Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.076283
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

IntrusionNet: Deep Learning-Based Hybrid Model for Detection of Known and Zero-Day Attacks

Sarmad Dheyaa Azeez1, Saadaldeen Rashid Ahmed2,3, Muhammad Ilyas4,*, Abu Saleh Musa Miah5, Fahmid Al Farid6,7,*, Md. Hezerul Abdul Karim6,*
1 Department of Electrical and Computer Engineering, Altinbas University, Istanbul, Türkiye
2 Artificial Intelligence Engineering Department, College of Engineering, Al-Ayen University, Nasiriyah, Thi-Qar, Iraq
3 Computer Science, Bayan University, Erbil, Kurdistan, Iraq
4 Department of Cybersecurity, College of Engineering, Al Ain University, Abu Dhabi, United Arab Emirates
5 Computer Science and Engineering, University of Rajshahi, Rajshahi, Bangladesh
6 Faculty of Computer Science and Informatics, Berlin School of Business and Innovation, Karl-Marx-Straße 97-99, Berlin, Germany
7 Centre for Image and Vision Computing (CIVC), COE for Artificial Intelligence, Faculty of Artificial Intelligence and Engineering (FAIE), Multimedia University, Cyberjaya, Selangor, Malaysia
* Corresponding Author: Muhammad Ilyas. Email: email; Fahmid Al Farid. Email: email; Md. Hezerul Abdul Karim. Email: email
(This article belongs to the Special Issue: Advances in Machine Learning and Artificial Intelligence for Intrusion Detection Systems)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.076283

Received 18 November 2025; Accepted 14 February 2026; Published online 08 April 2026

Abstract

Traditional Intrusion Detection Systems (IDSs) that rely on fixed signatures or basic machine learning often struggle with sophisticated, multi-stage cyberattacks and previously unknown threats. To fix these problems, this paper introduces IntrusionNet, a mixed deep learning system that combines Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), and Autoencoders in a two-part design. Differing from typical stacked models, IntrusionNet works on two levels at the same time. First, a supervised CNN-RNN process pulls spatial-temporal data from traffic flows to sort well-known attack patterns. Second, an unsupervised Autoencoder process spots new anomalies by looking at reconstruction error limits. This approach allows the automatic learning of threat traits as they change, without needing someone to do it by hand. The system was tested on the UNSW-NB15 data set, picked because it realistically includes many kinds of attacks, like Fuzzers, Shellcode, and Worms. Tests show that IntrusionNet gets an accuracy of 98.80% and an F1-score of 0.985, doing better than other systems, especially with less common attack types. Also, tests using Precision-Recall (PR) analysis and False Positive Rate (FPR) measurements prove that the model handles class imbalance well, which is key for real-world security. The suggested system can be scaled up easily and performs calculations fast, making it a possible key part of real-time detection in Security Information and Event Management (SIEM) systems.

Keywords

Intrusion detection system (IDS); deep learning; CNN-RNN hybrid; anomaly detection; UNSW-NB15; network security; real-time detection; IntrusionNet; temporal modeling; cybersecurity

  • 38

    View

  • 7

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link