{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:05:21Z","timestamp":1776888321879,"version":"3.51.2"},"reference-count":27,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,5,7]],"date-time":"2021-05-07T00:00:00Z","timestamp":1620345600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,5,7]],"date-time":"2021-05-07T00:00:00Z","timestamp":1620345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Big Data"],"published-print":{"date-parts":[[2021,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. It scans a network or a system for a harmful activity or security breaching. IDS protects networks (Network-based intrusion detection system NIDS) or hosts (Host-based intrusion detection system HIDS), and work by either looking for signatures of known attacks or deviations from normal activity. Deep learning algorithms proved their effectiveness in intrusion detection compared to other machine learning methods. In this paper, we implemented deep learning solutions for detecting attacks based on Long Short-Term Memory (LSTM). PCA (principal component analysis) and Mutual information (MI) are used as dimensionality reduction and feature selection techniques. Our approach was tested on a benchmark data set, KDD99, and the experimental outcomes show that models based on PCA achieve the best accuracy for training and testing, in both binary and multiclass classification.<\/jats:p>","DOI":"10.1186\/s40537-021-00448-4","type":"journal-article","created":{"date-parts":[[2021,5,7]],"date-time":"2021-05-07T12:03:55Z","timestamp":1620389035000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":260,"title":["Intrusion detection systems using long short-term memory (LSTM)"],"prefix":"10.1186","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6490-3677","authenticated-orcid":false,"given":"FatimaEzzahra","family":"Laghrissi","sequence":"first","affiliation":[]},{"given":"Samira","family":"Douzi","sequence":"additional","affiliation":[]},{"given":"Khadija","family":"Douzi","sequence":"additional","affiliation":[]},{"given":"Badr","family":"Hssina","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,5,7]]},"reference":[{"key":"448_CR1","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1145\/2716260","volume":"47","author":"E Vasilomanolakis","year":"2015","unstructured":"Vasilomanolakis E, Karuppayah S, Muhlh auser M, Fischer M. Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv. 2015;47:55.","journal-title":"ACM Comput Surv"},{"key":"448_CR2","doi-asserted-by":"crossref","unstructured":"Denning DE. An intrusion-detection model. IEEE Trans Soft Eng. vol. SE-13, no. 2, pp. 222\u2013232, Feb. 1987","DOI":"10.1109\/TSE.1987.232894"},{"key":"448_CR3","doi-asserted-by":"publisher","unstructured":"Anand Sukumar JV, Pranav I, Neetish M, Narayanan J. Network intrusion detection using improved genetic k-means algorithm. 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI) ;2018. https:\/\/doi.org\/10.1109\/icacci.2018.8554710","DOI":"10.1109\/icacci.2018.8554710"},{"issue":"10","key":"448_CR4","doi-asserted-by":"publisher","first-page":"1701","DOI":"10.3390\/s16101701","volume":"16","author":"T Ma","year":"2016","unstructured":"Ma T, Wang F, Cheng J, Yu Y, and Chen X. A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors; 2016, vol. 16, no. 10, p. 1701.","journal-title":"Sensors"},{"key":"448_CR5","doi-asserted-by":"publisher","unstructured":"Nikolov D, Kordev I, Stefanova S. Concept for network intrusion detection system based on recurrent neural network classifier. 2018 IEEE XXVII International Scientific Conference Electronics-ET;2018. https:\/\/doi.org\/10.1109\/et.2018.8549584","DOI":"10.1109\/et.2018.8549584"},{"key":"448_CR6","doi-asserted-by":"publisher","unstructured":"Jayaprakash S, Kandasamy K. (2018). Database intrusion detection system using octraplet and machine learning. 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT). https:\/\/doi.org\/10.1109\/icicct.2018.8473029","DOI":"10.1109\/icicct.2018.8473029"},{"issue":"6","key":"448_CR7","doi-asserted-by":"publisher","first-page":"e0155781","DOI":"10.1371\/journal.pone.0155781","volume":"11","author":"MJ Kang","year":"2016","unstructured":"Kang MJ, Kang JW. Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE. 2016;11(6):e0155781.","journal-title":"PLoS ONE"},{"key":"448_CR8","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.2994931","author":"Z Chkirbene","year":"2020","unstructured":"Chkirbene Z, Erbad A, Hamila R, Mohamed A, Guizani M, Hamdi M. TIDCS: A dynamic intrusion detection and classification system based feature selection. IEEE Access. 2020;. https:\/\/doi.org\/10.1109\/access.2020.2994931.","journal-title":"IEEE Access"},{"key":"448_CR9","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1016\/j.patcog.2016.03.028","volume":"58","author":"SM Erfani","year":"2016","unstructured":"Erfani SM, Rajasegarar S, Karunasekera S, Leckie C. Highdimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recognit. 2016;58:121\u201334.","journal-title":"Pattern Recognit"},{"key":"448_CR10","doi-asserted-by":"publisher","unstructured":"Dong Y, Wang R, He J. Real-Time Network Intrusion Detection System Based on Deep Learning. 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS) ;2019. https:\/\/doi.org\/10.1109\/icsess47205.2019.9040718","DOI":"10.1109\/icsess47205.2019.9040718"},{"key":"448_CR11","doi-asserted-by":"publisher","first-page":"34929","DOI":"10.1109\/access.2020.2973608","volume":"8","author":"I Dutt","year":"2020","unstructured":"Dutt I, Borah S, Maitra IK. Immune system based intrusion detection system (IS-IDS): A proposed. IEEE Access. 2020;8:34929\u201341. https:\/\/doi.org\/10.1109\/access.2020.2973608.","journal-title":"IEEE Access"},{"key":"448_CR12","doi-asserted-by":"publisher","first-page":"58194","DOI":"10.1109\/access.2020.2982544","volume":"8","author":"M Hanselmann","year":"2020","unstructured":"Hanselmann M, Strauss T, Dormann K, Ulmer H. CANet: An unsupervised intrusion detection system for high dimensional CAN bus data. IEEE Access. 2020;8:58194\u2013205. https:\/\/doi.org\/10.1109\/access.2020.2982544.","journal-title":"IEEE Access"},{"key":"448_CR13","doi-asserted-by":"publisher","unstructured":"Khan RU, Zhang X, Alazab M, Kumar R. An Improved Convolutional Neural Network Model for Intrusion Detection in Networks. 2019 Cybersecurity and Cyberforensics Conference (CCC); 2019. https:\/\/doi.org\/10.1109\/ccc.2019.000-6","DOI":"10.1109\/ccc.2019.000-6"},{"key":"448_CR14","doi-asserted-by":"crossref","unstructured":"Javaid A, Niyaz Q, Sun W, Alam M . A deep learning approach for network intrusion detection system, in Proc. 9th EAI Int. Conf. BioInspired Inf. Commun. Technol. (BIONETICS), New York, NY, USA; 2015, vol. 35, pp. 21\u201326.","DOI":"10.4108\/eai.3-12-2015.2262516"},{"key":"448_CR15","doi-asserted-by":"publisher","DOI":"10.1109\/access.2020.2978035","author":"R Vijayanand","year":"2020","unstructured":"Vijayanand R, Devaraj D. A novel feature selection method using whale optimization algorithm and genetic operators for intrusion detection system in wireless mesh network. IEEE Access. 2020; https:\/\/doi.org\/10.1109\/access.2020.2978035.","journal-title":"IEEE Access"},{"key":"448_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101752","author":"SM Kasongo","year":"2020","unstructured":"Kasongo SM, Sun Y. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Comput Secur. 2020;. https:\/\/doi.org\/10.1016\/j.cose.2020.101752.","journal-title":"Comput Secur"},{"issue":"1","key":"448_CR17","first-page":"5","volume":"173","author":"H Shapoorifard","year":"2017","unstructured":"Shapoorifard H, Shamsinejad P. Intrusion detection using a novel hybrid method incorporating an improved KNN. Int J Comput Appl. 2017;173(1):5\u20139.","journal-title":"Int J Comput Appl"},{"key":"448_CR18","doi-asserted-by":"publisher","first-page":"94497","DOI":"10.1109\/ACCESS.2019.2928048","volume":"7","author":"BA Tama","year":"2019","unstructured":"Tama BA, Comuzzi M, Rhee KH. TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access. 2019;7:94497\u2013507.","journal-title":"IEEE Access"},{"key":"448_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101851","author":"X Li","year":"2020","unstructured":"Li X, Chen W, Zhang Q, Wu L. Building auto-encoder intrusion detection system based on random forest feature selection. Comput Secur. 2020;. https:\/\/doi.org\/10.1016\/j.cose.2020.101851.","journal-title":"Comput Secur"},{"key":"448_CR20","doi-asserted-by":"publisher","first-page":"29575","DOI":"10.1109\/access.2020.2972627","volume":"8","author":"T Su","year":"2020","unstructured":"Su T, Sun H, Zhu J, Wang S, Li Y. BAT: Deep learning methods on network intrusion detection using NSL-KDD dataset. IEEE Access. 2020;8:29575\u201385. https:\/\/doi.org\/10.1109\/access.2020.2972627.","journal-title":"IEEE Access"},{"issue":"4","key":"448_CR21","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1093\/comjnl\/bxx101","volume":"61","author":"Y Shen","year":"2018","unstructured":"Shen Y, Zheng K, Wu C, Zhang M, Niu X, Yang Y. An ensemble method based on selection using bat algorithm for intrusion detection. Comput J. 2018;61(4):526\u201338.","journal-title":"Comput J"},{"key":"448_CR22","doi-asserted-by":"publisher","unstructured":"Khan RU, Zhang X, Alazab M, Kumar R (2019). IEEE 2019 Cybersecurity and Cyberforensics Conference (CCC) - Melbourne, Australia (2019.5.8-2019.5.9) 2019 Cybersecurity and Cyberforensics Conference (CCC) - An Improved Convolutional Neural Network Model for Intrusion Detection in Networks. 74\u201377.https:\/\/doi.org\/10.1109\/CCC.2019.000-6","DOI":"10.1109\/CCC.2019.000-6"},{"issue":"8","key":"448_CR23","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter S, Schmidhuber J. Long short-term memory. Neural Comput. 1997;9(8):1735\u201380.","journal-title":"Neural Comput"},{"key":"448_CR24","doi-asserted-by":"publisher","DOI":"10.1002\/047174882X.ch11","volume-title":"Elements of information theory","author":"TM Cover","year":"2005","unstructured":"Cover TM, Thomas JA. Information theory and statistics. In: Elements of information theory. 2nd edn. Wiley; 2005. https:\/\/doi.org\/10.1002\/047174882X.ch11","edition":"2"},{"key":"448_CR25","unstructured":"http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html"},{"issue":"1","key":"448_CR26","first-page":"136","volume":"56","author":"RC Staudemeyer","year":"2015","unstructured":"Staudemeyer RC. 1 Applying long short-term memory recurrent neural networks to intrusion detection. South Afr Comput J. 2015;56(1):136\u201354.","journal-title":"South Afr Comput J"},{"key":"448_CR27","doi-asserted-by":"crossref","unstructured":"Kim J, Kim J, Thu HLT, and Kim H. Long short term memory recurrent neural network classifier for intrusion detection, In Proc. Int. Conf. Platform Technol. Service (PlatCon); 2016, pp. 1\u20135.","DOI":"10.1109\/PlatCon.2016.7456805"}],"container-title":["Journal of Big Data"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-021-00448-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s40537-021-00448-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-021-00448-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,7]],"date-time":"2021-05-07T12:12:13Z","timestamp":1620389533000},"score":1,"resource":{"primary":{"URL":"https:\/\/journalofbigdata.springeropen.com\/articles\/10.1186\/s40537-021-00448-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,7]]},"references-count":27,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["448"],"URL":"https:\/\/doi.org\/10.1186\/s40537-021-00448-4","relation":{},"ISSN":["2196-1115"],"issn-type":[{"value":"2196-1115","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,7]]},"assertion":[{"value":"24 December 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 April 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 May 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The author confirms the sole responsibility for this manuscript. The author read and approved the final manuscript","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article\u2019s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article\u2019s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http:\/\/creativecommons.org\/licenses\/by\/4.0\/.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"65"}}