. 基于特征提取和异常分类的网络流量异常检测方法［D］. 南京：南京邮电大学， 2019.
［3］李威，杨忠明. 入侵检测系统的研究综述［J］. 吉林大学学报（信息科学版）， 2016，34（5）:657-662.
［4］邢军辉. 基于云平台的入侵检测系统设计［D］. 郑州：河南工业大学， 2020.
［5］ BISWAS N A， SHAH F M， TAMMI W M， et al. FP-ANK: An improvised intrusion detection system with hybridization of neural network and K-means clustering over feature selection by PCA［C］// 2015 18th International Conference on Computer and Information Technology （ICCIT）. IEEE， 2015. DOI: 10.1109/ICCITechn.2015.7488089.
［6］ BAO X H， XU T Q， HOU H. Network intrusion detection based on support vector machine［C］// 2009 International Conference on Management and Service Science. IEEE， 2009. DOI: 10.1109/ICMSS.2009.5304051.
［7］ WANG Z. Fault diagnosis for wireless sensor network based on genetic-support vector machine［C］// Proceedings of 2011 International Conference on Computer Science and Network Technology. IEEE， 2012. DOI: 10.1109/ICCSNT.2011.6182520.
［8］黄奇文，李丽颖，沈富可，等. 基于集成特征选择的网络异常流量检测［J］. 华东师范大学学报（自然科学版）， 2021（6）:100-111.
［9］ WANG W， ZHU M， ZENG X W， et al. Malware traffic classification using convolutional neural network for representation learning［C］// 2017 International Conference on Information Networking（ICOIN）. IEEE， 2017. DOI: 10.1109/ICOIN.2017.7899588.
［10］ TORRES P， CATANIA C， GARCIA S， et al. An analysis of recurrent neural networks for botnet detection behavior［C］// 2016 IEEE Biennial Congress of Argentina （ARGENCON）. IEEE， 2016. DOI: 10.1109/ARGENCON.2016.7585247.
［11］ LI Z， SUN W Q， WANG L F. A neural network based distributed intrusion detection system on cloud platform［C］// 2012 IEEE 2nd International Conference on Cloud Computing & Intelligent Systems. IEEE， 2012. DOI:10.1109/CCIS.2012.6664371.
［12］王明. 基于卷积神经网络的网络入侵检测系统［D］. 北京：北京邮电大学， 2018.
［13］夏玉明，胡绍勇，朱少民，等. 基于卷积神经网络的网络攻击检测方法研究［J］. 信息网络安全， 2017，（11）:32-36.
［14］尹梓诺，马海龙，胡涛. 基于联合注意力机制和一维卷积神经网络-双向长短期记忆网络模型的流量异常检测方法［J］. 电子与信息学报， 2023，45（10）:3719-3728.
［15］刘月峰，王成，张亚斌，等. 用于网络入侵检测的多尺度卷积CNN模型［J］. 计算机工程与应用， 2019，55（3）:90-95.
［16］ CHEN X M. pkt2flow［EB/OL］. （2020-04-15）［2024-02-23］. https://github.com/caesar0301/pkt2flow.
［17］ JEFF S. FlowMining［EB/OL］. （2020-05-09）［2024-02-21］. https://github.com/NetworkHub/FlowMining.
［18］ SHI X J， CHEN Z R， WANG H， et al. Convolutional LSTM network: A machine learning approach for precipitation nowcasting［C］// Proceedings of the 29th International Conference on Neural Information Processing Systems. ACM， 2015，1:802–810.
［19］郜世伟. 基于ConvLSTM网络的盗窃类警情时空分布预测模型研究［D］. 南京：南京师范大学， 2020.
［20］ KIM J， KIM J， KIM H， et al. CNN-based network intrusion detection against denial-of-service attacks［J］. Electronics， 2020，9（6）. DOI: 10.3390/electronics9060916.
［21］ IOFFE S， SZEGEDY C. Batch normalization: Accelerating deep network training by reducing internal covariate shift［J］. arXiv preprint arXiv:1502.03167， 2015.
［22］ HINTON G E， SRIVASTAVA N， KRIZHEVSKY A， et al. Improving neural networks by preventing co-adaptation of feature detectors［J］. arXiv preprint arXiv:1207.0580， 2012.
［23］ KINGMA D P， BA J. Adam: A method for stochastic optimization［J］. arXiv preprint arXiv:1412.6980， 2014.
［24］ SHARAFALDIN I， LASHKARI A H， GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization［C］// 4th International Conference on Information Systems Security & Privacy. SciTePress， 2018. DOI: 10.5220/0006639801080116.
［25］周璨，杨栋，魏松杰. 融合GRU和CNN的轻量级网络入侵检测模型［J］. 计算机系统应用， 2023，32（8）:162-170.
［26］时东阁，章晓庆，毛保磊，等. 一种基于卷积神经网络的入侵检测方法［J］. 计算机应用与软件， 2020，37（10）:323-327.
［27］曹磊，李占斌，杨永胜等. 基于双层注意力神经网络的入侵检测方法［J］. 计算机工程与应用， 2021，57（19）:142-149.

[1]	HOU Menghan, WEI Changfa. Construction of Depression Recognition Model Based on Multi-Feature Fusion [J]. Computer and Modernization, 2025, 0(03): 1-5.
[2]	TANG Rui1, WU Jianchao1, CHEN Jianbo1, CHAI Jiang1, WANG Qian1, HE Yuchen2. Improved YOLOv8s Algorithm Based on GiraffeDet for Transmission Line Icing Detection [J]. Computer and Modernization, 2025, 0(03): 6-11.
[3]	CAO Lu, DING Cangfeng, MA Lerong, YAN Zhaoyao, YOU Hao. Multilevel Joint Graph Embedding for Lipophilic Molecular Classification [J]. Computer and Modernization, 2025, 0(03): 12-21.
[4]	WANG Zeyu, HAN Jianning, HAO Guodong, YANG Run. Speech Enhancement Algorithm Based on Parallel Cascaded Time-frequency Conformer Generative Adversarial Network [J]. Computer and Modernization, 2025, 0(03): 22-28.
[5]	LEI Jiyue, SU Peng, NIE Yun, LIN Chuan. Review of Large Language Model Question Answering Systems for International Event Analysis [J]. Computer and Modernization, 2025, 0(03): 29-37.
[6]	ZHANG Jiaxu, LIU Xiaoyang, HONG Shengcheng, SHENG Yifan, WANG Mingyang. Method for Underwater Robot Cage Inspection Control Based on Model Predictive Control [J]. Computer and Modernization, 2025, 0(03): 38-44.
[7]	LI Haoran1, HE Wenxue1, XU Jiazhen1, YANG Banghua2. Classification Method of EEG Signals for Depression Based on Multi-Scale Dynamic Convolution and Attention Mechanism [J]. Computer and Modernization, 2025, 0(03): 60-65.
[8]	PU Yaya, WANG Yanbo, SU Yongdong, XU Zhongcheng. Multi-scale Feature Image Defogging Algorithm Based on Content-guided Attention Fusion [J]. Computer and Modernization, 2025, 0(03): 78-85.
[9]	LUO Hao, LI Xianfeng. Remote Sensing Image Classification Based on Multi-scale Feature Extraction [J]. Computer and Modernization, 2025, 0(03): 86-92.
[10]	ZHU Yongtian, TIAN Fei, DONG Baoliang. Ultrasonic Image Segmentation of Thyroid Nodules Based on HA-UNet++ [J]. Computer and Modernization, 2025, 0(03): 93-98.
[11]	XIE Haiqing, LING Jiaqi, YI Xinbo. Tongue Constitution Classification Method Based on Deep Learning [J]. Computer and Modernization, 2025, 0(03): 99-105.
[12]	LIU Yaokai, REN Dejun, LIU Chongyi, LU Yudong. AMDFF-Net： Adaptive Multi-dimensional Feature Fusion Network for Tiny Object Detection [J]. Computer and Modernization, 2025, 0(03): 106-112.
[13]	LIU Chongyi, LI Hua, REN Dejun, LIU Yaokai, WANG Yulong. Anomaly Detection Algorithm Based on Bidirectional Multi-scale Knowledge Distillation [J]. Computer and Modernization, 2025, 0(02): 58-63.
[14]	LI Ang1, DU Mengjun1, QIAN Jin1, TONG Jun1, YANG Tao1 CHEN Guotao1, JIN Wenxing2. A Novel Communication Data Fusion Method for Power Systems Based on Multimodal Graph Convolutional Networks [J]. Computer and Modernization, 2025, 0(02): 64-69.
[15]	HE Guotao1, ZHAO Chunhui2, LIU Zhenyu1, WANG Long1. Optimization for Camera Self-calibration Based on Horizon Detection in Road Scenes [J]. Computer and Modernization, 2025, 0(02): 77-85.