AI-BASED NETWORK TRAFFIC ANOMALY AND INTRUSION DETECTION USING DEEP LEARNING AND HYBRID SPATIO-TEMPORAL MODELING

Abstract

Traditional intrusion detection systems that rely on known signatures still work well for previously identified threats. However, they struggle to detect new or evolving attacks. Anomaly-based approaches attempt to solve this issue by identifying unusual patterns in network traffic, but they often generate a high number of false alarms because normal traffic behavior can vary significantly.

In this study, we propose an AI-based framework for detecting network anomalies and intrusions using a hybrid deep learning model that combines Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks. The CNN component is used to capture important patterns and relationships within traffic features, while the LSTM component analyzes how these patterns change over time. This combination makes it possible to detect complex, multi-stage attacks as well as slow, evolving threats.

We evaluate the proposed model using well-known benchmark datasets, including UNSW-NB15 and the IoT- focused TII-SSRC-23 dataset. The results show strong performance, with the model achieving 98.2% accuracy, 97.1% precision, and 98.7% recall, along with a low false alarm rate of 1.9%. Overall, the findings suggest that combining spatial and temporal deep learning techniques can significantly improve intrusion detection in modern, complex network environments.