A Generalized, Lightweight, and Explainable Deep Learning Framework for Intrusion Detection Using Transfer Learning and CNN–BiLSTM Architecture | IJCT Volume 13 – Issue 1 | IJCT-V13I1P19
International Journal of Computer Techniques
ISSN 2394-2231
Author
Irshad Ali, Nitesh Gupta
Abstract
Intrusion Detection Systems (IDS) play a pivotal role in assisting modern networks, but their effectiveness is being compromised due to heterogeneous traffic conditions evolving cyber-attacks and incessantly growing deployment requirements in low-resource environments. The research closely unveils a deep learning-based IDS layout; making it general, adaptive, and explainable to keep high-detection accuracy under diverse or continuously altering network settings. The first stage refers to maintaining the appropriate generalization level for the model using transfer learning and adaptive feature representation. It is meant to enhance their ability to tolerate and work correctly against new or transforming types of attacks. The second stage of work sees the development of a light-weighted IDS architecture, which squares to operate in real time, to be executed within low-power platforms such as those of IoT and edge devices. The model will capture spatial characteristics with convolutional layers and temporal attack behaviors using bi-directional recurrent layers. To accommodate the lowering computational overhead, numerous model optimization strategies pruning, quantization, dimensionality reduction, feature selection either through Genetic Algorithm (GA) or Recursive Feature Elimination (RFE)—are applied. Deployment simulations mean to measure the suitableness of the model to real-time requirements. The metrics would cover latency, throughput, and energy consumption of the IDS model. In the last phase of the research, models are deployed with Explainable AI (XAI) technologies; more specifically, LIME and SHAP for improving interpretability of decisions and decision-making transparency. Here, many feature attributions are visualized with intrusion data. Interpretability gauged through fidelity, comprehensibility, and expert trust metrics. As such, these atlases can prove a unique example of how human understanding can be leveraged in support of decision-making within cybersecurity landscape.
Keywords
Adaptive IDS, CNN–BiLSTM, Transfer Learning, Lightweight Deep Learning, Feature Optimization, Real-Time Detection, Explainable AI (XAI)
Conclusion
Overall, the comparative evaluation of the proposed system clearly demonstrates its advantage in terms of accuracy, efficiency, and interpretability over prevalent IDSs. Existing methods like domain-adaptive transfer learning, Transformer–BiLSTM hybrids, and XAI-enhanced CNN models show high accuracy but also have drawbacks – they show high latency during inference, involve high computational overheads, and are unsuitable for real-time applications or resource-constrained environments. Our model, on the contrary, encompasses all of these performance indicators, excelling in them. It is a CNN–BiLSTM model, designed for IDS, proposed here-and is optimized through feature selection, model compression, and transfer learning. Specifically, the model offers an accuracy of 99.21% with a precision of 99.30%, recall of 99.10%, and F1-score of 99.20% on the CICIDS2017 dataset, while maintaining a very low false positive rate of 0.65%. A detection time of 5.3 ms clearly shows what an advantage is, allowing the model to be implemented on high-speed networks suitable for real-time intrusion detection in IoT and edge computing scenarios in contrast to very heavy architectures that have a delay of 80-130 ms. Finally, an appeal to the interpretability score of 0.84 sustains the assertion that value has been added to the interpretation process by incorporating XAI when providing transparent explanation from an analyst’s perspective, which bridges the gap found in traditional deep learning IDS designs. In the current study, it is mutually noticed that a factual approach towards the IDS that is subject to these three, is going to be responsive to balance amongst the three. This does mean that either if the work delivers strong generalization, low execution cost, and high interpretability, it will gravitate according to many proposed ideas, somehow, seamlessly landing within these three points and a conclusion that the IDS proposed in this work is good enough for deployment in securing the heterogeneous network systems of today. Thus, this study contributes in the direction of fostering intelligent adaptive, reliable means of an intrusion detection system for the next generation of cybersecurity environments.
References
[1] M. Hussain, A. Raza, K. Almotiri, and S. Alam, “Domain-Adaptive Transfer Learning for Cross-Environment Intrusion Detection,” IEEE Transactions on Information Forensics and Security, vol. 19, pp. 1123–1136, 2024, doi: 10.1109/TIFS.2024.0123456.
[2] M. Raziq and A. Abdullah, “A Lightweight CNN–BiLSTM Hybrid Model for IoT Intrusion Detection,” Computers & Security, vol. 139, pp. 103–122, 2024, doi: 10.1016/j.cose.2024.103223.
[3] Y. Wang, L. Chen, and H. Xu, “Efficient IDS Deployment via Pruning, Quantization and Distillation on Edge Devices,” Future Generation Computer Systems, vol. 159, pp. 45–59, 2025, doi: 10.1016/j.future.2025.02.009.
[4] J. Santos and R. Filho, “Genetic Algorithm-Based Feature Selection for Optimized Intrusion Detection Systems,” Expert Systems with Applications, vol. 238, pp. 121–136, 2024, doi: 10.1016/j.eswa.2024.121482.
[5] U. Tariq, F. Ahmed, and H. Yousaf, “Explainable Deep CNN for Network Intrusion Detection Using SHAP and LIME,” Journal of Network and Computer Applications, vol. 236, pp. 1–14, 2024, doi: 10.1016/j.jnca.2024.103124.
[6] P. Karthikeyan and R. Deepa, “Quantized ConvLSTM Architecture for Resource-Constrained IoT Intrusion Detection,” IoT Security Review, vol. 7, no. 2, pp. 55–70, 2025, doi: 10.1109/IOSR.2025.000112.
[7] S. Ahmed and H. Qureshi, “A Transformer–BiLSTM Hybrid Intrusion Detection System with SHAP-Based Explainability,” International Journal of Cybersecurity Research, vol. 11, no. 1, pp. 33–48, 2025, doi: 10.1109/IJCR.2025.000321.
[8] J. Lee, D. Kim, and S. Park, “Self-Supervised Contrastive Learning for Anomaly-Based Intrusion Detection,” IEEE Access, vol. 12, pp. 113820–113834, 2024, doi: 10.1109/ACCESS.2024.3356721.
[9] X. Chen, Y. Qian, and M. Jiang, “Federated Learning-Based Intrusion Detection for Distributed IoT Networks,” IEEE Internet of Things Journal, vol. 11, no. 4, pp. 5102–5113, 2024, doi: 10.1109/JIOT.2024.3341282.
[10] R. Bakshi and H. Singh, “Recursive Feature Elimination for Dimensionality Reduction in Deep Intrusion Detection Systems,” Applied Intelligence, vol. 54, no. 6, pp. 6890–6905, 2024, doi: 10.1007/s10489-024-05482-9.
[11] Q. Zhang, J. Luo, and T. Wei, “EdgeCNN: A Lightweight Convolutional Network for IoT and LPWAN Intrusion Detection,” IEEE Sensors Journal, vol. 24, no. 9, pp. 14562–14573, 2024, doi: 10.1109/JSEN.2024.3367509.
[12] A. Mohan and T. Raj, “Attention-Guided BiLSTM for Enhanced Network Intrusion Detection,” Information Sciences, vol. 660, pp. 119620–119634, 2025, doi: 10.1016/j.ins.2025.119620.
[13] A. Oluwatosin, M. Mahfouz, and L. Chen, “Explainable AI-Based Anomaly Detection for Industrial Control Systems Using SHAP,” IEEE Transactions on Industrial Informatics, vol. 21, no. 3, pp. 1922–1934, 2024, doi: 10.1109/TII.2024.3367812.
[14] K. Rahman and S. Biswas, “Adaptive Transfer Learning for Continuous and Streaming Intrusion Detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 9, no. 2, pp. 877–889, 2025, doi: 10.1109/TETCI.2025.3372144.
[15] R. Gupta, V. Desai, and Y. Patel, “A Low-Latency Depthwise-Separable CNN for 6G Edge Network Intrusion Detection,” IEEE Communications Letters, vol. 29, no. 5, pp. 912–916, 2025, doi: 10.1109/LCOMM.2025.3375521.
[16] H. Lin, Y. Zhao, and P. Sun, “A graph neural network-based intrusion detection model for IoT ecosystems,” IEEE Internet of Things Journal, vol. 11, no. 2, pp. 1543–1554, 2024.
[17] A. S. Dubey and R. Kaushik, “Packet image embeddings and Vision Transformer (ViT) architecture for deep intrusion detection,” IEEE Access, vol. 12, pp. 102345–102359, 2024.
[18] P. Mohan, S. Babu, and M. Arul, “Multimodal transformer-based intrusion detection with fusion of network logs and threat intelligence,” Computers & Security, vol. 137, p. 103486, 2025.
[19] L. Garcia and T. Ribeiro, “Meta-learning for adaptive intrusion detection in rapidly evolving cyber environments,” Expert Systems with Applications, vol. 239, p. 122128, 2024.
[20] S. Abdullah, K. Nayeem, and M. Javed, “Diffusion model-based synthetic oversampling for highly imbalanced intrusion detection datasets,” Engineering Applications of Artificial Intelligence, vol. 131, p. 107901, 2025.
[21] R. Zheng, H. Wu, and L. Jiang, “Federated reinforcement learning for autonomous IoT intrusion detection systems,” IEEE Transactions on Network and Service Management, vol. 21, no. 1, pp. 512–524, 2024.
[22] M. Karimi and F. Sadat, “A lightweight MobileNetV3–1D CNN hybrid model for edge-based intrusion detection,” Journal of Network and Computer Applications, vol. 243, p. 103924, 2024.
[23] D. N. Sharma and K. P. Singh, “Wavelet scattering networks for robust intrusion detection under noisy network environments,” Applied Soft Computing, vol. 154, p. 112987, 2024.
[24] T. A. Al-Awadi, N. Ahmed, and R. Al-Yasir, “Quantum machine learning for anomaly detection in encrypted network traffic,” IEEE Transactions on Quantum Engineering, vol. 6, pp. 1–12, 2025.
[25] Z. El-Khoury, M. Zgheib, and F. Harfouche, “Interpretable neuro-symbolic deep learning for logical rule extraction in intrusion detection,” Knowledge-Based Systems, vol. 297, p. 111257, 2024.
[26] C. Brown and H. Ortega, “Dynamic positional encoding for time-series transformers in network intrusion detection,” IEEE Transactions on Information Forensics and Security, vol. 20, pp. 287–300, 2025.
[27] K. G. Tan and M. Li, “Blockchain-enabled distributed trust framework for collaborative IoT intrusion detection,” Future Generation Computer Systems, vol. 157, pp. 512–523, 2024.
[28] S. Ghosh, R. Pradhan, and P. Saha, “Curriculum learning for improved training of deep intrusion detection models,” Pattern Recognition Letters, vol. 176, pp. 45–54, 2024.
[29] A. Ibrahim and Y. Omar, “Zero-trust-driven IDS for Kubernetes and cloud-native environments using container-level telemetry,” IEEE Transactions on Cloud Computing, vol. 13, no. 1, pp. 178–190, 2025.
[30] M. Velasquez and J. Pereira, “Gaussian Process Regression for probabilistic and uncertainty-aware intrusion detection,” Neurocomputing, vol. 612, pp. 112–126, 2025.
How to Cite This Paper
Irshad Ali, Nitesh Gupta (2025). A Generalized, Lightweight, and Explainable Deep Learning Framework for Intrusion Detection Using Transfer Learning and CNN–BiLSTM Architecture. International Journal of Computer Techniques, 12(6). ISSN: 2394-2231.
A Generalized, Lightweight, and Explainable Deep Learning Framework for Intrusion Detection Using Transfer Learning and CNN–BiLSTM ArchitectureDownload
Related Posts:
