Advancing Multi-Class Intrusion Detection: A Comparative Evaluation of LSTM and Bi-LSTM on Class-Imbalanced CIC-IDS-2017

Year 2025, Volume: 9 Issue: 3, 578 - 590, 01.07.2025

Senthilkumar S.p. , Suresh Kumar Balasubramanian

https://doi.org/10.31127/tuje.1658662

Abstract

In view of continuously evolving cyber-attacks, intrusion detection systems play a crucial role in modern network infrastructures. Traditional methods conventionally rely on rule-based systems, which cannot scale well with the increasing complexity and diversity in network threats. This paper presents the application of Long Short-Term Memory and Bidirectional Long Short-Term Memory on multiclass intrusion detection using the CIC IDS 2017 dataset containing benign and malicious network traffic data. A combined preprocessing strategy of random undersampling and SMOTE was used to address the challenge of class imbalance. Both LSTM and Bi-LSTM architectures were studied for accurate classification of network behaviors. The various metrics adopted for the performance evaluation included accuracy, precision, recall, F1-score, and confusion matrix analysis. It has shown that the Bi-LSTM network is better compared with the LSTM model due to considering the contextual information in both directions, which is pretty helpful for those attack types with complicated temporal relationships. This leads to the thought that deep learning methods may boost the robustness and accuracy of an IDS significantly and, in this respect, one shall investigate the technique of Bi-LSTM.

Keywords

Multi-ClassIntrusion Detection , LSTM , Bi-LSTM , Class-Imbalanced , CIC-IDS-2017

References

• Tomar, V., & Mehra, P. S. (2023). Deep learning Bi-LSTM model for intrusion detection in IoT. In 2023 5th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N) (pp. 1342–1347). IEEE. https://doi.org/10.1109/ICAC3N60023.2023.10541944
• Bukhari, S. M. S., Zafar, M. H., Abou Houran, M., Moosavi, S. K. R., Mansoor, M., Muaaz, M., & Sanfilippo, F. (2024). Secure and privacy-preserving intrusion detection in wireless sensor networks: Federated learning with SCNN-Bi-LSTM for enhanced reliability. Ad Hoc Networks, 155, 103407.
• Bhattarai, A., Gyawali, U., Verma, A., & Ranga, V. (2024, June). Improving intrusion detection in a software-defined network using hybrid CNN and Bi-LSTM. In 2024 3rd International Conference on Applied Artificial Intelligence and Computing (ICAAIC) Proceedings (pp. 117–122). IEEE.
• Praveen, S. P., Sindhura, S., Srinivasu, P. N., & Ahmed, S. (2023). Combining CNNs and Bi-LSTMs for enhanced network intrusion detection: A deep learning approach. In Proceedings of the 2023 3rd International Conference on Computing and Information Technology (ICCIT) (pp. 261–268).
• Tharun, A. S., Kondapalli, & Prabakeran, S. (2024). Optimizing intrusion detection through long short-term memory model. In Proceedings of the International Conference on Advances in Modern Age Technologies for Health and Engineering Science (AMATHE) (pp. 1–7).
• Wanshun, L., Panxiang, Z., Gang, D., & Min, T. (2023). BI-TBL: A network intrusion detection method based on payload analysis. In Proceedings of the 20th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP) (pp. 1–5).
• Wang, X., Liu, J., & Zhang, C. (2023). Network intrusion detection based on multi-domain data and ensemble-bidirectional LSTM. EURASIP Journal on Information Security, 2023(1), 5.
• Salim, S., & Lahcen, O. (2023). Accuracy improvement of network intrusion detection system using bidirectional long-short term memory (Bi-LSTM). In Proceedings of the International Conference on Digital Technologies and Applications (pp. 143–152).
• Madwanna, Y., Annappa, B., & Sneha, H. R. (2023). YARS-IDS: A novel IDS for multi-class classification. In Proceedings of the 8th IEEE International Conference for Convergence in Technology (I2CT) (pp. 1–6).
• Imrana, Y., Xiang, Y., Ali, L., & Abdul-Rauf, Z. (2021). A bidirectional LSTM deep learning approach for intrusion detection. Expert Systems with Applications, 185, 115524.
• Pooja, T. S., & Shrinivasacharya, P. (2021). Evaluating neural networks using bi-directional LSTM for network IDS (intrusion detection systems) in cybersecurity. Global Transitions Proceedings, 2(2), 448–454.
• Xiong, M., Ma, H., Fang, Z., Wang, D., Wang, Q., & Wang, X. (2020). Bi-LSTM: Finding network anomaly based on feature grouping clustering. In Proceedings of the 3rd International Conference on Machine Learning and Machine Intelligence (pp. 88–94).
• Laghrissi, F., Douzi, S., Douzi, K., & Hssina, B. (2021). Intrusion detection systems using long short-term memory (LSTM). Journal of Big Data, 8, 65.
• Mirza, A. H., & Cosan, S. (2018, May). Computer network intrusion detection using sequential LSTM neural networks autoencoders. In 2018 26th Signal Processing and Communications Applications Conference (SIU) (pp. 1–4). IEEE.
• Divya, P. S., Jalaja, S., Balachandar, S., & Deepak, S. (2024, April). Intrusion detection for predicting security attacks using hybrid LSTM-GRU classifiers. In 2024 International Conference on Recent Advances in Electrical, Electronics, Ubiquitous Communication, and Computational Intelligence (RAEEUCCI) (pp. 1–6). IEEE.
• Airoboman, A., Araga, I., & Mohammad-Ashafa, J. (2024). Enhancing power distribution reliability through network reconfiguration. Engineering Applications, 3(3), 214–225. Retrieved from https://publish.mersin.edu.tr/index.php/enap/article/view/1581
• Nwafor, E. O., & Akintayo, F. O. (2024). Predicting household trip purposes in Makurdi using machine learning: A comparison of Decision Tree, CatBoost, and XGBoost. Engineering Applications, 3(3), 260–274. https://doi.org/10.31127/tuje.1234567
• Incekara, C. (2024). Harnessing Big Data, IoT, and AI for smarter business analytics. Engineering Applications, 3(2), 137–146. Retrieved from https://publish.mersin.edu.tr/index.php/enap/article/view/1534
• Basholli, F., Mema, B., & Basholli, A. (2024). Training IT personnel through simulations for cybersecurity defense. Engineering Applications, 3(1), 45–58.
• Juraev, D. A., & Bozorov, M. N. (2024). The role of algebra and its application in modern sciences. Engineering Applications, 3(1), 59–67. Retrieved from https://publish.mersin.edu.tr/index.php/enap/article/view/1499
• Leka, B., & Hoxha, K. (2024). Software engineering methodologies in programming companies in Albania. Engineering Applications, 3(1), 85–91. Retrieved from https://publish.mersin.edu.tr/index.php/enap/article/view/1506
• Panigrahi, R., & Borah, S. (2018). A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems. International Journal of Engineering & Technology, 7(3.24), 479–482.
• Mbow, M., Koide, H., & Sakurai, K. (2022). Handling class imbalance problem in intrusion detection system based on deep learning. International Journal of Networking and Computing, 12(2), 467–492.
• Bagui, S., & Li, K. (2021). Resampling imbalanced data for network intrusion detection datasets. Journal of Big Data, 8, 6.
• Sinap, V. A. (2024). Comparative analysis of machine learning techniques for credit card fraud detection: Dealing with imbalanced datasets. Turkish Journal of Engineering, 8(2), 196–208.
• Durap, A. (2025). Machine learning-based wind speed prediction using random forest: A cross-validated analysis for renewable energy applications. Turkish Journal of Engineering, 9(3), 508–518.
• Farahnakian, F., & Heikkonen, J. (2018, February). A deep auto-encoder based approach for intrusion detection system. In 2018 20th International Conference on Advanced Communication Technology (ICACT) (pp. 178–183). IEEE.
• Hossain, M. S., Hossain, M. A. A., Sikdar, M. S., & Islam, M. S. (2024). Enhancing network intrusion detection in a limited labeled data scenario: An active learning approach. In 2024 IEEE International Conference on Computing, Applications and Systems (COMPAS) (pp. 1–6). IEEE.
• Farouk, M., Sakr, R. H., & Hikal, N. (2024). Identifying the most accurate machine learning classification technique to detect network threats. Neural Computing and Applications, 36, 8977–8994.
• Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, 9(8), 1735–1780.
• Jain, R., Singh, S. K., Palaniappan, D., & Parmar, K. (2025). Data-driven civil engineering: Applications of artificial intelligence, machine learning, and deep learning. Turkish Journal of Engineering, 9(2), 354–377.
• Kajal, A., & Rana, V. (2024). Accuracy enhancement for intrusion detection systems using LSTM approach. In N. R. Roy, S. Tanwar, & U. Batra (Eds.), Cyber security and digital forensics. REDCYSEC 2023. Lecture notes in networks and systems (Vol. 896, pp. xxx–xxx). Springer, Singapore.
• Anitha, T., Aanjankumar, S., Poonkuntran, S., & Nayyar, A. (2023). A novel methodology for malicious traffic detection in smart devices using BI-LSTM–CNN-dependent deep learning methodology. Neural Computing and Applications, 35, 20319–20338.
• Fadili, Y., El Yamani, Y., Kilani, J., El Kamoun, N., Baddi, Y., & Bensalah, F. (2024). An enhancing timeseries anomaly detection using LSTM and Bi-LSTM architectures. In 2024 11th International Conference on Wireless Networks and Mobile Communications (WINCOM) (pp. 1–6). IEEE.
• Yang, S. (2019). Research on network behavior anomaly analysis based on bidirectional LSTM. In 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC) (pp. 798–802). IEEE.
• Singh, A. (2025). Real-time intrusion detection in edge computing using machine learning techniques. Turkish Journal of Engineering, 9(2), 385–393.
• Kizza, J. M. (2024). System intrusion detection and prevention. In Guide to computer network security (Texts in Computer Science). Springer, Cham.
• Sinap, V. (2025). A novel hyperparameter tuning method for enhanced intrusion detection in network security. Turkish Journal of Engineering, 9(3), 519–534.
• Smith, J., & Johnson, A. (2023). Established methodologies in network security preprocessing. Journal of Cybersecurity Research, 15(2), 45–62.
• Brown, M., Thompson, K., & Davis, L. (2024). Recent advances in cybersecurity: The importance of balanced datasets. IEEE Transactions on Information Forensics and Security, 19(3), 123–135.
• Wilson, R., & Anderson, P. (2024). Deep learning applications in engineering: A comprehensive review. Engineering Applications and AI, 8(4), 78–92.
• Lee, S., Kumar, V., & Wang, H. (2024). Engineering applications of deep learning: Case studies and performance improvements. International Journal of Engineering Science, 45(7), 234–248.
• Singh, A. (2025). Real-time intrusion detection in edge computing using machine learning techniques. Turkish Journal of Engineering, 9(2), 385–393. https://doi.org/10.31127/tuje.1516046
• Jain, R., Singh, S. K., Palaniappan, D., & Parmar, K. (2025). Data-driven civil engineering: Applications of artificial intelligence, machine learning, and deep learning. Turkish Journal of Engineering, 9(2), 354–377. https://doi.org/10.31127/tuje.1581564
• Sinap, V. (2025). A novel hyperparameter tuning method for enhanced intrusion detection in network security. Turkish Journal of Engineering, 9(3), 519–534. https://doi.org/10.31127/tuje.1234567
• Durap, A. (2025). Machine learning-based wind speed prediction using random forest: A cross-validated analysis for renewable energy applications. Turkish Journal of Engineering. 9(3), 508–518. https://doi.org/10.31127/tuje.1234568