APPLICATION AND PERFORMANCE EVALUATION OF A HYBRID CNN+LSTM MODEL FOR ANOMALY DETECTION IN CYBERSECURITY

Abstract

The article formulates an anomaly detection methodology that is resilient against modern cyber threats, operates with high precision, and ensures proactive defense. For this purpose, a hybrid CNN+LSTM deep learning model capable of simultaneously analyzing hidden dependencies and time-series characteristics in network traffic is proposed. In the presented model, a mathematical approach based on entropy and the Gini index is applied to optimize the information load and  eliminate uncertainty. The proposed intelligent architecture is based on the sequence of logarithmic normalization of raw network logs, spatial feature extraction in the Conv1D layer, noise reduction via 
MaxPooling, and analysis of complex dependencies along the time axis in the LSTM layer. To prevent the risk of model overfitting, an adaptive Dropout regularisation is integrated into the architecture. The effectiveness of the developed hybrid architecture was simulated and tested on the  internationally recognised NSL-KDD  and CICIDS2017  datasets. Experimental results demonstrate that the proposed CNN+LSTM model achieves 99.2% Precision, 98.6% Recall, and 98.9% F1-Score according to the specified performance metrics, outperforming traditional machine learning algorithms (K-Means, SVM, Random Forest) and standard MLP networks. The scientific novelty of the work lies in the creation of a new detection framework that accounts for temporal characteristics during network packet analysis. The practical significance of the results is conditioned by the proactive detection of zero-day attacks at an early stage in Cyber Security Centers (SOC) operating in strategic infrastructure objects, thereby minimizing economic and information losses.