Bahman Arasteh,Asgarali Bouyer,Seyed Salar Sefati,Razvan Craciunescu

DOI: https://doi.org/10.3390/math12182917

IF: 2.4

2024-09-20

Mathematics

Abstract:Since SQL injection allows attackers to interact with the database of applications, it is regarded as a significant security problem. By applying machine learning algorithms, SQL injection attacks can be identified. Problem: In the training stage of machine learning methods, effective features are used to develop an optimal classifier that is highly accurate. The specification of the features with the highest efficacy is considered to be an NP-complete combinatorial optimization challenge. Selecting the most effective features refers to the procedure of identifying the smallest and most effective features in the dataset. The rationale behind this paper is to optimize the accuracy, precision, and sensitivity parameters of the SQL injection attack detection method. Method: In this paper, a method for identifying SQL injection attacks was suggested. In the first step, a particular training dataset that included 13 features was developed. In the second step, to specify the best features of the dataset, a specific binary variety of the Olympiad optimization algorithm was developed. Various machine learning algorithms were used to create the optimal attack detector. Results: Based on the experiments carried out, the suggested SQL injection detector using an artificial neural network and the feature selector can achieve 99.35% accuracy, 100% precision, and 100% sensitivity. Owing to selecting about 30% of the effective features, the proposed method enhanced the efficacy of SQL injection detectors.

mathematics

Peng Tang,Weidong Qiu,Zheng Huang,Huijuan Lian,Guozhen Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105528

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:The SQL injection, a common web attack, has been a challenging network security issue which causes annually millions of dollars of financial loss worldwide as well as a large amount of users’ privacy data leakage. This work presents a high accuracy SQL injection detection method based on neural network. We first acquire authentic user URL access log data from the Internet Service Provider(ISP), ensuring that our approach is real, effective and practical. We then conduct statistical research on normal data and SQL injection data. Based on the statistical results, we design eight types of features and train an MLP model. The accuracy of the model maintains over 99%. Meanwhile, we compare and evaluate the training effect of other machine learning algorithms(LSTM, for example), the results reveal that the accuracy of our method is superior to the relevant machine learning algorithms.

Muhammad Saidu Aliero,Imran Ghani,Kashif Naseer Qureshi,Mohd Fo’ad Rohani

DOI: https://doi.org/10.1007/s12652-019-01235-z

IF: 3.662

2019-02-07

Journal of Ambient Intelligence and Humanized Computing

Abstract:SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain unauthorized access and perform unauthorized data modifications due to initial improper input validation by the web application developer. Various studies have shown that, on average, 64% of web applications worldwide are vulnerable to SQLIA due to improper input. To mitigate the devastating problem of SQLIA, this research proposes an automatic black box testing for SQL Injection Vulnerability (SQLIV). This acts to automate an SQLIV assessment in SQLIA. In addition, recent studies have shown that there is a need for improving the effectiveness of existing SQLIVS in order to reduce the cost of manual inspection of vulnerabilities and the risk of being attacked due to inaccurate false negative and false positive results. This research focuses on improving the effectiveness of SQLIVS by proposing an object-oriented approach in its development in order to help and minimize the incidence of false positive and false negative results, as well as to provide room for improving a proposed scanner by potential researchers. To test and validate the accuracy of research work, three vulnerable web applications were developed. Each possesses a different type of vulnerabilities and an experimental evaluation was used to validate the proposed scanner. In addition, an analytical evaluation is used to compare the proposed scanner with the existing academic scanners. The result of the experimental analysis shows significant improvement by achieving high accuracy compared to existing studies. Similarly, the analytical evaluations showed that the proposed scanner is capable of analyzing attacked page response using four different techniques.

computer science, information systems,telecommunications, artificial intelligence

Wei Zhang,Yueqin Li,Xiaofeng Li,Minggang Shao,Yajie Mi,Hongli Zhang,Guoqing Zhi

DOI: https://doi.org/10.1155/2022/4836289

IF: 1.968

2022-03-24

Security and Communication Networks

Abstract:Among the network security problems, SQL injection is a common and challenging network attack means, which can cause inestimable loop-breaking and loss to the database, and how to detect SQL injection statements is one of the current research hotspots. Based on the data characteristics of SQL statements, a deep neural network-based SQL injection detection model and algorithm are built. The core method is to convert the data into word vector form by word pause method, then form a sparse matrix and pass it into the model for training, build a multihidden layer deep neural network model containing ReLU function, optimize the traditional loss function, and introduce Dropout method to improve the generalization ability of this model. The accuracy of the final model is maintained at over 96%. By comparing the experimental results with traditional machine learning algorithms and LSTM algorithms, the proposed algorithm effectively solves the problems of overfitting in machine learning and the need for manual screening to extract features, which greatly improves the accuracy of SQL injection detection.

computer science, information systems,telecommunications

Yixian Liu,Yupeng Dai

DOI: https://doi.org/10.1049/2024/5565950

2024-04-05

IET Information Security

Abstract:In the past decade, cybersecurity has become increasingly significant, driven largely by the increase in cybersecurity threats. Among these threats, SQL injection attacks stand out as a particularly common method of cyber attack. Traditional methods for detecting these attacks mainly rely on manually defined features, making these detection outcomes highly dependent on the precision of feature extraction. Unfortunately, these approaches struggle to adapt to the increasingly sophisticated nature of these attack techniques, thereby necessitating the development of more robust detection strategies. This paper presents a novel deep learning framework that integrates Bidirectional Encoder Representations from Transformers (BERT) and Long Short-Term Memory (LSTM) networks, enhancing the detection of SQL injection attacks. Leveraging the advanced contextual encoding capabilities of BERT and the sequential data processing ability of LSTM networks, the proposed model dynamically extracts word and sentence-level features, subsequently generating embedding vectors that effectively identify malicious SQL query patterns. Experimental results indicate that our method achieves accuracy, precision, recall, and F1 scores of 0.973, 0.963, 0.962, and 0.958, respectively, while ensuring high computational efficiency.

computer science, information systems, theory & methods

Balazs Pejo,Nikolett Kapui

2023-04-24

Abstract:Almost 50 years after the invention of SQL, injection attacks are still top-tier vulnerabilities of today's ICT systems. Consequently, SQLi detection is still an active area of research, where the most recent works incorporate machine learning techniques into the proposed solutions. In this work, we highlight the shortcomings of the previous ML-based results focusing on four aspects: the evaluation methods, the optimization of the model parameters, the distribution of utilized datasets, and the feature selection. Since no single work explored all of these aspects satisfactorily, we fill this gap and provide an in-depth and comprehensive empirical analysis. Moreover, we cross-validate the trained models by using data from other distributions. This aspect of ML models (trained for SQLi detection) was never studied. Yet, the sensitivity of the model's performance to this is crucial for any real-life deployment. Finally, we validate our findings on a real-world industrial SQLi dataset.

Cryptography and Security,Machine Learning

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

Hao Wang,Bahman Arasteh,Keyvan Arasteh,Farhad Soleimanian Gharehchopogh,Alireza Rouhi

DOI: https://doi.org/10.1016/j.compeleceng.2024.109336

IF: 4.152

2024-06-01

Computers & Electrical Engineering

Abstract:Context Software defect prediction means finding defect-prone modules before the testing process which will reduce testing cost and time. Machine learning methods can provide valuable models for developers to classify software faulty modules. Problem The inherent problem of the classification is the large volume of the training dataset's features, which reduces the accuracy and precision of the classification results. The selection of the effective features of the training dataset for classification is an NP-hard problem that can be solved using heuristic algorithms. Method In this study, a binary version of the Gray Wolf optimizer (bGWO) was developed to select the most effective features of the training dataset. By selecting the most influential features in the classification, the precision and accuracy of the software module classifiers can be increased. Contribution Developing a binary version of the gray wolf optimization algorithm to optimally select the effective features and creating an effective defect predictor are the main contributions of this study. To evaluate the effectiveness of the proposed method, five real-world and standard datasets have been used for the training and testing stages of the classifier. Results The results indicate that among the 21 features of the train datasets, the basic complexity, sum of operators and operands, lines of codes, number of lines containing code and comments, and sum of operands have the greatest effect in predicting software defects. In this research, by combining the bGWO method and machine learning algorithms, accuracy, precision, recall, and F1 criteria have been considerably increased.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Ding Chen,Qiseng Yan,Chunwang Wu,Jun Zhao

DOI: https://doi.org/10.1088/1742-6596/1757/1/012055

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract Web application brings us convenience but also has some potential security problems. SQL injection attacks topped the list of Top 10 Network Security Problems released by OWASP, and the detection technology of SQL injection attacks has been one of the hotspots of network security research. In this paper, we propose a SQL injection detection method that does not rely on background rule base by using a natural language processing model and deep learning framework on the basis of comprehensive domestic and international research. The method can improve the accuracy and reduce the false alarm rate while allowing the machine to automatically learn the language model features of SQL injection attacks, greatly reducing human intervention and providing some defense against 0day attacks that never occur.

M Lodeiro-Santiago,C Caballero-Gil,P Caballero-Gil

DOI: https://doi.org/10.48550/arXiv.2209.06553

2022-09-14

Abstract:Data mining and information extraction from data is a field that has gained relevance in recent years thanks to techniques based on artificial intelligence and use of machine and deep learning. The main aim of the present work is the development of a tool based on a previous behaviour study of security audit tools (oriented to SQL pentesting) with the purpose of creating testing sets capable of performing an accurate detection of a SQL attack. The study is based on the information collected through the generated web server logs in a pentesting laboratory environment. Then, making use of the common extracted patterns from the logs, each attack vector has been classified in risk levels (dangerous attack, normal attack, non-attack, etc.). Finally, a training with the generated data was performed in order to obtain a classifier system that has a variable performance between 97 and 99 percent in positive attack detection. The training data is shared to other servers in order to create a distributed network capable of deciding if a query is an attack or is a real petition and inform to connected clients in order to block the petitions from the attacker's IP.

Cryptography and Security

Laith Abualigah,Saba Hussein Ahmed,Mohammad H. Almomani,Raed Abu Zitar,Anas Ratib Alsoud,Belal Abuhaija,Essam Said Hanandeh,Heming Jia,Diaa Salama Abd Elminaam,Mohamed Abd Elaziz

DOI: https://doi.org/10.1007/s11042-023-17886-2

IF: 2.577

2024-01-03

Multimedia Tools and Applications

Abstract:With the ever-expanding ubiquity of the Internet, wireless networks have permeated every facet of modern life, escalating concerns surrounding network security for users. Consequently, the demand for a robust Intrusion Detection System (IDS) has surged. The IDS serves as a critical bastion within the security framework, a significance further magnified in wireless networks where intrusions may stem from the deluge of sensor data. This influx of data, however, inevitably taxes the efficiency and computational speed of IDS. To address these limitations, numerous strategies for enhancing IDS performance have been posited by researchers. This paper introduces a novel feature selection method grounded in Support Vector Machine (SVM) and harnessing the innovative modified Aquila Optimizer (mAO) for Intrusion Detection Systems in Wireless Sensor Networks. To evaluate the efficacy of our approach, we employed the KDD'99 dataset for testing and benchmarking against established methods. Multiple performance metrics, including accuracy, detection rate, false alarm rate, feature count, and execution time, were utilized for assessment. Our comparative analysis reveals the superiority of the proposed method, with standout results in terms of feature reduction, detection accuracy, and false alarm mitigation, yielding significant improvements of 11%, 98.76%, and 0.02%, respectively.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Kasim Tasdemir,Rafiullah Khan,Fahad Siddiqui,Sakir Sezer,Fatih Kurugollu,Sena Busra Yengec-Tasdemir,Alperen Bolat

2023-12-20

Abstract:Detecting SQL Injection (SQLi) attacks is crucial for web-based data center security, but it is challenging to balance accuracy and computational efficiency, especially in high-speed networks. Traditional methods struggle with this balance, while NLP-based approaches, although accurate, are computationally intensive. We introduce a novel cascade SQLi detection method, blending classical and transformer-based NLP models, achieving a 99.86% detection accuracy with significantly lower computational demands-20 times faster than using transformer-based models alone. Our approach is tested in a realistic setting and compared with 35 other methods, including Machine Learning-based and transformer models like BERT, on a dataset of over 30,000 SQL sentences. Our results show that this hybrid method effectively detects SQLi in high-traffic environments, offering efficient and accurate protection against SQLi vulnerabilities with computational efficiency. The code is available at <a class="link-external link-https" href="https://github.com/gdrlab/cascaded-sqli-detection" rel="external noopener nofollow">this https URL</a> .

Cryptography and Security

Jaydeep R. Tadhani,Vipul Vekariya,Vishal Sorathiya,Samah Alshathri,Walid El-Shafai

DOI: https://doi.org/10.1038/s41598-023-48845-4

IF: 4.6

2024-01-21

Scientific Reports

Abstract:Modern web application development involves handling enormous amounts of sensitive and consequential data. Security is, therefore, a crucial component of developing web applications. A web application's security is concerned with safeguarding the data it processes. The web application framework must have safeguards to stop and find application vulnerabilities. Among all web application attacks, SQL injection and XSS attacks are common, which may lead to severe damage to Web application data or web functionalities. Currently, there are many solutions provided by various study for SQLi and XSS attack detection, but most of the work shown have used either SQL/XSS payload-based detection or HTTP request-based detection. Few solutions available can detect SQLi and XSS attacks, but these methods provide very high false positive rates, and the accuracy of these models can further be improved. We proposed a novel approach for securing web applications from both cross-site scripting attacks and SQL injection attacks using decoding and standardization of SQL and XSS payloads and HTTP requests and trained our model using hybrid deep learning networks in this paper. The proposed hybrid DL model combines the strengths of CNNs in extracting features from input data and LSTMs in capturing temporal dependencies in sequential data. The soundness of our approach lies in the use of deep learning techniques that can identify subtle patterns in the data that traditional machine learning-based methods might miss. We have created a testbed dataset of Normal and SQLi/XSS HTTP requests and evaluated the performance of our model on this dataset. We have also trained and evaluated the proposed model on the Benchmark dataset HTTP CSIC 2010 and another SQL/XSS payload dataset. The experimental findings show that our proposed approach effectively identifies these attacks with high accuracy and a low percentage of false positives. Additionally, our model performed better than traditional machine learning-based methods. This soundness approach can be applied to various network security applications such as intrusion detection systems and web application firewalls. Using our model, we achieved an accuracy of 99.84%, 99.23% and 99.77% on the SQL-XSS Payload dataset, Testbed dataset and HTTP CSIC 2010 dataset, respectively.

multidisciplinary sciences

Aganith Shanbhag,Shweta Vincent,S. B. Bore Gowda,Om Prakash Kumar,Sharmila Anand John Francis

DOI: https://doi.org/10.1109/access.2024.3362246

IF: 3.9

2024-02-16

IEEE Access

Abstract:Robust Intrusion Detection Systems (IDS) are increasingly necessary in the age of big data due to the growing volume, velocity, and variety of data generated by modern networks. Metaheuristic algorithms offer a promising approach to enhance IDS performance in terms of optimal feature selection. Combining these algorithms along with Machine learning (ML) for the creation of an IDS makes it possible to improve detection accuracy, reduce false positives and negatives, and enhance the efficiency of network monitoring. Our study proposes using metaheuristic algorithms along with machine learning classifiers for feature selection to optimize the number of features from the data set of computer network traffic. We have tested several combinations of algorithms viz., Genetic Algorithm (GA), Particle Swarm Optimization (PSO) and Grey Wolf Optimizer (GWO) along with ML algorithms viz., Decision Tree (DT), Random Forest (RF), Gaussian Naïve Bayes (GNB) and Logistic Regression (LR). The combinations of algorithms have been tested over the NSS-KDD and kddcupdata_10% data sets. We have drawn several insights on feature selection scores with respect to test scores, FI scores, recall and precision for various algorithm combinations. The feature selection time has also been highlighted to showcase the fastest-performing algorithm combinations. Ultimately, we have presented three combinations of algorithms depending on organizational IDS requirements and provided separate solutions for each.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shahriar Mohammadi,Mehdi Babagoli

DOI: https://doi.org/10.1007/s10207-023-00684-0

2023-04-11

Abstract:Along with the advancement of online platforms and significant growth in Internet usage, various threats and cyber-attacks have been emerging and become more complicated and perilous in a day-by-day base. Anomaly-based intrusion detection systems (AIDSs) are lucrative techniques for dealing with cybercrimes. As a relief, AIDS can be equipped with artificial intelligence techniques to validate traffic contents and tackle diverse illicit activities. A variety of methods have been proposed in the literature in recent years. Nevertheless, several important challenges like high false alarm rates, antiquated datasets, imbalanced data, insufficient preprocessing, lack of optimal feature subset, and low detection accuracy in different types of attacks have still remained to be solved. In order to alleviate these shortcomings, in this research a novel intrusion detection system that efficiently detects various types of attacks is proposed. In preprocessing, Smote-Tomek link algorithm is utilized to create balanced classes and produce a standard CICIDS dataset. The proposed system is based on gray wolf and Hunger Games Search (HGS) meta-heuristic algorithms to select feature subsets and detect different attacks such as distributed denial of services, Brute force, Infiltration, Botnet, and Port Scan. Also, to improve exploration and exploitation and boost the convergence speed, genetic algorithm operators are combined with standard algorithms. Using the proposed feature selection technique, more than 80 percent of irrelevant features are removed from the dataset. The behavior of the network is modeled using nonlinear quadratic regression and optimized utilizing the proposed hybrid HGS algorithm. The results show the superior performance of the hybrid algorithm of HGS compared to the baseline algorithms and the well-known research. As shown in the analogy, the proposed model obtained an average test accuracy rate of 99.17%, which has better performance than the baseline algorithm with 94.61% average accuracy.

Benjamin Appiah,Eugene Opoku-Mensah,Zhiguang Qin

DOI: https://doi.org/10.1109/icsess.2017.8342983

2017-01-01

Abstract:Web-Based applications are becoming more increasingly technically complex and sophisticated. The very nature of their feature-rich design and their capability to collate, process, and disseminate information over the Internet or from within an intranet makes them a popular target for attack. According to Open Web Application Security Project (OWASP) Top Ten Cheat sheet-2017, SQL Injection Attack is at peak among online attacks. This can be attributed primarily to lack of awareness on software security. Developing effective SQL injection detection approaches has been a challenge in spite of extensive research in this area. In this paper, we propose a signature based SQL injection attack detection framework by integrating fingerprinting method and Pattern Matching to distinguish genuine SQL queries from malicious queries. Our framework monitors SQL queries to the database and compares them against a dataset of signatures from known SQL injection attacks. If the fingerprint method cannot determine the legitimacy of query alone, then the Aho Corasick algorithm is invoked to ascertain whether attack signatures appear in the queries. The initial experimental results of our framework indicate the approach can identify wide variety of SQL injection attacks with negligible impact on performance.

Alok Kumar Shukla

DOI: https://doi.org/10.1111/exsy.13290

IF: 3.3

2023-03-30

Expert Systems

Abstract:Over the last few decades, computer and internet security has become a vital area because of eye‐opening numbers of data breaches, intruders on perilous infrastructure and malware attacks that are increasing day by day. In order to monitor abnormal activities and identify unusual attacks, several security solutions have been proposed in the recent past years. To protect computer system, intrusion detection system (IDS) opens up great opportunities to determine vulnerabilities and detect anomalies in security system. For detecting new attacks or building security solutions, in this study we present a new wrapper technique for security specialists that can help to detect more complicated attacks by combining teaching learning‐based optimization with opposition learning scheme and simulated annealing method. In order to address advance attack, firstly opposition learning strategy is used to update population generation of teaching learning‐based optimization that affect the robustness of the model after that simulated annealing is integrated into the teaching learning‐based optimization. In proposed method to choose the relevant features, we have used support vector machine as a fitness function that can be helped to recognize attacks precisely. The proposed algorithm is evaluated on three popular datasets namely NSL‐KDD, ISCX 2012 and UNSW‐NB15. Experimental results show that the proposed method is superior to other existing wrapper algorithms in terms of detection rate, accuracy and false alarm rates.

computer science, artificial intelligence, theory & methods

Muyang Liu,Ke Li,Tao Chen

DOI: https://doi.org/10.1145/3395363.3397375

2020-07-13

Abstract:Security is unarguably the most serious concern for Web applications, to which SQL injection (SQLi) attack is one of the most devastating attacks. Automatically testing SQLi vulnerabilities is of ultimate importance, yet is unfortunately far from trivial to implement. This is because the existence of a huge, or potentially infinite, number of variants and semantic possibilities of SQL leading to SQLi attacks on various Web applications. In this paper, we propose a deep natural language processing based tool, dubbed DeepSQLi, to generate test cases for detecting SQLi vulnerabilities. Through adopting deep learning based neural language model and sequence of words prediction, DeepSQLi is equipped with the ability to learn the semantic knowledge embedded in SQLi attacks, allowing it to translate user inputs (or a test case) into a new test case, which is se- mantically related and potentially more sophisticated. Experiments are conducted to compare DeepSQLi with SQLmap, a state-of-the-art SQLi testing automation tool, on six real-world Web applications that are of different scales, characteristics and domains. Empirical results demonstrate the effectiveness and the remarkable superiority of DeepSQLi over SQLmap, such that more SQLi vulnerabilities can be identified by using a less number of test cases, whilst running much faster.

Xin Xie,Chunhui Ren,Yusheng Fu,Jie Xu,Jinhong Guo

DOI: https://doi.org/10.1109/access.2019.2947527

IF: 3.9

2019-01-01

IEEE Access

Abstract:An enterprise's data can be one of its most important assets and often critical to the firm's development and survival. SQL injection attack is ranked first in the top ten risks to network applications by the Open Web Application Security Project (OWASP). Its harmfulness, universality, and severe situation are self-evident. This paper presents a method of SQL injection detection based on Elastic-Pooling CNN (EP-CNN) and compares it with traditional detection methods. This method can output a fixed two-dimensional matrix without truncating data and effectively detects the SQL injection of web applications. Based on the irregular matching characteristics, it can identify new attacks and is harder to bypass.

Muhammad Sajid,Kaleem Razzaq Malik,Ahmad Almogren,Tauqeer Safdar Malik,Ali Haider Khan,Jawad Tanveer,Ateeq Ur Rehman

DOI: https://doi.org/10.1186/s13677-024-00685-x

2024-07-18

Journal of Cloud Computing

Abstract:The volume of data transferred across communication infrastructures has recently increased due to technological advancements in cloud computing, the Internet of Things (IoT), and automobile networks. The network systems transmit diverse and heterogeneous data in dispersed environments as communication technology develops. The communications using these networks and daily interactions depend on network security systems to provide secure and reliable information. On the other hand, attackers have increased their efforts to render systems on networks susceptible. An efficient intrusion detection system is essential since technological advancements embark on new kinds of attacks and security limitations. This paper implements a hybrid model for Intrusion Detection (ID) with Machine Learning (ML) and Deep Learning (DL) techniques to tackle these limitations. The proposed model makes use of Extreme Gradient Boosting (XGBoost) and convolutional neural networks (CNN) for feature extraction and then combines each of these with long short-term memory networks (LSTM) for classification. Four benchmark datasets CIC IDS 2017, UNSW NB15, NSL KDD, and WSN DS were used to train the model for binary and multi-class classification. With the increase in feature dimensions, current intrusion detection systems have trouble identifying new threats due to low test accuracy scores. To narrow down each dataset's feature space, XGBoost, and CNN feature selection algorithms are used in this work for each separate model. The experimental findings demonstrate a high detection rate and good accuracy with a relatively low False Acceptance Rate (FAR) to prove the usefulness of the proposed hybrid model.