International Journal of Intelligent Networks 6 (2025) 1–13

Contents lists available at ScienceDirect

International Journal of Intelligent Networks

journal homepage: www.keaipublishing.com/en/journals/
international-journal-of-intelligent-networks

Designing a novel network anomaly detection framework using multi-serial

stacked network with optimal feature selection procedures over
DDOS attacks
K. Jeevan Pradeep *, Prashanth Kumar Shukla
Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, AP, India

A R T I C L E I N F O A B S T R A C T

Keywords: - Distributed denial-of-service (DDoS) attacks are the major threat that disrupts the services in the computer
Network anomaly detection system and networks using traffic and targeted sources. So, real-world attack detection techniques are considered
Distributed denial of service attacks an important element in executing cybersecurity tasks. The present DDoS techniques are prone to False Positive
Internet of things
Rates (FPR) and also it didn’t acquire the complicated patterns presented in the attack traffic. Internet of Things
Improved mud ring algorithm
Multi-serial stacked networks
(IoT) is a complicated network with resource-constrained devices and networks that are prone to different se­
Optimal feature selection curity threats like DDoS attacks. Later, the Software Defined Networking (SDN) with IoT models is used to
enhance the access control techniques and security models. DDoS attacks are considered as an important threat
in the IoT networks. Hence, it is important to construct a novel network anomaly detection model with a deep
learning mechanism to resolve the limitations of the existing techniques. Initially, essential data required for the
validation are gathered from the IDS ISCX 2012 dataset. The optimal features are selected from input data using
the Predefined-Mud Ring Algorithm (P-MRA). The optimally selected features are provided to the Multi-Serial
Stacked Networks (Multi-SSN), which is the fusion of Convolutional Autoencoder (CAE), Gated Recurrent Unit
(GRU), and Bayesian Learning (BL) networks. Here, the essential features for the validation are acquired from the
CAE and GRU. Then, these features are stacked and given to the BL mechanism for detecting the anomalies in the
network. Further, several experimental validations are performed in the developed framework over traditional
network anomaly detection mechanism.

1. Introduction DDoS attacks create more losses like legal consequences, reputational
harm, and financial losses to the respective user [12]. These attacks also
DDoS attacks utilize enormous compromised devices, which play a increase important legal and ethical concerns because of their efficiency
major part in botnets, generating overloading to the targeted network in damaging the jeopardizing user information and sensitive data. These
over traffic and making the authorized user inaccessible [9]. The major kinds of attacks are increased rapidly according to sophistication and
aim of a DDoS attack is to degrade the normal function of the target frequency which creates better attack identification and mitigation [13].
system. DDoS attacks mainly affect the routers, computers, and IoT Moreover, the attackers utilized multiple technologies and techniques
devices with the malware by the attackers [10]. Then, these devices are but several impacts attained due to DDoS attacks are expanded towards
utilized to transfer enormous data to the target system and generate the target organization. Several enhancements achieved in the internet
more complications to respond the legitimate requests due to more providing higher security in the network became more complicated
traffic in the network. DDoS attacks are generated in any location and [14].
rapidly spread to the entire system, which is complicated to stop and Presently, more researchers are executed by detecting the anomalies
prevent the system from attacking [11]. DDoS attacks are employed by in the network using supervised learning techniques for detecting the
criminals and hackers to demand money from respective individuals anomalous characteristics. Classical supervised techniques mainly
else, they block the works of the organization, government, or company. depend on the existing information and they achieve equal distribution

Peer review under the responsibility of Editorial Board of International Journal of Intelligent Networks.
* Corresponding author.
E-mail address: [email protected] (K.J. Pradeep).

https://doi.org/10.1016/j.ijin.2024.11.001
Received 9 September 2024; Received in revised form 6 November 2024; Accepted 25 November 2024
Available online 29 November 2024
2666-6030/© 2024 The Authors. Published by Elsevier B.V. on behalf of KeAi Communications Co., Ltd. This is an open access article under the CC BY-NC-ND
license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

at the time of data training. In some cases, the network anomaly attributes that help to boost the network anomaly detection perfor­
detection data are oversampled according to the local information in the mance by enhancing the convergence speed of the network.
entire distribution of rare classes. So, several data produced by these
unsupervised learning mechanisms may affect the significant informa­ Rests of the phases of the developed framework are detailed as fol­
tion presented in the original data, which badly affects the network lows. Existing literature works associated with the suggested technique
training efficiency [15]. The Least Squares-Generative Adversarial specified in Section II. Complications of existing techniques and an
Network (LS-GAN) techniques are applied in the image processing explanation of the developed technique with dataset description are
procedures to generate an accurate image in the data distribution phase offered in Section III. Optimization techniques and optimal feature se­
[16]. Several techniques are used in the anomaly detection network to lection process linked with the developed framework are given in Sec­
validate the security and then it generates the network traffic by tion IV. A description of the newly developed technique with ensemble
learning the data distributed features [17]. Hence, it is essential to networks is offered in Section V. Different analyses executed in the
encode the important characteristics and then transform the encoded developed framework over several performance metrics are detailed in
vectors as pixel values with adjacent characteristics [18]. Network Section VI. Significant information and upcoming works are presented
anomaly detection techniques utilized supervised learning techniques in Sub-section VII.
with labeled data for training the anomaly detection models to attain
better outcomes [19]. Here, a training procedure is included in the 2. Literature survey
learning models to categorize the test data as normal or affected by
anomalies in the feature vectors. Unsupervised learning models utilized 2.1. Related works
the unlabeled data to execute the particular tasks while detecting the
anomalies in the network [20]. In 2020, Liu et al. [1] have suggested a novel network anomaly
Clustering is the popular unsupervised learning mechanism utilized detection technique with data augmentation and feature representation
to identify the similarities between the instances for creating the clus­ procedures. The implemented model utilized a novel feature represen­
ters. In this procedure, instance characterizes are placed in the same tation technique to generate the images to maintain spatial knowledge
cluster [21]. Intrusion Detection Systems (IDS)-based techniques are among original network features. Then, image-based augmentation
suggested with deep learning techniques because bandwidths are procedures were employed to attain the augmented outcomes. Anomaly
increased while detecting anomalies in the network [22]. These tech­ classifications were executed using the LS-GAN with Convolutional
niques help to examine the raw network packets to validate the flow of Neural Network (CNN). Various analysis performed to compute the
the traffic network with the novel artificial intelligence mechanism. A detection performance over classical models.
classical anomaly detection technique named Block-Based Neural In 2018, Maimó et al. [2] have developed a 5G-based defense
Network (BBNN) accomplished superior throughput using a Field Pro­ framework to detect cyber threats in the mobile networks. Here, the
grammable Gate Array (FPGA) structure [23]. Furthermore, different developed mechanism utilized deep learning techniques to compute the
machine learning techniques like Naïve Bayes (NB), Support Machine traffic in the network by acquiring the essential features from the
Vector (SVM), and Decision Tree (DT) models are used for the network network flow. The recommended model employed the cyber defense
anomaly detection [24]. But, these machine learning techniques for structure to overcome traffic fluctuation issues by tuning the validation
detecting the anomalies in the network are prone to false positive errors resources in the anomaly detection phase. Multiple analyses were per­
that degrade the anomaly detection performance [25]. Later, deep formed to compute the effectiveness of the developed technique over the
learning techniques are employed to execute the automated complex conventional models.
feature extraction. Moreover, deep learning techniques need to address In 2018, Naseer et al. [3] have initiated a new anomaly detection
the executed time issues and also reduce the validation cost in the framework using different deep learning techniques. Ensemble deep
network. Thus, it is essential to design a novel network anomaly learning mechanisms utilized in the developed framework were Recur­
detection technique with deep learning techniques to resolve the rent Neural Networks (RNN), autoencoder, and CNN. Further, the deep
above-mentioned issues in the conventional mechanism. learning model was trained with standard data and also its efficiency
Multiple contributions related to the network anomaly detection are was computed. In the experiments, performance of the ensemble
detailed below. network was compared with the classical anomaly detection models to
detect the anomalies in the real-world system.
• To construct new network anomaly detection techniques for recog­ In 2022, Oleiwi et al. [4] have recommended an innovative
nizing the abnormalities in the network and also to identify the un­ Ensemble Learning model to recognize the anomaly in the communi­
usual patterns in the data that help to enhance the product quality. cation network. The suggested technique utilized a preprocessing pro­
Here, the developed framework is designed with deep learning cedure in the initial phase to process the essential information. Further,
techniques to offer real-world anomaly detection in the network essential features were selected and offered to the developed Correlation
without any delay. with the Random Forest algorithm of ensemble learning (CFS–RF)
• Improving the robustness of the developed framework is highly technique. Hence, the implemented mechanism minimized the dimen­
essential, so significant features are optimally selected from the sionality problems presented in network. At last, intrusions were
collected data using the designed P-MRA mechanism. Hence, the detected using a hybrid ensemble technique. Furthermore, the efficiency
optimal feature selection procedure helps to minimize the overfitting was analyzed over multiple validation measures and displayed a mini­
and enhance the interpretability of the system. mal false alarm rate than the classical models.
• To design an efficient Multi-SSN technique for better network In 2023, Tian et al. [5] have introduced a hybridized IDS technique
anomaly detection based on the integration of ensemble techniques by integrating incremental learning models. Moreover, the developed
like BL, GRU, and CAE. The developed Multi-SSN boosts the detec­ framework employed active learning techniques to study the novel log
tion accuracy and reduces the FNR that helps to overcome the errors patterns as well as identify different network anomalies in real-world
in the network, technical bugs, and network malfunctions. scenarios. Experimental validations demonstrated that the imple­
• To implement a new optimization technique P-MRA for improving mented technique identified the intrusions and anomalies in the
the features selection efficiency that helps to enhance the network network by improving learning efficiency.
anomaly detection efficiency. The P-MRA technique maximizes the In 2023, Sáez et al. [6] have suggested an unsupervised learning
relief score to enhance the quality of contextual information and technique for the intrusion detection model. Here, federated learning
mechanism was utilized to reduce the isolation and overhead issues in

2
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

the network. Later, clustering techniques were fused with the federated minimize the false feature selection and also to improve the true
learning model to resolve the heterogeneity problems in the network. positive rates of the system.
Further, different performance metrics were utilized to recognize the F07F Classical anomaly detection frameworks for the network are
intrusions. Experimental validations displayed that implemented tech­ affected by scalability and reliability issues. So a multiple-stacked
nique accurately detected the intrusions in the network and protected network is used to enhance the reliability and scalability rate of
the network from attackers. the network and also it simplifies the architecture of the network.
In 2021, Alsaleh and Binsaeedan [7] have initiated a new network F07F Traditional techniques have some privacy issues, which badly
IDS detection technique to identify the malicious attacks in the network. affect the system performance rate, and are also subject to data
In this research work, various data utilized for the validation were quality issues. So, improved optimization mechanisms are used
gathered from standard dataset. Then, essential features were acquired with deep learning models to resolve the privacy issues in the
without any discrimination. Later, feature selection procedures were network.
performed to select the significant feature from the entire data. Next, the
Salp Swarm Algorithm (SSA) technique effectively overcomes the Several advancements and drawbacks in the conventional network
complications presented in the feature selection phase. Further, hybrid anomaly detection models are presented in Table 1.
intrusion detection techniques models were used to identify the in­
trusions and anomalies in the network. Analysis displayed that the 3. Novel network anomaly detection framework using multi-
implemented technique secured superior outcome in detecting the serial stacked network over DDOS attacks
network intrusions than the traditional techniques.
In 2023, Said et al. [8] have proposed a new hybridized technique 3.1. Motivation for network anomaly detection with DDOS attacks
CNN with a Bidirectional Long Short-Term Memory (BiLSTM) network
to improve network intrusion detection. The developed framework Malicious attacks and cyber threats have improved drastically in
performed the multiclass and binary class intrusion classification. The various domains like the health sector, finance, and energy sectors.
performance of recommended technique was analyzed over the standard Presently, computer systems and networks are prone to different un­
datasets and various performance metrics. Later, different validation discovered and reported anomalies such as DDoS attacks. Hence, to
metrics were utilized to validate the efficiency of the developed mech­ resolve several security issues, various solutions like authentication
anism over the classical framework to accomplish superior accuracy procedures, encryption techniques, honeypots, and firewalls are
while detecting intrusions. employed to minimize the security threats in the computer network.
Also, IDS-based techniques are introduced in the network anomaly
detection models to identify and locate cyber-attacks. According to the
2.2. Problem statement
characteristics, IDS models are categorized into anomaly-based tech­
niques, signature-based techniques, and hybrid techniques. Signature-
The network anomaly detection models are used to detect the
based detection models are utilized to analyze the unique sequence of
anomalies presented in the network over the DDOS attacks. Different
the network traffic to identify the particular attacks that take place in the
classifiers are widely used to classify the anomalies, yet they offer
network. Attacks presented in the network with various signatures
inaccurate anomaly detection rates due to a small training data set.
didn’t have the efficiency to learn the structural and behavioral patterns.
Moreover, different limitations attained in the existing network anomaly
So, the signature-based detection mechanisms are utilized to execute
detection models are listed as follows.
accurate attack detection in the complicated background. Anomaly
detection executed in the network mainly depends on typical actions
F07F Existing network anomaly detection models use the noisy dataset
that help to identify the intrusions. Thresholds among the abnormal and
and provide inaccurate outcomes in the validation. So, the pro­
normal activities are utilized to design novel profiles to identify the
posed network anomaly detection model uses the essential data
normal characters. Classical network anomaly detection models are
for the analysis from a standard dataset.
prone to false alarm rates and also misclassification of attacks. Several
F07F Conventional network anomaly detection frameworks attain false
factors affect the network anomaly detection processes such as handling
characteristics in the feature selection region. The implemented
the imbalance
framework uses the optimal feature selection procedure to

Table 1
Merits and demerits of classical network anomaly detection models.
Author [citation] Methodology Features Challenges

Liu et al. [1] LS-GAN •It resolves the overfitting and imbalance rate in the training •It is expensive due to more training resources.
set. •Its training procedures are complicated and make the system slow.
•It preserves the spatial information among the characteristics
and also executes data distribution in every class.
Maimó et al. [2] DBN •It automatically selects the elements used for validation and •It requires training the system for different levels with real-world
executes optimization in the detection region. datasets for accuracy validation.
Naseer et al. [3] DNN and •It has a higher adaptability rate and also handles various data. •It needs enormous information for training the network and also its
Autoencoder •It improves the effectualness rate in terms of accuracy. implementation procedures are complex and expensive.
Oleiwi et al. [4] SVM and RF •It identifies the abnormal and normal activities to improve the •It has fixed training values so data fusion is complicated in the
robustness rate of the system over attacks. network.
Tian et al. [5] KNN and ANN •It identifies the malicious data in the complex network •It leads to storage and memory-related issues.
environment in real-world scenarios. •It needs to enhance the performance rate of accuracy and sensitivity.
•It has a higher generalizability rate.
Sáez et al. [6] Federated •It minimizes the overhead and isolation issues in the network. •It needs to resolve the privacy issues.
learning •It has a minimal information breaching rate. •It requires offering effective communication over the networks.
Alsaleh and SSA and XGBoost •It attains an enhanced accuracy rate by minimizing the false •It requires resolving the unbalanced data issues in the system to
Binsaeedan [7] alarm rate in the system. improve the efficacy rate.
•It has a higher robustness rate.
Said et al. [8] CNN and BiLSTM •It requires minimal time to train the significant data. •It has a minimal convergence rate than the classical techniques.
•It effectively resolves the vanishing gradient issues.

3
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

Dataset and availability of labeled data. In some cases, the noise 3.3. DDoS attack dataset for analysis
presents in validation data are considered as network anomaly that
generates more complications to differentiate them. Hence, an efficient In this analysis, data are collected from the Intrusion detection
framework for the detection of anomalies is highly essential by consid­ evaluation dataset (ISCXIDS2012) and from the link “https://www.unb.
ering the challenges in the classical models. ca/cic/datasets/ids.html: Access Date: 2024-08-23”. The dataset holds
labeled data, realistic network, traffic detection, data capture, total
3.2. Network anomaly detection: model design interaction scenario, and diverse intrusion scenarios. The dataset holds
171380 data and 11011 data are utilized for the analysis. Collected data
A novel network anomaly detection model is implemented in this Ip
from the dataset are indicated as Dtm . Effective analysis and detection of
research work considering the DDoS attacks with deep learning tech­ DDoS attacks have been rendered feasible by the ISCXIDS2012 dataset,
niques. This technique is highly essential to detect unusual traffic pat­ which offers realistic representations of network traffic and intrusion
terns in the network presented with abnormal communication patterns. scenarios. It includes tagged data, making it possible to assess different
In the developed network anomaly detection framework, essential data intrusion detection methods. It is possible to completely evaluate the
utilized for the validations are gathered from standard dataset and given effectiveness of detection algorithms under a variety of situations by
to the optimal feature selection phase. This procedure helps to enhance utilizing the dataset, which contains a variety of intrusion scenarios that
the interpretability for providing better decision-making and also are specifically created to simulate various types of attacks, including
smooth the inaccuracies issues. So, essential features required for the DDoS attacks.
analysis are selected using the developed P-MRA technique, which
effectively optimizes the essential features by enhancing the relief score.
4. Predefined-Mud Ring Algorithm for optimal feature selection
Next, the optimally selected features are provided to the developed
for enhancing anomaly detection performance
Multi-SSN-based network anomaly detection model. The Multi-SSN
techniques are designed according to the integration of CAE, GRU,
4.1. Importance of optimal feature selection
and BL for network anomaly detection. Using developed Multi-SSN
model in network anomaly detection helps to minimize overfitting
Generally, optimal feature selection is an efficient procedure utilized
and also enhance the robustness. This stacked network provided supe­
to increase the accuracy of anomaly detection in network. These optimal
rior accuracy and flexibility by improving the network balancing effi­
feature selection procedures utilized an optimization mechanism to
ciency. The developed Multi-SSN technique offered better anomaly-
identify the optimal set of features. In the suggested framework, the
detected outcomes considering DDoS attacks. Hence, the developed
developed P-MRA technique is employed to attain the optimal features.
Multi-SSN mechanism offered superior network anomaly detection
This procedure helps to select the important features by eliminating the
outcomes than the classical techniques. The architectural illustration of
redundant information related to the attack leading to the imple­
the developed network anomaly detection model over DDoS attacks is
mentation of a novel anomaly detection framework that helped in of­
represented in Fig. 1.
fering a more accurate network anomaly detection outcome.
Eliminating unwanted features in the network effectively minimizes

Fig. 1. Structural representation of developed network anomaly detection model.

4
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

noise and overfitting problems. Using optimal features for the validation complex, nonlinear relationships within data. Compared to conven­
minimizes the validation complications and also improves the training tional technique to traditional methods like LASSO and Elastic Net, P-
process. Selecting the optimal feature in the large dataset helps to MRA offers more versatility in capturing complex feature interactions
enhance the training in real-world applications. Choosing the minimal without the limitations of linear assumptions or requiring a great deal of
dataset in the network makes the developed system more interpretable. hyper parameter tuning. P-MRA provides better granularity and
In the higher dimensional regions, the efficiency of the network is handling of feature redundancy than mutual information approaches.
reduced due to curse dimensionality issues. So, the optimal feature se­ Optimizing the features in the network using P-MRA helps to maxi­
lection procedures are utilized to overcome these problems in the mize the relief score in the developed network anomaly detection model.
network by decreasing the dimension count to enhance the network Enhancing the relief score easily computes the contextual data and also
anomaly detection performance. So, performing an optimal feature se­ has the efficiency to validate the attribute’s quality. Relief scores are
lection procedure helps to implement an efficient network anomaly used to validate the scores of entire features. The relief score effectively
detection technique that helps to improve the accuracy, robustness, computes the attribute’s qualities according to the instances. In the
detection efficiency, and interpretability for making the developed developed network anomaly detection model, features are optimally
system highly suitable for reliable cybersecurity systems. selected in the bound [1, 14] using developed P-MRA, which effectively
maximizes the relief score. Here, 5 optimal features are selected by
implemented P-MRA. The major objective of the optimal feature selec­
4.2. Optimal feature selection using developed P-MRA
tion process is offered in Eq. (1).
( )
In the developed network anomaly detection framework, optimal 1
ft = argmin (1)
feature selection is selected using developed P-MRA techniques from the Rfs
Ip
{Ofefehh }
collected data Dtm . Using optimal features in the developed network
anomaly detection model, overfitting issues attained in the parameters Here, the term ofefehh indicates the optimal features and Rfc represents
and network training time are reduced. Classical feature selection the relief score, presented in Eq. (2).
models are expensive for large datasets and complicated algorithms. In ( ) ( )
the developed network anomaly detection technique, using optimally Rfc = qp − ap − vcp + ap − btp (2)
selected features helps to identify the anomalies in the network in Here, the distant classes are indicated as btp , and similar classes are
minimal time that helps to enhance the quality of service. Here, signif­ offered as vcp . A pictorial illustration of the optimal feature selection
icant features presented in the collected data are selected and then these process is given in Fig. 2.
features are optimized using the developed P-MRA technique. The P-
MRA method offers a distinctive approach to feature selection, charac­
terized by its focus on multi-resolution analysis and adaptability to

Fig. 2. Structural representation of optimal feature selection process.

5
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

4.3. Developed optimizer: P-MRA Algorithm 1.

Algorithm 1: Developed P-MRA
An efficient optimization mechanism named the P-MRA technique is Ip
Inputs: Network Data Dtm
introduced to detect the anomalies in the network over DDoS attacks. Initiate the iteration count and population size
The developed P-MRA is the improved version of classical MRA. The Validate the fitness of every dolphin
developed P-MRA technique is utilized to select the features optimally Update the random numbers Gj in Eq. (4) based on a novel concept in Eq. (3)
that help to rectify the overfitting and interpretability issues. The ​ While Wg < Qmax
If |M| ≥ 1
Predefined-Mud Ring Algorithm (P-MRA), which has been designed to
​ ​
​ ​ ​ Create novel solutions by changing the velocity
capture the unique characteristics of DDoS attacks, improves feature ​ ​ Else
selection by concentrating on the most significant properties associated ​ ​ ​ Update the present dolphin location in the mud ring
with network traffic and anomaly identification. By eliminating noise ​ ​ End If
Renew the dolphin outside bounds in search space
and unnecessary features, it generates a detection process that is more ​ ​
​ ​ Obtain the fitness function of a dolphin
precise and efficient. Unlike traditional methods, P-MRA ensures that ​ End While
the selected features maintain a robust correlation with attack patterns Return the optimally best positions
while minimizing redundancy, improving model accuracy and reducing Output: Optimally Selected Features ofehh
fe

False Positive Rates (FPR). This optimal feature selection reduces

computational complexity and boosts detection accuracy in complex
network situations, thereby influencing the model’s performance. The
5. Multi-serial stacked network for anomaly detection against
MRA [26] technique is widely used in the developed framework as it
DDOS attacks
offers better balance between exploitation and exploration. The MRA
also enhances the decision-making efficiency and profitability while
5.1. Convolutional Autoencoder
detecting the anomalies in the network. Moreover, the MRA technique
utilized minimal parameters with simple operation procedures that
CAE [27] is constructed by integrating CNN with an autoencoder.
helped to overcome the non-linearity issues in the network. The MRA
The autoencoder models are designed using an artificial neural network
technique consumes more time and needs highly significant parameters
that includes the decoder and encoder regions. The major components of
for the observation. In some cases, they easily fall into the local optimal
the CAE are the encoder, bottleneck layer, reconstruction layer, and
issues and also have slow convergence, which affects the network effi­
decoder layer. In the CAE, convolutional layers are used by replacing the
ciency while detecting the anomalies over DDoS attacks. Hence, it is
fully connected layers, and de-convolutional layers are used in the
necessary to resolve several limitations presented in classical MRA
decoder phase. Here, every de-convolutional layer needs to follow the
techniques, so random parameters in MRA are pre-defined by the novel
un-pooling layers, which are used to store the maximal values. More­
concept and this technique is named as P-MRA. Here, the newly devel­
over, the spatial localities are preserved by performing the convolution
oped P-MRA technique effectively overcomes the convergence issues,
operations in all neurons. Validations are executed in the encoder for the
which helps to accomplish superior network anomaly-detected out­
input matrix K and specified in Eq. (5).
comes. Furthermore, the overfitting problem presented in the network
was also rectified. The Predefined-Mud Ring Algorithm (P-MRA) utilizes Ub = σ (K*Rq + A) (5)
multiple strategies to tackle the problem of false positives in network
Here, σ signifies the activation functions, R indicates the 2D con­ q
security applications. These strategies include dynamic thresholding,
volutional filters, * represents the 2D convolution and bias encoder are
feedback mechanisms, ensemble methods, multi-layered detection ap­
offered as A. Here, spatial resolutions are obtained by executing the zero
proaches, contextual anomaly detection, robust feature selection, and
padding operation in the input matrix K. Later, data reconstruction
calibrated anomaly scoring. With an emphasis on pertinent features,
procedures are executed in the network and it is offered in Eq. (6).
flexibility in responding to network conditions, and ongoing learning
from user feedback, P-MRA greatly improves the accuracy and ̃ q + A)
Db = σ (Ub *R ̃ (6)
dependability of actual anomaly detection while reducing false positive
rates. Maintaining trust in the system and making optimal use of re­ Inputs used in the reconstruction phase are represented as Ub . In the
sources are two important goals of this managing in network security decoder phase, 2D convolutional filter is presented and specified as R ̃q,
activities. and the bias presented in the decoder unit is specified as A.
̃ Finally, pre-
In the proposed P-MRA technique, random numbers Gj presented in training executed in CAE with errors, given in Eq. (7).
the limit [0, 1] are upgraded by novel concept presented in Eq. (3).
nf
∑
( )
(− 1) I(θ) = (Tb − Db )2 (7)
Gj = − Wg* (3)
Br b=1

If the unsupervised pre-training is performed in the un-pooling and

Here, the term Wg indicates the current iteration and Br represents the de-convolutional layer, then the network decoder phase is removed. A
maximum iterations. structural representation of basic CAE is given in Fig. 3.
→
In classical MRA [26], the vector Z t presented in the exploration
phase is offered in Eq. (4). 5.2. Gated Recurrent Unit
→ → →
Z t = 2 h .Gj − h (4) GRU [28] is the improved version of LSTM, which is a unique gating
→ mechanism for RNN. Generally, the GRU model utilized multiple gates
Here, the search agents are offered as h , and the random numbers
for controlling the information flow. Moreover, the GRU needs reduced
presented in the limit [0, 1] are signified as Gj, which is improved by the
memory space. It generates the updated gate by integrating forget and
novel mechanism presented in Eq. (3). Hence, the developed P-MRA
input gates. The reset gate employed in the GRU is otherwise known as a
technique effectively enhances the outcomes according to their current
supplementary gate. The GRU activation function is offered in Eq. (8).
iterations. Pseudocode of Implemented P-MRA technique is offered in
( )
̃t
Htr = 1 − Str Htr− 1 + Str H (8)
r

Here, activation function of GRU is specified as Hrt , existing regions of

6
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

classical neural network models face more complications in fulfilling the

probabilistic considerations. Several outcomes attained from BL are used
for the single point validation in every input sample that is prone to
overconfidence in the downstream decision-making. This creates serious
issues in the applications due to data imbalance issues. Hence, these
kinds of issues in the classical technique are resolved by using the
Bayesian models to collect the output probability. Network weights are
represented as θ and it is used with the existing distribution R(θ). In the
BL technique, posterior distribution over the network weight is consid­
ered as the data My . The Bayes rule is offered in Eq. (12).
( / )
( / ) R My θ R(θ)
R θ My = ( ) (12)
R My

Here, the weights in the posterior distribution network are offered as

( )
R θ /My , training data is given as My that has the efficiency to execute
the supervised learning tasks by including the output-input sample pairs.
The BL network was also developed through Monte Carlo dropout
techniques to minimize the overfitting issues when network training is
Fig. 3. Diagramattic presentation of CAE executed. In the network, dropout procedures are executed in the indi­
vidual nodes presented in the network that are eliminated randomly
GRU are indicated as Htr− 1 , and also the individuals presented in the rth while training procedures are executed for a particular probability. The
structural presentation of the BL model is given in Fig. 5.
̃ t . In the entire gates, different updating processes
layer are specified as H r
are executed and it is offered in Eq. (9).
5.4. Network attack detection using Implemented Multi-SSN
( )t
Str = σ Nv Jp + Kv Hr− 1 (9)
An efficient network anomaly detection technique named the Multi-
Here, the term Str signifies the updated gates that are used to select the SSN technique is implemented with deep learning techniques. The
single activation functions and it is given in Eq. (10). developed Multi-SSN technique is the integration of ensemble tech­
( ( )) niques like BL, GRU, and CAE and they are connected in serial format.
̃ t = tan H Nv Jp + Z Gv *Hp− 1 t
H (10) The developed framework utilized the CAE technique as it effectively
r
minimizes the redundant features and saves the spatial and local pat­
t
Here, H ̃ specifies the activation functions and * represents the multi­
r terns in the validation.
plication operation. Procedures in reset gate are given in Eq. (11). The Multi-SSN proposes a novel design that uses a serial stacking
( )t approach to improve anomaly detection efficiency. The Multi-Serial
Gtv = σ Nv Jp + Zv Hp− 1 (11) Stacked Network (Multi-SSN), which prioritizes the sequential and
Here, Gtv indicates the reset gate, and this process is performed based multi-level integration of models, has proposed a unique architecture for
on the turn-off function. The structural representation of the GRU model network anomaly detection. By utilizing deep learning approaches and
is offered in Fig. 4. traditional ensemble methods insights, Multi-SSN seeks to overcome
limitations in existing methods by enhancing the precision, robustness,
and flexibility of network anomaly detection.
5.3. Bayesian Learning network

BL [29] is a statistical mechanism that uses the Bayes theorem for

upgrading the hypothesis probability became highly available. The

Fig. 4. Pictorial illustration of GRU Fig. 5. Structural illustration of BL model.

7
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

The MSSN architecture enhances accuracy by utilizing a series of models in practical circumstances.
stacked layers that progressively refine the feature extraction process In The pictorial view of the implemented Multi-SSN-based network
order to generate a hierarchical representation of network traffic data, anomaly detection model is offered in Fig. 6.
every layer in the MSSN has been assigned with recognizing unique
patterns of abnormal behavior associated with DDoS attacks. Moreover, 6. Results and discussions
the best feature selection procedures remove unnecessary or irrelevant
attributes, which reduces the dimensionality of the dataset. This com­ 6.1. Experimental setup
bination leads to a more focused and accurate learning process, which
increases detection rates. By ensuring that only relevant features are A new network anomaly detection model with deep learning mech­
used at each layer, the layered structure reduces processing overhead, anism was executed using Python. The developed framework considered
improves productivity, and maintains outstanding detection precision. the population count as 10, the maximum iteration count as 50 and the
The CAE model also eliminates the noise and it has the efficiency to chromosome length as 5. Different optimization techniques utilized for
compress the samples without any information loss. Moreover, it has the the validations were Black Widow Optimization (BWO) [30], Archi­
efficiency to identify the anomalies by contrasting the original data and medes Optimization Algorithm (AOA) [31], Golden Eagle Optimizer
reconstruction errors. Yet, these techniques need to improve the inter­ (GEO) [32], and MRA [26]. Multiple classifiers used for the validation
pretability issues attained in the network and also they are prone to were LS-GAN [1], DBN [2], XGBoost [7], and BiLSTM [8].
overfitting issues in some cases. The CAE models are highly expensive
and need more parameters in the training phase. Hence, it is important 6.2. Performance metrics
to rectify several complications attained in the existing CAE techniques
to provide better feature extraction outcomes. So, the GRU technique is Several performance metrics associated with the novel network
introduced in the developed network anomaly detection model as it has anomaly detection model are given below.
simple implementation procedures and structures. The GRU models
need minimal parameters for the validation and also it offers superior (a) Bookmaker’s Informedness (BM) is a metric that evaluates the
training speed than the classical techniques. The GRU model offers model’s overall capacity to identify anomalies in network traffic
higher quality outcomes while extracting the features, yet it needs to by combining its sensitivity and specificity as given in Eq. (13).
improve the quality of features. So, the BL technique is included in the √̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅
developed network anomaly detection model, which helps to enhance SW + DV − 1
Tv = (13)
the anomaly detection performance in the network. Including the 2
ensemble techniques like BL, GRU, and CAE to provide accurate network
anomaly detection outcomes over the DDoS attacks, and the developed (b) Accuracy is offered in Eq. (14). Evaluates the quantity of occur­
fused version is termed Multi-SSN. Including the BL techniques in the rences—both normal and anomalous—that are successfully
network gained more advancement because this mechanism has higher detected out of all instances.
flexibility than the classical techniques. It stores the entire information
about the respective data in the training process, so it needs minimal (gt + Kj)
Zt = (14)
data to execute the upcoming procedures. (gt + Kj + Fr + Ye)
CAEs are able to recognize spatial patterns and local dependencies in
data with ease. The ability to identify aberrant or regular behavior in (c) Specificity is provided in Eq. (15). The proportion of normal in­
data packet patterns makes this capability extremely useful for network stances that are correctly identified as normal.
traffic analysis. The temporal dynamics of network traffic can be simu­
lated by GRUs, which progressively identify patterns that are essential Kj
DV = (15)
for identifying any abnormalities in specific data sequences. By using Kj + Fr
information from both directions, BLs can reduce sequence ambiguity
and increase the accuracy of forecasts and anomaly detection. (d) Diagnostic Odds Ratio (DOR) is a mixture of sensitivity and
The developed network anomaly detection model Multi-SSN utilized specificity that measures how likely a system is to accurately
fe
the optimally selected features ofehh as the input. Here, the optimally identify anomalies compared to how likely it is to mistakenly
selected features are given as the input to CAE and extracted the label typical cases as abnormal as presented in Eq. (16).
essential features for the validation. The CAE technique can collect the gt
latent space structures from the input data. The extracted features from Xp = (16)
Fr
the CAE are inputted to the GRU model. The GRU model has the effi­
ciency to handle the sequential information and helps to attain higher
quality features as outcomes. Later, the extracted features from GRU are (e) F1-Score is specified in Eq. (17). The harmonic mean of Precision
given to the BL network to execute better anomaly detection in the and Recall. It is effective for dealing with biased information
network over DDoS attacks. The BL network effectively handles the since it balances false positives and false negatives.
higher dimensional data and offers the network anomaly detected 2*gt
outcome over DDoS attacks. The Multi-Serial Stacked Network (Multi- Mu = (17)
2*(gt + Fr + Ye)
SSN), particularly in relation to its components like CAE, GRU, and BL,
optimizes its hyper parameters by a variety of methods, such as grid
search, random search, Bayesian optimization, Hyper band, and cross- (f) Sensitivity is offered in Eq. (18). Measures the proportion of
validation. The model’s performance, capability for learning, rate of actual anomalies (true positives) that were correctly detected by
convergence, and general effectiveness are all greatly impacted by these the model.
hyperparameters. This level of sensitivity emphasizes how important gt
SW = (18)
hyperparameter adjustments are to achieving optimal performance in gt + Fr
challenging tasks like network anomaly detection. Robust optimization
strategies and comprehensive sensitivity evaluations can help pro­
fessionals significantly increase the reliability and performance of their

8
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

Fig. 6. Diagrammatic representation of developed multi-SSN-based network anomaly detection model.

(g) False Discovery Rate (FDR) is represented in Eq. (19). Measures

the proportion of normal traffic incorrectly classified as
anomalous.
Fr
Ip = (19)
Fr + gt

(h) Precision Rp is specified in Eq. (20). Measures the proportion of

accurately discovered anomalies (true positives) across all in­
stances labeled as abnormal by the model.
gt
Yb = (20)
gt + Fr

(j) Threat Score (TS) that measures the severity or likelihood of an

anomaly being an authentic security issue, usually by combining
characteristics such as the anomaly’s intensity, length, and po­
tential impact on the system as given in Eq. (21).
gt
Wu = (21) Fig. 7. Convergence validation in developed network anomaly detection model
gt + Ye + Fr
over DDoS attacks.

(j) False Negative Rate (FNR) is provided in Eq. (22). It evaluates the
network over DDoS attacks. Here, the developed framework P-MRA is
rate at which actual anomalies (e.g., intrusions, suspicious
indicated in black color. The convergence of the implemented technique
network behaviors) are wrongly labeled as normal activity.
is computed by varying the iterations up to 50. Varying the iterations to
Ye higher counts didn’t affect the efficiency of the developed framework. In
Tb = (22)
Ye + gt the lower iterations, the developed model achieves superior conver­
gence that resembles the developed model is prone to local optima is­
sues. Minimal convergence in the developed framework resembles that
(k) Positive Likelihood Ratio (PLHR) is a metric that helps assess the
the implemented technique resolves the overfitting issues. In the below
ability of the detection model to distinguish between anomalous
graph, the developed P-MRA technique attained higher convergence in
(positive) and normal (negative) events as given in Eq. (23).
the initial iterations and then it achieved a stable convergence from the
SW 7th iteration by fulfilling the relief score. Moreover, superior conver­
Cr = (23)
1 − DV gence is attained in the developed framework by maximizing the relief
score. In the optimal features selection procedures relief score gains
Here, true positive values are presented as gt, the true negative
more importance to compute the features among the normal and
values are given as Kj, false positive values are signified as Fr and false
anomalous character identified features in the network.
negative values are offered as Ye.
The relief score also helps to identify the more significant charac­
teristics according to their differentiation ability over multiple classes.
6.3. Convergence analysis on developed technique Using the optimally selected features in the network helps the developed
model to speed up the anomaly detection efficiency with a higher
Convergence analysis performed in the developed network anomaly quality of service than the classical techniques.
detection model over the classical optimization models is represented in
Fig. 7. Here, the convergence analysis is executed to analyze the effi­
ciency of the developed framework while detecting the anomalies in the

9
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

6.4. Performance analysis on developed framework Multi-SSN-based network anomaly detection model over the existing
detection techniques are tabulated I Table 2. Here, different perfor­
Different performance analyses executed in the developed Multi- mance metrics are used to validate the efficiency of the developed Multi-
SSN-based network anomaly detection models over classical network SSN-based network intrusion detection over DDoS attacks using the
anomaly detection techniques are specified in Fig. 8. Here, the compu­ optimally selected features. The validation experiments performed using
tations are executed by varying the learning percentage up to 75. In this the optimally selected features effectively boost up the network intru­
phase, multiple performance analysis is executed to verify the effectu­ sion detection efficiency. So, the analysis displayed that using the
alness of the implemented technique while detecting the anomalies in optimal features for the analysis helps to attain higher intrusion-
the network over DDoS attacks. FDR validation executed in the devel­ detected outcomes. Accuracy analysis executed in the developed
oped Multi-SSN-based network anomaly detection technique accom­ Multi-SSN-based network intrusion detection model over the classical
plished reduced error while detecting the network anomalies. technique secured better intrusion detection efficiency as 8.37 %, 6.26
Minimizing the error in the validation leads to offer a higher quality of %, 4.06 %, and 2.08 % better than the classical techniques like LS-GAN,
anomaly-detected results than the classical techniques. Identifying the DBN, XGBoost, and BiLSTM, respectively. So, the analysis displayed that
network anomalies in the early phases helps to enhance the detection executing the optimal feature selection procedure using the developed
quality and also efficiency by reducing the cost. Scalability is the major P-MRA technique helps the developed framework to detect the network
element that needs to provide more concern for attaining anomaly anomaly in the initial phases, which helps the user to protect the entire
detection outcomes. In the sensitivity validation, the developed Multi- system from attackers. Reducing False Positive Rates (FPR) and
SSN technique accomplished higher network anomaly detection out­ improving detection accuracy are two key areas where the suggested
comes by detecting the unexpected events in the network that help to design outperforms traditional DDoS detection strategies. To achieve
protect the sensitive information from attackers. Hence, the analysis optimal feature selection, the Multi-SSN architecture accumulates pre­
results displayed that the developed Multi-SSN technique is highly cise spatial and temporal characteristics of attack traffic, while the
suitable for identifying various anomalies in the initial stages and also model focuses solely on the most crucial data. The framework provides
protects the real-world applications from attackers. higher detection rates with less FPR and computational cost as
compared to traditional models, according to experimental results. Key
6.5. Accuracy validation in developed framework performance parameters including as accuracy, precision, recall, and F1-
score attest to the framework’s extraordinary powers and demonstrate
Accuracy analysis executed in the developed Multi-SSN-based its potential for useful use in real-world settings where dependable and
network anomaly detection model over the classical network anomaly efficient DDoS detection is crucial.
detection models are presented in Fig. 9. Here, the validations are per­
formed by modifying the K-fold values up to 5. In the implemented 6.8. Statistical validation on implemented framework
Multi-SSN technique, accuracy validations are used to validate how the
suggested framework is efficient in detecting anomalies over DDoS at­ Statistical validation performed in the implemented technique over
tacks. In the K-fold-based accuracy analysis, the developed Multi-SSN the traditional heuristic techniques while analyzing anomalies in the
technique accomplished higher network anomaly detection outcome network over the DDoS attacks are given in Table 3. Here, the statistical
that helps to identify the performance of the computations are executed to identify the effectualness of the P-MRA
Network while anomalies are presented in the network. Here, the technique in the network anomaly detection model. The analysis out­
learning percentage displays the data counts used for the validation. The comes displayed that the suggested technique attained more advance­
K-fold validation has minimal sensitivity in the testing and training data. ments while detecting the anomalies in the network at
Validating the efficiency of the developed network anomaly detection The beginning phases. Furthermore, the developed model needs
model helps to identify the better balance among the training and testing minimal training data in the validation and also its analysis time is less
phases. The developed framework secures comparatively higher effi­ than the classical techniques. Best validation executed in the developed
ciency in detecting the network anomalies that helps to overcome the framework secured superior network anomaly detection outcomes as
data breaching issues in the network. 12.16 %, 7.08 %, 9.09 %, and 4.85 % than the classical optimization
models like BWO, AOA, GEO, and MRA respectively. Analysis displayed
6.6. Computation Time Analysis on implemented technique that the developed framework secured better network intrusion detec­
tion outcomes than the classical techniques.
Computation time validation executed in the developed Multi-SSN-
based network anomaly detection model over the classical detection 6.9. Ablation study on suggested technique
models is displayed in Fig. 10. Here, the validations are executed over
the classical anomaly network detection models by varying computation Ablation validation performed in developed Multi-SSN-based
time of up to 40 Sec. Computation time analysis executed in the devel­ network anomaly detection over the classical detection models is rep­
oped Multi-SSN network helps to identify the total time needed to resented in Table 4. Here, the ablation study is executed over accuracy in
execute the detection process. Minimal computation time accomplished the developed framework. In the implemented Multi-SSN-based network
in the validation implies that the developed framework needs less intrusion detection model, it accomplishes 96.39 % better intrusion
validation time than the classical techniques. While analyzing the graph, detected outcome than the classical techniques. In the validation only
the developed Multi-SSN technique accomplished minimal computation Limited intrusion detection models like GRU, BL and Atrous BL
time than the classical detection models. Minimal computation time in accomplished superior performance as 91.36 %, 90.13 % and 94.58 %,
the validation makes the detection process faster, stops data breaching correspondingly. Thus, the analysis displayed that the implemented
issues in the network, and saves the network from attackers. Hence, the Multi-SSN-based model accomplished superior network anomaly
developed Multi-SSN-based network anomaly detection model is highly detection efficiency than the classical techniques. Thus, the developed
suggested to utilize with real-world applications as it offers superior framework is widely suggested for anomaly detection in the healthcare
scalability. industries and financial sector.

6.7. Validation of implemented framework over features 7. Conclusion

In this phase, multiple validation is executed in the implemented An efficient network anomaly detection technique with deep

10
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

Fig. 8. Performance Analysis on Developed Multi-SSN-based Network Anomaly Detection Framework over DDoS attacks Regarding (a) BM, (b) DOR, (c) F1-Score,
(d) FDR, (e) FNR, (f) PLHR, (g) Precision, (h) TS, (i) Specificity and (j) Sensitivity.

11
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

Table 2
Performance validation executed in implemented multi-SSN-based network
anomaly detection model.
Performance LS-GAN DBN [2] XGBoost BiLSTM Multi-
Measures [1] [7] [8] SSN

Analysis without Optimally Selected Features

Accuracy 86.96758 88.63409 90.41867 92.29861 94.12406

BA 86.96758 88.63409 90.41867 92.29861 94.12406
FM 86.96876 88.63358 90.41954 92.30634 94.12406
BM 73.93516 77.26819 80.83734 84.59722 88.24812
Sensitivity 86.97666 88.62955 90.42775 92.39851 94.12406
F1-Score 86.96876 88.63358 90.41954 92.3063 94.12406
MCC 0.739352 0.772682 0.808373 0.845974 0.882481
Specificity 86.9585 88.63863 90.40959 92.19871 94.12406
Precision 86.96086 88.6376 90.41133 92.21427 94.12406
FPR 13.0415 11.36137 9.59041 7.80129 5.875942
Analysis with Optimally Selected Features
Accuracy 87.70775 89.44238 91.33594 93.11143 95.0504
BA 87.70775 89.44238 91.33594 93.11143 95.0504
FM 87.70273 89.44094 91.33672 93.10987 95.05085
BM 75.41549 78.88475 82.67187 86.22287 90.10081
Sensitivity 87.66688 89.42875 91.34502 93.08873 95.05949
F1-Score 87.70272 89.44094 91.33672 93.10987 95.05085
MCC 0.754155 0.788848 0.826719 0.862229 0.901008
Fig. 9. Accuracy validation on implemented multi-SSN-based network anomaly
Specificity 87.74862 89.456 91.32685 93.13414 95.04132
detection framework.
Precision 87.73859 89.45313 91.32843 93.13102 95.04222
FPR 12.25138 10.544 8.673145 6.865861 4.958678

Table 3
Statistical computation in developed network anomaly detection model over
DDoS attacks.
Performance BWO AOA [31] GEO [32] MRA P-MRA
Analysis [30] [26]

Best 2.184486 2.065023 2.108775 2.016771 1.918789

Worst 3.921402 2.457019 4.763661 2.862852 4.56415
Mean 2.534139 2.225581 2.258746 2.092525 2.045754
Median 2.53181 2.065023 2.108775 2.016771 1.918789
Standard 0.428482 0.188941 0.433271 0.228023 0.417475
Deviation

Table 4
Ablation study in the developed multi-SSN-based network anom­
aly detection models.
Fig. 10. Computation time analysis in implemented network anomaly detec­ Techniques Accuracy (%)
tion model.
CAE [27] 85.97
Dilated Autoencoder [33] 87.78
learning techniques was implemented over DDoS attacks. Here, the Atrous Autoencoder [34] 89.56
developed framework utilized the data collected from standard re­ GRU [28] 91.36
sources. From the collected data, optimal features were selected using BL [28] 90.13
Dilated GRU [35] 86.37
the developed P-MRA technique to enhance the relief scores. Then, the Dilated BL [36] 88.04
optimally selected features were provided to the developed Multi-SSN- Atrous GRU [37] 89.91
based network anomaly detection phase. The developed Multi-SSN Atrous BL [38] 94.58
was the integration of GRU and CAE for feature Developed Multi-SSN 96.39
Extraction and utilized the BL technique for network anomaly
detection. Thus, the developed Multi-SSN technique provided the su­
CRediT authorship contribution statement
perior network anomaly detected outcome. Later, various validations
were executed in the developed framework to compute its effectualness
K. Jeevan Pradeep: Writing – original draft, Formal analysis,
over the classical models. Accuracy analysis executed in the developed
Conceptualization. Prashanth Kumar Shukla: Formal analysis,
Multi-SSN-based network intrusion detection model over the classical
Conceptualization.
technique secured better intrusion detection efficiency as 8.37 %, 6.26
%, 4.06 %, and 2.08 % better than the classical techniques like LS-GAN,
Declaration of competing interest
DBN, XGBoost, and BiLSTM, respectively. Hence, the validation out­
comes displayed than the developed framework was highly suggested
The authors declare that they have no known competing financial
for the real-world application in the finance and health sectors. In
interests or personal relationships that could have appeared to influence
future, the current research work will be extended with encryption
the work reported in this paper.
models and cloud computing technology to protect the user’s sensitive
data from attackers.

12
K.J. Pradeep and P.K. Shukla International Journal of Intelligent Networks 6 (2025) 1–13

References [19] A. Halbouni, T.S. Gunawan, M.H. Habaebi, M. Halbouni, M. Kartiwi, R. Ahmad,
CNN-LSTM: hybrid deep neural network for network intrusion detection system,
IEEE Access 10 (2022) 99837–99849.
[1] Xu Liu, Xiaoqiang Di, Qiang Ding, Weiyou Liu, Hui Qi, Jinqing Li, Huamin Yang,
[20] B. Min, J. Yoo, S. Kim, D. Shin, D. Shin, Network anomaly detection using memory-
NADS-RA: network anomaly detection scheme based on feature representation and
augmented deep autoencoder, IEEE Access 9 (2021) 104695–104706.
data augmentation, IEEE Access 8 (2020) 214781–214800.
[21] I. Ullah, Q.H. Mahmoud, A framework for anomaly detection in IoT networks using
[2] L. Fernández Maimó, Á.L. Perales Gómez, F.J. García Clemente, M. Gil Pérez,
conditional generative adversarial networks, IEEE Access 9 (2021)
G. Martínez Pérez, A self-adaptive deep learning-based system for anomaly
165907–165931.
detection in 5G networks, IEEE Access 6 (2018) 7700–7712.
[22] S. Yaqoob, A. Hussain, F. Subhan, G. Pappalardo, M. Awais, Deep learning based
[3] Sheraz Naseer, Yasir Saleem, Shehzad Khalid, Muhammad Khawar Bashir,
anomaly detection for fog-assisted IoVs network, EEE Access 11 (2023)
Jihun Han, Muhammad Munwar Iqbal, Kijun Han, Enhanced network anomaly
19024–19038.
detection based on deep neural networks, IEEE Access 6 (2018) 48231–48246.
[23] C. Natalino, A. Udalcovs, L. Wosinska, O. Ozolins, M. Furdek, Spectrum anomaly
[4] H.W. Oleiwi, D.N. Mhawi, H. Al-Raweshidy, MLTs-ADCNs: machine learning
detection for optical network monitoring using deep unsupervised learning, IEEE
techniques for anomaly detection in communication networks, IEEE Access 10
Commun. Lett. 25 (5) (May 2021) 1583–1586.
(2022) 91006–91017.
[24] Y. Liu, Z. Li, S. Pan, C. Gong, C. Zhou, G. Karypis, Anomaly detection on attributed
[5] Xuefei Tian, Zhiyuan Wu, JunXiang Cao, Shengtao Chen, Xiaoju Dong, ILIDViz: an
networks via contrastive self-supervised learning, IEEE Transact. Neural Networks
incremental learning-based visual analysis system for network anomaly detection,
Learn. Syst. 33 (6) (June 2022) 2378–2392.
Virtual Reality & Intelligent Hardware 5 (6) (December 2023) 471–489.
[25] Q. Xie, P. Zhang, B. Yu, J. Choi, Semisupervised training of deep generative models
[6] Xabier Sáez-de-Cámara, Jose Luis Flores, Cristóbal Arellano, Aitor Urbieta,
for high-dimensional anomaly detection, IEEE Transact. Neural Networks Learn.
Urko Zurutuza, Clustered federated learning architecture for network anomaly
Syst. 33 (6) (June 2022) 2444–2453.
detection in large scale heterogeneous IoT networks, Comput. Secur. 131 (August
[26] A.S. Desuky, M.A. Cifci, S. Kausar, S. Hussain, L.M.E. Bakrawy, Mud ring
2023) 103299.
algorithm: a new meta-heuristic optimization algorithm for solving mathematical
[7] A. Alsaleh, W. Binsaeedan, The influence of Salp Swarm algorithm-based feature
and engineering challenges, IEEE Access 10 (2022) 50448–50466.
selection on network anomaly intrusion detection, IEEE Access 9 (2021)
[27] S. Ryu, H. Choi, H. Lee, H. Kim, Convolutional autoencoder based feature
112466–112477.
extraction and clustering for customer load analysis, IEEE Trans. Power Syst. 35 (2)
[8] R. Ben Said, Z. Sabir, I. Askerzade, CNN-BiLSTM: a hybrid deep learning approach
(March 2020) 1048–1060.
for network intrusion detection system in software-defined networking with hybrid
[28] Rajib Rana, Julien Eppsy, Jurdakz Raja, Xue Lix, Roland Goecke, Gated Recurrent
feature selection, IEEE Access 11 (2023) 138732–138747.
Unit (GRU) for Emotion Classification from Noisy Speech, 2016.
[9] T. Alladi, B. Gera, A. Agrawal, V. Chamola, F.R. Yu, DeepADV: a deep neural
[29] R. Harper, J. Southern, A bayesian deep learning framework for end-to-end
network framework for anomaly detection in VANETs, IEEE Trans. Veh. Technol.
prediction of emotion from heartbeat, IEEE Transactions on Affective Computing
70 (11) (Nov. 2021) 12013–12023.
13 (2) (2022) 985–991.
[10] X. Lin, H. Wang, J. Guo, G. Mei, A deep learning approach using graph neural
[30] Vahideh Hayyolalam, Ali Asghar Pourhaji Kazem, Black Widow Optimization
networks for anomaly detection in air quality data considering spatiotemporal
Algorithm: a novel meta-heuristic approach for solving engineering optimization
correlations, IEEE Access 10 (2022) 94074–94088.
problems, Eng. Appl. Artif. Intell. 87 (January 2020) 103249.
[11] Z. Chen, J. Duan, L. Kang, G. Qiu, Supervised anomaly detection via conditional
[31] Fatma A. Hashim, Kashif Hussain, Essam H. Houssein, Mai S. Mabrouk, Walid Al-
generative adversarial network and ensemble active learning, IEEE Trans. Pattern
Atabany, Archimedes optimization algorithm: a new metaheuristic algorithm for
Anal. Mach. Intell. 45 (6) (2023) 7781–7798.
solving optimization problems, Appl. Intell. 51 (2021) 1531–1551.
[12] I. Ullah, Q.H. Mahmoud, Design and development of a deep learning-based model
[32] Abdolkarim Mohammadi-Balani, Mahmoud Dehghan Nayeri, Adel Azar,
for anomaly detection in IoT networks, IEEE Access 9 (2021) 103906–103926.
Mohammadreza Taghizadeh-Yazdi, Golden eagle optimizer: a nature-inspired
[13] M.F. Kucuk, I. Uysal, Anomaly detection in self-organizing networks: conventional
metaheuristic algorithm, Comput. Ind. Eng. 152 (February 2021) 107050.
versus contemporary machine learning, IEEE Access 10 (2022) 61744–61752.
[33] Naciye Nur Arslan, Durmus Ozdemir, Hasan Temurtas, ECG heartbeats
[14] C. Park, J. Lee, Y. Kim, J.-G. Park, H. Kim, D. Hong, An enhanced AI-based network
classification with dilated convolutional autoencoder, Signal, Image and Video
intrusion detection system using generative adversarial networks, IEEE Internet
Processing 18 (2024) 417–426.
Things J. 10 (3) (2023) 2330–2345.
[34] Lianfa Li, Deep residual autoencoder with multiscaling for semantic segmentation
[15] C. Yao, Y. Yang, K. Yin, J. Yang, Traffic anomaly detection in wireless sensor
of land-use images, Remote Sens 11 (18) (2019) 2142.
networks based on principal component analysis and deep convolution neural
[35] Jen-Yu Liu, Yi-Hsuan Yang, Dilated convolution with dilated GRU for music source
network, IEEE Access 10 (2022) 103136–103149.
separation, Computer Science (2019).
[16] Z. Peng, M. Luo, J. Li, L. Xue, Q. Zheng, A deep multi-view framework for anomaly
[36] Laura Ierimonti, Nicola Cavalagli, Ilaria Venanzi, Enrique García-Macías,
detection on attributed networks, IEEE Trans. Knowl. Data Eng. 34 (6) (2022)
Filippo Ubertini, A transfer Bayesian learning methodology for structural health
2539–2552.
monitoring of monumental structures, Eng. Struct. 247 (2021) 113089.
[17] W.T. Lunardi, M.A. Lopez, J.-P. Giacalone, ARCADE: adversarially Regularized
[37] Samee Ullah Khan, Ijaz Ul Haq, Zulfiqar Ahmad Khan, Noman Khan, Mi Young
convolutional autoencoder for network anomaly detection, IEEE Transactions on
LeeandSung Wook Baik, Atrous convolutions and residual GRU based architecture
Network and Service Management 20 (2) (June 2023) 1305–1318.
for matching power demand with supply, Sensors 21 (21) (2021) 7191.
[18] S. Zavrak, M. İskefiyeli, Anomaly-based intrusion detection from network flow
[38] Christos Markos, James J.Q. Yu, Richard Yi Da Xu, Capturing uncertainty in
features using variational autoencoder, IEEE Access 8 (2020) 108346–108358.
unsupervised GPS trajectory segmentation using bayesian deep learning 35 (2021).

13