International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 12 Issue: 10 | Oct 2025
p-ISSN: 2395-0072
www.irjet.net
Attention Mechanism in CNN-LSTM for Improved Cloud Intrusion Detection Neethu B1, Dr. Sheena Mathew2 1Research Scholar, School of Engineering, CUSAT, Kerala, India 2Professor, School of Engineering, CUSAT, Kerala, India
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - — Cloud computing becomes backbone of
systems, though it is capable of detecting unknown attacks, but it often generates excessive false alarm rates due to dynamic behavior of cloud environments. So to reduce this disadvantages machine learning and deep learning models are considered to build adaptive and intelligent intrusion detection systems.
today’s digital ecosystem by offering scalable, flexible and costefficient computing resources to users. But, this rapid development has also increased its exposure to sophisticated cyber-attacks. Though Intrusion Detection Systems (IDS) can offer a critical line of defense, but existing solutions often fails to distinguish between normal fluctuations and actual malicious behavior, leading to reduced detection accuracy and higher false alarm rates.[1]. Traditional machine learning models depends mainly on manually framed features, while deep learning techniques such as CNN and LSTM, though they are more superior, still lack the ability to selectively focus on the most relevant features.
Machine Learning algorithms like Support Vector Machines, Random Forest and k-nearest algorithms has shown better performance but these models rely on manual feature selection and it cannot quickly adapt to complex traffic patterns in cloud. Deep Learning models in contrast successfully extract meaningful features from raw traffic data. Convolutional Neural Network (CNN) can effectively identify spatial relationships while Long Short Term Memory (LSTM) captures temporal dependencies across the traffic sequences. When these two models are combined CNN-LSTM hybrid models offers more comprehensive feature learning.
This paper presents an Attention-Enhanced CNN-LSTM framework for cloud intrusion detection. The CNN component extracts spatial traffic patterns, the LSTM captures temporal dependencies, and the attention layer highlights the most critical features influencing model decisions. Experiments are conducted on NSL-KDD and CICIDS2017 datasets which are popularly used. The experiments demonstrate that the proposed framework achieves higher detection accuracy, lower false alarm rates, and greater interpretability compared to conventional CNN-LSTM models. These findings show that integrating attention mechanisms into deep hybrid architectures is a promising direction toward reliable, realtime, and explainable cloud security systems.
One of the major limitations with all these models are most models treats all features uniformly. This will lead to suboptimal performance especially when there is noisy or overlapping traffic patterns are available. For addressing this disadvantage , attention mechanisms have been introduced which allows models to focus on most important features or time steps so as to improve precision and interpretability of the cloud security applications. The main contributions of this paper are:
Key Words: Cloud Computing, Deep Learning, Cloud Security, CNN, LSTM, Attention Mechanism, Intrusion Detection.
• A novel CNN-LSTM-Attention architecture designed specifically for cloud intrusion detection.
1. INTRODUCTION
• Evaluation of the model using benchmark datasets (NSL-KDD and CICIDS2017) to assess detection accuracy and false alarm rate.
Now a days Cloud computing has emerged as a technology that is undergoing continuous revolutions in today’s world across industries by offering scalable and on-demand access to the computing resources. Cloud is now supporting wide range of services which includes storing personal data and enterprises hosting applications. However, it is exposed to a growing number of security threats like Denial of Service(DDoS) attacks, insider attacks and zero-day vulnerabilities due to its open and distributed nature.
• A comparative performance study against CNN, LSTM, and CNN-LSTM baselines. In short, this paper demonstrates how integrating attention mechanisms within hybrid deep learning models can enhance both the performance and explainability of cloud intrusion detection systems.
A conventional signature-based intrusion detection system are efficient in detecting known attack patterns but often fails to identify new evolving attacks. But anomaly-detection
© 2025, IRJET
|
Impact Factor value: 8.315
Finally, complete content and organizational editing before formatting. Please take note of the following items when proofreading spelling and grammar:
|
ISO 9001:2008 Certified Journal
|
Page 829