Conventional intrusion detection systems (IDSs) based on static, signature-based rules are becoming insufficient in response to more advanced, dynamic cyber threats like advanced persistent threats (APTs), zero-day exploits and polymorphic malware The paper presents a new three-step hybrid optimization model based on the combination of Long Short-Term Memory (LSTM) networks, which is a gated form of recurrent neural networks (RNNs) specifically developed to learn sequential patterns, with three complementary bio-inspired metaheuristic algorithms, each contributing to the specific role of optimization. Firefly algorithm (FA) is used to select the features subset and decrease the input dimensionality, whale optimization algorithm (WOA) is used to optimize LSTM parameters such as hidden units, learning rate, dropout rate, and batch size, and grey wolf optimizer (GWO) to perform weight optimization at the ensemble level to improve the robustness of the classification. The framework has been tested on the NSL-KDD and CICIDS2017 benchmarks on a stringent protocol of 30 independent runs. The Wilcoxon signed-rank test ( p < 0.001) and paired t-test ( p < 0.001) prove statistical significance. The hybrid model is 98.62% (standard deviation 0.21) on NSL-KDD and 99.1% (standard deviation 0.18) on CICIDS2017 with a false positive rate (FPR) of 1.2 and an area under the ROC curve (AUC-ROC) of 0.992. The suggested framework has a high potential of being used as the basis of detecting near-real-time cyberthreats, though it will require additional validation on real-life network settings.
Rallapalli et al. (Sat,) studied this question.