ENHANCING MARITIME INTRUSION DETECTION THROUGH A MULTI-STAGE PREPROCESSING AND HYBRID RF–LSTM LEARNING MODEL

Authors

  • Warusia Yassin Universiti Teknikal Malaysia Melaka
  • Zulkiflee Muslim Faculty of Artificial Intelligence and Cyber Security, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia
  • Alessandro Guarino StAG, Gazan Prolongée, Antibes, France
  • Fauzi Adi Rafrastara Department of Informatics, Faculty of Computer Science, Universitas Dian Nuswantoro, Indonesia.
  • Thivya Laxhimi Selvaraja Faculty of Artificial Intelligence and Cyber Security, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

Abstract

The maritime industry is undergoing rapid digital transformation through the implementation of various modern technologies such as the Automatic Identification System (AIS), the Electronic Chart Display Information System (ECDIS), and the Integrated Bridge System (IBS). These new technologies create a much larger attack surface for potentially malicious actors looking to compromise maritime vessels or port facilities. However, the ability of existing Intrusion Detection Systems (IDS) to combat cyber-attacks on the maritime industry is hampered by two main challenges: the first challenge is due to the quality of the datasets (maritime and security) used for training existing IDS models, which results in the datasets being of low quality (noisy, unbalanced and heterogeneous) and limit the detection of a large number of cyber threats with high precision; and the second challenge is that existing machine learning models, which are standalone, depend only on static features (for example, IP addresses, etc.) and do not consider the temporal dynamics embedded in the maritime communication patterns, which results in lower detection performance for sequential and behaviour-based attacks (for example, staging the attack or using multiple transmissions) such as spoofing, staging a coordinated attack, and transmitting sequentially, all three attacks are better detected if the underlying communications between vessels and ports are taken into account. To address these challenges, the present study provides two important contributions: (i) the design of a multi-stage preprocessing module specific to the characteristics of each dataset, which enhances the quality of the training data by filtering out noise, encoding, balancing the classes, and preparing time-series data; and (ii) the development of a hybrid Random Forest (RF) and Long Short-Term Memory (LSTM) Deep Learning framework, which combines the ability of Random Forests to classify based on feature inputs with the ability of LSTM networks to model temporal sequences of input data. The newly proposed framework is thoroughly evaluated against a series of multiple datasets (AIS, CICIDS2017, and Darknet), to ensure it is robust across a variety of maritime and intrusion attack scenarios.

Downloads

Download data is not yet available.

Published

02-04-2026

How to Cite

Yassin, W., Muslim, Z., Guarino, A., Adi Rafrastara, F., & Selvaraja, T. L. (2026). ENHANCING MARITIME INTRUSION DETECTION THROUGH A MULTI-STAGE PREPROCESSING AND HYBRID RF–LSTM LEARNING MODEL. Malaysian Journal of Cybersecurity and Applications, 2(1), 20–36. Retrieved from https://jml.um.edu.my/index.php/mjca/article/view/66397

Issue

Vol. 2 No. 1 (2026): Cybersecurity and Applications

Section

Articles