Intrusion detection in a controlled computer network environment using hybridized random forest and long short-term memory algorithms

Authors

  • A. I. Bassey
    Department of Computer Science, University of Calabar, Calabar, Nigeria
  • M. A. Agana
    Department of Computer Science, University of Calabar, Calabar, Nigeria
  • E. A. Edim
    Department of Computer Science, University of Calabar, Calabar, Nigeria
  • O. Njama-Abang
    Department of Computer Science, University of Calabar, Calabar, Nigeria

Keywords:

Intrusion, Detection, Security, Hybrid

Abstract

The unending reliant on network access in everything we do, and with the increasing dominance of online communication, there is urgent need to address computer network security challenges now, more than ever. Most of the existing Intrusion Detection Systems (IDSs) struggle to keep pace with the ever-changing characteristics of newly emerging threats. This research proposes a hybrid model that is effective in detecting both majority and minority attack classes using Random Forest (RF) and Long Short-Term Memory (LSTM) algorithms in a controlled computer network environment. Individually, the RF and LSTM models have limitations, but their individual strengths were extracted and subsequently hybridized to cover each other's weaknesses. To handle the challenge of class imbalance, a class weight was applied to the model’s loss function. This approach prompts the model to give extra attention to the minority class attacks. The meta classifier optimized the RF-LSTM combination and offered a more improved model that is effective in detecting both majority and minority classes simultaneously. The hybrid model was analyzed using the Neural Simulator Language- Knowledge Discovery in Databases (NSL-KDD) dataset. The model was deployed in a virtual network environment consisting of three operating systems and a host. The RF – LSTM hybrid model performed exceptionally well by achieving a prediction accuracy of 98.3%, precision of 96.98, recall and F1score of 96.58 and 97,03 respectively, all after 100 epochs at 0.01 learning rate. This outcome addresses shortcomings and lapses hitherto suffered by most intrusion detection models (assessing minority class attacks).

Dimensions

[1] A. Khraisat, I. Gondal, P. Vamplew & J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges”, Cybersecurity 2 (2019) 20. http://doi.org/10.1186/s42400-019-0038-7. DOI: https://doi.org/10.1186/s42400-019-0038-7

[2] J. Srinivas, A. K. Das & N. Kumar, “Government regulations in cyber security: framework, standards and recommendations”, Future Generation Computer Systems 92 (2019) 178. https://doi.org/10.1016/j.future.2018.09.0. DOI: https://doi.org/10.1016/j.future.2018.09.063

[3] A. Tesfahun & D. L. Bhaskari, “Intrusion detection using random forests classifier with SMOTE and feature reduction”, in International Conference on Cloud and Ubiquitous Computing and Emerging Technologies, 2013. https://doi.org/10.1109/CUBE.2013.31. DOI: https://doi.org/10.1109/CUBE.2013.31

[4] T. T. Nguyen & V. J. Reddi, “Deep reinforcement learning for cyber security”, IEEE Transactions on Neural Networks and Learning Systems 34 (2023) 3779. https://doi.org/10.1109/TNNLS.2021.3121870. DOI: https://doi.org/10.1109/TNNLS.2021.3121870

[5] M. Ahmed, V. Deepak & G. S. Sajjan, “Comparative analysis of machine learning classifiers for network intrusion detection”, in Fourth International Congress on Information and Communication Technology, 2020. https://doi.org/10.1007/978-981-32-9343-4. DOI: https://doi.org/10.1007/978-981-32-9343-4

[6] S. Devulapalli, A machine learning approach for uniform intrusion detection, M.S. thesis, Purdue University Graduate School, Indiana, USA, 2021. https://doi.org/10.25394/PGS.15032184.v1.

[7] N. Farnaaz & M. A. Jabbar, “Random forest modeling for network intrusion detection system”, Procedia Computer Science 89 (2016) 213. https://doi.org/10.1016/j.procs.2016.06.047. DOI: https://doi.org/10.1016/j.procs.2016.06.047

[8] C. Yin, Y. Zhu, J. Fei & X. He, “A deep learning approach for intrusion detection using recurrent neural networks”, IEEE Access 5 (2017) 21954. https://doi.org/10.1109/ACCESS.2017.2762418. DOI: https://doi.org/10.1109/ACCESS.2017.2762418

[9] K. Prasanna, S. V. Sruthi, K. V. Kalyani & A. S. Tejaswi, “A CNN-LSTM model for intrusion detection system from high dimensional data”, Journal of Information and Computational Science 10 (2020) 3. https://doi.org/10.5281/zenodo.7911821.

[10] R. Vinayakumar, K. P. Soman & P. Poornachandran, “Applying convolutional neural network for network intrusion detection”, in International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017, 1222. https://doi.org/10.1109/ICACCI.2017.8126009. DOI: https://doi.org/10.1109/ICACCI.2017.8126009

[11] P. K. Bediako, Long short-term memory recurrent neural network for detecting DDoS flooding attacks within tensorflow implementation framework, M.S. dissertation, Department of Computer Science, University of Ghana, Accra, Ghana, 2017. https://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-66389.

[12] A. Hammad, “Random forest and LSTM hybrid model for detecting DDoS attacks in healthcare IoT networks”, Cybersystems Journal 1 (2024) 1. https://doi.org/10.57238/csj.0kdtzj06. DOI: https://doi.org/10.57238/csj.0kdtzj06

[13] E. U. H. Qazi, M. H. Faheem & T. Zia, “HDLNIDS: Hybrid deep-learning-based network intrusion detection system”, Applied Sciences 13 (2023) 4921. https://doi.org/10.3390/app13084921. DOI: https://doi.org/10.3390/app13084921

[14] S. Bamber, A. V. Katkuri, S. Sharma & M. Angurala, “A hybrid CNN-LSTM approach for intelligent cyber intrusion detection system”, Computers & Security 134 (2024) 104146. https://doi.org/10.1016/j.cose.2024.104146. DOI: https://doi.org/10.1016/j.cose.2024.104146

[15] F. Laghrissi, S. Douzi & K. Douzi, “Intrusion detection systems using long short-term memory (LSTM)”, Journal of Big Data 8 (2021) 65. https://doi.org/10.1186/s40537-021-00448-4. DOI: https://doi.org/10.1186/s40537-021-00448-4

[16] F. Omer, A. Hashim, F. Sali & A. Ahmad, “Binary classification of low-rate DoS attacks using long short-term memory feed-forward (LSTM-FF) intrusion detection system (IDS)”, Engineering Science and Technology, an International Journal 66 (2025) 102049. https://doi.org/10.1016/j.jestch.2025.102049. DOI: https://doi.org/10.1016/j.jestch.2025.102049

[17] Y. Xue, C. Kang & H. Yu, “HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network”, Computers & Security 151 (2025) 104328. https://doi.org/10.1016/j.cose.2025.104328. DOI: https://doi.org/10.1016/j.cose.2025.104328

[18] A. T. Azar, E. Shehab, A. M. Matter, I. A. Hameed & S. A. Elsaid, “Deep learning based hybrid intrusion detection systems to protect satellite networks”, Journal of Network and Systems Management 31 (2023) 82. https://doi.org/10.1007/s10922-023-09767-8. DOI: https://doi.org/10.1007/s10922-023-09767-8

[19] A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi & R. Ahmad, “CNN-LSTM: Hybrid deep neural network for network intrusion detection system”, IEEE Access 10 (2022) 99837. https://doi.org/10.1109/ACCESS.2022.3206425. DOI: https://doi.org/10.1109/ACCESS.2022.3206425

[20] M. Sajid, K. R. Malik, A. Almogren, T. S. Malik, A. H. Khan, J. Tanveer & A. Rehman, “Enhancing intrusion detection: a hybrid machine and deep learning approach”, Journal of Cloud Computing 13 (2024) 123. https://doi.org/10.1186/s13677-024-00685-x. DOI: https://doi.org/10.1186/s13677-024-00685-x

[21] S. Meftah, T. Rachidi & N. Assem, “Network based intrusion detection using the UNSW-NB15 dataset”, International Journal of Computing and Digital Systems 8 (2019) 478. https://doi.org/10.12785/ijcds/080505. DOI: https://doi.org/10.12785/ijcds/080505

[22] R. R. Devi & M. Abualkibash, “Intrusion detection system classification using different machine learning algorithms on KDD-99 and NSL-KDD datasets - A review paper”, International Journal of Computer Science and Information Technology 11 (2019) 3. https://doi.org/10.5121/ijcsit.2019.11306. DOI: https://doi.org/10.5121/ijcsit.2019.11306

[23] M. Ozkan-Okay, R. Samet, O. Aslan & D. Gupta, “A comprehensive systematic literature review on intrusion detection systems”, IEEE Access 9 (2021) 157727. https://doi.org/10.1109/ACCESS.2021.3129336. DOI: https://doi.org/10.1109/ACCESS.2021.3129336

[24] Z. Ahmad, A. Shahid, W. Shiang, J. Abdullah & F. Ahmad, “Network intrusion detection system: a systematic study of machine learning and deep learning approaches”, Transactions on Emerging Telecommunications Technologies 32 (2021) e4150. https://doi.org/10.1002/ett.4150. DOI: https://doi.org/10.1002/ett.4150

[25] Z. Wang, D. Huo, L. Huo & W. Yang, “An efficient network intrusion detection approach based on deep learning”, Wireless Networks 27 (2021) 4967. https://doi.org/10.1007/s11276-021-02698-9. DOI: https://doi.org/10.1007/s11276-021-02698-9

[26] A. F. Agarap, “Deep learning using rectified linear units (ReLU)”, 2018. https://doi.org/10.48550/arXiv.1803.08375.

[27] S. He, J. Liu, X. Zhu, Z. Dai & D. Li, “Research on modelling and predicting of BDS-3 satellite clock bias using the LSTM neural network model”, GPS Solution 27 (2023) 108. https://doi.org/10.1007/s10291-023-01451-3. DOI: https://doi.org/10.1007/s10291-023-01451-3

Published

2025-12-01

How to Cite

Intrusion detection in a controlled computer network environment using hybridized random forest and long short-term memory algorithms. (2025). African Scientific Reports, 4(3), 327. https://doi.org/10.46481/asr.2025.4.3.327

Issue

Volume 4, Issue 3, December 2025 (In Progress)

Section

MATHEMATICAL SCIENCES SECTION
Copyright & Licensing

Copyright (c) 2025 A. I. Bassey, M. A. Agana, E. A. Edim, O. Njama-Abang

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Intrusion detection in a controlled computer network environment using hybridized random forest and long short-term memory algorithms. (2025). African Scientific Reports, 4(3), 327. https://doi.org/10.46481/asr.2025.4.3.327