LSTM-AU: Dynamic Thresholding and Explainable Autoencoding for Cyber Defense

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Contact

International Journal of Multidisciplinary Studies and Innovative Technologies
Cilt: 9 Sayı: 2
LSTM-AU: Dynamic Thresholding and Explainable Autoencoding for Cyber Defense

LSTM-AU: Dynamic Thresholding and Explainable Autoencoding for Cyber Defense

Authors : Omar Gwassi, Ali Tariq Kalil Al-khayyat, Osman Nuri Uçan

Pages : 215-226

View : 73 | Download : 657

Publication Date : 2025-11-30

Article Type : Research Paper

Abstract :Intrusion Detection Systems (IDS) are essential for securing networks today; nevertheless, many systems still exhibit issues such as redundancy of features, fixed thresholding, and a lack of interpretability. In this paper, we present a hybrid anomaly detection approach including Long Short-Term Memory Autoencoder (LSTM-AE), adaptive thresholding, and feature attribution. The LSTM-AE allows modelling of long-term temporal dependencies in network traffic while applying filtering to paradoxically include unnecessary traffic noise and redundancy for proper anomaly detection. The adaptive thresholding is capable of recalibrating to changes in traffic patterns that ultimately mitigate false alarms more accurately. Lastly, by incorporating the Shapley value-based attribution, the model\\\'s predictions can be explained by using the aspect of traffic that is most pertinent. he empirical exploration we present on the benchmark datasets demonstrates the effectiveness of the DeepShield model architecture: on CIC-IDS2017, the accuracy was 98.9%, with precision of 98.7%, recall of 98.5%, and F1-score of 98.6%, outperforming LSTM, CNN, and Random Forest baselines; on UNSW-NB15, the score was 95.6 accuracy, with precision of 95.3, recall of 95.0, and F1-score of 95.1, outperforming other competing measures. Based on these additional capabilities shown through the Shapley-based attribution, we can conclude that DeepShield achieves state-of-the-art detection effectiveness while translating the model into a space that is more interpretable, which makes it deployable in enterprise and industrial security that is highly reliant on the defendable integrity of networks.
Keywords : Saldırı Tespiti, LSTM Otokodlayıcı, Anomali Tespiti, Uyarlanabilir Eşikleme, Yorumlanabilirlik

ORIGINAL ARTICLE URL

* There may have been changes in the journal, article,conference, book, preprint etc. informations. Therefore, it would be appropriate to follow the information on the official page of the source. The information here is shared for informational purposes. IAD is not responsible for incorrect or missing information.