Hybrid CNN–LSTM Deep Learning Model for Security Risk Detection in Industrial Internet of Things (IIoT) Networks

Abstract

The number of connected devices has increased dramatically due to the rapid growth of the Internet of Things (IoT), which has expanded the attack surface and made them more vulnerable to cybersecurity risks. IoT infrastructures are increasingly vulnerable to a variety of assaults, such as denial-of-service attacks, data injection, and information theft, as their scale and complexity increase. Conventional Intrusion Detection Systems (IDS) frequently struggle to adapt to the dynamic and varied nature of IoT data since they rely on static rule-based systems. The paper introduces a hybrid intrusion detection framework that combines the strengths of CNN and LSTM architectures to achieve greater detection accuracy, improved temporal understanding, and enhanced resilience in IoT environments.

While the LSTM module records sequential dependencies to detect evolving or multi-stage attacks that conventional models frequently overlook, the CNN component effectively extracts geographical characteristics from multidimensional IoT traffic data. The TON_IoT dataset, which contains telemetry and network data reflecting both benign and malicious activity, was used to train and assess the hybrid framework. Data preprocessing involved normalization, encoding, and balancing of attack classes to improve generalization performance. Experimental results revealed that the hybrid CNN–LSTM model achieved an accuracy of 92.3%, surpassing the standalone CNN (87.5%) and LSTM (89.0%) architectures across multiple performance metrics, including precision, recall, and F1-score.

This research contributes to developing scalable and adaptive intrusion detection mechanisms, suitable for integration into broader IoT security frameworks such as blockchain-assisted risk management systems.