{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T18:55:11Z","timestamp":1777575311277,"version":"3.51.4"},"reference-count":42,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2021,2,13]],"date-time":"2021-02-13T00:00:00Z","timestamp":1613174400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union Horizon 2020","award":["832969"],"award-info":[{"award-number":["832969"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Applied Sciences"],"abstract":"<jats:p>With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.<\/jats:p>","DOI":"10.3390\/app11041674","type":"journal-article","created":{"date-parts":[[2021,2,14]],"date-time":"2021-02-14T02:08:12Z","timestamp":1613268492000},"page":"1674","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":105,"title":["Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5030-7751","authenticated-orcid":false,"given":"Nuno","family":"Oliveira","sequence":"first","affiliation":[{"name":"Research Group on Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD), Porto School of Engineering (ISEP), 4200-072 Porto, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2519-9859","authenticated-orcid":false,"given":"Isabel","family":"Pra\u00e7a","sequence":"additional","affiliation":[{"name":"Research Group on Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD), Porto School of Engineering (ISEP), 4200-072 Porto, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8075-531X","authenticated-orcid":false,"given":"Eva","family":"Maia","sequence":"additional","affiliation":[{"name":"Research Group on Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD), Porto School of Engineering (ISEP), 4200-072 Porto, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0779-3480","authenticated-orcid":false,"given":"Orlando","family":"Sousa","sequence":"additional","affiliation":[{"name":"Research Group on Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD), Porto School of Engineering (ISEP), 4200-072 Porto, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2021,2,13]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"805","DOI":"10.1016\/S1389-1286(98)00017-6","article-title":"Towards a taxonomy of intrusion-detection systems","volume":"31","author":"Debar","year":"1999","journal-title":"Comput. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Rashid, A., Siddique, M.J., and Ahmed, S.M. (2020, January 17\u201319). Machine and Deep Learning Based Comparative Analysis Using Hybrid Approaches for Intrusion Detection System. Proceedings of the 2020 3rd International Conference on Advancements in Computational Sciences (ICACS), Lahore, Pakistan.","DOI":"10.1109\/ICACS47775.2020.9055946"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"183207","DOI":"10.1109\/ACCESS.2019.2959131","article-title":"A Novel Multimodal-Sequential Approach Based on Multi-View Features for Network Intrusion Detection","volume":"7","author":"He","year":"2019","journal-title":"IEEE Access"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"13546","DOI":"10.1109\/ACCESS.2019.2893871","article-title":"Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems","volume":"7","author":"Papamartzivanos","year":"2019","journal-title":"IEEE Access"},{"key":"ref_5","unstructured":"Hu, Z., Li, Z., and Wu, J. (2008, January 23\u201324). A Novel Network Intrusion Detection System (NIDS) Based on Signatures Search of Data Mining. Proceedings of the First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008), Adelaide, SA, Australia."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"41525","DOI":"10.1109\/ACCESS.2019.2895334","article-title":"Deep Learning Approach for Intelligent Intrusion Detection System","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"ref_7","unstructured":"Ma\u0142owidzki, M., Berezinski, P., and Mazur, M. (2015). Network Intrusion Detection: Half a Kingdom for a Good Dataset. Proceedings of the NATO STO SAS-139 Workshop, Available online: https:\/\/pdfs.semanticscholar.org\/b39e\/0f1568d8668d00e4a8bfe1494b5a32a17e17.pdf."},{"key":"ref_8","unstructured":"Ring, M., Wunderlich, S., Gruedl, D., Landes, D., and Hotho, A. Flow-based benchmark data sets for intrusion detection. Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS)."},{"key":"ref_9","first-page":"40","article-title":"Creation of Flow-Based Data Sets for Intrusion Detection","volume":"4","author":"Ring","year":"2017","journal-title":"J. Inf. Warf."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. ICISSP, University of New Brunswick (UNB).","DOI":"10.5220\/0006639801080116"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Moustafa, N., and Slay, J. (2015, January 10\u201312). UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia.","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.cose.2019.06.005","article-title":"A survey of network-based intrusion detection data sets","volume":"86","author":"Ring","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_13","unstructured":"(2020, September 02). SATIE-Security of Air Transport Infrastructure of Europe. Available online: http:\/\/satie-h2020.eu\/."},{"key":"ref_14","unstructured":"Gwon, H., Lee, C., Keum, R., and Choi, H. (2019). Network Intrusion Detection based on LSTM and Feature Embedding. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Althubiti, S.A., Jones, E.M., and Roy, K. (2018, January 21\u201323). LSTM for Anomaly-Based Network Intrusion Detection. Proceedings of the 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), Sydney, NSW, Australia.","DOI":"10.1109\/ATNAC.2018.8615300"},{"key":"ref_16","first-page":"1","article-title":"Attack Classification Analysis of IoT Network via Deep Learning Approach","volume":"3","author":"Rhee","year":"2017","journal-title":"Res. Briefs Inform. Commun. Technol. Evolut."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Vilela, D.W.F.L., Ferreira, E.W.T., Shinoda, A.A., de Souza Ara\u00fajo, N.V., de Oliveira, R., and Nascimento, V.E. (2014, January 4\u20136). A dataset for evaluating intrusion detection systems in IEEE 802.11 wireless networks. Proceedings of the 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), Bogota, Colombia.","DOI":"10.1109\/ColComCon.2014.6860434"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"709","DOI":"10.1016\/j.procs.2017.12.091","article-title":"Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning","volume":"125","author":"Verma","year":"2018","journal-title":"Procedia Comput. Sci."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"5947","DOI":"10.3233\/JIFS-169836","article-title":"Study of long short-term memory in flow-based network intrusion detection system","volume":"35","author":"Nicholas","year":"2018","journal-title":"J. Intell. Fuzzy Syst."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/LSENS.2018.2879990","article-title":"Deep and Machine Learning Approaches for Anomaly-Based Intrusion Detection of Imbalanced Network Traffic","volume":"3","author":"Abdulhammed","year":"2019","journal-title":"IEEE Sens. Lett."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Roy, B., and Cheung, H. (2018, January 21\u201323). A Deep Learning Approach for Intrusion Detection in Internet of Things using Bi-Directional Long Short-Term Memory Recurrent Neural Network. Proceedings of the 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), Sydney, NSW, Australia.","DOI":"10.1109\/ATNAC.2018.8615294"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1251","DOI":"10.1016\/j.procs.2020.04.133","article-title":"Performance Analysis of Machine Learning Algorithms in Intrusion Detection System: A Review","volume":"171","author":"Saranya","year":"2020","journal-title":"Procedia Comput. Sci."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"2287","DOI":"10.1007\/s11277-019-06986-8","article-title":"Machine Learning Based Intrusion Detection Systems for IoT Applications","volume":"111","author":"Verma","year":"2020","journal-title":"Wirel. Pers. Commun."},{"key":"ref_24","unstructured":"Ring, M., Wunderlich, S., Gruedl, D., Landes, D., and Hotho, A. (2020, May 11). Generation Scripts for the Coburg Intrusion Detection Data Sets (Cidds). Available online: https:\/\/github.com\/markusring\/CIDDS."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Zhiqiang, L., Mohi-Ud-Din, G., Bing, L., Jianchao, L., Ye, Z., and Zhijun, L. (2019, January 12\u201314). Modeling Network Intrusion Detection System Using Feed-Forward Neural Network Using UNSW-NB15 Dataset. Proceedings of the 2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE), Oshawa, ON, Canada.","DOI":"10.1109\/SEGE.2019.8859773"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"Breiman","year":"2001","journal-title":"Mach. Learn."},{"key":"ref_27","unstructured":"Yiu, T. (2020, May 15). Understanding Random Forest. Available online: https:\/\/towardsdatascience.com\/understanding-random-forest-58381e0602d2."},{"key":"ref_28","unstructured":"Cournapeau, D. (2020, May 15). Scikit-learn Documentation. Available online: https:\/\/scikit-learn.org\/."},{"key":"ref_29","unstructured":"Kain, N.K. (2020, May 26). Understanding of Multilayer Perceptron (MLP). Available online: https:\/\/medium.com\/@AI_with_Kain\/understanding-of-multilayer-perceptron-mlp-8f179c4a135f\/."},{"key":"ref_30","first-page":"315","article-title":"Deep Sparse Rectifier Neural Networks","volume":"Volume 15","author":"Gordon","year":"2011","journal-title":"Proceedings of Machine Learning Research, Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","article-title":"Long Short-Term Memory","volume":"9","author":"Hochreiter","year":"1997","journal-title":"Neural Comput."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"5929","DOI":"10.1007\/s10462-020-09838-1","article-title":"A Review on the Long Short-Term Memory Model","volume":"53","author":"Mosquera","year":"2020","journal-title":"Artif. Intell. Rev."},{"key":"ref_33","unstructured":"McGonagle, J., Williams, C., and Khim, J. (2020, May 12). Recurrent Neural Network. Available online: https:\/\/brilliant.org\/wiki\/recurrent-neural-network\/."},{"key":"ref_34","unstructured":"Olah, C. (2020, May 14). Understanding LSTM Networks. Available online: https:\/\/colah.github.io\/posts\/2015-08-Understanding-LSTMs\/."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"427","DOI":"10.1016\/j.ipm.2009.03.002","article-title":"A systematic analysis of performance measures for classification tasks","volume":"45","author":"Sokolova","year":"2009","journal-title":"Inf. Process. Manag."},{"key":"ref_36","unstructured":"D\u00f6ring, M. (2020, May 15). Performance Measures for Multi-Class Problems. Available online: https:\/\/www.datascienceblog.net\/post\/machine-learning\/performance-measures-multi-class-problems\/."},{"key":"ref_37","unstructured":"Oliphant, T. (2020, May 19). NumPy Documentation. Available online: https:\/\/numpy.org\/index.html."},{"key":"ref_38","unstructured":"McKinney, W. (2020, May 16). Pandas Documentation. Available online: https:\/\/pandas.pydata.org\/."},{"key":"ref_39","unstructured":"Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., Devin, M., Ghemawat, S., Irving, G., and Isard, M. (2016, January 2\u20134). TensorFlow: A System for Large-Scale Machine Learning. Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), Savannah, GA, USA."},{"key":"ref_40","unstructured":"Chollet, F. (2020, May 20). Keras Documentation. Available online: https:\/\/keras.io\/."},{"key":"ref_41","unstructured":"Hunter, J.D. (2020, May 19). Matplotlib Documentation. Available online: https:\/\/matplotlib.org\/."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Bisong, E. (2019). Google Colaboratory. Building Machine Learning and Deep Learning Models on Google Cloud Platform: A Comprehensive Guide for Beginners, Apress.","DOI":"10.1007\/978-1-4842-4470-8"}],"container-title":["Applied Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2076-3417\/11\/4\/1674\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:23:38Z","timestamp":1760160218000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2076-3417\/11\/4\/1674"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,13]]},"references-count":42,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,2]]}},"alternative-id":["app11041674"],"URL":"https:\/\/doi.org\/10.3390\/app11041674","relation":{},"ISSN":["2076-3417"],"issn-type":[{"value":"2076-3417","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,13]]}}}