CNN-BI-LSTM Adaptive Threat Hunting - Code and Scripts

This project provides the complete implementation for the paper "Adaptive Threat Hunting Using Machine Learning: A CNN-BI-LSTM Framework for AI-Driven Cybersecurity Defence in IoT Environments". It is a deep learning pipeline designed to detect network intrusions and botnet activity across three well-known cybersecurity benchmark datasets – CTU-13 Scenario 4, CICIDS2017, and NSL-KDD. The workflow runs in three stages. First, download_datasets.py fetches the raw datasets automatically. Second, feature_engineering.py preprocesses them through a six-stage pipeline including normalisation, encoding, dimensionality reduction, and stratified splitting. Third, cnn_bilstm_tensorflow.py trains a hybrid CNN-BiLSTM model that combines convolutional layers for local pattern extraction with bidirectional LSTM layers for sequential threat modelling. The model achieves strong results across all three datasets, peaking at 99.8% accuracy on CTU-13. The requirements.txt pins all dependencies for reproducibility, and the README.md documents the full setup and usage instructions, including optional flags for hyperparameter grid search, cross-validation, TFLite export, and latency benchmarking, making the project suitable for both research replication and edge IoT deployment.