DEEP LEARNING BASED INTRUSION DETECTION SYSTEM USING CNN–LSTM HYBRID ARCHITECTURE FOR ZERO-DAY ATTACK IDENTIFICATION

Abstract

Zero-day attacks pose a severe challenge to traditional intrusion detection systems (IDS) due to their reliance on known signatures and manual feature engineering. This study proposes a hybrid deep learning architecture combining Convolutional Neural Networks (CNN) for spatial feature extraction from network traffic flows and Long Short-Term Memory (LSTM) networks for modeling temporal dependencies, augmented with attention mechanisms for enhanced focus on critical patterns. The model was trained and evaluated on benchmark datasets including CICIDS2017, UNSW-NB15, NSL-KDD, and UGRansome using a zero-day split protocol to simulate unseen attacks. Preprocessing involved normalization, one-hot encoding, and class imbalance handling via SMOTE and GAN-based augmentation. The hybrid CNN-LSTM framework achieved superior performance with accuracies of 97–99.67%, high precision-recall balance, and significant improvements over standalone CNN, LSTM, and classical ML models in detecting both known and novel zero-day threats. SHAP-based interpretability and adversarial robustness testing further validate its practical viability. The results demonstrate the effectiveness of deep hybrid models for real-time, adaptive cybersecurity in cloud, IoT, and industrial environments.