Abnormal Traffic Detection in Industrial Control Networks Using a CNN-LSTM Fusion Model
Abstract
This paper used a combination of two neural network models, convolutional neural network (CNN) and long short-term memory (LSTM), to detect abnormal traffic in industrial control networks. The performance of the support vector machine (SVM), traditional back-propagation neural network (BPNN), gated recurrent unit, and the CNN-LSTM algorithms were compared using the natural gas pipeline dataset from the University of Mississippi and the public KDDCUP99 dataset. Moreover, ablation experiments were conducted on the proposed algorithm. Finally, the performance of the four algorithms was evaluated in a laboratory-built industrial control network. The results showed that the CNN-LSTM algorithm was highly effective in detecting abnormal traffic. For the natural gas pipeline dataset, this algorithm achieved an accuracy of 0.998 ± 0.014, a false alarm rate of 0.010 ± 0.011, and a precision of 0.994 ± 0.012. For the KDDCUP99 dataset, its accuracy, false alarm rate, and precision were 0.995 ± 0.011, 0.004 ± 0.013, and 0.997 ± 0.011, respectively. Moreover, both the CNN and LSTM parts contributed to the overall performance.
DOI:
https://doi.org/10.31449/inf.v50i12.12771Downloads
Published
05/13/2026
How to Cite
Lyu, D. (2026). Abnormal Traffic Detection in Industrial Control Networks Using a CNN-LSTM Fusion Model. Informatica, 50(12). https://doi.org/10.31449/inf.v50i12.12771
Issue
Section
Online-only
License
Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.
All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.
Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.
