Deep Learning-Based Anomaly and Intrusion Detection Using the CSE-CIC-IDS2018 Dataset
Received: 27 March 2025 | Revised: 6 May 2025 and 19 May 2025 | Accepted: 21 May 2025 | Online: 2 August 2025
Corresponding author: Mohammed Hicham Hachemi
Abstract
Intrusion Detection Systems (IDSs) play a vital role in identifying and mitigating malicious network activities and system misuse. The integration of Artificial Intelligence (AI), particularly Deep Learning (DL), has significantly enhanced the adaptability and efficiency of IDS. This paper proposes an intelligent network-based IDS leveraging a DL model trained on the CSE-CIC-IDS2018 dataset. Key data pre-processing steps included duplicate removal, handling missing values, conversion of categorical data to a numerical form, and feature scaling. Initially, the model aimed to classify all individual attack types alongside benign traffic; however, the frequent misclassification of certain attack types prompted the aggregation of similar attacks into broader categories. This adjustment led to notable improvements in the performance metrics, including accuracy, precision, recall, and F1-score. To mitigate overfitting, weight decay in the context of neural networks, known as L2 weight regularization, was applied. The proposed improved DL model achieved an accuracy of 99.91%, precision of 98.61%, recall of 93.18%, and an F1-score of 94.78%, highlighting both the robustness of DL in intrusion detection and the critical role of comprehensive data preprocessing.
Keywords:
network security, IDS, pre-processing, DL, one hot encoding, multi-class classificationDownloads
References
V. Borhade, A. Nayak, and R. Dakshayani, "Intrusion Detection: A Machine Learning Approach," in Advanced Computing Technologies and Applications, Singapore, 2020, pp. 555–561. DOI: https://doi.org/10.1007/978-981-15-3242-9_53
V. Kumar, S. Yadav, V. Kumar, J. Sengupta, R. Tripathi, and S. Tiwari, "Optimal Clustering in Weibull Distributed WSNs Based on Realistic Energy Dissipation Model," in Progress in Computing, Analytics and Networking, Singapore, 2018, vol. 710, pp. 61–73. DOI: https://doi.org/10.1007/978-981-10-7871-2_7
M. Abdalla, X. Boyen, C. Chevalier, and D. Pointcheval, "Distributed Public-Key Cryptography from Weak Secrets," in Public Key Cryptography – PKC 2009, Berlin, Heidelberg, 2009, vol. 5443, pp. 139–159. DOI: https://doi.org/10.1007/978-3-642-00468-1_9
U. Somani, K. Lakhani, and M. Mundra, "Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing," in 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010), Solan, India, Oct. 2010, pp. 211–216. DOI: https://doi.org/10.1109/PDGC.2010.5679895
D. E. Denning, "An Intrusion-Detection Model," IEEE Transactions on Software Engineering, vol. SE-13, no. 2, pp. 222–232, Feb. 1987. DOI: https://doi.org/10.1109/TSE.1987.232894
M. A. Aydın, A. H. Zaim, and K. G. Ceylan, "A hybrid intrusion detection system design for computer network security," Computers & Electrical Engineering, vol. 35, no. 3, pp. 517–526, May 2009. DOI: https://doi.org/10.1016/j.compeleceng.2008.12.005
D. Anderson, T. F. Lunt, H. S. Javitz, A. Tamaru, and A. Valdes, "Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1," 1997. [Online]. Available: https://api.semanticscholar.org/CorpusID:15146354
H.-J. Liao, C.-H. Richard Lin, Y.-C. Lin, and K.-Y. Tung, "Intrusion detection system: A comprehensive review," Journal of Network and Computer Applications, vol. 36, no. 1, pp. 16–24, Jan. 2013. DOI: https://doi.org/10.1016/j.jnca.2012.09.004
A. H. Sung and S. Mukkamala, "Identifying important features for intrusion detection using support vector machines and neural networks," in 2003 Symposium on Applications and the Internet, 2003. Proceedings, Orlando, FL, USA, 2003, pp. 209–216. DOI: https://doi.org/10.1109/SAINT.2003.1183050
A. Elhanashi, K. Gasmi, A. Begni, P. Dini, Q. Zheng, and S. Saponara, "Machine Learning Techniques for Anomaly-Based Detection System on CSE-CIC-IDS2018 Dataset," in Applications in Electronics Pervading Industry, Environment and Society, vol. 1036, R. Berta and A. De Gloria, Eds. Cham: Springer Nature Switzerland, 2023, pp. 131–140. DOI: https://doi.org/10.1007/978-3-031-30333-3_17
H. Najafi Mohsenabad and M. A. Tut, "Optimizing Cybersecurity Attack Detection in Computer Networks: A Comparative Analysis of Bio-Inspired Optimization Algorithms Using the CSE-CIC-IDS 2018 Dataset," Applied Sciences, vol. 14, no. 3, Jan. 2024, Art. no. 1044. DOI: https://doi.org/10.3390/app14031044
R. I. Farhan, A. T. Maolood, and N. F. Hassan, "Performance analysis of flow-based attacks detection on CSE-CIC-IDS2018 dataset using deep learning," Indonesian Journal of Electrical Engineering and Computer Science, vol. 20, no. 3, Dec. 2020, Art. no. 1413. DOI: https://doi.org/10.11591/ijeecs.v20.i3.pp1413-1418
Y. Zhang, Y. Zhang, N. Zhang, and M. Xiao, "A network intrusion detection method based on deep learning with higher accuracy," Procedia Computer Science, vol. 174, pp. 50–54, 2020. DOI: https://doi.org/10.1016/j.procs.2020.06.055
S. Gamage and J. Samarabandu, "Deep learning methods in network intrusion detection: A survey and an objective comparison," Journal of Network and Computer Applications, vol. 169, Nov. 2020, Art no. 102767. DOI: https://doi.org/10.1016/j.jnca.2020.102767
V. Kanimozhi and T. P. Jacob, "Artificial Intelligence outflanks all other machine learning classifiers in Network Intrusion Detection System on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing," ICT Express, vol. 7, no. 3, pp. 366–370, Sep. 2021. DOI: https://doi.org/10.1016/j.icte.2020.12.004
I. Sohn, "Deep belief network based intrusion detection techniques: A survey," Expert Systems with Applications, vol. 167, Apr. 2021, Art. no. 114170. DOI: https://doi.org/10.1016/j.eswa.2020.114170
E. E. Abdallah, W. Eleisah, and A. F. Otoom, "Intrusion Detection Systems using Supervised Machine Learning Techniques: A survey," Procedia Computer Science, vol. 201, pp. 205–212, 2022. DOI: https://doi.org/10.1016/j.procs.2022.03.029
M. Sarhan, S. Layeghy, N. Moustafa, M. Gallagher, and M. Portmann, "Feature extraction for machine learning-based intrusion detection in IoT networks," Digital Communications and Networks, vol. 10, no. 1, pp. 205–216, Feb. 2024. DOI: https://doi.org/10.1016/j.dcan.2022.08.012
B. I. Farhan and A. D. Jasim, "Performance analysis of intrusion detection for deep learning model based on CSE CIC IDS2018 dataset," Indonesian Journal of Electrical Engineering and Computer Science, vol. 26, no. 2, May 2022, Art. no. 1165. DOI: https://doi.org/10.11591/ijeecs.v26.i2.pp1165-1172
V. Hnamte and J. Hussain, "DCNNBiLSTM: An Efficient Hybrid Deep Learning-Based Intrusion Detection System," Telematics and Informatics Reports, vol. 10, Jun. 2023, Art. no. 100053. DOI: https://doi.org/10.1016/j.teler.2023.100053
R. A. Elsayed, R. A. Hamada, M. I. Abdalla, and S. A. Elsaid, "Securing IoT and SDN systems using deep-learning based automatic intrusion detection," Ain Shams Engineering Journal, vol. 14, no. 10, Oct. 2023, Art. no. 102211. DOI: https://doi.org/10.1016/j.asej.2023.102211
N. Saran and N. Kesswani, "A comparative study of supervised Machine Learning classifiers for Intrusion Detection in Internet of Things," Procedia Computer Science, vol. 218, pp. 2049–2057, 2023. DOI: https://doi.org/10.1016/j.procs.2023.01.181
S. Alzughaibi and S. El Khediri, "A Cloud Intrusion Detection Systems Based on DNN Using Backpropagation and PSO on the CSE-CIC-IDS2018 Dataset," Applied Sciences, vol. 13, no. 4, Feb. 2023, Art. no. 2276. DOI: https://doi.org/10.3390/app13042276
D. K. Singh and M. Shrivastava, "Evolutionary Algorithm-based Feature Selection for an Intrusion Detection System," Engineering, Technology & Applied Science Research, vol. 11, no. 3, pp. 7130–7134, Jun. 2021. DOI: https://doi.org/10.48084/etasr.4149
R. H. Altaie and H. K. Hoomod, "An Intrusion Detection System using a Hybrid Lightweight Deep Learning Algorithm," Engineering, Technology & Applied Science Research, vol. 14, no. 5, pp. 16740–16743, Oct. 2024. DOI: https://doi.org/10.48084/etasr.7657
A Realistic Cyber Defense Dataset (CSE-CIC-IDS2018). (2018), Sharafaldin I, A. H. Lashkari Ali A. Ghorbani. [Online]. Available: https://registry.opendata.aws/cse-cic-ids2018.
I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization:," in Proceedings of the 4th International Conference on Information Systems Security and Privacy, Funchal, Madeira, Portugal, 2018, pp. 108–116. DOI: https://doi.org/10.5220/0006639801080116
Downloads
How to Cite
License
Copyright (c) 2025 Al Baraa Bouidaine, Djilali Moussaoui, Mourad Hadjila, Wafaa Ferhi, Mohammed Hicham Hachemi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
