Open Access

ARTICLE

Intrusion Detection Model on Network Data with Deep Adaptive Multi-Layer Attention Network (DAMLAN)

Fatma S. Alrayes¹, Syed Umar Amin^2,*, Nada Ali Hakami², Mohammed K. Alzaylaee³, Tariq Kashmeery⁴

1 Information Systems Department, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, Riyadh, 11671, Saudi Arabia
2 Computer Science Department, College of Computer & Information Sciences, Prince Sultan University, 11586, Riyadh
3 Department of Computing, College of Engineering and Computing, Umm Al-Qura University, Makkah, 24382, Saudi Arabia
4 College of Computing, Umm Al-Qura University, Makkah, 24382, Saudi Arabia

* Corresponding Author: Syed Umar Amin. Email:

Computer Modeling in Engineering & Sciences 2025, 144(1), 581-614. https://doi.org/10.32604/cmes.2025.065188

Received 06 March 2025; Accepted 08 July 2025; Issue published 31 July 2025

Abstract

The growing incidence of cyberattacks necessitates a robust and effective Intrusion Detection Systems (IDS) for enhanced network security. While conventional IDSs can be unsuitable for detecting different and emerging attacks, there is a demand for better techniques to improve detection reliability. This study introduces a new method, the Deep Adaptive Multi-Layer Attention Network (DAMLAN), to boost the result of intrusion detection on network data. Due to its multi-scale attention mechanisms and graph features, DAMLAN aims to address both known and unknown intrusions. The real-world NSL-KDD dataset, a popular choice among IDS researchers, is used to assess the proposed model. There are 67,343 normal samples and 58,630 intrusion attacks in the training set, 12,833 normal samples, and 9711 intrusion attacks in the test set. Thus, the proposed DAMLAN method is more effective than the standard models due to the consideration of patterns by the attention layers. The experimental performance of the proposed model demonstrates that it achieves 99.26% training accuracy and 90.68% testing accuracy, with precision reaching 98.54% on the training set and 96.64% on the testing set. The recall and F1 scores again support the model with training set values of 99.90% and 99.21% and testing set values of 86.65% and 91.37%. These results provide a strong basis for the claims made regarding the model’s potential to identify intrusion attacks and affirm its relatively strong overall performance, irrespective of type. Future work would employ more attempts to extend the scalability and applicability of DAMLAN for real-time use in intrusion detection systems.

---

Keywords

---