A Hybrid CNN–LSTM-Based Intrusion Detection System Trained on UNSW-NB15 for Accurate Cyber Threat Detection

Abstract

The increasing sophistication of cyber threats requires advanced intrusion detection systems that is capable of detecting both known and unknown attack patterns. Traditional Intrusion Detection Systems (IDS) that rely on signatures for detection have fundamental limitations when facing zero-day attacks and advanced persistent threats. This research proposes a hybrid deep learning architecture that combines Convolutional Neural Networks (CNN) with Long Short-Term Memory (LSTM) networks to enhance detection accuracy and maintain reliable performance across intrusion scenarios. While many earlier studies have relied on datasets such as NSL-KDD, this work uses the more contemporary UNSWNB15 dataset which labor under an outdated assumption of attack vectors, our model is built, trained, and evaluated using the UNSW-NB15 dataset that contains modern attack vectors, and more realistic network traffic scenarios. The CNN component is able to extract spatial features from the characteristics of the network traffic, and the LSTM component in the hybrid model is able to learn the temporal dependencies and sequence of packet flows in the traffic. On the UNSW-NB15 dataset, the hybrid architecture reached 96.78% validation accuracy and an F1-score above 96%, indicating competitive performance relative to published UNSW-NB15 benchmarks, while demonstrating improved performance over baseline machine learning and single-model deep learning approaches on UNSW-NB15. Through comprehensive evaluation using confusion matrix, ROC-AUC curves, precision and recall metrics, and computational efficiency, we established evidence of the model’s efficacy for real-time deployments. The findings show that the model achieves strong detection accuracy while maintaining a reasonable balance between precision and false alarms.