A Distributed İntrusion Detection Using Long Short-Term Memory-Gradient Repeating Unit and Enhanced Density Peak Clustering for Real-Time Cyber Threat Detection
1Ministry of Education, Karbala, Iraq
Email: wissamali77@gmail.com
|
Abstract Due to the huge number of devices that connect to Internet of Things (IoT) networks, these networks have become the main nerve of the organizations that use them due to the large services that the networks provide to companies. In recent years, the number of attacks targeting IoT networks to shut down or violate data privacy has increased, so system developers must build strong protection systems to keep those networks secure. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are one of the most promising protection systems in securing these networks, but they suffer from several challenges, including high false positive alarms (FPA) and false negative alarms (FNA), in addition to the difficulty of controlling the long-time chains of incoming and outgoing traffic in IoT networks. This paper presents a distributed intrusion detection system (DIDS) based on the use of deep learning algorithms, specifically the enhanced long short-term memory (LSTM) algorithm with the gradient repeating unit (GRU) algorithm, as well as the use of a modern dataset collected from real network data called CICIOT2023. To adjust the threshold and achieve a balanced approach to the detection of anomalies, a hybrid model of the Enhanced Peak Density (DPC) aggregation algorithm with ROC curve analysis was used. The proposed work's main innovation is the combination of top-k feature selection with a hybrid LSTM-GRU architecture optimized for imbalanced datasets using focal loss, SMOTE, and dynamic class weighting. As a result, the intrusion detection pipeline is strong and effective. To evaluate the functioning of the system, standard performance metrics such as AUC-ROC, accuracy, F1-score, and recall were used, as the proposed system proved to be a powerful solution to prevent complex attacks targeting IoT networks as well as the possibility of detecting rare and modern attacks. The proposed model achieved promising results with accurate results reaching (96.0%) and a false negative rate (FNR) of 0.049% and a false positive rate (FPR) of 0.014%.
|
Received: February 13, 2025 Revised: May 21, 2025 Accepted: July 03, 2025
Keywords: Intrusion detection system; Intrusion prevention system; Machine learning; Deep learning; Artificial intelligent; Long short-term memory; Gradient repeating unit