Skip to main content

Advertisement

Springer Nature Link
Log in

Hybrid network intrusion detection system based on sliding window and information entropy in imbalanced dataset

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Enhancing the integrity of the information security infrastructure requires the monitoring and analysis of anomalous network activities. And due to the network ecosystem's increased diversity and complexity as a result of information technology's rapid growth, classic intrusion detection techniques are no longer adequate for identifying and evaluating network anomaly patterns from a variety of integration and channel viewpoints. Meanwhile, the class imbalance problem associated with intrusion detection datasets limits classifiers' ability to recognize minority classes. To improve the detection rate of minority classes while ensuring efficiency, we propose a multi-channel intrusion detection model based on CNN_LSTM, referred to as ENS_CLSTM.The model that is being provided resamples the data using the sliding window approach and information entropy technology in order to balance the amount of normal and abnormal classes. The spatial features of the data are retrieved using a Convolution Neural Network (CNN), while the temporal features are extracted using a Bidirectional Long-Short Term Memory (Bi_LSTM), after integrates the dual-channel features stream into the final Deep Neural Network (DNN). The advantages of the proposed model are verified using the NSL-KDD,UNSW-NB15,CICIDS2017,CSE-CIC-IDS-2018 and ISCX-IDS2012 datasets. According to the experimental results, an accuracy of 99.67% was attained on the UNSW-NB15 dataset and 99.997% on the NSL-KDD dataset. Furthermore, on the CICIDS2017, CSE-CIC-IDS-2018, and ISCX-IDS2012 datasets, respectively, accuracy rates of 99.9997%, 99.998%, and 99.74% were attained.The ENS_CLSTM model can effectively improve the detection performance and generalization ability when compared to the findings of current studies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Data availability

Data openly available in a public repository, including NSL-KDD,UNSW-NB15,ISCX-IDS2012,CICIDS2017 and CSE-CIC-IDS-2018.

The NSL-KDD dataset is openly available in github at https://github.com/NUAA-YANG/DataSet, reference number [45].

The UNSW-NB15 dataset that support the findings of this study are openly available in unsw at https://research.unsw.edu.au/projects/unsw-nb15-dataset, reference number [46].

https://unsw-my.sharepoint.com/personal/z5025758_ad_unsw_edu_au/_layouts/15/onedrive.aspx?ga=1&id=%2Fpersonal%2Fz5025758%5Fad%5Funsw%5Fedu%5Fau%2FDocuments%2FUNSW%2DNB15%20dataset%2FCSV%20Files%2FTraining%20and%20Testing%20Sets

The ISCX-IDS2012 dataset is openly available in unb at https://www.unb.ca/cic/datasets/ids.html, reference number [47].

The CICIDS2017 dataset is openly available in unb at https://www.unb.ca/cic/datasets/ids2017.html, reference number [48].

The CSE-CIC-IDS-2018 dataset is openly available in unb at https://www.unb.ca/cic/datasets/ids-2018.html, reference number [49].

References

  1. Cloudflare Radar.(2023).Year in Review 2023. https://radar.cloudflare.com/year-in-review/2023

  2. Liao H-J, Richard Lin C-H, Lin Y-C, Tung K-Y (2013) Intrusion detection system: A comprehensive review. J Netw Comput Appl 36(1):16–24. https://doi.org/10.1016/j.jnca.2012.09.004

    Article  MATH  Google Scholar 

  3. Li W, Tug S, Meng W, Wang Y (2019) Designing collaborative blockchained signature-based intrusion detection in IoT environments. Future Gener Comput Syst 96:481–489. https://doi.org/10.1016/j.future.2019.02.064

    Article  MATH  Google Scholar 

  4. Chen H, Yuan B, Zou D et al (2022) A fuzzing-based method for testing rules in intrusion detection systems in 6g networks. IEEE Netw: Mag Comput Commun 36(4):150–158. https://doi.org/10.1109/MNET.002.2100655

    Article  MATH  Google Scholar 

  5. Panigrahi R, Borah S, Pramanik M et al (2022) Intrusion detection in cyber–physical environment using hybrid Nave Bayes—Decision table and multi-objective evolutionary feature selection. Comput Commun 188:133–144. https://doi.org/10.1016/j.comcom.2022.03.009

    Article  MATH  Google Scholar 

  6. Lou P, Lu G, Jiang X, Xiao Z, Hu J, Yan J (2021) Cyber intrusion detection through association rule mining on multi-source logs. Appl Intell 51(6):4043–4057. https://doi.org/10.1007/s10489-020-02007-5

    Article  MATH  Google Scholar 

  7. Yang Z, Liu X, Li T et al (2022) A systematic literature review of methods and datasets for anomaly-based network intrusion detection. Comput Secur 116:102675. https://doi.org/10.1016/j.cose.2022.102675

    Article  MATH  Google Scholar 

  8. Zavrak S, Iskefiyeli M (2023) Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach. Neural Comput Appl 35:12175–12193. https://doi.org/10.1007/s00521-023-08376-5

    Article  Google Scholar 

  9. Song J, Qin G, Liang Y, Yan J, Sun M (2024) Dynamic graph-based intrusion detection system for CAN. Comput Secur 147:104076. https://doi.org/10.1016/j.cose.2024.104076

    Article  MATH  Google Scholar 

  10. Xiao J, Yang L, Zhong F, Wang X, Chen H, Li D (2023) Robust anomaly-based insider threat detection using graph neural network. IEEE Trans Netw Serv Manag 20(3):3717–3733. https://doi.org/10.1109/TNSM.2022.3222635

    Article  Google Scholar 

  11. Almaraz-Rivera JG (2023) An Anomaly-based Detection System for Monitoring Kubernetes Infrastructures. IEEE Lat Am Trans 21(3):457–465. https://doi.org/10.1109/TLA.2023.10068850

    Article  Google Scholar 

  12. Lunardi WT, Lopez MA, Giacalone J-P (2023) ARCADE: Adversarially Regularized Convolutional Autoencoder for Network Anomaly Detection. IEEE Trans Netw Serv Manage 20(2):1305–1318. https://doi.org/10.1109/TNSM.2022.3229706

    Article  MATH  Google Scholar 

  13. Abdelkhalek A, Mashaly M (2023) Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning. J Supercomput 79(10):10611–10644. https://doi.org/10.1007/s11227-023-05073-x

    Article  MATH  Google Scholar 

  14. Zavrak S, Iskefiyeli M (2023) Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach. Neural Comput Appl 35(16):12175–12193. https://doi.org/10.1007/s00521-023-08376-5

    Article  Google Scholar 

  15. Chung WH, YeongHyeon Gu, Yoo SJ (2023) CHP Engine Anomaly Detection Based on Parallel CNN-LSTM with Residual Blocks and Attention. Sensors 23(21):8746. https://doi.org/10.3390/s23218746

    Article  MATH  Google Scholar 

  16. Odeh A, Taleb AA (2023) Ensemble-based deep learning models for enhancing IoT intrusion detection. Appl Sci 13(21):11985. https://doi.org/10.3390/app132111985

    Article  MATH  Google Scholar 

  17. Balla A, Habaebi MH, Elsheikh EAA, Islam MR, Suliman FEM, Mubarak S (2024) Enhanced CNN-LSTM deep learning for SCADA IDS featuring hurst parameter self-similarity. IEEE Access 12:6100–6116. https://doi.org/10.1109/ACCESS.2024.3350978

    Article  Google Scholar 

  18. Alizadeh H, Vranken H, Zuquete A, Miri A (2020) Timely classification and verification of network traffic using gaussian mixture models. IEEE Access 8:91287–91302. https://doi.org/10.1109/ACCESS.2020.2992556

    Article  Google Scholar 

  19. Mun H, Lee Y (2021) Internet traffic classification with federated learning. Electronics 10(1):27–45. https://doi.org/10.3390/electronics10010027

    Article  MATH  Google Scholar 

  20. Sánchez-Zas C, Larriva-Novo X, Villagrá VA, Rodrigo MS, Moreno JI (2022) Design and evaluation of unsupervised machine learning models for anomaly detection in streaming cybersecurity logs. Mathematics 10(21):4043. https://doi.org/10.3390/math10214043

    Article  Google Scholar 

  21. Ajila SA, Lung CH, Das A (2022) Analysis of error-based machine learning algorithms in network anomaly detection and categorization. Ann Telecommun 77:359–370. https://doi.org/10.1007/s12243-021-00836-0

    Article  MATH  Google Scholar 

  22. Haq MA, Khan MAR, AL-Harbi T (2022) Development of pccnn-based network intrusion detection system for edge computing. Comput Mater Contin 71(1):1769–1788. https://doi.org/10.32604/cmc.2022.018708

    Article  MATH  Google Scholar 

  23. Chen M, Wang X, He M, Jin L, Javeed K, Wang X (2020) A network traffic classification model based on metric learning. Comput Mater Contin 64(2):941–959. https://doi.org/10.32604/CMC.2020.09802

    Article  MATH  Google Scholar 

  24. Khan MA, Rezaul Karim Md, Kim Y (2019) A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11(4):583. https://doi.org/10.3390/sym11040583

    Article  MATH  Google Scholar 

  25. Xu W, Jang-Jaccard J, Singh A, Wei Y, Sabrina F (2021) Improving performance of autoencoder-based network anomaly detection on NSL-KDD dataset. IEEE Access 9:140136–140146. https://doi.org/10.1109/ACCESS.2021.3116612

    Article  Google Scholar 

  26. Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334

    Article  Google Scholar 

  27. Kanna PR, Santhi P (2022) Hybrid intrusion detection using MapReduce based black widow optimized convolutional long short-term memory neural networks. Expert Syst Appl 194:116545. https://doi.org/10.1016/j.eswa.2022.116545

    Article  MATH  Google Scholar 

  28. Ullah I, Mahmoud QH (2022) Design and Development of RNN Anomaly Detection Model for IoT Networks. IEEE Access 10:62722–62750. https://doi.org/10.1109/ACCESS.2022.3176317

    Article  Google Scholar 

  29. Oğuz HT, Kalaycıoğlu A (2022) Anomaly detection in multi-tiered cellular networks using LSTM and 1D CNN. J Wirel Com Netw 2022:101. https://doi.org/10.1186/s13638-022-02183-7

    Article  MATH  Google Scholar 

  30. Jafarian T, Masdari M, Ghaffari A, Majidzadeh K (2021) A survey and classification of the security anomaly detection mechanisms in software defined networks. Clust Comput 24(2):1235–1253. https://doi.org/10.1007/s10586-020-03184-1

    Article  MATH  Google Scholar 

  31. Ujjan RM, Ali ZP, Dahal K, Khan WA, Khattak AM, Hayat B (2021) Entropy Based Features Distribution for Anti-DDoS Model in SDN. Sustainability 13(3):1522. https://doi.org/10.3390/su13031522

    Article  Google Scholar 

  32. Fioravanti G, Spina MG, De Rango F (2023) Entropy based DDoS Detection in Software Defined Networks. Proceedings - IEEE Consumer Communications and Networking Conference, CCNC, 2023-January, 636–639. https://doi.org/10.1109/CCNC51644.2023.10059949.

  33. Yan Q, Wang M, Huang W, Luo X, Yu FR (2019) Automatically synthesizing DoS attack traces using generative adversarial networks. Int J Mach Learn Cybern 10(12):3387–3396. https://doi.org/10.1007/s13042-019-00925-6

    Article  MATH  Google Scholar 

  34. Umair MB, Iqbal Z, Bilal M, Nebhen J, Almohamad TA, Mehmood RM (2022) An efficient internet traffic classification system using deep learning for iot. Comput Mater Contin 71(1):407–422. https://doi.org/10.32604/cmc.2022.020727

    Article  Google Scholar 

  35. DaneshgadehÇakmakçı S, Kemmerich T, Ahmed T, Baykal N (2020) Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm. J Netw Comput Appl 168:102756. https://doi.org/10.1016/j.jnca.2020.102756

    Article  MATH  Google Scholar 

  36. Bereziński P, Jasiul B, Szpyrka M (2015) An entropy-based network anomaly detection method. Entropy 17(4):2367–2408. https://doi.org/10.3390/e17042367

    Article  MATH  Google Scholar 

  37. Baldini G, Amerini I (2022) Online Distributed Denial of Service (DDoS) intrusion detection based on adaptive sliding window and morphological fractal dimension. Comput Netw 210:108923. https://doi.org/10.1016/j.comnet.2022.108923

    Article  MATH  Google Scholar 

  38. Han S, Kim Y, Lee S (2021) Improvement of the classification performance of an intrusion detection model for rare and unknown attack traffic. Electronics 10(18):2268–2280. https://doi.org/10.3390/electronics10182268

    Article  MATH  Google Scholar 

  39. Panigrahi R, Borah S, Bhoi AK, Ijaz MF, Pramanik M, Kumar Y, Jhaveri RH (2021) A consolidated decision tree-based intrusion detection system for binary and multiclass imbalanced datasets. Mathematics 9(7):751. https://doi.org/10.3390/math9070751

    Article  Google Scholar 

  40. Zhang Y, Wang Z (2023) Feature engineering and model optimization based classification method for network intrusion detection. Appl Sci 13:9363. https://doi.org/10.3390/app13169363

    Article  MATH  Google Scholar 

  41. Zhang H, Huang L, Wu CQ, Li Z (2020) An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset. Computer Networks 177:107315. https://doi.org/10.1016/j.comnet.2020.107315

    Article  MATH  Google Scholar 

  42. Zhai ZL, Zhang X, Fang FF, Yao LY (2023) Text classification of chinese news based on multi-scale cnn and lstm hybrid model. Multimedia Tools Appl 82(14):20975–20988. https://doi.org/10.1007/s11042-023-14450-w

    Article  MATH  Google Scholar 

  43. Molefe ME, Tapamo JR (2024) Classifying roads with multi-step graph embeddings. Computación y Sistemas 28(1):257–270. https://doi.org/10.1007/s11042-023-14450-w

    Article  MATH  Google Scholar 

  44. Gore DV, Sinha AK, Deshpande V (2023) Automatic CAD System for Brain Diseases Classification Using CNN-LSTM Model. Emerging Technologies in Data Mining and Information Security. Adv Intell Syst Comput 1348:623–634. https://doi.org/10.1007/978-981-19-4676-9_54

    Article  MATH  Google Scholar 

  45. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2019) A Detailed Analysis of the KDD CUP 99 Data Set. In Proceedings of the 2nd IEEE Intl Conference on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 53–58

  46. Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Military Communications and Information Systems Conference (MilCIS), 2015. Available online: https://research.unsw.edu.au/projects/unsw-nb15-dataset

  47. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 357–374. Available online:https://www.unb.ca/cic/datasets/ids.html. https://doi.org/10.1016/j.cose.2011.12.012

  48. I. Sharafaldin, A. Gharib, A.H. Lashkari and A.A. Ghorbani. (2018). Towards a reliable intrusion detection benchmark dataset,Software Networking 2018(1) , 177–200.Available online: https://www.unb.ca/cic/datasets/ids2017.html. https://doi.org/10.13052/jsn2445-9739.2017.009.

  49. Basnet RB, Shash R, Johnson C, Walgren L, Doleck T (2019) Towards Detecting and Classifying Network Intrusion Traffic Using Deep Learning Frameworks. J Internet Serv Inf Secur 9(4):1-17. Available online: https://www.unb.ca/cic/datasets/ids-2018.html

  50. Wu J et al (2022) Intrusion detection technique based on flow aggregation and latent semantic analysis. Appl Soft Comput 127:109375. https://doi.org/10.1016/j.asoc.2022.109375

    Article  MATH  Google Scholar 

  51. Qu Y, Ma H, Jiang Y, Wang L, Yu J (2022) A Network Data Reinforcement Method Based on the Multiclass Variational Autoencoder. Secur Commun Netw 2022:10. https://doi.org/10.1155/2022/2993963

    Article  MATH  Google Scholar 

  52. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: A survey. ACM Comput Surv (CSUR) 41(3):1–58. https://doi.org/10.1145/1541880.1541882

    Article  MATH  Google Scholar 

  53. Imrana Y, Xiang Y, Ali L, Abdul-Rauf Z (2021) A bidirectional LSTM deep learning approach for intrusion detection. Expert Syst Appl 185:115524. https://doi.org/10.1016/j.eswa.2021.115524

    Article  MATH  Google Scholar 

  54. Kim A, Park M, Lee DH (2020) AI-IDS: Application of deep learning to real-time web intrusion detection. IEEE Access 8:70245–70261. https://doi.org/10.1109/ACCESS.2020.2986882

    Article  MATH  Google Scholar 

  55. Kilincer IF, Ertam F, Sengur A (2021) Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Comput Netw 188:2021. https://doi.org/10.1016/j.comnet.2021.107840

    Article  Google Scholar 

  56. Zhou P, Zhang H, Liang W (2023) Research on hybrid intrusion detection based on improved Harris Hawk optimization algorithm. Connect 35(1):2195595. https://doi.org/10.1080/09540091.2023.2195595

    Article  MATH  Google Scholar 

  57. Alazab M, Khurma RA, Awajana A, Camacho D (2022) A new intrusion detection system based on moth-flame optimizer algorithm. Expert Syst Appl 210:118439. https://doi.org/10.1016/j.eswa.2022.118439

    Article  Google Scholar 

  58. Hai TH, Nam LH (2021) A practical comparison of deep learning methods for network intrusion detection. 2021 International Conference on Electrical, Communication, and Computer Engineering (ICECCE), Kuala Lumpur, Malaysia, 1–6. https://doi.org/10.1109/ICECCE52056.2021.9514161

  59. Rajesh Kanna P, Santhi P (2021) Unified Deep Learning approach for Efficient Intrusion Detection System using Integrated Spatial-Temporal Features. Knowl-Based Syst 226:2021. https://doi.org/10.1016/j.knosys.2021.107132

    Article  MATH  Google Scholar 

  60. Xie J, Li S, Yun X, Zhang Y, Chang P (2020) HSTF-Model: An HTTP-based Trojan detection model via the Hierarchical Spatio-temporal Features of Traffics. Comput Secur 96:2020. https://doi.org/10.1016/j.cose.2020.101923

    Article  MATH  Google Scholar 

Download references

Acknowledgements

This work is supported by Guangxi Innovation Driven Development Special Fund Project-EB-level cloud storage system key technology and application demonstration (Grant No: Guike AA18118031-5),the Internet of Things and Big Data Application Research Center of Guilin Institute of Aerospace Industry.2020 Guangxi University Middle-aged and Young Teachers' Basic Research Ability Improvement Project Fund, "Project Name: Research and Application of Key Technologies of Smart Experimental Management Platform" (Grant No: 2020ky21026).

Author information

Authors and Affiliations

  1. Guilin University of Aerospace Technology, Guilin, 541004, China

    Jingrong Mo, Jie Ke, Huiyi Zhou & Xunzhang Li

Authors
  1. Jingrong Mo
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Jie Ke
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Huiyi Zhou
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Xunzhang Li
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Conceptualization: Jingrong Mo; Methodology: Jingrong Mo; Formal analysis and investigation:Jingrong Mo; Validation:Huiyi Zhou;Writing—original draft preparation: Huiyi Zhou; Data Curation:Xunzhang Li;Visualization:Xunzhang Li;Writing—review and editing:Xunzhang Li; Funding acquisition: Jie Ke; Supervision: Jie Ke.

Corresponding author

Correspondence to Jingrong Mo.

Ethics declarations

Ethical and informed consent

There are no human Participants or animal in this paper, so ethics approval is not required. This paper's data came from databases that were made available to the public.

Competing interests

All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mo, J., Ke, J., Zhou, H. et al. Hybrid network intrusion detection system based on sliding window and information entropy in imbalanced dataset. Appl Intell 55, 433 (2025). https://doi.org/10.1007/s10489-025-06307-6

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10489-025-06307-6

Keywords