DOI: 10.3390/fi18070345 ISSN: 1999-5903

A Hybrid CNN–LSTM Model for IoT Intrusion Detection: A Robustness Analysis Across Datasets

Amir Muhammad Hafiz Othman, Mohd Faizal Ab Razak, Ahmad Firdaus, Hamid Tahaei, Mehdi Gheisari

The rapid growth of Internet of Things (IoT) devices has led to security concerns due to increasing IoT attacks. Traditional intrusion detection systems (IDS) struggle to effectively detect attacks due to the evolving nature of threats and heterogeneous traffic patterns. Therefore, this study presents a structured and reproducible intrusion detection approach that integrates preprocessing and deep learning-based classification for binary detection in IoT networks. The datasets used are ToN_IoT and UNSW-NB15 datasets, which contain IoT network traffic data. This study deploys a meta-heuristic algorithm called Gray Wolf Optimizer (GWO) for feature selection. SMOTE is used for balancing the class sample, and MinMax and standard normalization for data scaling during preprocessing. A comparative analysis is performed across multiple deep learning models, including Convolutional Neural Network–Long Short-Term Memory (CNN–LSTM), Multi-Layer Perceptron (MLP), Deep Neural Network (DNN), Convolutional Neural Network (CNN), and Recurrent Neural Network (RNN). Results show that the CNN–LSTM model demonstrates strong performance consistency across datasets, achieving 99.68% and 92.05% accuracy on ToN_IoT and UNSW-NB15, respectively. Threshold sensitivity analysis reveals key detection and false-positive trade-offs for edge IDS. Through extensive performance evaluation and sensitivity analysis, this study highlights the importance of combining preprocessing, model evaluation, and threshold analysis for reliable IoT intrusion detection.

More from our Archive