BLoCNet: a hybrid, dataset-independent intrusion detection system using deep learning

Intrusion detection systems (IDS) identify cyber attacks given a sample of network traffic collected from real-world computer networks. As a powerful classification tool, deep learning (DL) models have been used as IDSs. Although most models achieve high accuracy, they may not always detect underrepresented attacks. Also, their accuracy depends on the dataset, its features, and the proportion of samples. This paper proposes BLoCNet, a hybrid DL model that combines convolutional neural network (CNN) and bidirectional long short-term memory (BLSTM) layers. CNN allows the IDS to recognize patterns in the features of the network data in a fast computation time. The results are sent to two BLSTM layers, which capitalize on the forward and backward propagation of data to identify malicious traffic. BLoCNet was evaluated against four datasets, and its results compared with five DL models and seven related studies. BLoCNet had a higher attack detection rate for CIC-IDS2017, IoT-23 and UNSW-NB15 than the five DL models. For CIC-IDS2017 and IoT-23 datasets, BLoCNet had an accuracy of 98% and 99%, which is similar performance as related studies, albeit not an exact comparison due to different sampling approaches. For the original UNSW-NB15 dataset, BLoCNet had an accuracy of 76.34% vs. 75.56% of related work. These results demonstrate that BLoCNet performed well across various datasets and confirms that its hybrid model provides good detection results.