Volume 17 , Issue 2 , PP: , 2026 | Cite this article as | XML | Html | PDF | Full Length Article
Mohammed Ibrahim Kareem 1 * , Aladdin Abdulhassan 2 , Abdullah Yousif Lafta 3 , Hussein Ibrahim Hussein 4 , Ali Z. K. Matloob 5
Doi: https://doi.org/10.54216/JCIM.170217
The increasing sophistication of ransomware and zero-day attacks demands advanced intrusion detection systems. This paper proposes a hybrid deep learning model that combines Temporal Convolutional Networks (TCN) and Long Short-Term Memory (LSTM) networks, augmented with Principal Component Analysis (PCA) for feature selection. Evaluated on the UGRansome dataset, our hybrid TCN-LSTM-PCA model achieves superior performance compared to standalone LSTM, TCN-PCA, and LSTM-PCA baselines, attaining 98.82% accuracy (a 4.09 percentage-point improvement over LSTM-PCA) and 0.99 F1-score across all attack classes while maintaining computational efficiency at 13 seconds per epoch. The architecture’s effectiveness stems from its synergistic design: TCN layers capture local temporal patterns in network traffic, while LSTM modules model long-range attack sequences. PCA preprocessing reduces feature dimensionality by 83%, retaining seven critical indicators including Netflow Bytes and Protocol flags that collectively explain 92% of variance. Experimental results demonstrate exceptional robustness, with only 0.18% misclassification between attack categories and consistent performance across ransomware variants. This study sets a new state of the art in real-time threat detection, delivering an efficient hybrid architecture that satisfies practical deployment constraints while achieving 98.82% accuracy and 0.99 precision, thereby striking a strong accuracy–efficiency balance.
Hybrid Deep Learning , Ransomware Detection , Zero-Day Attacks , Temporal Convolutional Net-works (TCN) , Long Short-Term Memory (LSTM)
[1] Fadziso, Takudzwa, Upendar Rao Thaduri, Sreekanth Dekkati, VKR Ballamudi, and Harshith Desamsetti. "Evolution of the cyber security threat: an overview of the scale of cyber threat." Digitalization & Sustainability Review, vol. 3, no. 1, 2023, pp. 1–12.
[2] Hakim, Arif Rahman, Kalamullah Ramli, Teddy Surya Gunawan, and Susila Windarta. "A Novel Digital Forensic Framework for Data Breach Investigation." IEEE Access, vol. 11, 2023, pp. 42644–42659. doi:10.1109/ACCESS.2023.3270619
[3] Simonetto, Stefano, and Peter Bosch. "Comprehensive threat analysis and systematic mapping of CVEs to MITRE framework." In 1st International Conference on Natural Language Processing and Artificial Intelligence for Cyber Security, NLPAICS 2024, 2024.
[4] Djenouri, Youcef, Ahmed Nabil Belbachir, Asma Belhadi, Tomasz Michalak, and Gautam Sri- vastava. "Next-Gen Metaverse Security Through Intrusion Detection Enhanced by Transformers and GANs." IEEE Internet of Things Journal, vol. 12, no. 12, 2025, pp. 20640–20651. doi:10.1109/JIOT.2025.3545803
[5] Walling, Supongmen, and Sibesh Lodh. "An Extensive Review of Machine Learning and Deep Learning Techniques on Network Intrusion Detection for IoT." Transactions on Emerging Telecommunications Technologies, vol. 36, no. 2, 2025, e70064. doi:10.1002/ett.70064
[6] Nkongolo, Michel. "UGRansom: A Comprehensive Ransomware Network Traffic Dataset for Anomaly Detection." Data, vol. 7, no. 12, 2022, p. 168. doi:10.3390/data7120168. Available at: https://www. kaggle.com/datasets/nkongolo/ugransome-dataset
[7] Hochreiter, Sepp, and Jürgen Schmidhuber. "Long Short-Term Memory." Neural Computation, vol. 9, no. 8, 1997, pp. 1735–1780. doi:10.1162/neco.1997.9.8.1735
[8] Huang, Weiqing, Xiao Peng, Zhixin Shi, and Yuru Ma. "Adversarial Attack against LSTM-based DDoS Intrusion Detection System." In 2020 IEEE 32nd International Conference on Tools with Artificial Intelligence (ICTAI), 2020, pp. 686–693. doi:10.1109/ICTAI50040.2020.00110
[9] Almaiah, Mohammed Amin, Omar Almomani, Adeeb Alsaaidah, Shaha Al-Otaibi, Nabeel Bani- Hani, Ahmad K. Al Hwaitat, Ali Al-Zahrani, Abdalwali Lutfi, Ali Bani Awad, and Theyazn H. H. Aldhyani. "Performance Investigation of Principal Component Analysis for Intrusion Detection System Using Different Support Vector Machine Kernels." Electronics, vol. 11, no. 21, 2022, p. 3571. doi:10.3390/electronics11213571. Available at: https://www.mdpi.com/2079-9292/11/21/ 3571
[10] C. Lea, R. Vidal, A. Reiter, and G. D. Hager, “Temporal Convolutional Networks: A Unified Approach to Action Segmentation,” arXiv preprint arXiv:1608.08242, 2016. Available: https://arxiv.org/abs/1608.08242.
[11] Wang, Yang, et al. "Challenges in Deep Learning for Security." In Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), 2022.
[12] R. O. Ogundokun, J. B. Awotunde, P. Sadiku, E. A. Adeniyi, M. Abiodun, and O. I. Dauda, “An enhanced intrusion detection system using particle swarm optimization feature extraction technique,” Procedia Computer Science, vol. 193, pp. 504–512, 2021, Elsevier.
[13] Javed, Muhammad, et al. "Sequence Modeling in Cybersecurity." IEEE Transactions on Information Forensics and Security, vol. 17, 2022.
[14] K. Pearson, “On lines and planes of closest fit to systems of points in space,” The London, Edinburgh, and Dublin Philosophical Magazine and Journal of Science, vol. 2, no. 11, pp. 559–572, 1901, Taylor & Francis.
[15] National Institute of Standards and Technology. SP 800-94 Rev2: Intrusion Detection System Requirements, 2023.
[16] D. E. Denning, “An intrusion-detection model,” IEEE Transactions on Software Engineering, vol. SE-13, no. 2, pp. 222–232, 1987, doi: 10.1109/TSE.1987.232894.
[17] Raj, Vikram, et al. "Zero-Day Detection with BiLSTM." In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2021.
[18] Chen, Zhiyuan, et al. "TCN-Based IDS." In 29th USENIX Security Symposium (USENIX Security 20), 2020.
[19] Wang, Yuchen, et al. "Temporal Pattern Analysis." In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), 2021.
[20] Y. Zhao, J. Ren, B. Zhang, J. Wu, and Y. Lyu, “An explainable attention-based TCN heartbeats classification model for arrhythmia detection,” Biomedical Signal Processing and Control, vol. 80, p. 104337, 2023, Elsevier.
[21] Shah, Priyank, et al. "Ransomware Feature Selection." IEEE Transactions on Information Forensics and Security, vol. 16, 2021.
[22] S. Bacha, A. Aljuhani, K. B. Abdellafou, O. Taouali, N. Liouane, and M. Alazab, “Anomaly-based in-trusion detection system in IoT using kernel extreme learning machine,” Journal of Ambient Intelligence and Humanized Computing, vol. 15, no. 1, pp. 231–242, 2024, Springer.
[23] National Institute of Standards and Technology. Feature Selection Guidelines, SP 800-94 Rev3, 2023.
[24] Zhang, Liang, et al. "Hybrid LSTM-TCN." IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 6, 2020.
[25] Kumar, Rakesh, et al. "Attention-Based IDS." ACM Transactions on Privacy and Security, vol. 24, no. 3, 2021.
[26] Javed, Mohammad, et al. "DDoS Detection with PCA." IEEE Transactions on Network and Service Management, vol. 18, no. 2, 2021.
[27] Alzanin, Samah. "Explainable Artificial Intelligence with Temporal Convolutional Networks for Adverse Weather Condition Detection in Driverless Vehicles." Scientific Reports, vol. 15, no. 1, 2025, p. 19475.
[28] Dash, Nitu, et al. "An Optimized LSTM-Based Deep Learning Model for Anomaly Network Intrusion Detection." Scientific Reports, vol. 15, no. 1, 2025, p. 1554.
[29] Elkhadir, Zyad, and M. Achkari Begdouri. "Enhancing Internet of Things Attack Detection Using Principal Component Analysis and Kernel Principal Component Analysis with Cosine Distance and Sigmoid Kernel." International Journal of Electrical & Computer Engineering, vol. 15, no. 1, 2025, pp. 1099.1108-
[30] A. Z. K. Matloob, M. I. Kareem, and H. K. Alwan, “Machine learning-based classification models for efficient DDoS detection,” International Journal of Computing and Digital Systems, vol. 17, no. 1, pp. 1–13, 2025. doi: 10.12785/ijcds/1571110617.
[31] S. S. Mahdi, S. A. Hussein, and A. A. Abdullah, “Developing a Neural Network Model Using SERLU Function to Detect Low-Rate DDoS Attacks,” in Proc. 2025 International Conference on Computer Science and Software Engineering (CSASE), pp. 246–251, IEEE, 2025.
[32] S. A. Hussein, S. S. Mahdi, and A. A. Abdullah, “Quantum network security: A quantum firewall approach,” Infocommunications Journal, vol. 17, no. 1, 2025.
