International Journal of Computer Network and Information Security (IJCNIS)
IJCNIS Vol. 17, No. 5, 8 Oct. 2025
Cover page and Table of Contents: PDF (size: 1562KB)
Intelligent Autoencoder with LSTM based Intrusion Detection and Recommender System
PDF (1562KB), PP.45-62
Views: 0 Downloads: 0
Author(s)
Index Terms
Deep Learning, Intrusion Detection, Auto Encoder, Ensemble Technique, Knowledge Graph
Abstract
With the swift growth of digital networks and information in both public and private sectors, it is essential to deal with the considerable threat that network attacks pose to data integrity and confidentiality. Consequently, there is a pressing requirement for the establishment of effective mechanisms to detect and provide recommendations for addressing intrusion attacks. In this paper, we propose a semantic-based intrusion detection system that aims to improve performance by incorporating semantic representations consisting of feature groups and their associated weights, leading to the creation of a weighted knowledge graph. The weights of the features are determined using sparse autoencoders. From these weights, the most significant features are normalized to a specific range. This approach comprises a combination of a Deep Auto Encoder (AE) and Long Short-Term Memory (LSTM) networks for intrusion detection. Furthermore, the ensemble method of Extreme Gradient Boosting (XGBoost) is used to identify and recommend high-probability attack scenarios. The dataset used to evaluate is the CSE-CIC-IDS dataset. Performance metrics such as accuracy, precision, recall, false positive rate, receiver operating characteristic metrics, loss, and error rate are used to measure the performance, and the results show the approach demonstrates substantial improvements in detection accuracy, minimizing false positives, enhancing reliability, and outperforming existing models. The combination of semantic knowledge, deep learning, and ensemble learning ensures a proactive and adaptive cybersecurity framework.
Cite This Paper
V. G. Aishvarya Shree, M. Thangaraj, "Intelligent Autoencoder with LSTM based Intrusion Detection and Recommender System", International Journal of Computer Network and Information Security(IJCNIS), Vol.17, No.5, pp.45-62, 2025. DOI:10.5815/ijcnis.2025.05.04
Reference
[1]D. Nedeljkovic and Z. Jakovljevic, “CNN based method for the development of cyber-attacks detection algorithms in industrial control systems,” Comput. Secur., vol. 114, p. 102585, Mar. 2022, doi: 10.1016/j.cose.2021.102585.
[2]G. Kocher and G. Kumar, “Machine learning and deep learning methods for intrusion detection systems: recent developments and challenges,” Soft Comput., vol. 25, no. 15, pp. 9731–9763, Aug. 2021, doi: 10.1007/s00500-021-05893-0.
[3]U. Ahmed et al., “Signature-based intrusion detection using machine learning and deep learning approaches empowered with fuzzy clustering,” Sci. Rep., vol. 15, no. 1, p. 1726, Jan. 2025, doi: 10.1038/s41598-025-85866-7.
[4]E. Gilliard, J. Liu, and A. A. Aliyu, “Knowledge graph reasoning for cyber attack detection,” IET Commun., vol. 18, no. 4, pp. 297–308, Mar. 2024, doi: 10.1049/cmu2.12736.
[5]C. Gutierrez and J. F. Sequeda, “Knowledge graphs,” Commun. ACM, vol. 64, no. 3, pp. 96–104, Mar. 2021, doi: 10.1145/3418294.
[6]N. Omer, A. H. Samak, A. I. Taloba, and R. M. Abd El-Aziz, “A novel optimized probabilistic neural network approach for intrusion detection and categorization,” Alexandria Eng. J., vol. 72, pp. 351–361, 2023, doi: 10.1016/j.aej.2023.03.093.
[7]S. M. Kasongo, “A deep learning technique for intrusion detection system using a Recurrent Neural Networks based framework,” Comput. Commun., vol. 199, no. October 2022, pp. 113–125, 2023, doi: 10.1016/j.comcom.2022.12.010.
[8]A. I. A. Alzahrani, A. Al-Rasheed, A. Ksibi, M. Ayadi, M. M. Asiri, and M. Zakariah, “Anomaly Detection in Fog Computing Architectures Using Custom Tab Transformer for Internet of Things,” Electronics, vol. 11, no. 23, p. 4017, Dec. 2022, doi: 10.3390/electronics11234017.
[9]A. A. Alsulami, Q. Abu Al-Haija, A. Tayeb, and A. Alqahtani, “An Intrusion Detection and Classification System for IoT Traffic with Improved Data Engineering,” Appl. Sci., vol. 12, no. 23, p. 12336, Dec. 2022, doi: 10.3390/app122312336.
[10]H. Benaddi, M. Jouhari, K. Ibrahimi, J. Ben Othman, and E. M. Amhoud, “Anomaly Detection in Industrial IoT Using Distributional Reinforcement Learning and Generative Adversarial Networks,” Sensors, vol. 22, no. 21, p. 8085, Oct. 2022, doi: 10.3390/s22218085.
[11]A. M. Banaamah and I. Ahmad, “Intrusion Detection in IoT Using Deep Learning.,” Sensors (Basel)., vol. 22, no. 21, p. 8417, Nov. 2022, doi: 10.3390/s22218417.
[12]J. Jang, Y. An, D. Kim, and D. Choi, “Feature Importance-Based Backdoor Attack in NSL-KDD,” Electronics, vol. 12, no. 24, p. 4953, Dec. 2023, doi: 10.3390/electronics12244953.
[13]A. Ayantayo et al., “Network intrusion detection using feature fusion with deep learning,” J. Big Data, vol. 10, no. 1, p. 167, Nov. 2023, doi: 10.1186/s40537-023-00834-0.
[14]Y. Hao, Y. Sheng, and J. Wang, “Variant Gated Recurrent Units With Encoders to Preprocess Packets for Payload-Aware Intrusion Detection,” IEEE Access, vol. 7, pp. 49985–49998, 2019, doi: 10.1109/ACCESS.2019.2910860.
[15]A. Abusitta, G. H. S. de Carvalho, O. A. Wahab, T. Halabi, B. C. M. Fung, and S. Al Mamoori, “Deep learning-enabled anomaly detection for IoT systems,” Internet of Things, vol. 21, p. 100656, Apr. 2023, doi: 10.1016/j.iot.2022.100656.
[16]S. Alzughaibi and S. El Khediri, “A Cloud Intrusion Detection Systems Based on DNN Using Backpropagation and PSO on the CSE-CIC-IDS2018 Dataset,” Appl. Sci., vol. 13, no. 4, p. 2276, Feb. 2023, doi: 10.3390/app13042276.
[17]M. A. Khan and J. Kim, “Toward Developing Efficient Conv-AE-Based Intrusion Detection System Using Heterogeneous Dataset,” Electronics, vol. 9, no. 11, p. 1771, Oct. 2020, doi: 10.3390/electronics9111771.
[18]P. R. Kanna and P. Santhi, “Hybrid Intrusion Detection using MapReduce based Black Widow Optimized Convolutional Long Short-Term Memory Neural Networks,” Expert Syst. Appl., vol. 194, p. 116545, May 2022, doi: 10.1016/j.eswa.2022.116545.
[19]P. Lin, K. Ye, and C.-Z. Xu, “Dynamic Network Anomaly Detection System by Using Deep Learning Techniques,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11513 LNCS, no. November, 2019, pp. 161–176. doi: 10.1007/978-3-030-23502-4_12.
[20]N. Hamdi, “Federated learning-based intrusion detection system for Internet of Things,” Int. J. Inf. Secur., vol. 22, no. 6, pp. 1937–1948, 2023, doi: 10.1007/s10207-023-00727-6.
[21]R. Atefinia and M. Ahmadi, “Network intrusion detection using multi-architectural modular deep neural network,” J. Supercomput., vol. 77, no. 4, pp. 3571–3593, Apr. 2021, doi: 10.1007/s11227-020-03410-y.
[22]S. Seth, K. K. Chahal, and G. Singh, “A Novel Ensemble Framework for an Intelligent Intrusion Detection System,” IEEE Access, vol. 9, pp. 138451–138467, 2021, doi: 10.1109/ACCESS.2021.3116219.
[23]S. Gautam, A. Henry, M. Zuhair, M. Rashid, A. R. Javed, and P. K. R. Maddikunta, “A Composite Approach of Intrusion Detection Systems: Hybrid RNN and Correlation-Based Feature Optimization,” Electronics, vol. 11, no. 21, p. 3529, Oct. 2022, doi: 10.3390/electronics11213529.
[24]Y. Hao, M. Wang, and J. H. Chow, “Likelihood Analysis of Cyber Data Attacks to Power Systems With Markov Decision Processes,” IEEE Trans. Smart Grid, vol. 9, no. 4, pp. 3191–3202, Jul. 2018, doi: 10.1109/TSG.2016.2628522.
[25]Q. Liu, L. Xing, and C. Zhou, “Probabilistic modeling and analysis of sequential cyber-attacks,” Eng. Reports, vol. 1, no. 4, pp. 1–19, 2019, doi: 10.1002/eng2.12065.
[26]A. Touré, Y. Imine, A. Semnont, T. Delot, and A. Gallais, “A framework for detecting zero-day exploits in network flows,” Comput. Networks, vol. 248, no. May, p. 110476, 2024, doi: 10.1016/j.comnet.2024.110476.
[27]Y. Guo, “A review of Machine Learning-based zero-day attack detection: Challenges and future directions,” Comput. Commun., vol. 198, pp. 175–185, 2023, doi: 10.1016/j.comcom.2022.11.001.
[28]J. Grana, D. Wolpert, J. Neil, D. Xie, T. Bhattacharya, and R. Bent, “A likelihood ratio anomaly detector for identifying within-perimeter computer network attacks,” J. Netw. Comput. Appl., vol. 66, pp. 166–179, May 2016, doi: 10.1016/j.jnca.2016.03.008.
[29]T. Mazhar et al., “Analysis of IoT Security Challenges and Its Solutions Using Artificial Intelligence,” Brain Sci., vol. 13, no. 4, 2023, doi: 10.3390/brainsci13040683.
[30]H. Kamal and M. Mashaly, “Enhanced Hybrid Deep Learning Models-Based Anomaly Detection Method for Two-Stage Binary and Multi-Class Classification of Attacks in Intrusion Detection Systems,” Algorithms, vol. 18, no. 2, p. 69, Jan. 2025, doi: 10.3390/a18020069.
[31]X. Yang, G. Peng, D. Zhang, and Y. Lv, “An Enhanced Intrusion Detection System for IoT Networks Based on Deep Learning and Knowledge Graph,” Secur. Commun. Networks, vol. 2022, no. Ml, 2022, doi: 10.1155/2022/4748528.
[32]P. Wang, J. Liu, D. Hou, and S. Zhou, “A Cybersecurity Knowledge Graph Completion Method Based on Ensemble Learning and Adversarial Training,” Appl. Sci., vol. 12, no. 24, 2022, doi: 10.3390/app122412947.
[33]G. Shen, W. Wang, Q. Mu, Y. Pu, Y. Qin, and M. Yu, “Data-Driven Cybersecurity Knowledge Graph Construction for Industrial Control System Security,” Wirel. Commun. Mob. Comput., vol. 2020, 2020, doi: 10.1155/2020/8883696.
[34]K. Liu, F. Wang, Z. Ding, S. Liang, Z. Yu, and Y. Zhou, “Recent Progress of Using Knowledge Graph for Cybersecurity,” Electron., vol. 11, no. 15, pp. 1–28, 2022, doi: 10.3390/electronics11152287.
[35]E. Kiesling, A. Ekelhart, K. Kurniawan, and F. Ekaputra, “The SEPSES Knowledge Graph: An Integrated Resource for Cybersecurity,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11779 LNCS, Springer, 2019, pp. 198–214. doi: 10.1007/978-3-030-30796-7_13.
[36]K. Kurniawan, A. Ekelhart, E. Kiesling, G. Quirchmayr, and A. M. Tjoa, “KRYSTAL: Knowledge graph-based framework for tactical attack discovery in audit data,” Comput. Secur., vol. 121, 2022, doi: 10.1016/j.cose.2022.102828.
[37]L. F. Sikos, “Cybersecurity knowledge graphs,” Knowl. Inf. Syst., vol. 65, no. 9, pp. 3511–3531, Sep. 2023, doi: 10.1007/s10115-023-01860-3.
[38]Y. Wan et al., “Making knowledge graphs work for smart manufacturing: Research topics, applications and prospects,” J. Manuf. Syst., vol. 76, pp. 103–132, Oct. 2024, doi: 10.1016/j.jmsy.2024.07.009.
[39]I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” ICISSP 2018 - Proc. 4th Int. Conf. Inf. Syst. Secur. Priv., vol. 2018-Janua, no. Cic, pp. 108–116, 2018, doi: 10.5220/0006639801080116.
[40]D. Bolzoni, “Revisiting anomaly-based network intrusion detection systems,” University of Twente, Enschede, The Netherlands, 2009. doi: 10.3990/1.9789036528535.
[41]N. Hubballi and V. Suryanarayanan, “False alarm minimization techniques in signature-based intrusion detection systems: A survey,” Comput. Commun., vol. 49, pp. 1–17, Aug. 2014, doi: 10.1016/j.comcom.2014.04.012.
[42]W. Tansey, O. Koyejo, R. A. Poldrack, and J. G. Scott, “False Discovery Rate Smoothing,” J. Am. Stat. Assoc., vol. 113, no. 523, pp. 1156–1171, Jul. 2018, doi: 10.1080/01621459.2017.1319838.
[43]K. Narayana Rao, K. Venkata Rao, and P. R. P.V.G.D., “A hybrid Intrusion Detection System based on Sparse autoencoder and Deep Neural Network,” Comput. Commun., vol. 180, pp. 77–88, Dec. 2021, doi: 10.1016/j.comcom.2021.08.026.
[44]A. Bhardwaj, V. Mangat, and R. Vig, “Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud,” IEEE Access, vol. 8, pp. 181916–181929, 2020, doi: 10.1109/ACCESS.2020.3028690.
[45]B. Yuan and K. K. Parhi, “Early Stopping Criteria for Energy-Efficient Low-Latency Belief-Propagation Polar Code Decoders,” IEEE Trans. Signal Process., vol. 62, no. 24, pp. 6496–6506, Dec. 2014, doi: 10.1109/TSP.2014.2366712.
[46]S. Velliangiri, S. Alagumuthukrishnan, and S. I. Thankumar Joseph, “A Review of Dimensionality Reduction Techniques for Efficient Computation,” Procedia Comput. Sci., vol. 165, pp. 104–111, 2019, doi: 10.1016/j.procs.2020.01.079.
[47]Y. Jia, Y. Qi, H. Shang, R. Jiang, and A. Li, “A Practical Approach to Constructing a Knowledge Graph for Cybersecurity,” Engineering, vol. 4, no. 1, pp. 53–60, 2018, doi: 10.1016/j.eng.2018.01.004.
[48]M. Buda, A. Maki, and M. A. Mazurowski, “A systematic study of the class imbalance problem in convolutional neural networks,” Neural Networks, vol. 106, pp. 249–259, 2018, doi: 10.1016/j.neunet.2018.07.011.
[49]A. Fernández, S. García, M. Galar, R. C. Prati, B. Krawczyk, and F. Herrera, Data Level Preprocessing Methods. 2018. doi: 10.1007/978-3-319-98074-4_5.
[50]J. Chen, L. Zhang, J. Riem, G. Adam, N. D. Bastian, and T. Lan, “RIDE: Real-time Intrusion Detection via Explainable Machine Learning Implemented in a Memristor Hardware Architecture,” Proc. - 2023 IEEE Conf. Dependable Secur. Comput. DSC 2023, Nov. 2023, doi: 10.1109/DSC61021.2023.10354120.
[51]S. K. R. Mallidi and R. R. Ramisetty, Advancements in training and deployment strategies for AI-based intrusion detection systems in IoT: a systematic literature review, vol. 5, no. 1. Springer International Publishing, 2025. doi: 10.1007/s43926-025-00099-4.
[52]M. L. Ali, K. Thakur, S. Schmeelk, J. Debello, and D. Dragos, “Deep Learning vs. Machine Learning for Intrusion Detection in Computer Networks: A Comparative Study,” Appl. Sci., vol. 15, no. 4, p. 1903, Feb. 2025, doi: 10.3390/app15041903.
[53]I. G. A. K. Pamungkas, T. Ahmad, and R. M. Ijtihadie, “Analysis of Autoencoder Compression Performance in Intrusion Detection System,” Int. J. Saf. Secur. Eng., vol. 12, no. 3, pp. 395–401, Jun. 2022, doi: 10.18280/ijsse.120314.
[54]A. Andalib and V. T. Vakili, “A Novel Dimension Reduction Scheme for Intrusion Detection Systems in IoT Environments,” Jul. 2020, doi: https://doi.org/10.48550/arXiv.2007.05922.