Open Access

ARTICLE

IntrusionNet: Deep Learning-Based Hybrid Model for Detection of Known and Zero-Day Attacks

Sarmad Dheyaa Azeez¹, Saadaldeen Rashid Ahmed^2,3, Muhammad Ilyas^4,*, Abu Saleh Musa Miah⁵, Fahmid Al Farid^6,7,*, Md. Hezerul Abdul Karim^6,*

1 Department of Electrical and Computer Engineering, Altinbas University, Istanbul, Türkiye
2 Artificial Intelligence Engineering Department, College of Engineering, Al-Ayen University, Nasiriyah, Thi-Qar, Iraq
3 Computer Science, Bayan University, Erbil, Kurdistan, Iraq
4 Department of Cybersecurity, College of Engineering, Al Ain University, Abu Dhabi, United Arab Emirates
5 Computer Science and Engineering, University of Rajshahi, Rajshahi, Bangladesh
6 Faculty of Computer Science and Informatics, Berlin School of Business and Innovation, Karl-Marx-Straße 97-99, Berlin, Germany
7 Centre for Image and Vision Computing (CIVC), COE for Artificial Intelligence, Faculty of Artificial Intelligence and Engineering (FAIE), Multimedia University, Cyberjaya, Selangor, Malaysia

* Corresponding Authors: Muhammad Ilyas. Email: ; Fahmid Al Farid. Email: ; Md. Hezerul Abdul Karim. Email:

(This article belongs to the Special Issue: Advances in Machine Learning and Artificial Intelligence for Intrusion Detection Systems)

Computers, Materials & Continua 2026, 88(1), 51 https://doi.org/10.32604/cmc.2026.076283

Received 18 November 2025; Accepted 14 February 2026; Issue published 08 May 2026

Abstract

Traditional Intrusion Detection Systems (IDSs) that rely on fixed signatures or basic machine learning often struggle with sophisticated, multi-stage cyberattacks and previously unknown threats. To fix these problems, this paper introduces IntrusionNet, a mixed deep learning system that combines Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), and Autoencoders in a two-part design. Differing from typical stacked models, IntrusionNet works on two levels at the same time. First, a supervised CNN-RNN process pulls spatial-temporal data from traffic flows to sort well-known attack patterns. Second, an unsupervised Autoencoder process spots new anomalies by looking at reconstruction error limits. This approach allows the automatic learning of threat traits as they change, without needing someone to do it by hand. The system was tested on the UNSW-NB15 data set, picked because it realistically includes many kinds of attacks, like Fuzzers, Shellcode, and Worms. Tests show that IntrusionNet gets an accuracy of 98.80% and an F1-score of 0.985, doing better than other systems, especially with less common attack types. Also, tests using Precision-Recall (PR) analysis and False Positive Rate (FPR) measurements prove that the model handles class imbalance well, which is key for real-world security. The suggested system can be scaled up easily and performs calculations fast, making it a possible key part of real-time detection in Security Information and Event Management (SIEM) systems.

---

Keywords

---