ENHANCING CLOUD SECURITY WITH A DUAL-PURPOSE LSTM INTRUSION DETECTION SYSTEM FOR KNOWN AND ZERO-DAY THREATS
DOI:
https://doi.org/10.70917/ijcisim-2026-2944Keywords:
Cloud Security, Intrusion Detection, Zero-Day Threats, Sequence-Pattern Attribution Encoder,, Anomaly Detection and Imbalance FilteringAbstract
Cloud computing environments face increasing cyber threats, including both known intrusions and zero-day attacks, which challenge traditional detection systems. Existing intrusion detection approaches often fail to address these threats simultaneously, leaving cloud infrastructures vulnerable. This research develops a dual-purpose Long Short-Term Memory (LSTM) intrusion detection system that integrates learning from labelled datasets and simulated attack scenarios. The proposed model aims to accurately detect known and previously unseen attacks by capturing temporal patterns in network traffic, enhancing cloud security resilience, minimizing missed detections, and reducing false alarms within a unified framework. The methodology integrates data-driven learning and temporal modelling to detect known and zero-day cloud intrusions. Network traffic from the UNSW-NB15 dataset undergoes Temporal-Adaptive Noise and Imbalance Filtering (TANIF) for cleaning, normalization, and class balancing. Sequential features are extracted via the Sequence-Pattern Attribution Encoder (SPAE), capturing packet order, timing, and intensity transitions. A dual-phase LSTM model employs the Unified Signature–Anomaly Protocol (USAP) with Phase-K for labelled attack learning and Phase-Z for zero-day anomaly detection. Risk-Aligned Detection Calibration (RADC) optimizes thresholds to enhance accuracy, recall, and minimize false positives. The dual-purpose LSTM intrusion detection system achieved a combined detection accuracy of 92.8%, precision of 90.9%, recall of 92.0%, and a low false positive rate of 6.2%, effectively identifying both known and zero-day attacks with a real-time latency of 120 ms. Preprocessing with TANIF reduced noise by 77.8% and balanced classes by 82.9%, while SPAE compressed temporal features by up to 62%. Compared to baseline models, detection accuracy improved by 7.4% and latency decreased by 33.3%. Future work can explore adaptive federated learning and integration with cloud-native threat intelligence for real-time, scalable security.