Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.081311
Special Issues
Table of Content

Open Access

ARTICLE

A Novel Hybrid Evolutionary Transformer-Long Short-Term Memory Model for Unified Anomaly Detection in IoT and Cyber-Physical Networks

Pardis Sadatian Moghaddam1, Mahyar Mahmoudi2, Nuria Serrano3, Francisco Hernando-Gallego4, Diego Martín3,*, José Vicente Álvarez-Bravo3
1 Department of Computer Science, Georgia State University, Atlanta, GA, USA
2 Faculty School of Industrial Engineering and Management, Oklahoma State University, Stillwater, OK, USA
3 Department of Computer Science, Escuela de Ingeniería Informática de Segovia, Universidad de Valladolid, Segovia, Spain
4 Department of Applied Mathematics, Escuela de Ingeniería Informática de Segovia, Universidad de Valladolid, Segovia, Spain
* Corresponding Author: Diego Martín. Email: email
(This article belongs to the Special Issue: Secure and Intelligent Intrusion Detection for IoT and Cloud-Integrated Environments)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.081311

Received 10 March 2026; Accepted 29 May 2026; Published online 29 June 2026

Abstract

The rapid proliferation of the Internet of Things (IoT) and cyber-physical systems (CPS) within critical infrastructure sectors has significantly expanded the attack surface for advanced and stealthy cyber threats. Since these systems increasingly rely on real-time data exchange and autonomous control, developing intelligent, scalable, and adaptive anomaly detection mechanisms has become a pressing requirement. This paper proposes a novel hybrid framework, evolutionary-transformer-long short-term memory (Evo-Transformer-LSTM), that integrates the temporal modeling capability of LSTM networks, the global attention mechanism of Transformer encoders, and the optimization power of the improved chimp optimization algorithm (IChOA) for hyper-parameter tuning. In the proposed architecture, the Transformer encoder extracts high-level contextual patterns from traffic sequences, while the LSTM component captures local temporal dependencies. The framework is rigorously evaluated on four benchmark datasets from the Canadian Institute for Cybersecurity (CIC): CIC-IDS-2017, CSE-CIC-IDS-2018, CIC IoT-DIAD (2024), and CICIoV (2024). Comparative experiments are conducted against several state-of-the-art baselines, including transformer, LSTM, bidirectional encoder representations from transformers (BERT), deep reinforcement learning (DRL), convolutional neural network (CNN), k-nearest neighbors (KNN), and random forest (RF) classifiers. Results show that the proposed Evo-Transformer-LSTM achieves up to 98.25% accuracy, an F1-score of 97.91%, and an area under the curve (AUC) of 99.36% on CIC-IDS 2017, while maintaining above 96% accuracy and 98% AUC even on the more challenging CICIoV 2024 dataset, consistently surpassing all baseline models. In addition, statistical significance tests confirm the superiority of the proposed approach. In conclusion, Evo-Transformer-LSTM offers a unified, scalable, and robust solution for anomaly detection in modern IoT and CPS infrastructures, with potential for real-world deployment in security-sensitive domains.

Keywords

Internet of Things; cyber-physical systems; intrusion detection datasets; transformer; long short-term memory; chimp optimization algorithm
  • 23

    View

  • 4

    Download

  • 0

    Like

Share Link