Hybrid network intrusion detection system based on sliding window and information entropy in imbalanced dataset

Enhancing the integrity of the information security infrastructure requires the monitoring and analysis of anomalous network activities. And due to the network ecosystem's increased diversity and complexity as a result of information technology's rapid growth, classic intrusion detection techniques are no longer adequate for identifying and evaluating network anomaly patterns from a variety of integration and channel viewpoints. Meanwhile, the class imbalance problem associated with intrusion detection datasets limits classifiers' ability to recognize minority classes. To improve the detection rate of minority classes while ensuring efficiency, we propose a multi-channel intrusion detection model based on CNN_LSTM, referred to as ENS_CLSTM.The model that is being provided resamples the data using the sliding window approach and information entropy technology in order to balance the amount of normal and abnormal classes. The spatial features of the data are retrieved using a Convolution Neural Network (CNN), while the temporal features are extracted using a Bidirectional Long-Short Term Memory (Bi_LSTM), after integrates the dual-channel features stream into the final Deep Neural Network (DNN). The advantages of the proposed model are verified using the NSL-KDD,UNSW-NB15,CICIDS2017,CSE-CIC-IDS-2018 and ISCX-IDS2012 datasets. According to the experimental results, an accuracy of 99.67% was attained on the UNSW-NB15 dataset and 99.997% on the NSL-KDD dataset. Furthermore, on the CICIDS2017, CSE-CIC-IDS-2018, and ISCX-IDS2012 datasets, respectively, accuracy rates of 99.9997%, 99.998%, and 99.74% were attained.The ENS_CLSTM model can effectively improve the detection performance and generalization ability when compared to the findings of current studies.