Ablation study results on UNSW-NB15 dataset.

Ablation study results on UNSW-NB15 dataset.

<div><p>The rapid evolution of cyber threats poses significant challenges to the adaptability and performance of anomaly detection systems. This study presents an innovative hybrid deep learning framework that integrates Convolutional Neural Networks (CNN), Long Short-Term Memory network...

Full description

Saved in:
Bibliographic Details
Main Author: Jun Wang (5906) (author)
Other Authors: Ning Huang (623370) (author), Houzhong Zhang (22521907) (author), Luyun Liu (18972569) (author), Qiang Fu (129583) (author), Kerang Cao (21602045) (author), Xiwang Guo (22521910) (author), Hoekyung Jung (21602051) (author)
Published: 2025
Subjects:
Developmental Biology
Space Science
Biological Sciences not elsewhere classified
Information Systems not elsewhere classified
term memory networks
representing significant improvements
new attack patterns
knowledge preservation strategy
key contributions include
20 hours post
network anomaly detection
maintains detection capabilities
anomaly detection systems
temporal traffic patterns
day simulated period
learning model fusion
adaptive learning mechanism
proposed framework offers
div >< p
cicids2017 datasets respectively
4 ± 0
metric drift detection
learning mechanism
detection rate
transformer model
proposed cnn
framework ’
day attacks
anomalous traffic
transformer models
synergistic two
study presents
recent methods
rapid evolution
promising direction
normal vs
hybrid cnn
handling dynamic
experiments demonstrate
evolving threats
developing efficient
detect drifts
binary classification
average accuracy
autonomously responds
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:<div><p>The rapid evolution of cyber threats poses significant challenges to the adaptability and performance of anomaly detection systems. This study presents an innovative hybrid deep learning framework that integrates Convolutional Neural Networks (CNN), Long Short-Term Memory networks (LSTM), and Transformer models with a novel self-learning mechanism to enhance network traffic anomaly detection. Our key contributions include: (1) a synergistic two-stage model fusion architecture that captures both spatial and temporal traffic patterns; (2) an adaptive learning mechanism with multi-metric drift detection that autonomously responds to evolving threats; and (3) a knowledge preservation strategy that maintains detection capabilities while adapting to new attack patterns. The proposed CNN-LSTM model achieves F1-scores of 0.9778 and 0.9695 on the UNSW-NB15 and CICIDS2017 datasets respectively for binary classification of normal vs. anomalous traffic. The LSTM-Transformer model further classifies specific anomaly types with accuracies of 0.9632 and 0.9528 on these datasets, representing significant improvements over recent methods. Experiments demonstrate the framework’s robustness, maintaining an average accuracy of 0.955 ( 0.005) over a 15-day simulated period with multiple induced concept drifts. The self-learning mechanism, with multi-metric drift detection and an efficient model update strategy, enables the system to detect drifts and recover performance within 23.4 ± 0.20 hours post-drift, while achieving a 92.8% detection rate for zero-day attacks. The proposed framework offers a promising direction for developing efficient and autonomous cybersecurity systems capable of handling dynamic and evolving threat landscapes.</p></div>

Similar Items