Indonesian J our nal of Electrical Engineering and Computer Science V ol. 40, No. 2, No v ember 2025, pp. 840 849 ISSN: 2502-4752, DOI: 10.11591/ijeecs.v40.i2.pp840-849 840 Intrusion detection system using h ybrid CNN-LSTM model in cloud computing Maha Mohammad Alshehri 1 , Shoog Abdullah Alshehri 1 , Samah Hazzaa Alajmani 3 1 Department of Cyber Security , Colle ge of Computer Science and Information T echnology , T aif Uni v ersity (TU), T aif, Saudi Arabia 2 Department of Information T echnology , Colle ge of Computer Science and Information T echnology , T aif Uni v ersity (TU), T aif, Saudi Arabia Article Inf o Article history: Recei v ed Oct 30, 2024 Re vised Jul 14, 2025 Accepted Oct 14, 2025 K eyw ords: Cloud computing CNN CSE-CIC-IDS2018 Deep learning Distrib uted denial of service Internet of things LSTM ABSTRA CT Cloud computing has re v olutionized online service deli v ery wi th its e xibility and cost ef cienc y . Ne v ertheless, the gro wing importance of stored data mak es it a tar get for c yber attacks, posing security and pri v ac y risks. This calls for ef- fecti v e solutions to safe guard data and infrastructure, particularly with re g ard to int rusion attacks and distrib uted attacks such as distrib uted denial of service (DDoS). Therefore, there is a need to de v elop an ef fecti v e intrusion detection system (IDS) using deep learning to ensure the protection of cloud data and infrastructure. In this paper , a h ybrid model aims to le v erage the po wer of con- v olutional neural netw orks (CNNs) to analyze spatial features and e xtract com- ple x patterns, while long short- term memory LSTMs are use d to understand temporal data sequences and detect attacks that e v olv e o v er time to detect intru- sions in cloud computing en vironments on the CSE-CIC-IDS2018 dataset. The model w as trained and tested on DDoS attacks, and the results demonstrated high performance in detecting attacks with high accurac y and ef cienc y . This h ybrid model achie v ed an accurac y of 99.88%, a precision of 99.83%, a recall of 99.94%, and an F1-score of 99.88%. This is an open access article under the CC BY -SA license . Corresponding A uthor: Maha Mohammad Alshehri Department of Cyber Security , Computer Science and Information T echnology T aif Uni v ersity Email: mahaalshehri11@outlook.com 1. INTR ODUCTION A cloud infrastructure consist s of a massi v e netw ork wit h multiple internet of things (IoT)-enabled de vices and applications that collect data from cl o ud netw orks, operations, real-time processing, underlying infrastructure, serv ers, and storage. Cloud infrastructures inc lude services and standards for ensuring securing and controlling [1], [2]. Cloud computing has gro wn widely in recent years due to its dynamic and scalable nature [3]. Cloud computing is the use and deli v ery of resources and services o v er the Internet. W ith the adoption of cloud computing by the IoT , the need for storing and processing bi g data has increased [4], [5]. W ith the increased adoption of cloud computing with the increased adoption of cloud computing technology by cloud computing pro viders lik e Google, Amazon, and IBM, Amazon is considered a leader in the eld due to its architectural features. Ho we v er , the risks of tar geting cloud computing ha v e increased because it contains important and sensiti v e information about users or services [6], [7]. One of the essential functions of cloud computing is to dea l with threats as quickly as possible, whether to users or the cloud services [8], [9]. Attacks pose serious security issues due to becoming more sophisticated. Since cloud is vulnerable to hacking J ournal homepage: http://ijeecs.iaescor e .com Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 841 and has weak security defences, it is a tar get for attacks and data e xposure. Ho we v er , intrusion detection capabilities need to be impro v ed. These systems often f ail to recognize attack patterns, which may mak e them rely on traditional intrusion detection systems t h a t may not be enough [10]. Distrib uted denial of service (DDoS) attacks are among the most serious attacks tar geting cloud computing. DDoS is a c yberattack that aims to disrupt a website or netw ork by o v erwhelming it with massi v e requests from multiple sources [11], [12]. Although traditional intrusion detecti on systems (IDS) e xist, the y are weak at detecting sophisticated attacks [13], [14]. Therefore, this research pres ents a h ybrid intrusion detection system based on a sophisticated model that combines con v olutional neural netw ork (CNN) and long short-term memory (LSTM), enhancing the system’ s ability to analyze netw ork data and det ect attacks with higher accurac y and ef cienc y in cloud en vironments. Numerous studies ha v e in v estig ated deep learning algorithms for cloud computing intrusion det ection to impro v e cloud security using a CNN algorithm on the CSE-CIC-IDS 2018 dat aset, which contains multiple attack scenarios. The CNN model is ef fect i v e in detecting intrusions in cloud en vironments and achie v ed abo v e 97% accurac y for both papers [15], [16]. Hag ar and Ga w ali [17] proposes deep learning algorithms CNN and LSTM to impro v e intrusion detect ion systems. It uses upsampling and do wns ampling techniques to solv e the imbalance problem in the CSE-CICIDS2018 dataset. The results sho wed that CNN outperformed LSTM with 98.31 accurac y . Ho we v er , these papers use the algorithms separately , which may limit the model’ s capability to handle dif ferent data. The performance could be enhanced if the capabil ities of algorithms are combined to reduce the weaknesses when used separately . Pr e vious studies [18]–[20] ha v e sho wn a h ybrid deep learning model of CNN and LSTM to impro v e int rusion detection systems for cloud en vironments on CSE-CIC-IDS 2018, CIC-IDS2017 and IoTID20 datasets. Accurac y w as abo v e 97%. It w as observ ed that balancing the dataset enhanced model performance. Al and Dener [21], the imbalance problem w as solv ed by SMO TE and T omek-Links algorithms on CIDDS-001 and UNSW -NB15 datasets. The accurac y w as 99.83% in multi-class classication and 99.17% in binary classication. Qazi et al. [22] presented a ne w concept based on combining CNN and RNN in a h ybrid intrusion detection system (HDLNIDS). The model enhances accurac y and reduces f alse positi v es compared to tradi- tional methods lik e machine learning on the CICIDS-2018 dataset. The proposed HDLNIDS system achie v ed an a v erage accurac y of 98.90%. The RNN can not remember information for long periods of time, b ut it can solv e this problem using LSTM. Khan and Haroon [23], the researchers studied ho w to detect intrusions in cloud computing netw orks using articial neural netw orks (ANN). The model uses 19 features that were se- lected using the decision tree technique. Random o v ersampling and undersampling techniques were used on the CSE-CIC-IDS-2018 dataset. It reached an accurac y of 99.99% in detecting attacks. F arhan et al. [24], the deep learning deep neural netw ork (DNN) model w as tested to analyze the performance of o w-based attack detection. DNNs are more ef fecti v e in impro ving intrusion detection systems. Rectied linear unit (ReLU) and Softmax acti v ation functions achie v e high classicati on accurac y for multiple attacks. The CSE-CIC-IDS2018 dataset w as used and achie v ed an accurac y of 90%. It is advisable to use h ybrid techniques based on CNN and RNN to rene the detection of temporal patterns of attacks. T able 1 compares pre vious studies re g arding the models used, datasets, and the highest accurac y achie v ed. T able 1. Comparison between intrusion detection systems with related studies Reference Y ear Algorithm Dataset Result [15] 2024 DL CN N CSE-CIC-IDS 2018 Acc 98.67% [16] 2024 DL CN N CSE-CIC-IDS2018 Acc 97.07% [18] 2024 DL CNN-LSTM h ybrid CSE-CIC-IDS 2018 Acc 98.53% [22] 2023 DL CNN-R NN CSE-CIC-IDS 2018 Acc 98.90% [20] 2023 DL CNN-LSTM h ybrid CIC-IDS2017 Acc 97.63% [23] 2023 DL ANN CSE-CIC-IDS-2018 Acc 99.99% [17] 2022 DL CNN, LSTM CSE-CIC-IDS 2018 Acc 98.31% [21] 2021 DL CNN-LSTM CIDDS-001, UNSW -NB15 Acc 99.83% [19] 2021 DL CNN-LSTM h ybrid IoTID20 Acc 98.80% [24] 2020 DL DNN CSE-CIC-IDS 2018 Acc 90% This paper proposed an intrusion detection system based on a h ybrid CNN-LSTM deep learning model to detect DDoS attacks, which are the most popular attacks on cloud computing. The proposed model w as tested on the CSE-CICIDS2018 dataset to measure accurac y and other parameters lik e recall and F1-score. Intrusion detection system using hybrid CNN-LSTM model in cloud computing (Maha Mohammad Alshehri) Evaluation Warning : The document was created with Spire.PDF for Python.
842 ISSN: 2502-4752 The contrib utions of the research can be e xplained as follo ws: De v eloping a sophisticated CNN-LSTM h ybrid intrusion detection model. Implement the proposed model on the CSE-CIC-IDS2018 dataset. Address common concerns such as data imbalance and feature redundanc y to reduce bias and speed up training. Compare the performance of the h ybrid model with traditional CNN and LSTM models. This paper is di vided into sections: the introduction presents the research background, the problem and pre vious studies. This is follo wed by the methodology , which describes the proposed model and e v aluation mechanism. The results and discussion analyze the model’ s performance. The conclusion summarizes the main ndings and future recommendations, and nally , the references. 2. MA TERIALS AND METHOD The research methodology used to de v elop an intrusion detection system in a cloud computing en vi- ronment using h ybrid deep learning model w as e xplained in details. 2.1. Pr oposed model The proposed system model that focuses on impro ving the s ecurity of clouds by using deep learning to detect attacks is presented. The model contains CNN and LSTM algorithms on the CES -CICIDS2018 dataset to achie v e higher accurac y in detecting DDoS attacks. In Figure 1, all the stages follo wed in the proposed model are appeared sequentially . First, the data w as prepared, and then important features were e xtracted. The data w as then balanced and split into training and testing. Finally , the classifying ability of the model DDoS attacks and normal data w as e xamined using e v aluation criteria. Figure 1. The proposed model 2.2. Data pr epr ocessing F or machine and deep learning techniques, data preprocessing is a crucial step. Preprocessing trans- forms data into a format that w orks with an y model: dataset cleaning, label encoding, feature selection, normal- ization, and data splitting. The dataset contains approximately 625,783 ro ws that include hundreds of normal netw ork traf c, co v ering man y dif ferent attack scenarios. Figure 2 sho ws the operations follo wed. Figure 2. Data preprocessing steps Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 2, No v ember 2025: 840–849 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 843 2.2.1. Data cleaning It is essential to carefully re vie w the dataset to ensure no null or undened entries before start ing model training. The P andas library which is a b uilt-in Python component, w as utilized for dataset v alidation in this study . There were cases of incomplete data in the CSE-CIC-IDS2018 dataset, which w as used in this in v estig ation. Fixing this, all entries with missing v alues were remo v ed from the dataset. The process of remo ving blank v alues from columns w as implemented because the y cause problems accessing columns, reduce model stability , and increase error . The missing v alues were replaced with zero to a v oid calculation problems and impact the results. 2.2.2. Label encoding It con v erts te xt data into numeric v alues that can be understood and handled by deep learning algo- rithms. It is a step that helps de v elop the model’ s performance by replacing the normal class with the numerical v alue zero and the DDoS class with the v alue one. After that, we separate the input features from the clas- sication outputs by remo ving the Label column from the dataset to prepare the features as inputs. This step helps the model understand the data, as deep learning models cannot handle te xt data directly . It helps speed up computations and data classication and f acilitates the process of separating features from labels, f acilitating model training. 2.2.3. Normalization It is a standard process used during the data preparation phase for deep learning models. It is an essential step to ensure that the numerical v alues of dif ferent features are standardized and thus impro v e the model’ s performance through training. The standardscaler object is used to calculate the mean and standard de viation. After that, the data is transformed using t-transform so that the standard equation is applied to each v alue. The purpose of this process is to mak e the features comparable and to ensure that the dif ferences between lar ge and small v alues do not signicantly af fect the model. 2.2.4. F eatur e selection The unique features from the tw o methods, MIC-features and FCF-features, were mer ged. MIC- features is a feature set that uses the mutual information technique (measures a nonlinear relationship). FCF- features is a feature set that uses the Pearson correlation coef cient technique (measures a linear relationship). The goal of the mer ge is to retain features related to intrusion (DDoS attacks). After combining the features, the duplicate columns were remo v ed, resulting in 63 unique features. This ensures the model doesn’ t ha v e to deal with duplicati v e data, thus reducing comple xity and impro ving performance. Figure 3 sho ws the chosen features. Figure 3. Feature selection of dataset 2.2.5. Data balancing The problem of data imbalance w as addressed when one of the dataset cate gories w as v ery lar ge com- pared to the other cate gory of the same dataset. Data balancing techniques can sa v e training time and storage and a v oid under -tting problems, thus further impro ving the model performance and reducing bias. A random sampling technique w as used for the data balancing procedure. Figure 4 sho ws the data before and after the data balancing process. This method is simple, f ast, and uses little computing resources. It is e xcellent for the proposed h ybrid model, which requires more computing resources. Intrusion detection system using hybrid CNN-LSTM model in cloud computing (Maha Mohammad Alshehri) Evaluation Warning : The document was created with Spire.PDF for Python.
844 ISSN: 2502-4752 Figure 4. Before and after balance 2.2.6. Dataset splitting Splitting the data into training and testing sets is a standard preprocessing step i n e v aluating the per - formance of deep learning models. W e used the train-test-split function to address this issue by splitting the dataset into training and testing sets. This method di vided the dataset into 70% training and 30% testing sets. This split pro vides suf cient data to train the model and understand the cate gories, pre v ents o v ertting, and aids generalization. A 30% ratio of fers enough data to represent each cate gory in the test data. 2.3. Model training When training a CNN-LSTM h ybrid model, the focus is on impro ving the model’ s ability to e xtract essential features via CNN and understand time sequences using LSTM through itera tions. Accurac y and loss are also monitored on the training data to ne-tune the model and a v oid o v ertting, which enhances the h ybrid model’ s ability to predict correctly when ne w data is used. CNNs automatically e xtract important patterns and identify relationships in netw ork data, enabling them to distinguish abnormal traf c beha vior that could be a breach. LSTMs analyze temporal patterns and track changes in netw ork traf c, enabling them to detect attacks that occur in stages. The CNN-LSTM h ybrid model produces a rob ust model for handling cloud netw orks and their data. It also le v erages the characteristics of each model to increase accurac y in c lassifying DDoS attacks from natural data. The h ybrid model w as b uilt using an input layer , follo wed by tw o CNN layers, an LSTM layer , tw o fully connected layers, which acted as a transition between the LSTM and the output layer , and nally , an output layer that classies the data as normal or DDoS. The ReLU acti v ation function w as used in the CNN and fully connected layers because it doesn’ t require comple x computations mak es training f aster and allo ws the model to learn from comple x data better . The sigmoid acti v ation function w as also use d in the output layer because the classication is binary , as its output v alues are between 0 and 1. If the output is close to 1, it is classied as an attack; if it is closer t o 0, it is classied as normal data. The binary crossentrop y loss function w as used because it is ideal and suitable for binary c lassication. The Adam optimizer w as used to speed up training without needing manual learning rate adjustments, helping the model reach optimal v alues quickly and making it more stable. The pre-processed training data is entered into the h ybrid model via the input layer , then into CNN layers to e xtract spatial features, then into the LSTM layer to analyze ho w the features change o v er time, and then into fully connected layers to transform the features into a classiable representation, and then into the output layer to decide whether this sample is an attack or normal data. 2.4. Model testing When testing a CNN-LSTM h ybrid model , the focus is on accurac y in predicting outcomes based on ne w data that has not been trained on and has not been seen before. The model’ s performance is tested through metrics lik e accurac y and confusion matrix to ensure its ability to generalize and pro vide accurate results. The confusion matrix sho ws the distrib ution of results between correct and incorrect predictions so that the performance of the model can be accurately e v aluated [25]. Accurac y is calculated as follo ws: Accurac y = T P + T N T P + T N + F P + F N Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 2, No v ember 2025: 840–849 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 845 The equation of precision is: Precision = T P T P + F P Recall is calculated as follo ws: Recall = T P T P + F N F1-score is calculated using the equation: F 1 -score = 2 × Precision × Recall Precision + Recall All the pre vious equations were tak en from [26]. 3. RESUL TS AND DISCUSSION Experimental results on the CSE-CIC-IDS2018 dataset demonstrated e xcellent performance for the h ybrid model combining LSTM and CNN. As sho wn in T able 2, CNN perform ed well, achie ving an accurac y of 99.92%. LSTM achie v ed an accurac y of 9 9.83% b ut a lo wer classication accurac y than CNN. The h y- brid model demonstrated high ef cienc y in detecting DDoS attacks, achie ving an accurac y of 99.88%. These outstanding results indicate the model’ s ability to impro v e detection and conrm condence in its e xceptional performance by combining the features of LSTM and CNN compared to implementing them alone. T able 2. Performance of deep learning models Model Accura c y Precis ion Recall F1-score CNN 0.99923 0.999076 0.999406 0.999241 LSTM 0.99833 0.997623 0.999074 0.998348 Hybrid LSTM-CNN 0.99887 0.998349 0.999405 0.998877 Figure 5 represents the (a) training and v alidation accurac y curv e o v er se v eral epochs or iterati ons and (b) confusion matrix of CNN. T raining accurac y measures ho w well a model can classify the data it w as trained on and is impro v ed through iteration. V alidation accurac y measures ho w well a model can distinguish data it w as trained on to see if it performs well on ne w data. The model is learning well if the v alidation accurac y is close to the training accurac y . Suppose the training accurac y is much greater than the v alidation accurac y . In that case, the model is o v ertting, which is when the model does well on training data b ut does not generalize well to ne w or test data. This graph sho ws the performance of the model and its e v oluti on o v er time. The confusion matrix analyzes the detailed performance of the model to see if the model is ha ving dif culty classifying certain classes. Figure 5(a) sho ws that the tw o lines (v alidation accurac y and training accurac y) are v ery close together . This means that the model is learning well from the training data, b ut there may be a slight o v ertting due to the di v er gence of the curv es. Figure 5(b) sho ws the number of correct and incorrect model classications. Here, 14 normal samples were classied as DDoS, and 9 DDoS samples were classied as normal. The number of errors is small, indicating the model’ s ability to classify the data correctly . Figure 6 represents the (a) training and v alidation accurac y curv e o v er se v eral epochs or iterati ons and (b) confusion matrix of the LSTM. Figure 6(a) sho ws that the tw o lines (v alidation accurac y and training accurac y) are v ery close together . This means that the model learns well from the training data and can be generalized to ne w data. Figure 6(b) sho ws the number of correct and incorrect model classications. Here, 36 normal sam ples were classied as DDoS, and 14 DDoS samples were classied as normal. The number of errors is v ery small, indicating that the model is able to classify the data correctly . Figure 7 represents the (a) training and v alidation accurac y curv e o v er se v eral epochs or iterati ons and (b) confusion matrix of the h ybrid model. Figure 7(a) sho ws that the tw o lines (v alidation accurac y and training accurac y) are v ery close. This indicates that the model is learning well to recognize DDoS attacks and can generalize to ne w data . Figure 7(b) sho ws the number of correct and incorrect classications of the model. Here, 25 normal samples were classied as DDoS, and 9 DDoS s amples were classied as normal. The number of errors is minimal, indicating that the model has no dif culty classifying the data, whether DDoS or normal. Intrusion detection system using hybrid CNN-LSTM model in cloud computing (Maha Mohammad Alshehri) Evaluation Warning : The document was created with Spire.PDF for Python.
846 ISSN: 2502-4752 (a) (b) Figure 5. CNN model: (a) training and v alidation accurac y curv e and (b) confusion matrix (a) (b) Figure 6. LSTM model: (a) training and v alidation accurac y curv e and (b) confusion matrix (a) (b) Figure 7. LSTM-CNN model: (a) training and v alidation accurac y curv e and (b) confusion matrix Outcomes re v eal that the h ybrid CNN-LSTM model enhances attack detection accurac y and reduces f alse alarms. This model can be used in real cloud netw orks to enhance their security . The performance of the model agrees with the primary objecti v e of the study , which is to de v elop an intrusion detection system using a h ybrid CNN-LSTM model. The rst theory , which w as that the combination of CNN and LSTM outperforms the indi vidual algorithms in terms of performance and accurac y , w as pro v en. This research especially con- trib utes to cloud computing security by indicating the ef fecti v eness of h ybrid models. Also, it helps researchers to use other h ybrid models to enhance security . 3.1. Discussion This paper displays high accurac y in intrusion detection, especially for DDoS attacks, because of the combination of spatial feature e xtraction (CNN) and temporal pattern analysis (LSTM). This superiority is demonstrated by impro v ed accurac y , precision, recall, and F1 score, as well as the model’ s abili ty to gener - alize wi thout o v ertting, making it ef fecti v e in cloud computing en vironments. Comparing the results of the Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 2, No v ember 2025: 840–849 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 847 CNN-LSTM h ybrid model with pre vious studies, it is clear that it achie v es accurac y comparable to or supe- rior to similar h ybrid models applied to dif ferent datasets. As sho wn in T able 3, the proposed model impro v es detection performance, making it a more ef cient choice for intrusion detection systems in cloud en vironments. T able 3. Comparison with similar studies Reference Algorithm Dataset Accurac y [18] CNN-LSTM h ybrid CSE-CIC-IDS2018 98.53% [20] CNN-LSTM h ybrid CSE-CIC-IDS2017 97.63% [21] CNN-LSTM h ybrid CIDDS-001 ,UNSW -NB15 99.83% [19] CNN-LSTM h ybrid IoTID20 98.80% Our model CNN-LSTM h ybrid CSE-CIC-IDS2018 99.88% The CNN-LSTM h ybrid model has se v eral strengths, such as high accurac y in detecting sophisticat ed attacks and achie ving signicant performance impro v ements compared to traditional models. It also demon- strates strong generalization capabilities, making it reliable in v arious en vironments. On the other hand, the model suf fers from dra wbacks that may af fect its use, such as consuming signicant computing resources and length y training times due to the comple x combination of CNN and LSTM. The study aims to impro v e in- trusion detection systems using a h ybrid CNN-LSTM model to enhance detection accurac y and reduce f alse alarms, especially in the f ace of DDoS attacks. The research is essential for enhancing cloud netw ork security and opening ne w horizons for applying h ybrid models in c ybersecurity . 3.2. Limitations The model can be applied to v arious cloud en vironments b ut can be retrained on dif ferent datasets to be more adapti v e to changing en vironments. The model demonstrates strong performance in detecting traditional and time-lapse attacks, while it could be further optimized to address adv anced threats such as zero-day and APTs. 4. CONCLUSION Cloud en vironments are among the most essential services that mak e users’ li v es easier and s tore their data. Securing the cloud is e xtremely important because it protects the services and their users from c yber threats. This research is about detecting attacks on cloud computing netw orks using a CNN-LSTM h ybrid deep learning model. This h ybrid approach is designed to detect DDoS attacks. It achie v ed 99.88% detection accurac y and reduced f alse alarms, which promotes the ef cienc y and ef fecti v eness of intrusion detection systems in cloud computing netw orks. It is concluded that the h ybrid model achie v es a unique balance between the capabilities of CNN to bring out spatial features from the CES-CICIDS2018 dataset and the capabilities of LSTM to track temporal patterns of data. These adv antages enhance cloud infrastructure security and reduce the resources required for threat detection. Although the h ybrid model requires signicant computing resources, it pro vides security benets w orth the in v estment in conjunction with the increase in c yber threats to cloud services. In f u t ure research, it is possible to test the h ybrid model on dif ferent en vironments, such as smart grids and other IoT en vironments. De v elop performance optimization techniques to reduce computational comple xity while maintaining high accurac y . In addition to detecting unkno wn attacks using transformer models. It is possible to use ne wer and more di v erse datasets. A CKNO WLEDGEMENTS W e dedicate this w ork to our belo v ed parents, whose unw a v ering support and encouragement made this journe y possible. A heartfelt thank you to my dear friend and partner , whose dedication and cooperation were k e y to achie ving this milestone. T ogether , we accomplished this success. FUNDING INFORMA TION Authors state no funding in v olv ed. Intrusion detection system using hybrid CNN-LSTM model in cloud computing (Maha Mohammad Alshehri) Evaluation Warning : The document was created with Spire.PDF for Python.
848 ISSN: 2502-4752 CONFLICT OF INTEREST ST A TEMENT Authors state no conict of interest. D A T A A V AILABILITY Data a v ailability is not applicable to this paper as no ne w data were created or analyzed in this study . REFERENCES [1] W . Ahmad, A. Rasool, A. R. Ja v ed, T . Bak er , and Z. Jalil, “Cyber security in IoT -based cloud computing: a comprehensi v e surv e y , Electr onics (Switzerland) , v ol. 11, no. 1, p. 16, Dec. 2021, doi: 10.3390/electronics11010016. [2] N. M. Abdulkareem, S. R. M. Zeebaree, M. A. M. Sadeeq, D. M. Ahmed, A. S. Sami, and R. R. Zebari, “IoT and cloud computing issues, challenges and opportunities: a re vie w , Qubahan Academic J ournal , v ol. 1, no. 2, pp. 1–7, Mar . 2021, doi: 10.48161/qaj.v1n2a36. [3] M . F aheem, U. Akram, I. Khan, S. Naqeeb, A. Shahzad, and A. Ullah, “Cloud computing en vironment and security challenges: a re vie w , International J ournal of Advanced Computer Science and Applications , v ol. 8, no. 10, 2017, doi: 10.14569/ijacsa.2017.081025. [4] J. Surbiryala and C. Rong, “Cloud computing: history and o v ervie w , in 2019 IEEE Cloud Summit , Aug. 2019, pp. 1–7, doi: 10.1109/CloudSummit47114.2019.00007. [5] Z. Liu, B. Xu, B. Cheng, X. Hu, and M. Darbandi, “Intrusion detection systems in the cloud computing: a comprehensi v e and deep literature re vie w , Concurr ency and Computation: Pr actice and Experience , v ol. 34, no. 4, p. e6646, Feb . 2022, doi: 10.1002/cpe.6646. [6] M. N. Birje, P . S. Challagidad, R. H. Goudar , and M. T . T apale, “Cloud computing re vie w: concepts, technology , challenges and security , International J ournal of Cloud Computing , v ol. 6, no. 1, pp. 32–57, 2017, doi: 10.1504/IJCC.2017.083905. [7] S. Rani, P . Bhambri, A. Kataria, A. Khang, and A. K. Si v ara man, Big data, cloud computing and IoT : tools and applications . Chapman and Hall/CRC, 2023. [8] Maniah, E. Abdurachman, F . L. Gaol, and B. Soe wito, “Surv e y on threats and risks in the cloud computing en vironment, Pr ocedia Computer Science , v ol. 161, pp. 1325–1332, 2019, doi: 10.1016/j.procs.2019.11.248. [9] Y . I. Alzoubi, A. Mishra, and A. E. T opcu, “Research trends in deep learning and machine learning for cloud computing security , Articial Intellig ence Re vie w , v ol. 57, no. 5, p. 132, May 2024, doi: 10.1007/s10462-024-10776-5. [10] S. El Kafhali, I. El Mir , and M. Hanini, “Security threats, defense mechanisms, challenges, and future directions in cloud comput- ing, Ar c hives of Computational Methods in Engineering , v ol. 29, no. 1, pp. 223–246, Apr . 2022, doi: 10.1007/s11831-021-09573-y . [11] A. Munshi, N. A. Alqarni, and N. Abdullah Almalki, “DDOS attack on IoT de vices, in 2020 3r d International Confer ence on Computer Applications & Information Security (ICCAIS) , Mar . 2020, pp. 1–5, doi: 10.1109/ICCAIS48893.2020.9096818. [12] N. Mishra, R. K. Singh, and S. K. Y ada v , “Detection of DDoS vulnerability in cloud computing using the perple x ed bayes classier , Computational Intellig ence and Neur oscience , v ol. 2022, pp. 1–13, Jul. 2022, doi: 10.1155/2022/9151847. [13] V . Chang et al. , A surv e y on intrusion detection systems for fog and cloud computing, Futur e Internet , v ol. 14, no. 3, p. 89, Mar . 2022, doi: 10.3390/14030089. [14] D. Mohamed and O. Ismael, “Enhancement of an IoT h ybrid intrusion detection system based on fog-to-cloud computing, J ournal of Cloud Computing , v ol. 12, no. 1, Mar . 2023, doi: 10.1186/s13677-023-00420-y . [15] W . H. Aljuaid and S. S. Alshamrani, A deep learning approach for intrusion detection systems in cloud computing en vironments, Applied Sciences (Switzerland) , v ol. 14, no. 13, p. 5381, Jun. 2024, doi: 10.3390/app14135381. [16] A. D. V ibhute and V . Nakum, “Deep learning-based netw ork anomaly detection and classication in an imbalanced cloud en viron- ment, Pr ocedia Computer Science , v ol. 232, pp. 1636–1645, 2024, doi: 10.1016/j.procs.2024.01.161. [17] A. A. Hag ar and B. W . Ga w ali, Apache Spark and deep learning models for high-performance netw ork intrusion detec tion using CSE-CIC-IDS2018, Computational Intellig ence and Neur oscience , v ol. 2022, pp. 1–11, Aug. 2022, doi: 10.1155/2022/3131153. [18] J. A. Alzubi, O. A. Alzubi, I. Qiqieh, and A. Singh, A blended deep learning intrusion detection frame w ork for consum- able edge-centric IoMT industry , IEEE T r ansactions on Consumer Electr onics , v ol. 70, no. 1, pp. 2049–2057, Feb . 2024, doi: 10.1109/TCE.2024.3350231. [19] H. Alkahtani and T . H. H. Aldh yani, “Intrusion detection system t o adv ance internet of things infrastructure-based deep learning algorithms, Comple xity , v ol. 2021, no. 1, p. 5579851, Jan. 2021, doi: 10.1155/2021/5579851. [20] N. F aruqui et al. , “SafetyMed: a no v el IoMT intrusion detection system using CNN-LSTM h ybridization, Electr onics (Switzer - land) , v ol. 12, no. 17, p. 3541, Aug. 2023, doi: 10.3390/electronics12173541. [21] S. Al and M. Dener , “STL-HDL: a ne w h ybrid netw ork intrusion detection system for imbalance d dataset on big data en vironment, Computer s and Security , v ol. 110, p. 102435, No v . 2021, doi: 10.1016/j.cose.2021.102435. [22] E. U. H. Qazi, M. H. F aheem, and T . Zia, “HDLNIDS: h ybrid deep-learning-based netw ork intrusion detection system, Applied Sciences (Switzerland) , v ol. 13, no. 8, p. 4921, Apr . 2023, doi: 10.3390/app13084921. [23] M. Khan and M. Haroon, Articial neural netw ork-based intrusion detection in cloud computing using CSE-CIC-IDS2018 datasets, in 2023 3r d Asian Confer ence on Inno vation in T ec hnolo gy (ASIANCON) , Aug. 2023, pp. 1–4, doi: 10.1109/ASIAN- CON58793.2023.10269948. [24] R. I. F arhan, A. T . Maolood, and N. F . Hassan, “Performance analysis of o w-based attacks detection on CSE-CIC-IDS2018 dataset using deep learning, Indonesian J ournal of Electrical Engineering and Computer Science (IJEECS) , v ol. 20, no. 3, pp. 1413–1418, Dec. 2020, doi: 10.11591/ijeecs.v20.i3.pp1413-1418. [25] Y . Xin et al. , “Machine learning and deep learning methods for c ybersecurity , IEEE Access , v ol. 6, pp. 35365–35381, 2018, doi: 10.1109/A CCESS.2018.2836950. [26] M. V akili, M. Ghamsari, and M. Rezaei, “Performance analysis and comparison of machine and deep learning algorithms for IoT data classication, arXiv pr eprint arXiv:2001.09636 , Jan. 2020, [Online]. A v ailable: http://arxi v .or g/abs/2001.09636. Indonesian J Elec Eng & Comp Sci, V ol. 40, No. 2, No v ember 2025: 840–849 Evaluation Warning : The document was created with Spire.PDF for Python.
Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 849 BIOGRAPHIES OF A UTHORS Maha Mohammad Alshehri recei v ed her Bachelor’ s de gree in information technology in 2021 with a GP A of 3.91/4. She is currently pursuing a Master’ s de gree in c ybersecurity . Her interests include IT security , netw or k protection, and problem-solving in digital en vironments. She has participated in uni v ersity v olunteering acti vities , contrib uting to impro ving learning f acilities. Her skills include programming in Python, teamw ork, time management, and analytical thinking. She can be contacted at email: mahaalshehri11@outlook.com Shoog Abdullah Alshehri recei v ed her Bachelor’ s de gree in computer sciences from King Khalid Uni v ersity in 2022 with honors (GP A: 4.73/ 5). She is currently pursuing a Master’ s de gree in c ybersecurity . She has e xperience as a System Administrator at Al-Ameen Hospital, man- aging IT ope rations, and as an Instructor at Bisha Uni v ersity , teachi ng information systems. Her research interests include c ybersecurity , system administration, and IT education. She has completed multiple certications in digital mark eting, cloud computing, articial intelligence, and c ybersecurity risk management. Her technical skills include programming in Python, ASP , and SQL. She can be contacted at email: as.alshehri@seu.edu.sa. Samah Hazzaa Alajmani recei v ed the B.Sc. de gre e in computer science from King Ab- dulaziz Uni v ersity , Jeddah, Saudi Arabia, in 2004, and the Ph.D. de gree in computer science from the same uni v ersity in 2019. She earned her M.Sc. de gree in information technology from the Queens- land Uni v ersity of T echnology , Brisbane, Australia. She is currently an Assistant Professor at T aif Uni v ersity , T aif, Saudi Arabia. Her research interests include c ybersecurity , articial intelligence, IoT , deep learning, and machine learning. She can be contacted at email: s.ajmani@tu.edu.sa. Intrusion detection system using hybrid CNN-LSTM model in cloud computing (Maha Mohammad Alshehri) Evaluation Warning : The document was created with Spire.PDF for Python.