Real-Time Threat Detection Using Network Flow Analysis and LSTM Networks
DOI:
https://doi.org/10.21590/4m7wnp21Abstract
The increasing volume and sophistication of cyberattacks demand advanced techniques for real-time threat detection in network environments. Traditional signature-based intrusion detection systems often fail to detect novel or evolving threats. This paper presents a deep learning approach that leverages network flow data and Long Short-Term Memory (LSTM) networks for early and accurate anomaly detection. Using the CICIDS2017 dataset, which includes benign and malicious traffic patterns across various attack vectors (e.g., DDoS, PortScan, BotNet), we construct a time-series representation of flow statistics including packet counts, byte counts, and time deltas. The LSTM model is trained to recognize normal traffic patterns and flag deviations as potential threats. Our model achieves a detection accuracy of 94.5% with a low false-positive rate of 3.1%. We compare its performance with classical machine learning models such as Random Forest and Support Vector Machines, noting superior recall and faster detection latency with LSTM. Furthermore, the system supports online inference, making it suitable for deployment in high-throughput environments. The paper discusses limitations, including model interpretability and handling encrypted traffic. By combining temporal awareness and behavioral modeling, this work contributes to the development of intelligent, adaptive intrusion detection systems that can be deployed in modern network security architectures.
References
1. Canadian Institute for Cybersecurity. (2017). CICIDS2017 Dataset. Retrieved from
https://www.unb.ca/cic/datasets/ids-2017.html
2. Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8),
1735–1780.
3. Jena, J. (2018). The impact of gdpr on u.S. Businesses: Key considerations for compliance.
International Journal of Computer Engineering and Technology, 9(6), 309-319.
https://doi.org/10.34218/IJCET_09_06_032
4. Kim, Y., Kim, W., & Kim, Y. (2016). Long short-term memory recurrent neural network classifier
for intrusion detection. ICACT, 814–817.
5. Mirsky, Y., Doitshman, T., Elovici, Y., & Shabtai, A. (2018). Kitsune: An ensemble of autoencoders
for online network intrusion detection. NDSS.
6. Bellamkonda, S. (2015). Mastering Network Switches: Essential Guide to Efficient Connectivity.
NeuroQuantology, 13(2), 261-268.
7. Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017). Deep learning approach for
intelligent intrusion detection system. IEEE Symposium Series on Computational Intelligence
(SSCI).
8. Wang, W., Sheng, Y., Wang, J., et al. (2017). HAST-IDS: Learning hierarchical spatial-temporal
features using deep neural networks to improve intrusion detection. IEEE Access, 6, 1792–1806.
9. Moustafa, N., & Slay, J. (2016). UNSW-NB15: A comprehensive data set for network intrusion
detection systems. Military Communications and Information Systems Conference.
10. Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network
intrusion detection. IEEE Symposium on Security and Privacy, 305–316.
11. Diro, A. A., & Chilamkurti, N. (2018). Distributed attack detection scheme using deep learning
approach for IoT. Future Generation Computer Systems, 82, 761–768.
12. Vangavolu, S. V. (2019). State Management in Large-Scale Angular Applications. International
Journal of Innovative Research in Science, Engineering and Technology, 8(7), 7591-7596.
https://www.ijirset.com/upload/2019/july/1_State.pdf
13. Shone, N., Ngoc, T. N., Phai, V. D., & Shi, Q. (2018). A deep learning approach to network
intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1), 41–
50.
14. Sculley, D., Holt, G., Golovin, D., et al. (2015). Hidden technical debt in machine learning systems.
Advances in Neural Information Processing Systems, 28.
15. Lee, W., & Stolfo, S. J. (2000). A framework for constructing features and models for intrusion
detection systems. ACM Transactions on Information and System Security, 3(4), 227–261.
16. Goli, V. R. (2015). The evolution of mobile app development: Embracing cross-platform
frameworks. International Journal of Advanced Research in Engineering and Technology, 6(11), 99–
111. https://doi.org/10.34218/IJARET_06_11_010 17. Gu, G., Porras, P., Yegneswaran, V., Fong, M., & Lee, W. (2007). BotHunter: Detecting malware
infection through IDS-driven dialog correlation. USENIX Security Symposium.
18. Satish Kumar Nalluri, Venkata Krishna Bharadwaj Parasaram. (2019). Software-Centric Automation
Frameworks Integrating AI and Cybersecurity Principles. International Journal of Engineering
Science & Humanities, 9(1), 30–40. Retrieved from https://www.ijesh.com/j/article/view/539
19. Scikit-learn Developers. (2020). Scikit-learn: Machine Learning in Python. https://scikit-learn.org
20. TensorFlow Developers. (2020). TensorFlow v1.15 Documentation. https://www.tensorflow.org
