Received 6 October 2023, accepted 31 December 2023, date of publication 5 January 2024, date of current version 2 February 2024.

Digital Object Identifier 10.1109/ACCESS.2024.3350197

EESNN: Hybrid Deep Learning Empowered

Spatial–Temporal Features for Network
Intrusion Detection System
JALAIAH SAIKAM AND KOTESWARARAO CH , (Member, IEEE)
School of Computer Science and Engineering, VIT-AP University, Amaravati 522237, India
Corresponding author: Koteswararao Ch ([email protected])

ABSTRACT Intrusion detection systems (IDS) are crucial to network security by identifying and stopping
harmful actions. The network intrusion data are blended into many typical instances due to the dynamic and
time-varying networking surroundings. This leads to a lack of instances for training models and detection
outcomes with a high false detection rate. In response to the data imbalance issue, we provide a network
intrusion detection (NIDS) technique that combines deep networks and hybrid sampling. With the help of
the Difficult Set Sampling Technique (DSSTE) algorithm, we first reduce the noise samples in the majority
category before applying Deep Convolutional Generative Adversarial Networks (DCGANs) to boost the
minority sample size. Additionally, we create a deep network model using DenseNet169 to extract spatial
characteristics and Self Attention-based Transformer (SAT-Net) to extract temporal features. This technique
accurately extracts the distinctive characteristics of the data. Finally, we employed the Enhanced Elman
Spike Neural Network (EESNN) to classify the attack categories. We undertake experiments on the more
recent and comprehensive intrusion datasets BOT-IOT, ToN-IoT, and CICIDS2019 to validate the suggested
technique. Results indicate that our suggested system outperforms comparable works regarding accuracy,
false alarm rate, recall, and precision.

INDEX TERMS Intrusion detection system (IDS), difficult set sampling technique (DSSTE) algorithm, deep
convolutional generative adversarial networks (DCGANs), DenseNet 169, self attention based transformer
(SAT-Net).
I. INTRODUCTION have already been committed, making them vulnerable to
Computerized tasks and decision-making issues have attack plans that are constantly changing and developing.
recently noticed a rise in deep learning (DL) applications. These methods became increasingly inadequate and imprac-
Critical infrastructure fields like autonomous vehicles, com- tical as network traffic grew exponentially. Compared to
puter security, and health have all become more dependent standard Intrusion detection systems (IDS) (IDS), anomaly-
on machine learning models. These techniques attracted based methods for detection are more adaptable and offer
much attention once deep learning (DL) was introduced more effective ways in massive volume data, which appeals
because they performed exceptionally well in ML tasks. to researchers. Anderson developed anomaly identification
Deep learning demonstrated its potential in recent studies in in IDS in 1980, and the suggested approach was system
security domains, including malware detection and intrusion monitoring to find anomalies. Since then, numerous methods
detection systems (NIDS). NIDS aims to identify malicious for implementing anomaly-based IDS have been created.
and benign activity when detecting network threats. Network Some of these methods rely on computing, data mining,
traffic is continuously analyzed by NIDS, both inbound and statistics, machine learning, cognition, or user intention
outbound. NIDS can be classified as either signature-based authentication, among other things. Machine learning has
or rule-based. These methods primarily rely on data from demonstrated the ability to distinguish between regular and
prior attacks. They can only identify malicious patterns that anomalous traffic, making it one of the strategies employed
for anomaly identification. Traditional Machine Learning
The associate editor coordinating the review of this manuscript and
(ML) models (shallow learners), however, are unable to
approving it for publication was Chuan Li. deliver the efficiency required due to the rise in network

2024 The Authors. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.
15930 For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/ VOLUME 12, 2024
J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

traffic and assault types. DL methods, a subset of machine A. MACHINE LEARNING-BASED NIDS
learning, are currently utilized in NIDS to satisfy this enor- IDSs were presented using a variety of methods for machine
mous demand. Investigations have demonstrated that because learning. IDSs are created as detectors to distinguish between
deep learning can extract metadata from enormous volumes regular and aberrant traffic.
of data, it is superior to conventional ML models at spotting An optimized multi-stage ML-based NIDS framework was
anomalies. Deep Neural Network (DNN), Convolutional presented by Injadat et al. [21] for NIDS assessment. To cate-
Neural Network (CNN), Long Short-Term Memory (LSTM), gorize the assault categories, K-nearest neighbors (KNN) and
and Recurrent Neural Network (RNN) are instances of deep Random Forest (RF) algorithms were used. The Tree Parzen
learning-based techniques utilized in NIDS. Estimator (TRE) is used to optimize the hyperparameters.
Deep learning-based NIDSs have demonstrated an According to findings from the experiments, when contrasted
enhancement over machine learning approaches and greater with other optimization strategies, the Bayesian Optimiza-
accuracy. However, because of class imbalances in the bench- tion using Tree Parzen Estimator (BO-TPE-RF) optimized
mark datasets, they cannot detect assaults with lower traffic. RF classifier had higher detection accuracy. Data sampling
Modern benchmark datasets for intrusion detection include and selecting features are the two components of the hybrid
class imbalances; the regular traffic is significantly higher data optimization method that Ren et al. [22] present as
than the traffic from attacks. Some assaults are more common the basis for an efficient IDS they name DO_IDS. Isolation
than others, regardless of the many kinds of attacks. This Forest (iForest) was employed to remove outliers from data
makes the NIDS less effective overall and makes it more sampling, the sample ratio was optimized using genetic algo-
challenging to identify some sorts of attacks. A poorer per- rithms (GA), and the optimal training set was found using the
formance is indicated by a higher false alarm rate and a lower Random Forest (RF) classifiers as the assessment criterion.
detection rate. Although uneven data has a detrimental impact To choose the best feature subset, GA and RF are addi-
on how well NIDS can identify attacks, this issue has not tionally applied. The model outperforms other algorithms
received sufficient attention in recent NIDS research. at spotting unusual anomalous behavior. A network attack
detection technique integrating flow calculations and deep
A. NOVEL CONTRIBUTION learning was suggested by Zhang et al. [23]. A technique for
This study intends to tackle the problem of class imbalances categorization based on the Deep Belief Network (DBN) and
to increase the NIDS’s ability to identify minority classes. Support Vector Machine (SVM) (DBN-SVM) and a real-time
The following constitutes the study’s main contribution: detection approach based on flow computations and frequent
• In this study, a hybrid sampling strategy is suggested as a patterns make up the approach. Real-time detection is made
solution to the issue of data imbalance. We decrease the possible via sliding window (SW) stream data processing,
samples from the majority using the DSSTE technique and effectiveness in categorization can be increased with the
and increase the samples from the minority using the DBN-SVM method. Additionally, it performs detection better
DCGAN model. than the conventional method.
• The DenseNet 169 model extracts spatial characteristics
and an self-Attention-based Transformer (SAT-Net) to B. DEEP LEARNING BASED ON NIDS
retrieve temporal features. This subsection includes a detailed description of recent stud-
• Finally, we employed the Enhanced Elman Spike Neural ies that tackle network attack detection utilizing DL-based
Network (EESNN) to classify the attack categories. NIDS approaches, including the methodology and measures
An algorithm with superior categorization efficiency taken to tackle the issue of network attack categorization.
was obtained after training. The XGBoost-DNN approach, which Devan and Khare [7]
• The analysis showed that the suggested approach out- presented, uses the XGBoost approach for selecting fea-
performed earlier approaches when using the BOT-IOT, tures before classifying network incursion using deep neural
ToN-IoT, and CICIDS 2019 datasets for attack detection. networks (DNN). Normalization, feature selection, and cate-
gorization are the three stages of the XGBoost-DNN model.
B. PAPER OUTLINE The Softmax classifier was employed to categorize net-
This research has the following format. Some of the rele- work intrusions. The suggested approach fared better than
vant NIDS work is described in part 2 of the report. The the dataset’s previous shallow approaches. Su et al. [24]
categorization detection technique suggested in this paper introduced the network anomaly recognition framework BAT
is described in Part 3. The dataset utilized in this study is algorithm to address the issues of insufficient precision and
described in part 4, along with the experimental findings and feature development in intrusion detection. The vector of the
dataset analysis. The article’s conclusions and future scope flow network, comprised of vectors in the packet produced
are provided in part 5. by the suggested approach and employed to identify the
key characteristics of network traffic, was screened using an
II. RELATED WORKS attention mechanism. To further incorporate the local aspects
The study of NIDS is receiving a growing amount of attention of the traffic data, it utilizes numerous layers of convolu-
as the requirement to identify breaches of networks increases. tional neural networks. The softmax model is employed to

VOLUME 12, 2024 15931

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

categorize network traffic. The outcomes of the investigation tion. Additionally, only a few studies examined a frequently
show that our approach performs superior to the other tech- ignored metric: the frameworks’ temporal complexity.
niques used for comparisons. Elmasry et al. [25] introduced a
twofold Particle Swarm Optimization (PSO)-based technique III. PROPOSED METHODOLOGY
to choose the feature subset and the hyperparameters in a The raw data is initially processed using hybrid sampling to
single step. In this article, we used DBN, an ensemble of achieve balance. Then, it goes through data normalization
LSTM-RNN and DNN, to give a thorough empirical inves- and other preprocessing to tackle the issue of the flow of
tigation of network intrusion detection. A double PSO-based network data and the extensive nature of the characteristics.
metaheuristic approach was used to pre-train those models. A deep hierarchical network model is finally employed for
The bottom level automatically determines the vector of categorization. The suggested network intrusion detection
hyperparameters optimized for optimum accuracy over the model’s specifics are divided into four phases.
smaller dataset. To identify the temporal and spatial char- The effectiveness of the categorization model is impacted
acteristics of network traffic data and to create an improved by the unbalanced distribution of network traffic data. As a
IDS, Sun et al. [26] developed a DL-IDS. This method uses result, this paper uses the Difficult Set Sampling Tech-
a hybrid network composed of CNN and LSTM. DL-IDS nique (DSSTE) algorithm to reduce the majority sample size
improved the robustness by using a category weight optimiza- while removing noise, followed by the Deep Convolutional
tion approach to lessen the impact of an imbalanced amount Generative Adversarial Networks (DCGANs) algorithm to
of instances of various assault kinds in the model’s sample set enhance the minority sample size. These two approaches
on the effectiveness of the algorithm. are combined to create a balanced data collection. Due to
the intricate structure of network transmission data’s fea-
C. LIMITATIONS OF RELATED WORK tures, the spatial and temporal characteristics of the data are
The earlier presented models have several drawbacks, extracted using a deep hierarchical network model developed
although numerous previous research within the field specif- by DenseNet 169 and SAT-Net to increase classification
ically addressed the intrusion detection issue. For instance, efficiency. Finally, the Enhanced Elman Spike Neural Net-
many of these studies don’t tackle the issue that frequently work (EESNN) is employed to classify the attack categories.
arises in intrusion detection datasets. Additionally, rather The framework for the Proposed Methodology is shown in
than applying a systematic methodology, the training sam- Figure 1.
ple size is frequently chosen randomly. The usage of dated
datasets like NLS KDD99 also places restrictions on them. A. DATA BALANCING
Furthermore, the published results are frequently confirmed Network traffic data exhibits a typical data imbalance cat-
using only one dataset instead of several. Only a few studies egorization issue, with a significant proportion of regular
employed more than one strategy when considering using traffic and a small proportion of anomalous traffic. While
diverse techniques to optimize hyper-parameter optimiza- some majority classes’ prediction accuracy improves when

FIGURE 1. Framework for proposed methodology.

15932 VOLUME 12, 2024

J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

the overall error is decreased, minority classes’ prediction and the samples in the set as accessible instances because
accuracy is frequently relatively poor. For this purpose, the samples in the near-neighbor set are quite comparable,
we ensemble two approaches: DSSTE and DCGAN. making it difficult for the method to learn the differences
among the groups. Next, we enlarge the minority sample for
1) DIFFICULT SET SAMPLING TECHNIQUE (DSSTE) the challenging set.
ALGORITHM
Various traffic kinds of data have comparable appearances 2) DEEP CONVOLUTIONAL GENERATIVE ADVERSARIAL
in an unbalanced network, making it challenging for the NETWORKS (DCGANS)
model to distinguish among them during training. Minority The structure includes two full DCGANs, each with a single
attacks, in particular, may be hidden among regular traffic. generator and two discriminators. We substitute a softmax
Repetitive noise data is the dominant class in the comparable function for the final layer of discriminators to distinguish
samples of the unbalanced training data set. The system different item kinds and provide the class’s likelihood. Then,
that classifies cannot learn the proportions of the minority the remaining values in the direction reflect odds that the
class due to the quantity being considerably more signifi- instances provided were genuine and that they correspond
cant than the class in the minority. Thus, we compressed to a particular group. When calculating the loss function of
the majority class. While there are variations in continuous the generator, we consider the average value of the modifi-
attributes, the minority category’s discrete traits stay constant. cations and alter the loss functionality of the discriminators
Consequently, the continuous qualities of the minority class to account for the modifications. The two discriminators
are magnified to create data that follows the actual distribu- are jointly trained to perform semi-supervised learning, and
tion. Therefore, we suggest the DSSTE strategy to balance the precise steps in every training around are listed below:
things out. We dubbed the samples in the group as challenging Initially, we use the sample Labeled for training the two

FIGURE 2. Framework of DCGANs.

VOLUME 12, 2024 15933

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

discriminators, followed by every discriminator to individ- While upgrading the connections of the discriminator
ually anticipate the labeling of the unidentified instances. and generator simultaneously, the networks are enhanced.
When specific requirements are met, we choose the highly Because of this, the discriminator and generator may differ-
confident affirmative sample. Architecture diagram is repre- entiate the sample being input from the final sample more
sented in Figure 2. precisely.

3) THE FRAMEWORK Algorithm DSSTE Approach

A deconvolution neural network serves as the generator, tak- Input: G is considered as imbalanced data for training, P is
ing a random vector as input and producing synthetic data represented as a Factor for Scaling
that closely resembles the actual thing by learning its prop- Output: SN denotes the set of training data
erties. A superior CNN discriminates in DCGANs, which Differentiate the complex and easy set
will receive both fake and accurate data. An integer between Take all instances from S and set it as SE
0 and 1 is the discriminator’s result; if the input data is For every instances ∈ SE do
accurate, the resulting value moves toward 1, but if the raw Evaluate its K nearest neighbors
data is fake, it moves toward 0. The training method will Eliminate instances in SE where K-nearest neighbors have the
help to strengthen both the discriminator and the generator. most examples of another category.
The results of the D are changed with a function in the End for
softmax, and the classification system is then made a standard Easy set SE , complex set SD = S − SE
predictor for classifying numerous object kinds. This process Compress the samples in the majority for a complex set
improves the discriminators’ ability to distinguish between Take all the majority samples from the set
different object types. The framework has the term multi- Employing the coordinates
output-DCGANs. The initial input x for the D, the randomly Compressed the majority of samples
generated vector z, includes a consistent noise distribution Zoom augmentation
Pz(z) and G(z). Take a minority sample, discrete attributes, continuous
elj attributes, and label attributes.
Pj = Pk+1 , j ∈ {1, 2, . . . , k + 1} (1) End for
i=1 elj
New training set
A genuine portion of data will be distinguished as one of the
previous k classes, while a fraudulent piece of data will be
distinguished. The DCGAN function of loss is expressed as:
B. PRE-PROCESSING
L = −Ey,x−Pdata (x, y) {D(y|x, y < n + 1)} To enhance the compilation and usage of the knowledge in a
− Ex−G(z) {D(y|G(z), y = n + 1} (2) given dataset, the data ranges are altered during data prepara-
tion. Among the dataset’s greatest and minimum range, there
In our framework, the discriminator’s neurons with outputs is a significant contrast change. Data normalization helps
have grown. D (y/x) now indicates a loss function rather than an approach during this procedure by easing its challenges.
the likelihood that the input is actual data, indicating a more While using the categorization of neural network methods,
complex situation. data normalization has more impact. Due to input normaliza-
X
D(y|x) = − y′i log(pi ) (3) tion, the neural network will speed up training if it acquires a
i back-propagation strategy, at this point, it will become fully
Pi denotes the likelihood that the input sample corresponds to efficient.
the anticipated class, where y0 is referred to as the anticipated
class. y and y0 are one hot vector; it should be recognized. 1) DATA CLEANING
Xk Data redundancy, noise, errors, and unwanted observations
D(y|x, y < k + 1) = − y′ log(pi ) (4)
i=1 are eliminated from the dataset using data cleaning tech-
Consider that every training process contains m data inputs is niques. This process can only proceed with processing the
upgraded by climbing its stochastic gradient: relevant data.
1 Xm h i
D x|y′ , x < n + 1 + D(x|G(hi ), x = n + 1)


∇θd 2) NORMALIZATION FUNCTION
m i=1
(5) A significant part of the normalizing function is data scaling,
which transforms the net value of the data among [1, 1]
The random gradient of the generator is upgraded while and [0, 1] using a minimum and maximum technique. The
descending: normalizing formula is provided by the following equation.
1 Xm  
∇θd D y|G(H i ), x = n + 1 (6) d − dMIN
m i=1 I= (7)
dMAX − dMIN

15934 VOLUME 12, 2024

J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

The expression I in Equation. (7) represents the input that calculated as follows:
has been transformed. The term dMAX dMIN correspondingly X
corresponds to the maximum and minimum values. The d C(Xi ) s(X )h(Xj ) (8)
j
indicates real value.
While i denoted the initial position where the outcome was
obtained, j denoted all positions within the identical appear-
C. FEATURE EXTRACTION ance functions s estimated a scalar indicating the relationship
Reducing the number of characteristics or dimensions in a among the intensity of the signal during the present i location
set of data is done by FE. It seeks to minimize information as well as at any point j, and operate h estimated an illustration
loss while extracting the valuable and pertinent information of the signal being input at all establish j. This meant that
dispersed throughout the raw input features and projecting only signals from regions pertinent to the present location
it into a smaller number of characteristics. To create a deep influenced the signal at that location, and the significance
network model, we employ a DenseNet 169 for extracting and strength of the signals from farther places affected the
spatial characteristics and a Self Attention-based Transformer contribution. After that, the outcome was normalized using
(SAT-Net) to retrieve temporal features. the factor C(Xi ) while
X
C(Xi ) = s(X ) (9)
1) SPATIAL FEATURE EXTRACTION BY ENHANCED CAPSULE j
NETWORK
Given that systems that modeled long-distance relationships
Data is effectively performed using the most efficient net- were discovered to be responsive to the selection, the parame-
work, including Deep Convolutional Networks. It produces ters s and h were determined with a certain level of flexibility.
effective results since different pooling and convolutional For the sake of simplicity, h in this study was specified as a
layers are present in this network. The gradient diminishing linear function.
problem is solved by using the DenseNet model. This model
connects all the layers with the exact feature sizes. This h(Xj ) (10)
feature extractor network approach effectively retrieves the
Additionally, s was specified as an embedded Gaussian func-
critical relevant features. The 169-layer densely connected
tion since the choice of a Gaussian function to determine how
CNN DenseNet-169, which had previously been trained,
comparable (or relevant) Xi and Xj are a natural one:
was used to carry out the procedure for extracting features.
s(X )ϕ(Xi )
T θ (X
This method was developed using a large, publicly available j )(Wi )(wj ) (11)
dataset. One convolution and pooling layer, three transition
layers, and four dense layers are used in the DenseNet-169 The weighted vectors Wf, Wg, and were used in this instance.
model. Three by three max pooling and seven by seven They were learned during the network’s training. Addition-
convolutions with stride two are used after the first convo- ally, according to the attention layer, residual learning was
lutional layer. The network contains all three sets, with the used.
transition layer located before every dense block in the middle
of every set. Direct connections are provided to the network αY (12)
among any two layers to establish the dense connectivity that The maps of features from the preceding convolution layer,
DenseNet is designed for. To do this, the maps of features which collected local data, comprised one part of the result
from the previous layers must be concatenated. However, of the attention by itself layer (Zi), while the self-attention
because CNN frameworks are used to down-sample maps of illustrations, which gave non-local information, made up the
features, the DenseNet framework is separated into multiple other. A scale parameter discovered during testing in the
densely connected blocks, as was previously discussed. outcome harmonized the inputs from local and non-local
To break down these big blocks, there are layers called sources. A convolutional network-like pattern of learning was
transition layers. Every transition layer has three layers: a displayed by the SAT-Net when it was initially set to 0. During
1 × 1 convolutional layer, a 2 × 2 average pooling layer, and efficiency, the self-attention layers progressively came into
a batch normalization layer with a stride of 2. Each block play as they increased, resulting in a seamless transition to
has two convolution layers, with four thick blocks in total the distinctive self-attention CNN. This enabled the practi-
size: 1 × 1 for the first layer and 3 × 3 for the second layer. cal usage of information from widely distant geographical
With sizes of 6, 12, 32, and 32, the DenseNet-169 architecture locations by allowing the attention layer to be integrated
features four dense blocks. effortlessly.

2) TEMPORAL FEATURE EXTRACTION BY SAT-NET 3) DATA CONSISTENCY ENFORCEMENT

The maps of features collected from the previous CNN layer Though the self-attention CNN result offered good estima-
were used to derive the self-attention maps within every tions for the k-space correlations at each data point, it might
convolution block. By focusing on each point in identical data be more precise to swap out the predictions made by the
with a varied weight, the attention value at that position was system with measurements taken at the data points collected.

VOLUME 12, 2024 15935

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

(2) (1)
X X
This was included in the Root Mean Squared Error (RMSE) netj (n) = Win∗inv × yi (n)+ Wcon∗inv
i k
loss function within the deep learning architecture. (3)
r × yk (n); k = 1 . . . .9 (21)
Xn 
∥z∥2 (13) (2)
where S(netj (n)) indicated, the function in the sigmoid,
i=1
(1) (3)
Zi was the expected data with consistent data enacted, while yi (n), yk (n) represents the data from the input and hidden
(2)
xi was the thoroughly sampled data. Zi was developed by layer and yj (n) represents the outcome of the layer that is
n  o hidden.
IFT d ki , k̂i (14) Next, nodes in the context of the level are denoted by
equations for the layer.
where ki stands for the observed k-space data, kl for the
(3) (3) (2)
anticipated k-space data derived from the system’s expec- yk (n) = αyk (n − 1) + yj (n − 1) (22)
tations at the present repetition, and h for the information’s
integrity enforcer function. The Fourier transformation of the Take into account that denotes α self-connecting feedback
network’s outcome, as indicated by k̂i , was the anticipated gain that updates in the context layer to accomplish precise
k-space data k. malware classification. Each and every layer-to-layer link
in the EESNN is composed of a group with a comparable
k̂ = FT (f (XZF|θ )) (15) number of synaptic terminals. Weight and delay are specific
to each sub-connection. There are two input neurons in the
D. ENHANCED ELMAN SPIKE NEURAL NETWORK single-layered EESNN that make up the hidden layer, and
(EESNN) BASED CLASSIFICATION there are only two neurons that provide output. The result of
After the characteristic extraction procedure, the extracted the layer’s nodes is depicted as, at the conclusion of the output
characteristics are fed into the Enhanced Elman Spike Neural layer.
Network (EESNN) classification. This type of partial recur- (4) (4) (4)
rent spike neural network model modifies the EESNN using yl (n) = fl (netl (n)) (23)
basic Elman NN. The hidden layer, input layer, context layer, (4)
fl Indicate the parameter that is controlled by the presented
and output layer are typically made topology of an Elman
EESNN approach,
neural network. Employing a positive-feedback process, the
(4) (2)
X
context layer stores the hidden layer’s previous outputs while netl (n) = Winv∗out × yj (n) (24)
j
containing self-feedback with adjustable gain. Because of
its small weight, the EESN is well-suited for computing- wherein winv∗out denotes the neural weights that associate
intensive applications found in embedded systems and edge the layer that is hidden outputs to neurons. The network
devices. The input layer and nodes are displayed as follows is modifying the connection’s statistics. The equation that
in equation (16) follows is used to improve the final stage of categorization:
(1) (1) (1) y y
yi (m) = fi (neti (m)); i = 1 (16) Winv∗out (Time + 1) = Winv∗out (Time) − η.δf .NS y (25)
(1) (1)
Let neti (m) = ei (m) : n represents the nth iteration, While η indicates the learning rate, and ‘Time’ is the unit
(1) (1) of time. In this, the threshold value of the neurons exam-
ei (m) as input, yi (m) as an outcome of the initial layer.
EESNN dynamics is labeled in eqn (17)-(19), ines the IDS categorization in every neuron’s spike in the
given time interval ‘‘Time.’’ This indicates that the con-
NS(y) = NLF(Wcon∗inv NScon (y), Win∗inv input(y)) sidered neurons’ threshold value may effectively classify
(17) malware from normal. Membrane potential g is categorized
NSConv (y) = α(y)NScon (y − 1) + W ∗ NS(y − 1) (18) into particular malware groups if it surpasses a specific
threshold value. The following equation can be used to com-
output(y + 1) = Winv∗out NS(y) (19)
pute the neurons’ delta function, which is denoted by the
where NLF(.) is a non-linear function that describes how symbol δf.
EESNN is categorized and presented, The input and output Error
are implied by output (y), respectively. For the hidden and δf = PNiv PNoD y ∂input
(26)
context layers, the state node vector represents NS(y) and i=1 y=1 Winv∗out ∂Time
NSCon(y), respectively. The terms ‘‘win∗inv ’’ and ‘‘wcon∗inv ’’ The subsequent formula (27), which calculates the difference
represents neurons linked the data layer weights to the between the final neuron’s
interred layers, ‘‘stands for self-connecting feedback gain,
and ‘‘winv∗out ’’ stands for neurons weighted the levels of Error = tfDST − TimeNLF
f (27)
invisible to out.
where tfDST indicates the duration of a neuron’s spike
A formula expresses the node in the layer that is hidden.
TimeNLF
f stands for the result of a neuron’s actual spike
(2) (2)
yj (n) = S(netj (n)); j = 1, . . . 9 (20) timing.

15936 VOLUME 12, 2024

J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

FIGURE 3. Class distribution of proposed datasets.

IV. RESULT AND DISCUSSIONS TABLE 2. Attack detection on the ToN-IoT dataset.
This study compares the effectiveness of mathematical
models for learning and oversampling from both sets of
contrasting experiments to verify simulation results. The
three widely used data sets for network intrusion detection,
BOT-IOT, ToN-IoT, and CICIDS2019, have been tested,
simulated, and verified. To more thoroughly assess the
algorithm’s effectiveness, we compared it to other novel
intrusion detection methods already in use.
A. EXPERIMENTAL SETUP
The simulation setup and the experiment used for this paper
were programmed in Python 3.7. The experimental setup is
shown in Table 1.

TABLE 1. Environmental setup.

B. DATASET DESCRIPTION
We consider the three openly accessible intrusion detection
datasets widely used in earlier publications.
BOT-IOT Dataset: The most recent data set available is this
one. It combines simulated and real-world settings and more
than 72 million recordings. Although there are four types of
attacks, DoS and DDoS-type packets make up the majority of
the data set.
ToN-IoT Dataset: Advanced Computing and Communica-
tions Society (ACCS) recently released a diverse dataset in
2019. It has used the network traffic component gathered over FIGURE 4. Detection rate of ToN-IoT dataset.
an IoT ecosystem, which is primarily comprised of attack
instances with a ratio of 796,380 benign flows to 21,542,641 two separate days for training and testing analyses. The class
attack flows, for a total of 22,339,021 flows. It had 44 original distribution of the proposed dataset is shown in Figure 3.
features that were taken off using the Bro-IDS tool.
CICIDS2019 Dataset: Several DDoS attacks in this collec- C. PERFORMANCE MEASURES
tion may be carried out utilizing TCP/UDP network proto- The paper employs five fundamental evaluation indicators:
cols. This dataset employs exploitation- and reflection-based precision, detection rate, accuracy, and false alarm rate.
invasions to categorize intrusions. Over 80 flow attributes Based on the confusion matrix’s four fundamental proper-
are included in the collection. The dataset was acquired on ties, the accuracy rate and false alarm rate are calculated.

VOLUME 12, 2024 15937

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

FIGURE 5. Performance evaluation on TON-IOT dataset (a) accuracy, precision, recall, and f1-score comparison (b) FPR comparison.

FIGURE 6. Confusion matrix for ToN-IoT dataset.

In this equation, TP stands for the number of specimens The percentage of genuine assault records vs. expected
that are initially assaulted and anticipated to be assaulted, assault data is known as precision.
FP for the number of instances that are thought to be assault
instances but are initially normal samples, FN for the num- TP
PRE = (29)
ber of instances that are anticipated to be normal samples FP + TP
but are initially attack samples, and TN for the number of
instances that are initially typical and anticipated to be typical The ‘‘detection rate’’ is the proportion of genuine assaulted
instances. instances initially identified in the data set as attacks, and
The accuracy rate is employed to gauge how accurately the it is a crucial indicator of how well the NIDS can identify
framework predicts the future. attacks.

TN + TP TP
ACC = (28) REC = (30)
Nn + Np Np

15938 VOLUME 12, 2024

J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

TABLE 3. Performance evaluation on ToN-IoT dataset. TABLE 4. Attack detection on BOT-IOT dataset.

It seeks to quantify the proportion of benign situations mis-

classified as suspicious.
(Pre ∗ Rec)
  
F − Score = 2 ∗ ∗ 100 (31)
(Prec + Rec)

1) # EXPERIMENT 1( EVALUATION ON TON-IOT DATASET)

In this subsection, we investigate the performance of our
presented dataset, ToN-IoT. The ToN-IoT dataset contains
various attack categories such as password, Scanning, ran-
somware, injection, MITM, DoS, backdoor, DDos, XSS and
benign. Table 2 shows the ToN-IoT dataset attack detection FIGURE 7. Performance of DR.
rate.
In the context of intrusion detection or any situation where
accurately. However, NIDS evaluation often involves con-
you want to identify specific events among a more exten-
sidering other metrics, such as false positives, precision,
sive set of data, the detection rate, also known as the ‘‘hit
and false positive rate, to get a comprehensive view of the
rate’’ or ‘‘sensitivity,’’ refers to the proportion of actual posi-
NIDS’s performance. Achieving a balance between high
tive instances that were correctly identified by the classifier.
detection rates and low false positives is often challeng-
The detection rate of the ToN-IoT dataset is represented in
ing in NIDS deployment. However, our proposed approach
Figure 4. All attack categories gain above 98% detection rate.
gains a superior detection rate performance, as shown
Table 3 represents the data detection.
in Figure 7.
The multi-class classification of the TON-IOT dataset is
The BOT-IOT multi-class classification is shown in
shown in Figure 5. Accuracy ratings are higher than 99% for
Figure 8 and table 5. In most of the classes, accuracy ratings
every class. The effectiveness of the presented approach is
are higher than 99%. The proposed approach performs better
greater to that of prior approaches.
than those that are already in use.
The effectiveness of a classification model is assessed
using a confusion matrix, and it shows the relationship
TABLE 5. Performance evaluation on BOT-IOT dataset.
between predicted classes and actual classes. Normalizing the
data typically refers to scaling the features to a standard scale,
which can improve the performance. The confusion matrix
for the ToN-IoT dataset is represented in Figure 6.

2) # EXPERIMENT 2( EVALUATION ON BOT-IOT DATASET)

The BoT-IoT dataset, which includes multi-class, DoS,
DDoS, reconnaissance, and normal records, was employed
in the suggested model. Over 99% accuracy was attained
using an 80-20 data split between training and testing. Table 4 The confusion matrix is used to assess the performance of
represents the BOT-IOT data detection. your classification model in terms of how well it predicts the
The detection rate is an essential metric for evaluat- classes based on the actual outcomes. In the BOT-IOT dataset,
ing the performance of NIDS because it directly measures the prediction performance was better than others,as shown in
its ability to identify and respond to network intrusions Figure 9.

VOLUME 12, 2024 15939

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

FIGURE 8. Performance evaluation on BoT-IoT dataset (a) accuracy, precision, recall, and f1-score comparison (b) FPR comparison.

FIGURE 9. Confusion matrix for BOT-IOT dataset.

3) # EXPERIMENT 3( EVALUATION ON outperforms that of the already used approaches. The CICIDS
CICIDS 2019 DATASET) 2019 dataset multi-class classification is shown in Figure 11
In this subsection, we investigate the performance of our and table 7.
presented dataset, CICIDS 2019. The CICIDS 2019 dataset Figure 12 displays the confusion matrix for the CICIDS
contains various attack categories such as DDos_NetBIOS, 2019 test dataset. The Figure indicates significantly fewer
DDos_DNS, DDOS_SYN, DDOS_UDP-Lag, DDOS normal observations in the test dataset than in attack
_WebDDos, DDos_LDAP, DDOS_TFTP, DDos_MSSQL, evaluations.
DDos_DNS, DDOS_SSDP and benign. Table 6 shows the
CICIDS 2019 dataset attack detection rate.
Similarly, in the CICIDS 2019 dataset, the detection rate 4) # EXPERIMENT 4 (EVALUATION OF OVERALL
was superior. The evaluation performance of DR is shown in PERFORMANCES)
Figure 10. This section compares the suggested strategy to those already
For every attack category, accuracy ratings are higher used while analyzing various datasets. The proposed method
than 99%. The effectiveness of the suggested approach is contrasted with relevant earlier publications.
15940 VOLUME 12, 2024
J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

TABLE 6. Attack detection on the CICIDS 2019 dataset. TABLE 7. Performance evaluation on the CICIDS2019 dataset.

TABLE 8. Overall classification approaches performances.

the CNN approach was suggested by [31]. The effective-

FIGURE 10. Detection rate performance in the CICIDS 2019 dataset. ness of the technology has been substantially hampered by
noise. From the overall effectiveness, our proposed approach
The author of [27] presented a CNN and LSTM ensem- yields greater performances. And also it tackles the draw-
ble solution for NIDS. The goal of the suggested strategy back obtained from existing papers which is shown in
is to increase the rate of intrusion detection accuracy. The table 8.
disadvantage of the suggested approach is that simulations A comparison of data balancing approaches is shown
with high fidelity were challenging to maintain and expensive in Figure 13. While using data balancing approaches, the
to execute analytically. The DNN-CNN ensemble technique proposed approach yields superior performances.
was proposed by [28]. The main goal of the suggested
approach is to make intrusion detection warnings easier to 5) # EXPERIMENT 5 (EVALUATION OF TRAINING AND
interpret and explain. The categorization of multiple classes TESTING)
was not supported. The graph illustrates the benefits of using the strategy pro-
The author [29] used the IGAN technique to solve the posed in the paper. In Figure 14, training and testing loss
data imbalance issue. When compared to other ways, the functions and training and testing accuracy are depicted. The
one described produces better results. Less training data had prepped training set is used to train the proposed algorithm
an impact on the accuracy of detection of intrusions. The for 100 epochs during the training phase. There has been
author suggested An LSTM technique [30] to improve secu- established a 0.1 learning rate.
rity and privacy. Both security and privacy were improved.
Inability to manage various industrial CPSs in different D. DISCUSSIONS
domains. The suggested solution outperforms existing alter- Developing an efficient IDS that can discriminate among
natives in terms of privacy and security. For achieving the legitimate and malicious traffic is the main goal of the
optimum effectiveness and high-efficiency range in IDS, research. The complexity of cyber-security issues has

VOLUME 12, 2024 15941

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

FIGURE 11. Performance evaluation on CICIDS 2019 dataset (a) accuracy, precision, recall, and f1-score comparison (b) FPR comparison.

FIGURE 12. Confusion matrix for the CICIDS 2019 dataset.

increased due to the daily discovery of new attacks, and To effectively categorize IDS, we used hybrid approaches
traditional intrusion detection systems have a high false alarm in our study. Using the DCGAN model, we enhance the
rate that leads security analysts to overlook malicious attacks number of samples from the minority and decrease the
and leaves the system open to attack of any kind. The data instances from the majority utilizing the DSSTE technique.
utilized for training intrusion systems is deemed outdated The model’s framework allowed us to achieve the aim of
and comprises redundant data, leading to inadequate train- providing a low accuracy, high rate of detection models uti-
ing and an inefficient process for training and evaluating lizing the Enhanced Elman Spike Neural Network (EESNN).
systems. Recently, investigators are currently working on Data normalization and data cleaning were among the pre-
deep learning-based IDS. According to recent studies, deep processing operations carried out on the datasets. Deciding
learning performs better than traditional learning techniques which features are optimal for model training. The first
when it comes to categorizing received traffic in massive DenseNet 169 layer received the output for spatial extraction
data sets and continuously attacking environments, as well of features, followed by the SAT-Net layer for temporal data
as identifying malicious traffic. extraction, and the FC layer for categorization. Contrasting

15942 VOLUME 12, 2024

J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

this study. As a result, we could only use a smaller portion of

the dataset that we had extracted. Because the data was raw,
we had to perform the necessary preprocessing steps in order
to replace any missing values and clean up the dataset. Hybrid
algorithm application for intrusion detection is a relatively
new idea, so the viability of the implementation and the diffi-
culties with the solution depended on a number of variables.
For instance, in the case of a hybrid design, the two models
of neural networks are unable to reach a state of equilibrium
if the real and fake data is too far apart. When this happens,
DSSTE won’t be able to generate data that is fake. Addition-
ally, using the DSSTE approach also known as failure modes
makes it difficult to control the diversity of synthetic sample
creation. In these situations, the same kind of assault samples
are produced, which makes it difficult for the algorithm to
FIGURE 13. Comparison of with and without data balancing approaches.
pick up on the traits and behaviors of the assault class.

V. CONCLUSION
with other approaches, presented approach obtains greater
performances. The demand for NIDS is growing as network intrusion
continues to change. Cyberspace security is significantly
E. LIMITATIONS threatened by IDS’s difficulties in predicting the dispersion
Due to the high computing demands of machine learning, of malicious attacks, which is precisely a challenge brought
large/multiple datasets may necessitate the use of effective on by unbalanced network traffic. First, we generate a bal-
GPUs with sufficient storage capacity. To address the prob- anced dataset for model training by combining DSSTE and
lem, we introduced an approach based on deep learning in DCGANs. The system’s training time can be shortened, and

FIGURE 14. Evaluation of training and testing (Accuracy and loss) (a) BoT-IoT dataset (b) TON-IOT dataset (c) CICIDS
2019 dataset.

VOLUME 12, 2024 15943

 J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

it partially addresses the issue of insufficient training from [10] Y. N. Rao and K. S. Babu, ‘‘An imbalanced generative adversarial
imbalanced inputs. Additionally, a network data preparation network-based approach for network intrusion detection in an imbalanced
dataset,’’ Sensors, vol. 23, no. 1, p. 550, Jan. 2023.
technique for complicated multidimensional cyber threats is [11] M. J. Idrissi, H. Alami, A. El Mahdaouy, A. El Mekki, S. Oualil,
developed and is compatible with the suggested deep network Z. Yartaoui, and I. Berrada, ‘‘Fed-ANIDS: Federated learning for
framework. Next, extract the input data using the DenseNet anomaly-based network intrusion detection systems,’’ Expert Syst. Appl.,
vol. 234, Dec. 2023, Art. no. 121000.
169 and SAT-Net created hierarchical network model. The [12] F. E. Ayo, S. O. Folorunso, A. A. Abayomi-Alli, A. O. Adekunle, and
model automatically extracts characteristics through repet- J. B. Awotunde, ‘‘Network intrusion detection based on deep learning
itive multi-level learning using deep learning’s remarkable model optimized with rule-based hybrid feature selection,’’ Inf. Secur. J.,
A Global Perspective, vol. 29, no. 6, pp. 267–283, Nov. 2020.
properties. Finally, the Enhanced Elman Spike Neural Net-
[13] S. M. Sohi, J.-P. Seifert, and F. Ganji, ‘‘RNNIDS: Enhancing network intru-
work (EESNN) is employed to improve the performance. sion detection systems through deep learning,’’ Comput. Secur., vol. 102,
While differentiated with existing state-of-the-art models, Mar. 2021, Art. no. 102151.
the proposed approach yields 99.89% accuracy, 99.87% [14] M. Pawlicki, M. Choraś, and R. Kozik, ‘‘Defending network intrusion
detection systems against adversarial evasion attacks,’’ Future Gener. Com-
precision, and 99.42% recall. put. Syst., vol. 110, pp. 148–154, Sep. 2020.
[15] K. S. Babu and Y. N. Rao, ‘‘MCGAN: Modified conditional generative
A. FUTURE SCOPE adversarial network (MCGAN) for class imbalance problems in network
Results from the provided IDS in this research are promising. intrusion detection system,’’ Appl. Sci., vol. 13, no. 4, p. 2576, Feb. 2023.
Still, it is possible to raise the identification rates of minority [16] K. S. Babu and Y. N. Rao, ‘‘A study on imbalanced data classification
for various applications,’’ Revue d’Intelligence Artificielle, vol. 37, no. 2,
classes even more, allowing this study to be expanded upon. pp. 517–524, Apr. 2023.
The accuracy of DR can be increased even further by utilizing [17] M. D. Moizuddin and M. V. Jose, ‘‘A bio-inspired hybrid deep learning
various data resampling methods and, multiple combinations model for network intrusion detection,’’ Knowl.-Based Syst., vol. 238,
Feb. 2022, Art. no. 107894.
of the oversampling and under-sampling methods and various [18] T. Su, H. Sun, J. Zhu, S. Wang, and Y. Li, ‘‘BAT: Deep learning
architectures for deep learning. This research can also be tried a double-layered hybrid approach for network intrusion detection sys-
with other additional unbalanced IDS datasets. tem using combined naive Bayes and SVM,’’ IEEE Access, vol. 9,
pp. 138432–138450, 2021.
Future work will involve combining several hybrid
[19] A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi, and
deep-learning methods and assessing the outcomes. Addi- R. Ahmad, ‘‘CNN-LSTM: Hybrid deep neural network for network intru-
tionally, several techniques for balancing data will be sion detection system,’’ IEEE Access, vol. 10, pp. 99837–99849, 2022.
assessed. Along with these, the proposed solution will be [20] N. Wang, Y. Chen, Y. Xiao, Y. Hu, W. Lou, and Y. T. Hou, ‘‘MANDA:
On adversarial example detection for network intrusion detection system,’’
immediately applied to the traffic on the network in the IEEE Trans. Dependable Secure Comput., vol. 20, no. 2, pp. 1139–1153,
context of big data. Mar. 2023.
[21] M. Injadat, A. Moubayed, A. B. Nassif, and A. Shami, ‘‘Multi-stage opti-
ACKNOWLEDGMENT mized machine learning framework for network intrusion detection,’’ IEEE
The authors declare that this manuscript is original, has not Trans. Netw. Service Manage., vol. 18, no. 2, pp. 1803–1816, Jun. 2021.
[22] J. Ren, J. Guo, W. Qian, H. Yuan, X. Hao, and H. Jingjing, ‘‘Building
been published before and is not currently being considered an effective intrusion detection system by using hybrid data optimization
for publication elsewhere. based on machine learning algorithms,’’ Secur. Commun. Netw., vol. 2019,
pp. 1–11, Jun. 2019.
REFERENCES [23] H. Zhang, Y. Li, Z. Lv, A. K. Sangaiah, and T. Huang, ‘‘A real-time
[1] M. Mehmood, T. Javed, J. Nebhen, S. Abbas, R. Abid, G. R. Bojja, and ubiquitous network attack detection based on deep belief network
and M. Rizwan, ‘‘A hybrid approach for network intrusion detection,’’ and support vector machine,’’ IEEE/CAA J. Autom. Sinica, vol. 7, no. 3,
Comput., Materials Continua, vol. 70, no. 1, pp. 91–107, 2022. pp. 790–799, May 2020.
[2] Y. Song, S. Hyun, and Y.-G. Cheong, ‘‘Analysis of autoencoders for [24] T. Su, H. Sun, J. Zhu, S. Wang, and Y. Li, ‘‘BAT: Deep learning methods
network intrusion detection,’’ Sensors, vol. 21, no. 13, p. 4294, Jun. 2021. on network intrusion detection using NSL-KDD dataset,’’ IEEE Access,
[3] J. O. Mebawondu, O. D. Alowolodu, J. O. Mebawondu, and vol. 8, pp. 29575–29585, 2020.
A. O. Adetunmbi, ‘‘Network intrusion detection system using supervised [25] W. Elmasry, A. Akbulut, and A. H. Zaim, ‘‘Evolving deep learning
learning paradigm,’’ Sci. Afr., vol. 9, Sep. 2020, Art. no. e00497. architectures for network intrusion detection using a double PSO meta-
[4] M. Sarhan, S. Layeghy, and M. Portmann, ‘‘Towards a standard feature heuristic,’’ Comput. Netw., vol. 168, Feb. 2020, Art. no. 107042.
set for network intrusion detection system datasets,’’ Mobile Netw. Appl., [26] P. Sun, P. Liu, Q. Li, C. Liu, X. Lu, R. Hao, and J. Chen, ‘‘DL-IDS:
vol. 27, no. 1, pp. 357–370, Feb. 2022. Extracting features using CNN-LSTM hybrid network for intrusion detec-
[5] K. S. Babu and Y. N. Rao, ‘‘Improved monarchy butterfly optimiza- tion system,’’ Secur. Commun. Netw., vol. 2020, pp. 1–11, Aug. 2020.
tion algorithm (IMBO): Intrusion detection using mapreduce framework [27] S. Al and M. Dener, ‘‘STL-HDL: A new hybrid network intrusion detection
based optimized ANU-Net,’’ Comput., Mater. Continua, vol. 75, no. 3, system for imbalanced dataset on big data environment,’’ Comput. Secur.,
pp. 5887–5909, 2023. vol. 110, Nov. 2021, Art. no. 102435.
[6] H. Jia, J. Liu, M. Zhang, X. He, and W. Sun, ‘‘Network intrusion detection
[28] J. Liu, Y. Gao, and F. Hu, ‘‘A fast network intrusion detection system
based on IE-DBN model,’’ Comput. Commun., vol. 178, pp. 131–140,
using adaptive synthetic oversampling and LightGBM,’’ Comput. Secur.,
Oct. 2021.
[7] P. Devan and N. Khare, ‘‘An efficient XGBoost-DNN-based classification vol. 106, Jul. 2021, Art. no. 102289.
model for network intrusion detection system,’’ Neural Comput. Appl., [29] S. Huang and K. Lei, ‘‘IGAN-IDS: An imbalanced generative adversarial
vol. 32, no. 16, pp. 12499–12514, Aug. 2020. network towards intrusion detection system in ad-hoc networks,’’ Ad Hoc
[8] H. Wang, Z. Cao, and B. Hong, ‘‘A network intrusion detection system Netw., vol. 105, Aug. 2020, Art. no. 102177.
based on convolutional neural network,’’ J. Intell. Fuzzy Syst., vol. 38, no. 6, [30] N. Gupta, V. Jindal, and P. Bedi, ‘‘LIO-IDS: Handling class imbalance
pp. 7623–7637, Jun. 2020. using LSTM and improved one-vs-one technique in intrusion detection
[9] G. De Carvalho Bertoli, L. A. P. Júnior, O. Saotome, A. L. Dos Santos, system,’’ Comput. Netw., vol. 192, Jun. 2021, Art. no. 108076.
F. A. N. Verri, C. A. C. Marcondes, S. Barbieri, M. S. Rodrigues, [31] H. Zhang, L. Huang, C. Q. Wu, and Z. Li, ‘‘An effective convolutional
and J. M. P. De Oliveira, ‘‘An end-to-end framework for machine neural network based on SMOTE and Gaussian mixture model for intru-
learning-based network intrusion detection system,’’ IEEE Access, vol. 9, sion detection in imbalanced dataset,’’ Comput. Netw., vol. 177, Aug. 2020,
pp. 106790–106805, 2021. Art. no. 107315.
15944 VOLUME 12, 2024
J. Saikam, K. Ch: EESNN: Hybrid DL Empowered Spatial–Temporal Features for Network IDS

JALAIAH SAIKAM received the B.Tech. degree KOTESWARARAO CH (Member, IEEE) received
in computer science and engineering from the B.Tech. degree from Acharya Nagarjuna Uni-
JNTUH Hyderabad, Hyderabad, in 2008, and versity, in 2004, the M.Tech. degree in CSE from
the M.Tech. degree in computer science and JNTU Kakinada Campus, in 2009, and the Ph.D.
engineering from JNTUK Kakinada, Kakinada, degree in computer science and engineering from
in 2011. He is currently pursuing the Ph.D. degree NIT Tiruchirappalli, Tamil Nadu, India, in 2021.
with VIT-AP University, Amaravati, Vijayawada, He is currently working as an Assistant Profes-
Andhra Pradesh. He has ten years of teaching sor with the School of Computer Science and
experience and he attended many national work- Engineering at VIT-AP University. He has more
shops/FDPs/seminars. He has published several than 17 years of experience, including 11 years
research papers in journals and conferences. His research interests include of teaching and six years of research. He has published several research
machine learning, deep learning, computer networks, and cyber security. papers in reputed journals and conferences. He is a CRSI Life-Time Member.
His research interests include cryptography, information security, secure
algorithms, and cyber security.

VOLUME 12, 2024 15945