An Explainable Hybrid Deep Learning Architecture for Real-Time Cyber Threat Detection in High-Speed Network Environments
Main Article Content
Abstract
The rapid expansion of digital infrastructures, cloud computing platforms, enterprise data centers, and interconnected smart systems has significantly transformed modern communication networks, resulting in high-speed environments that process vast volumes of heterogeneous data in real time. While such advancements enable scalability and operational efficiency, they also increase exposure to sophisticated cyber threats, including zero-day attacks, advanced persistent threats, ransomware campaigns, and encrypted malicious traffic. Traditional intrusion detection systems, particularly signature-based models, are limited in their ability to identify novel or evolving attacks. Although anomaly-based detection mechanisms offer improved adaptability, many conventional machine learning approaches struggle to capture complex spatial-temporal dependencies inherent in high-speed network traffic. In recent years, deep learning techniques have demonstrated promising capabilities in automatically extracting hierarchical representations from large datasets; however, most deep learning models operate as opaque black-box systems, limiting interpretability, transparency, and operational trust. This lack of explainability poses significant challenges for security analysts who require clear reasoning behind automated decisions for compliance, auditing, and incident response purposes.
In response to these challenges, this study proposes an explainable hybrid deep learning architecture designed specifically for real-time cyber threat detection in high-speed network environments. The proposed framework integrates convolutional neural networks for spatial feature extraction with long short-term memory networks for modeling sequential traffic behavior, enhanced by an attention mechanism that assigns adaptive importance weights to relevant features. To address interpretability concerns, the model incorporates explainable artificial intelligence techniques that provide feature attribution insights and decision transparency. The research evaluates the proposed architecture using standard intrusion detection datasets and rigorous performance metrics, including accuracy, precision, recall, F1-score, area under the ROC curve, and false positive rate. Experimental findings demonstrate that the hybrid model achieves superior detection performance compared to standalone machine learning and deep learning approaches while simultaneously offering interpretable outputs aligned with domain knowledge. The results suggest that combining spatial-temporal deep learning mechanisms with explainability modules can significantly enhance both performance and trustworthiness in next-generation intrusion detection systems deployed within high-speed network infrastructures.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
Ahmad, Z., Shahid Khan, A., Shiang, C.W., Abdullah, J. and Ahmad, F., 2021. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), p.e4150.
Aljawarneh, S., Aldwairi, M. and Yassein, M.B., 2018. Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, pp.152–160.
Alom, M.Z., Taha, T.M., Yakopcic, C., Westberg, S., Sidike, P., Nasrin, M.S., Van Esesn, B.C., Awwal, A.A.S. and Asari, V.K., 2019. A state-of-the-art survey on deep learning theory and architectures. Electronics, 8(3), p.292.
Apruzzese, G., Colajanni, M., Ferretti, L., Guido, A. and Marchetti, M., 2018. On the effectiveness of machine and deep learning for cyber security. Proceedings of IEEE International Conference on Cyber Conflict, pp.371–390.
Bach, S., Binder, A., Montavon, G., Klauschen, F., Müller, K.R. and Samek, W., 2015. On pixel-wise explanations for non-linear classifier decisions by layer-wise relevance propagation. PLoS ONE, 10(7), pp.1–46.
Berman, D.S., Buczak, A.L., Chavis, J.S. and Corbett, C.L., 2019. A survey of deep learning methods for cyber security. Information, 10(4), p.122.
Breiman, L., 2001. Random forests. Machine Learning, 45(1), pp.5–32.
Brownlee, J., 2018. Deep Learning for Time Series Forecasting. Melbourne: Machine Learning Mastery.
Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), pp.1153–1176.
Chandola, V., Banerjee, A. and Kumar, V., 2009. Anomaly detection: A survey. ACM Computing Surveys, 41(3), pp.1–58.
Chen, C., Bridges, R.A., Kahl, M.L., Iannacone, M.D., Goodall, J.R. and Beyah, R., 2018. Detecting cyber threats with deep learning. IEEE Security & Privacy, 16(4), pp.36–45.
Chen, T. and Guestrin, C., 2016. XGBoost: A scalable tree boosting system. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp.785–794.
Cho, K., Van Merriënboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H. and Bengio, Y., 2014. Learning phrase representations using RNN encoder–decoder for statistical machine translation. EMNLP, pp.1724–1734.
Cortes, C. and Vapnik, V., 1995. Support-vector networks. Machine Learning, 20(3), pp.273–297.
Doshi, R., Apthorpe, N. and Feamster, N., 2018. Machine learning DDoS detection for consumer Internet of Things devices. IEEE Security and Privacy Workshops, pp.29–35.
Goodfellow, I., Bengio, Y. and Courville, A., 2016. Deep Learning. Cambridge: MIT Press.
Gu, J., Wang, Z., Kuen, J., Ma, L., Shahroudy, A., Shuai, B. and Chen, T., 2018. Recent advances in convolutional neural networks. Pattern Recognition, 77, pp.354–377.
Hochreiter, S. and Schmidhuber, J., 1997. Long short-term memory. Neural Computation, 9(8), pp.1735–1780.
Kim, G., Lee, S. and Kim, S., 2014. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications, 41(4), pp.1690–1700.
Kingma, D.P. and Ba, J., 2015. Adam: A method for stochastic optimization. International Conference on Learning Representations.
Lecun, Y., Bengio, Y. and Hinton, G., 2015. Deep learning. Nature, 521(7553), pp.436–444.
Lundberg, S.M. and Lee, S.I., 2017. A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems, 30, pp.4765–4774.
Mirsky, Y., Doitshman, T., Elovici, Y. and Shabtai, A., 2018. Kitsune: An ensemble of autoencoders for online network intrusion detection. Network and Distributed System Security Symposium, pp.1–15.
Moustafa, N. and Slay, J., 2015. UNSW-NB15: A comprehensive data set for network intrusion detection systems. Military Communications and Information Systems Conference, pp.1–6.
Paszke, A., Gross, S., Massa, F., Lerer, A., Bradbury, J. and Chanan, G., 2019. PyTorch: An imperative style, high-performance deep learning library. Advances in Neural Information Processing Systems, 32, pp.8026–8037.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B. and Grisel, O., 2011. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12, pp.2825–2830.
Ring, M., Wunderlich, S., Grüdl, D., Landes, D. and Hotho, A., 2019. A survey of network-based intrusion detection data sets. Computers & Security, 86, pp.147–167.
Sharafaldin, I., Lashkari, A.H. and Ghorbani, A.A., 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization. International Conference on Information Systems Security and Privacy, pp.108–116.
Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L. and Gomez, A., 2017. Attention is all you need. Advances in Neural Information Processing Systems, 30, pp.5998–6008.
Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P. and Venkatraman, S., 2019. Deep learning approach for intelligent intrusion detection system. IEEE Access, 7, pp.41525–41550.
Yin, C., Zhu, Y., Fei, J. and He, X., 2017. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, pp.21954–21961.
Zhang, J., Zulkernine, M. and Haque, A., 2008. Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, 38(5), pp.649–659.