An Attention-Enhanced CNN–RBF Framework for Network Intrusion Detection in Imbalanced Traffic

Fabrice Kabura; Thierry Nsabimana

doi:10.62411/jcta.15419

Authors

Fabrice Kabura African Institute for Mathematical Sciences (AIMS-Senegal)
Thierry Nsabimana University of Burundi

DOI:

https://doi.org/10.62411/jcta.15419

Keywords:

Anomaly Detection, Attention mechanisms, CNN–RBF Model, Cybersecurity Analytics, Hybrid Deep Learning, Internet of Things Security, Network Intrusion Detection, Network Traffic Analysis

Abstract

The increasing complexity and scale of modern network traffic driven by IoT and cloud-based infrastructures have made accurate intrusion detection a critical challenge. Conventional network intrusion detection systems (NIDS) and many deep learning–based approaches struggle to reliably detect minority and stealthy attacks due to severe class imbalance and limited discrimination of subtle traffic patterns. To address these limitations, this study proposes a hybrid CNN–RBF–Attention framework for network intrusion detection. The proposed model integrates three complementary components: (i) a convolutional neural network for hierarchical feature extraction from network flow data, (ii) a radial basis function (RBF) network for localized nonlinear classification using prototype-based decision regions, and (iii) an attention mechanism that adaptively weights RBF activations to emphasize discriminative traffic patterns. SMOTE is applied exclusively to the training data to mitigate class imbalance. The framework is evaluated on the widely used CICIDS2017 and CICIDS2018 benchmark datasets in both binary and multiclass settings, using recall, precision, F1-score, confusion matrices, and ROC analysis. Experimental results demonstrate that the proposed hybrid model consistently outperforms standalone CNN and RBF baselines, particularly in terms of recall and F1-score. On the CICIDS2018 dataset, the model achieves 99.81% accuracy and 99.81% F1-score in binary classification, and 99.54% accuracy and 99.54% F1-score in multiclass classification. On CICIDS2017, it achieves 98.12% accuracy and 98.12% F1-score in binary classification, and 98.92% accuracy and 98.92% F1-score in multiclass classification. Confusion matrix and ROC analyses further show strong class separability and reliable performance in low–false-positive-rate regions, which is critical for real-world IDS deployment. These results confirm that combining deep hierarchical feature learning, localized prototype-based classification, and attention-guided refinement yields a robust, operationally reliable intrusion detection framework for highly imbalanced network environments.

Author Biographies

Fabrice Kabura, African Institute for Mathematical Sciences (AIMS-Senegal)

Data Science Program, African Institute for Mathematical Sciences (AIMS-Senegal), Mbour-Thiès 23000, Sénégal

Thierry Nsabimana, University of Burundi

Institute of Applied Statistics (ISTA), University of Burundi, Bujumbura, Burundi

References

E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, “CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment,” Sensors, vol. 23, no. 13, p. 5941, Jun. 2023, doi: 10.3390/s23135941.

Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, “A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions,” Electronics, vol. 12, no. 6, p. 1333, Mar. 2023, doi: 10.3390/electronics12061333.

M. A. Rahman, G. A. Francia, and H. Shahriar, “Leveraging GANs for Synthetic Data Generation to Improve Intrusion Detection Systems,” J. Futur. Artif. Intell. Technol., vol. 1, no. 4, pp. 429–439, Feb. 2025, doi: 10.62411/faith.3048-3719-52.

A. A. Hammad and F. T. Jasim, “Adaptive Cyber Defense using Advanced Deep Reinforcement Learning Algorithms: A Real-Time Comparative Analysis,” J. Comput. Theor. Appl., vol. 2, no. 4, pp. 523–535, Apr. 2025, doi: 10.62411/jcta.12560.

F. Erlacher and F. Dressler, “On High-Speed Flow-Based Intrusion Detection Using Snort-Compatible Signatures,” IEEE Trans. Dependable Secur. Comput., vol. 19, no. 1, pp. 495–506, Jan. 2022, doi: 10.1109/TDSC.2020.2973992.

Vasudev Karthik Ravindran, Sharad Shyam Ojha, and Arvind Kamboj, “A Comparative Analysis of Signature-Based and Anomaly-Based Intrusion Detection Systems,” Int. J. Latest Technol. Eng. Manag. Appl. Sci., vol. 14, no. 5, pp. 209–214, Jun. 2025, doi: 10.51583/IJLTEMAS.2025.140500026.

M. B. Umair et al., “A Network Intrusion Detection System Using Hybrid Multilayer Deep Learning Model,” Big Data, vol. 12, no. 5, pp. 367–376, Oct. 2024, doi: 10.1089/big.2021.0268.

G. Singh and M. Bansal, “Robust and Scalable Deep Learning Framework for Anomaly Detection in Large-Scale Network Security Systems,” Int. J. Intell. Syst. Appl. Eng., vol. 12, no. 17S, 2024, doi: 10.17762/ijisae.v12i17s.7685.

M. A. Talukder et al., “Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction,” J. Big Data, vol. 11, no. 1, p. 33, Feb. 2024, doi: 10.1186/s40537-024-00886-w.

A. Yulianto, P. Sukarno, and N. A. Suwastika, “Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset,” J. Phys. Conf. Ser., vol. 1192, p. 012018, Mar. 2019, doi: 10.1088/1742-6596/1192/1/012018.

V. Hnamte and J. Hussain, “DCNNBiLSTM: An Efficient Hybrid Deep Learning-Based Intrusion Detection System,” Telemat. Informatics Reports, vol. 10, p. 100053, Jun. 2023, doi: 10.1016/j.teler.2023.100053.

Y. Xiao, C. Xing, T. Zhang, and Z. Zhao, “An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks,” IEEE Access, vol. 7, pp. 42210–42219, 2019, doi: 10.1109/ACCESS.2019.2904620.

C. Asuai et al., “Enhancing DDoS Detection via 3ConFA Feature Fusion and 1D Convolutional Neural Networks,” J. Futur. Artif. Intell. Technol., vol. 2, no. 1, pp. 145–162, Jun. 2025, doi: 10.62411/faith.3048-3719-105.

P. Sun et al., “DL-IDS: Extracting Features Using CNN-LSTM Hybrid Network for Intrusion Detection System,” Secur. Commun. Networks, vol. 2020, pp. 1–11, Aug. 2020, doi: 10.1155/2020/8890306.

M. Amirian and F. Schwenker, “Radial Basis Function Networks for Convolutional Neural Networks to Learn Similarity Distance Metric and Improve Interpretability,” IEEE Access, vol. 8, pp. 123087–123097, 2020, doi: 10.1109/ACCESS.2020.3007337.

Z. Zhang, “Pattern Classification Based On Radial Basis Function Neural Network,” in 2020 5th International Conference on Smart Grid and Electrical Automation (ICSGEA), Jun. 2020, pp. 213–216. doi: 10.1109/ICSGEA51094.2020.00052.

T. Li and J. Qiao, “A novel radial basis function neural network classifier based on three-way decisions,” Eng. Appl. Artif. Intell., vol. 141, p. 109811, Feb. 2025, doi: 10.1016/j.engappai.2024.109811.

A. Çetin and S. Öztürk, “Comprehensive Exploration of Ensemble Machine Learning Techniques for IoT Cybersecurity Across Multi-Class and Binary Classification Tasks,” J. Futur. Artif. Intell. Technol., vol. 1, no. 4, pp. 371–384, Feb. 2025, doi: 10.62411/faith.3048-3719-51.

E. U. H. Qazi, M. H. Faheem, and T. Zia, “HDLNIDS: Hybrid Deep-Learning-Based Network Intrusion Detection System,” Appl. Sci., vol. 13, no. 8, p. 4921, Apr. 2023, doi: 10.3390/app13084921.

W. Zhao and Z. Zhao, “Providing a hybrid approach to increase the accuracy of intrusion detection systems in computer networks,” J. Eng. Appl. Sci., vol. 71, no. 1, p. 123, Dec. 2024, doi: 10.1186/s44147-024-00404-y.

M. Sajid et al., “Enhancing intrusion detection: a hybrid machine and deep learning approach,” J. Cloud Comput., vol. 13, no. 1, p. 123, Jul. 2024, doi: 10.1186/s13677-024-00685-x.

J. P. Ntayagabiri, Y. Bentaleb, J. Ndikumagenge, and H. El Makhtoum, “OMIC: A Bagging-Based Ensemble Learning Framework for Large-Scale IoT Intrusion Detection,” J. Futur. Artif. Intell. Technol., vol. 1, no. 4, pp. 401–416, Feb. 2025, doi: 10.62411/faith.3048-3719-63.

I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, 2018, pp. 108–116. doi: 10.5220/0006639801080116.

T. T. T. Nguyen and G. Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Commun. Surv. Tutorials, vol. 10, no. 4, pp. 56–76, 2008, doi: 10.1109/SURV.2008.080406.

Z. Wang, Y. Zeng, Y. Liu, and D. Li, “Deep Belief Network Integrating Improved Kernel-Based Extreme Learning Machine for Network Intrusion Detection,” IEEE Access, vol. 9, pp. 16062–16091, 2021, doi: 10.1109/ACCESS.2021.3051074.

A. Balla, M. H. Habaebi, E. A. A. Elsheikh, M. R. Islam, and F. M. Suliman, “The Effect of Dataset Imbalance on the Performance of SCADA Intrusion Detection Systems,” Sensors, vol. 23, no. 2, p. 758, Jan. 2023, doi: 10.3390/s23020758.

G. Sameera, R. V. Vardhan, and K. V. S. Sarma, “Binary classification using multivariate receiver operating characteristic curve for continuous data,” J. Biopharm. Stat., vol. 26, no. 3, pp. 421–431, May 2016, doi: 10.1080/10543406.2015.1052479.

I. A. Vergara, T. Norambuena, E. Ferrada, A. W. Slater, and F. Melo, “StAR: a simple tool for the statistical comparison of ROC curves,” BMC Bioinformatics, vol. 9, no. 1, p. 265, Dec. 2008, doi: 10.1186/1471-2105-9-265.