Network Attack Detection with LSTM-Based Model

The rising frequency of network-based attacks, such as Distributed Denial of Service (DDoS) and Port Scanning, underscores the critical need for advanced detection systems. This study presents a Long Short-Term Memory (LSTM)-based model tailored for the detection of network intrusions. Leveraging real-time sequential data, the proposed system identifies malicious activities by analysing network traffic patterns across key attributes. The dataset comprises four distinct classes: BENIGN, DDoS, PortScan, and DoS, with preprocessing steps that include correlation-based feature selection, scaling, and label encoding. The LSTM model architecture incorporates a 128-unit hidden layer with ReLU activation, dropout for overfitting mitigation, and dense layers for feature extraction. The model achieves an accuracy of 97%, with detailed evaluation metrics such as precision, recall, and F1-scores for all attack classes. This research demonstrates the efficacy of deep learning in network intrusion detection and provides a scalable approach for real-time deployment. 

Methods: The data has to be pre-processed to handle the missing values, label encoding, feature selection and data reshaping. The pre-processed data will be used for training and testing purposes. The proposed model uses 10 epochs on the training dataset and the model is evaluated based on the test data. The input samples will be supplied to LSTM with 128 units and RelU activation function by setting the dropout layer to zero and 32 neurons at dense layer to produce the four possible classes at output layer.

Results: The proposed system performance is evaluated based on the classification report which includes precision, recall and F1-score which showcase the accuracy of 97%.

Conclusion: The LSTM offers a reliable method to enhance the network threat detection capabilities. With these enhanced capabilities, the proposed system can handle various attacks in real time environments.