Deep memory for deep threats: A novel architecture combining GRUs and deep learning models for IDS

The increasing volumes and sophistication of cyber threats, particularly Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks, pose significant dangers to contemporary network structures, particularly the Internet of Things (IoT) environment. Conventional Intrusion Detection Systems (IDS) are also becoming obsolete because they perform detection in a built-in manner and are unable to capture the time trends of dynamic changes of threats. To eliminate such shortcomings, a new hybrid deep learning architecture named the Neural Turing Machine-Gated Recurrent Unit (NTM-GRU) model is proposed in this paper that incorporates the external memory of NTMs and extra temporal learning power of GRUs. The architecture supports analysis on dual timescales, which in turn captures short- and long-term dependencies, exposing the model to unravel complex, low, slow, and zero-day intrusions with recall. Huge testing on the standard sets (UNSW-NB15 and BoT-IoT) and actual (CICIDS2017 and CSE-CID-IS2018) demonstrate the high effectiveness of the usage of the model, reaching an accuracy of 99.98%, F1-scores of up to 96% on unknown threats, and the low false positive rates (less than 0.4%). The proposed framework can be applied in both industrial settings and high-speed network settings, where the real-time inference speed was measured at 2.3 milliseconds. The model also incorporates interpretability aspects, making it suitable for Security Operation Centres (SOCs). This work, through the merger of complex memory neural-network structures with cybersecurity needs and requirements encountered in the world, can be realized as providing a scalable, adaptive, and interpretable intrusion detection module, establishing a new state-of-the-art standard for securing next-generation networks.