{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T21:53:21Z","timestamp":1772574801470,"version":"3.50.1"},"reference-count":57,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2023,1,6]],"date-time":"2023-01-06T00:00:00Z","timestamp":1672963200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Electronics"],"abstract":"<jats:p>Companies seek to promote a swift digitalization of their business processes and new disruptive features to gain an advantage over their competitors. This often results in a wider attack surface that may be exposed to exploitation from adversaries. As budgets are thin, one of the most popular security solutions CISOs choose to invest in is Network-based Intrusion Detection Systems (NIDS). As anomaly-based NIDS work over a baseline of normal and expected activity, one of the key areas of development is the training of deep learning classification models robust enough so that, given a different network context, the system is still capable of high rate accuracy for intrusion detection. In this study, we propose an anomaly-based NIDS using a deep learning stacked-LSTM model with a novel pre-processing technique that gives it context-free features and outperforms most related works, obtaining over 99% accuracy over the CICIDS2017 dataset. This system can also be applied to different environments without losing its accuracy due to its basis on context-free features. Moreover, using synthetic network attacks, it has been shown that this NIDS approach can detect specific categories of attacks.<\/jats:p>","DOI":"10.3390\/electronics12020293","type":"journal-article","created":{"date-parts":[[2023,1,6]],"date-time":"2023-01-06T03:54:49Z","timestamp":1672977289000},"page":"293","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":36,"title":["Deep Learning Model Transposition for Network Intrusion Detection Systems"],"prefix":"10.3390","volume":"12","author":[{"given":"Jo\u00e3o","family":"Figueiredo","sequence":"first","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR), Instituto Universit\u00e1rio de Lisboa (ISCTE-IUL), 1600-189 Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4847-2432","authenticated-orcid":false,"given":"Carlos","family":"Serr\u00e3o","sequence":"additional","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR), Instituto Universit\u00e1rio de Lisboa (ISCTE-IUL), 1600-189 Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9519-4634","authenticated-orcid":false,"given":"Ana Maria","family":"de Almeida","sequence":"additional","affiliation":[{"name":"CISUC\u2014Center for Informatics and Systems of the University of Coimbra, 3004-531 Coimbra, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2023,1,6]]},"reference":[{"key":"ref_1","unstructured":"Company, M. (2020, October 01). Cybersecurity Trends: Looking over the Horizon. Available online: https:\/\/www.mckinsey.com\/capabilities\/risk-and-resilience\/our-insights\/cybersecurity\/cybersecurity-trends-looking-over-the-horizon."},{"key":"ref_2","unstructured":"Anderson, J.P. (1980). Computer Security Threat Monitoring and Surveillance. Technical Report James P Anderson Co Fort Washington Pa, Available online: https:\/\/docslib.org\/doc\/2332250\/computer-security-threat-monitoring-and-surveillance."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Denning, D.E. (1986, January 7\u20139). An intrusion-detection model. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.1986.10010"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1186\/s40537-020-00346-1","article-title":"Anomaly detection optimization using big data and deep learning to reduce false\u2014Positive","volume":"7","author":"Jallad","year":"2020","journal-title":"J. Big Data"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"tyab023","DOI":"10.1093\/cybsec\/tyab023","article-title":"Patching zero-day vulnerabilities: An empirical analysis","volume":"7","author":"Roumani","year":"2021","journal-title":"J. Cybersecur."},{"key":"ref_6","unstructured":"Wang, Y., Wong, J., and Miner, A. (2004, January 10\u201311). Anomaly intrusion detection using one class SVM. Proceedings of the Fifth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC, West Point, NY, USA."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Shum, J., and Malki, H.A. (2008, January 18\u201320). Network intrusion detection system using neural networks. Proceedings of the 4th International Conference on Natural Computation, ICNC 2008, Jinan, China.","DOI":"10.1109\/ICNC.2008.900"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Fang, X., and Liu, L. (2011, January 28\u201329). Integrating artificial intelligence into Snort IDS. Proceedings of the 2011 3rd International Workshop on Intelligent Systems and Applications, ISA 2011, Wuhan, China.","DOI":"10.1109\/ISA.2011.5873435"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1016\/j.patcog.2009.05.017","article-title":"A triangle area based nearest neighbors approach to intrusion detection","volume":"43","author":"Tsai","year":"2010","journal-title":"Pattern Recognit."},{"key":"ref_10","unstructured":"Dechter, R. (1986). Learning While Searching in Constraint-Satisfaction-Problems. Aaai, 178\u2013185."},{"key":"ref_11","unstructured":"(2022, October 01). NVIDIA CEO Bets Big on Deep Learning. Available online: https:\/\/venturebeat.com\/business\/nvidia-ceo-bets-big-on-deep-learning-and-vr\/."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Esmaily, J., Moradinezhad, R., and Ghasemi, J. (2015, January 26\u201328). Intrusion detection system based on Multi-Layer Perceptron Neural Networks and Decision Tree. Proceedings of the 2015 7th Conference on Information and Knowledge Technology, IKT 2015, Urmia, Iran.","DOI":"10.1109\/IKT.2015.7288736"},{"key":"ref_13","unstructured":"(2022, January 01). KDD CUP 99. Available online: https:\/\/www.kdd.org\/kdd-cup\/view\/kdd-cup-1999\/Data."},{"key":"ref_14","unstructured":"and Dua, M. (2019, January 12\u201314). Machine Learning Approach to IDS: A Comprehensive Review. Proceedings of the 3rd International Conference on Electronics and Communication and Aerospace Technology, ICECA 2019, Coimbatore, India."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Alalade, E.D. (2020, January 2\u201316). Intrusion Detection System in Smart Home Network Using Artificial Immune System and Extreme Learning Machine Hybrid Approach. Proceedings of the IEEE World Forum on Internet of Things, WF-IoT 2020\u2014Symposium Proceedings, New Orleans, LA, USA.","DOI":"10.1109\/WF-IoT48130.2020.9221151"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1109\/MNET.2018.1800074","article-title":"AI-Based Malicious Network Traffic Detection in VANETs","volume":"32","author":"Lyamin","year":"2018","journal-title":"IEEE Net."},{"key":"ref_17","first-page":"1085","article-title":"Machine Learning Techniques used for the Detection and Analysis of Modern Types of DDoS Attacks","volume":"4","author":"Sofi","year":"2017","journal-title":"Int. Res. J. Eng. Technol. (IRJET)"},{"key":"ref_18","unstructured":"Dennis, M.J.R., and Li, X. (2018). Machine-Learning and Statistical Methods for DDoS Attack Detection and Defense System in Software Defined Networks. [Master\u2019s Thesis, Ryerson University]."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Yang, L., and Zhao, H. (2018, January 16\u201318). DDoS attack identification and defense using SDN based on machine learning method. Proceedings of the 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018, Yichang, China.","DOI":"10.1109\/I-SPAN.2018.00036"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Alzahrani, A.O., and Alenazi, M.J.F. (2021). Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet, 13.","DOI":"10.3390\/fi13050111"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Rivas, P., Decusatis, C., Oakley, M., Antaki, A., Blaskey, N., Lafalce, S., and Stone, S. (2019, January 10\u201312). Machine Learning for DDoS Attack Classification Using Hive Plots. Proceedings of the 2019 IEEE 10th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference, UEMCON 2019, New York, NY, USA.","DOI":"10.1109\/UEMCON47517.2019.8993021"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Zhang, J., Liang, Q., Jiang, R., and Li, X. (2019). A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors. Appl. Sci., 9.","DOI":"10.3390\/app9214633"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","article-title":"Long Short-Term Memory","volume":"9","author":"Hochreiter","year":"1997","journal-title":"Neural Comput."},{"key":"ref_24","unstructured":"Mitchell, T.M. (1997). Machine Learning, McGraw-Hill."},{"key":"ref_25","unstructured":"Xu, K., Ba, J.L., Kiros, R., Cho, K., Courville, A., Salakhutdinov, R., Zemel, R.S., and Bengio, Y. (2015, January 6\u201311). Show, attend and tell: Neural image caption generation with visual attention. Proceedings of the 32nd International Conference on Machine Learning, ICML 2015, Lille, France."},{"key":"ref_26","unstructured":"Danko, Z. (2020, October 01). Neon Prescription. Or Rather, New Transcription for Google Voice. Available online: https:\/\/blog.google\/products\/google-voice\/neon-prescription-or-rather-new\/."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Stampar, M., and Fertalj, K. (2015, January 25\u201329). Artificial intelligence in network intrusion detection. Proceedings of the 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2015, Opatija, Croatia.","DOI":"10.1109\/MIPRO.2015.7160479"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Mirza, A.H., and Cosan, S. (2018, January 2\u20135). Computer network intrusion detection using sequential LSTM Neural Networks autoencoders. Proceedings of the 26th IEEE Signal Processing and Communications Applications Conference, SIU 2018, Izmir, Turkey.","DOI":"10.1109\/SIU.2018.8404689"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Alsyaibani, O.M.A., Utami, E., and Hartanto, A.D. (2021, January 25\u201326). An Intrusion Detection System Model Based on Bidirectional LSTM. Proceedings of the 3rd International Conference on Cybernetics and Intelligent Systems, ICORIS 2021, Makasar, Indonesia.","DOI":"10.1109\/ICORIS52787.2021.9649612"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Althubiti, S.A., Jones, E.M., and Roy, K. (2018, January 21\u201323). LSTM for Anomaly-Based Network Intrusion Detection. Proceedings of the 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), Sydney, NSW, Australia.","DOI":"10.1109\/ATNAC.2018.8615300"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Meira, J. (2018). Comparative Results with Unsupervised Techniques in Cyber Attack Novelty Detection. Proceedings, 2.","DOI":"10.3390\/proceedings2181191"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Le, T.T.H., Kim, Y., and Kim, H. (2019). Network intrusion detection based on novel feature selection model and various recurrent neural networks. Appl. Sci., 9.","DOI":"10.3390\/app9071392"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Zhang, L., Yan, H., and Zhu, Q. (2020, January 11\u201314). An Improved LSTM Network Intrusion Detection Method. Proceedings of the 2020 IEEE 6th International Conference on Computer and Communications, ICCC 2020, Chengdu, China.","DOI":"10.1109\/ICCC51575.2020.9344911"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Dey, A. (2020, January 14\u201317). Deep IDS: A deep learning approach for Intrusion detection based on IDS 2018. Proceedings of the 2020 13th International Conference on Developments in eSystems Engineering (DeSE), Liverpool, UK.","DOI":"10.1109\/STI50764.2020.9350411"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Amutha, S., Kavitha, R., Srinivasan, S., and Kavitha, M. (2022, January 28\u201329). Secure network intrusion detection system using NID-RNN based Deep Learning. Proceedings of the IEEE International Conference on Advances in Computing, Communication and Applied Informatics, ACCAI 2022, Chennai, India.","DOI":"10.1109\/ACCAI53970.2022.9752526"},{"key":"ref_36","unstructured":"(2022, October 01). UNSWNB18IDS. Available online: https:\/\/research.unsw.edu.au\/projects\/unsw-nb15-dataset."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Karanam, L., Pattanaik, K.K., and Aldmour, R. (2020, January 14\u201317). Intrusion Detection Mechanism for Large Scale Networks using CNN-LSTM. Proceedings of the International Conference on Developments in eSystems Engineering, DeSE, Liverpool, UK.","DOI":"10.1109\/DeSE51703.2020.9450732"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"65611","DOI":"10.1109\/ACCESS.2022.3183213","article-title":"Hybrid Optimization Enabled Robust CNN-LSTM Technique for Network Intrusion Detection","volume":"10","author":"Deore","year":"2022","journal-title":"IEEE Access"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Lee, J., Pak, J.G., and Lee, M. (2020, January 21\u201323). Network Intrusion Detection System using Feature Extraction based on Deep Sparse Autoencoder. Proceedings of the 2020 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, Republic of Korea.","DOI":"10.1109\/ICTC49870.2020.9289253"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"1803","DOI":"10.1109\/TNSM.2020.3014929","article-title":"Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection","volume":"18","author":"Injadat","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"104216","DOI":"10.1016\/j.engappai.2021.104216","article-title":"Supervised feature selection techniques in network intrusion detection: A critical review","volume":"101","author":"Galatro","year":"2021","journal-title":"Eng. Appl. Artif. Intell."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Abraham, J.A., and Bindu, V.R. (2021, January 8\u20139). Intrusion Detection and Prevention in Networks Using Machine Learning and Deep Learning Approaches: A Review. Proceedings of the 2021 International Conference on Advancements in Electrical, Electronics, Communication, Computing and Automation, ICAECA 2021, Coimbatore, India.","DOI":"10.1109\/ICAECA52838.2021.9675595"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"2480","DOI":"10.1109\/TNSM.2020.3024225","article-title":"Experimental Review of Neural-Based Approaches for Network Intrusion Management","volume":"17","author":"Mauro","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"4197","DOI":"10.1109\/TNSM.2021.3120804","article-title":"Network Abnormal Traffic Detection Model Based on Semi-Supervised Deep Reinforcement Learning","volume":"18","author":"Dong","year":"2021","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Pelletier, C., Webb, G.I., and Petitjean, F. Deep Learning For The Classification Of Sentinel-2 Image Time Series. In Proceedings of the IGARSS 2019\u20142019 IEEE International Geoscience and Remote Sensing Symposium, Yokohama, Japan, 28 July 2019\u20132 August 2019.","DOI":"10.1109\/IGARSS.2019.8900123"},{"key":"ref_46","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","volume":"1","author":"Sharafaldin","year":"2018","journal-title":"ICISSp"},{"key":"ref_47","unstructured":"(2022, October 01). Wireshark. Available online: https:\/\/www.wireshark.org\/."},{"key":"ref_48","unstructured":"CIC (2022, October 01). CICFlowMeter. Available online: https:\/\/www.unb.ca\/cic\/research\/applications.html#CICFlowMeter."},{"key":"ref_49","unstructured":"Learn, S.K. (2022, October 01). train_test_split. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.model_selection.train_test_split.html."},{"key":"ref_50","unstructured":"Kingma, D.P., and Ba, J. (2014). Adam: A Method for Stochastic Optimization. arXiv."},{"key":"ref_51","unstructured":"(2022, October 01). Flightsim. Available online: https:\/\/github.com\/alphasoc\/flightsim."},{"key":"ref_52","unstructured":"(2022, October 01). AlphaSOC. Available online: https:\/\/alphasoc.com\/\/."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Maglaras, L.A., Janicke, H., and Smith, R. Deep Learning Techniques for Cyber Security Intrusion Detection: A Detailed Analysis. In Proceedings of the 6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR), Bucharest, Romania, 10\u201312 September 2019.","DOI":"10.14236\/ewic\/icscsr19.16"},{"key":"ref_54","unstructured":"Nayyar, S., Arora, S., and Singh, M. (2000). Detection System. Computer Science and Communications Dictionary, Springer."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"70245","DOI":"10.1109\/ACCESS.2020.2986882","article-title":"AI-IDS: Application of Deep Learning to Real-Time Web Intrusion Detection","volume":"8","author":"Kim","year":"2020","journal-title":"IEEE Access"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Alin, F., Chemchem, A., Nolot, F., and Flauzac, O. (2020). Towards a Hierarchical Deep Learning. Machine Learning for Networking, Springer.","DOI":"10.1007\/978-3-030-45778-5_2"},{"key":"ref_57","unstructured":"(2022, October 01). MITRE ATT&CK. Available online: https:\/\/attack.mitre.org\/."}],"container-title":["Electronics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-9292\/12\/2\/293\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:01:17Z","timestamp":1760119277000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-9292\/12\/2\/293"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,6]]},"references-count":57,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2023,1]]}},"alternative-id":["electronics12020293"],"URL":"https:\/\/doi.org\/10.3390\/electronics12020293","relation":{},"ISSN":["2079-9292"],"issn-type":[{"value":"2079-9292","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,6]]}}}