Optimizing Intrusion Detection System (IDS) with Hybrid Random Forest and CNN-LSTM Models for Improved Accuracy and Efficiency

Numerous Security experts agree that Intrusion Detection Systems (IDS) are inevitable in securing computer networks, especially against malicious attacks such as Distributed Denial of Service (DDoS). Another limitation of traditional IDSs, which involve both signature-based and anomaly-based models, is that they cannot detect new attacks and often produce many false positives. Signature-based systems are effective only with known attack patterns and are ineffective against unknown ones. In contrast, false positives greatly affect anomaly-based systems due to their high sensitivity levels. In this research, we aim to enhance the accuracy and efficiency of DDoS attack detection by combining Random Forest (RF) and Convolutional Neural Network (CNN)-Long Short-Term Memory (LSTM) models with attention mechanisms, thereby optimizing Intrusion Detection Systems (IDS). The CICIDS2017 dataset is used to train the model, comprising 23,659 benign data points and 17,258 DDoS records. As Random Forest and CNN-LSTM demonstrate their interpretation and temporal feature extraction capabilities, respectively, the hybrid approach combines them based on attention mechanisms over essential features. Moreover, our proposed model outperforms traditional models. The hybrid model’s accuracy, precision, recall, and F1 score are 99.25%, 99.15%, 99.34%, and 99.24%, respectively. Compared to this, our standalone Random Forest model achieves an accuracy of 99.93%, and the CNN-LSTM with attention mechanism scores 99.25%. It can also detect with excellent capabilities, with an AUC of 0.9993. The integration of the attention mechanism significantly enhances the model's effectiveness in real-time intrusion detection. Finally, the future scalability of the model for more complex attack scenarios and real-world deployments is left for further work.