Start Here

Four steps to understand this research

01

Read the Architecture

Understand how the LSTM-based intelligent firewall integrates with AWS Lambda for serverless Zero-Trust enforcement.

Explore Architecture →

02

Watch the Walkthrough

Our research video walks through the problem statement, proposed framework, experimental setup, and key findings.

Watch Video →

03

Review the Results

Explore model performance charts, confusion matrix, training curves, and comparative analysis showing LSTM at 98% accuracy.

View Results →

04

Download the Report

Access the full 40-page comprehensive research report and interactive poster. Subscribe to unlock the full paper.

Get Report →

Abstract

Serverless ComputingIntelligent FirewallZero-Trust ArchitectureLSTMDeep LearningCICIDS2017Intrusion DetectionCybersecurity

The stateful and transient nature of serverless computing environments presents significant challenges to traditional network security, particularly in implementing Zero-Trust Architecture (ZTA) principles. Rule-based intrusion detection systems and traditional firewalls tend to be inflexible and context-insensitive, with little ability to protect transient, stateless functions.

This work proposes a Serverless Intelligent Firewall framework that combines deep learning-based intrusion detection with Zero-Trust enforcement for delivering adaptive, real-time threat detection in cloud-native systems. Drawing on the CICIDS2017 dataset, the novel approach employs a Long Short-Term Memory (LSTM) model to capture temporal patterns in traffic behavior, thereby discovering thinly disguised anomalies and synchronized attacks that stateless models often miss.

To address the inherent bias in class-imbalanced datasets, an undersampling approach was designed through preprocessing to mitigate model bias. The LSTM architecture achieved 98% accuracy, precision, recall, and F1-score, outperforming baseline models including Decision Trees (DT), Support Vector Machines (SVM), and Convolutional Neural Networks (CNN). The results validate the efficacy of our suggested architecture in enabling innovative, scalable, and Zero-Trust-compliant security within serverless settings.

Interactive System Architecture

Click any component to explore its role in the pipeline

📊

CICIDS2017
Dataset

⚙

Preprocessing
Pipeline

🤖

LSTM Model
3-Layer

☁

AWS Lambda
Serverless

🔒

Zero Trust
Enforcement

👉 Click any component above to see details

✓

ALLOW

Benign traffic — Access granted, session logged

Zero Trust Decision Engine

Real-time classification per request

✗

BLOCK

Malicious traffic — Connection dropped, alert raised

LSTM Architecture Diagram

Hyperparameter Configuration

Parameter	Value
Architecture	3-Layer LSTM
Hidden Units	128 → 64 → 32
Dropout Rate	0.3
Dense Layer	64 units (ReLU)
Output	Softmax (5 classes)
Loss Function	Categorical Cross-Entropy
Optimizer	Adam
Learning Rate	0.001
Batch Size	64
Epochs	120 (Early stop: 10)
Train/Test Split	80% / 20% stratified
Class Imbalance	Weighted inverse frequency

LSTM Gate Equations

Forget Gatef_t = σ(W_f·[h_t-1,x_t]+b_f)

Input Gatei_t = σ(W_i·[h_t-1,x_t]+b_i)

Cell Statec_t = f_t⊙c_t-1+i_t⊙c̃_t

Output Gateo_t = σ(W_o·[h_t-1,x_t]+b_o)

Hidden Stateh_t = o_t⊙tanh(c_t)

Research Video Walkthrough

Complete walkthrough — problem, methodology, results, and implications

What You'll Learn

🔥 Why traditional firewalls fail in serverless environments
🤖 How LSTM captures temporal traffic patterns
🔒 Zero-Trust Architecture integration strategy
📊 CICIDS2017 preprocessing pipeline
🏆 LSTM vs. DT, SVM, CNN comparison
☁ AWS Lambda serverless deployment

Research Highlights

98%Overall accuracy by LSTM

2.8M+Labeled flows in CICIDS2017

5Traffic classes detected

Research Paper Preview

A look at the published IEEE paper — first page shown below. Full access requires the steps on the next section.

IEEE International Conference on Computer Science & AI Security · 2025

Towards a Serverless Intelligent Firewall: AI-Driven Security, and Zero-Trust Architectures

Md Anisur Rahman Chowdhury^1*, Hoang Nam Dang¹, Ronny C. Bazan-Antequera, Ph.D.¹, Md. Sayham Khan², Md Razaul Karim², Sheheeda Manakkadu, Ph.D.¹

¹Dept. of Computer and Information Science, Gannon University, Erie, PA, USA

²Dept. of Information Technology & Computer Science, University of the Potomac, USA

engr.aanis@gmail.com | dang004@gannon.edu | bazanant001@gannon.edu

Abstract

The ephemeral, stateless nature of serverless computing presents unique challenges to traditional network security. Conventional perimeter-based defenses and rule-based IDS are ill-equipped for transient, event-driven functions. We present a Serverless Intelligent Firewall (SIF) integrating LSTM-based deep learning intrusion detection with Zero-Trust Architecture (ZTA) enforcement on AWS Lambda. Using CICIDS2017 (2.8M+ flows, 78 features), our 3-layer LSTM achieved 98% accuracy, precision, recall, and F1-score, outperforming SVM (88.4%), Decision Tree (90.2%), and CNN (93.0%) at p < 0.05. Inference latency under 15 ms warm and 100 ms cold-start validates real-time deployment feasibility.

Keywords — Serverless computing, LSTM, Zero-Trust, IDS, CICIDS2017, AWS Lambda, deep learning

I. Introduction

Cloud-native serverless architectures — AWS Lambda, Azure Functions, Google Cloud Run — have fundamentally changed application deployment. Functions execute ephemerally in milliseconds with no persistent state, making traditional stateful IDS mechanisms ineffective. This paper proposes a framework that addresses this gap through temporal deep learning combined with Zero-Trust enforcement...

II. Background & Related Work

Prior work in ML-based IDS has demonstrated strong performance on benchmark datasets (CICIDS2017, NSL-KDD) using CNN, LSTM, and hybrid architectures [3–7]. Federated IDS approaches achieve 97% on CICIDS2017 [8] but introduce communication overhead incompatible with stateless functions. No existing work specifically targets serverless deployment constraints...

III. Methodology

We pre-processed CICIDS2017 by cleaning label whitespace, consolidating 14 attack types into 5 classes (BENIGN, DoS, DDoS, PortScan, Other), applying random undersampling to correct class imbalance, replacing ±∞/NaN with zero, and applying Z-score normalization per feature. The 3-layer LSTM (128→64→32 units, dropout 0.3, Adam lr=0.001) was trained for up to 120 epochs with early stopping (patience=10)...

🔒 Sections IV–VII and full results require access. Complete the steps below.

▼ Access the full paper below

Research Paper

Published in IEEE — Abstract is public. Full paper requires subscription & permission.

✓ IEEE Published

Towards a Serverless Intelligent Firewall: AI-Driven Security, and Zero-Trust Architectures

Md Anisur Rahman Chowdhury, Hoang Nam Dang, Dr. Ronny Bazan-Antequera, Md. Sayham Khan, Md Razaul Karim, Dr. Sheheeda Manakkadu

Gannon University, USA | University of the Potomac, USA

Abstract (Public)

The stateful and transient nature of serverless computing environments presents significant challenges to traditional network security, particularly in implementing Zero-Trust Architecture (ZTA) principles. This work proposes a Serverless Intelligent Firewall framework combining deep learning-based intrusion detection with Zero-Trust enforcement for adaptive, real-time threat detection in cloud-native systems. The LSTM architecture achieved 98% accuracy, precision, recall, and F1-score on the CICIDS2017 dataset, outperforming DT, SVM, and CNN baselines.

🔒 Full paper content is restricted. Complete the steps on the right to unlock.

Citation

Md Anisur Rahman Chowdhury et al., "Towards a Serverless Intelligent Firewall: AI-Driven Security, and Zero-Trust Architectures," IEEE, 2025.

VenueIEEE

DatasetCICIDS2017

ModelLSTM

Accuracy98.00%

M. A. R. Chowdhury, H. N. Dang, R. Bazan-Antequera, M. S. Khan, M. R. Karim, and S. Manakkadu, "Towards a Serverless Intelligent Firewall: AI-Driven Security, and Zero-Trust Architectures," IEEE, 2025. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/11261452

IEEE Xplore Google Scholar

Step 1 of 3

Subscribe to Unlock

To access the full paper, please follow and subscribe to the author's channels:

🔗 Follow on GitHub (@ANIS151993) ▶ Subscribe on YouTube & Like the Video

I have followed the GitHub profile I have subscribed to YouTube and liked the video

Step 2 of 3

Request Permission

Send an access request to the author. Include your name, institution, and reason for access.

Copy and send this email to: engr.aanis@gmail.com

Subject: Paper Access Request — Serverless Intelligent Firewall Dear Md Anisur Rahman Chowdhury, I am writing to request access to your paper: "Towards a Serverless Intelligent Firewall: AI-Driven Security, and Zero-Trust Architectures" Name: [Your Name] Institution: [Your Institution] Purpose: [Research / Study / Review] I have followed your GitHub and subscribed to your YouTube channel. Thank you.

✉ Send Permission Request Email

I have sent the permission request email

Step 3 of 3

Enter Access Password

Enter the password you received from the author after permission is granted.

ℹ Password is provided by the author via email after reviewing your request.

🔓 Paper Access Granted!

Thank you for following the access protocol. You may now download the full paper.

⭳ Download Full Paper (PDF) 🔗 View on IEEE Xplore

Note: The PDF is password-protected. Use the same password you entered above to open it in your PDF reader.

Results & Analysis

Comprehensive performance evaluation across models, attack classes, and training dynamics

LSTM

98.00%

Accuracy • Precision • Recall • F1

Best Model

CNN

93.00%

Prec: 95.1% • Rec: 85.4%

Decision Tree

90.20%

Prec: 87.6% • Rec: 81.3%

SVM

88.40%

Prec: 84.1% • Rec: 77.8%

Model Performance Comparison (All Metrics)

LSTM Radar: All Metrics

Class-wise LSTM F1-Score

Model Accuracy Distribution

SOTA Accuracy Comparison

Performance Metrics Comparison

Model	Accuracy	Precision	Recall	F1-Score
Decision Tree	90.20%	87.60%	81.30%	84.30%
SVM	88.40%	84.10%	77.80%	80.80%
CNN	93.00%	95.10%	85.40%	89.90%
LSTM (Proposed)	98.00%	98.00%	98.00%	98.00%

Training & Validation Accuracy

Reaches ~98% after 60 epochs. Train and test curves tightly aligned — strong generalization, no overfitting.

Training & Validation Loss

Loss drops from >1.6 to <0.4 in 20 epochs, stabilizes at ~0.05. Smooth convergence, well-regularized.

Confusion Matrix

DDoS: 9,989/10,000 • PortScan: 9,982/10,000 • BENIGN: 9,446 • DoS: 9,909 • Other: 3,556/3,606

Class-wise Performance

DDoS and PortScan near-perfect. Other (rare attacks) maintains high recall 0.99 showing robustness.

LSTM Class-wise Performance

Class	Precision	Recall	F1-Score	Correct / Total
BENIGN	0.99	0.94	0.96	9,446 / ~10,000
DDoS	0.99	1.00	0.99	9,989 / 10,000
DoS	0.98	0.99	0.98	9,909 / ~10,000
PortScan	0.99	1.00	0.99	9,982 / 10,000
Other	0.94	0.99	0.96	3,556 / 3,606
Macro Average	0.978	0.984	0.976	—

Comparative Analysis vs. State-of-the-Art

Reference	Dataset	Model	Accuracy
Proposed Work	CIC-IDS2017	LSTM	98.00%
Altunay et al. (2023)	UNSW-NB15	Hybrid CNN+LSTM	93.21%
Bamber et al. (2025)	CIC-IDS2017	Hybrid CNN-LSTM	95.00%
Neto et al. FedSA (2022)	CIC-IDS2017	Federated IDS	97.00%

Report Preview

Flip through the first three pages of the comprehensive research report

1 / 3

Page 1 · Cover

Project Title:

Towards a Serverless Intelligent Firewall: AI-Driven Security, and Zero-Trust Architectures

Md Anisur Rahman Chowdhury

Student ID: 3195493

Aishwarya

Student ID: 3214245

Master's in Information and Technology
College of Engineering & Business

Advisor: Ronny C. Bazan-Antequera, Ph.D.

Dept. of Computer and Information Science · Gannon University

Date of Submission: May, 2026

Page 2 · Table of Contents

Chapter 1: Introduction

1.1 Background and Motivation

A decade ago, deploying a web application meant provisioning servers, configuring firewalls, and maintaining infrastructure around the clock. Today, the same application might run as a collection of short-lived functions that spin up in milliseconds, handle a request, and disappear. Platforms like AWS Lambda, Azure Functions, and Google Cloud Run have made this possible — and millions of organisations have adopted the model for its cost efficiency, elastic scalability, and near-zero operational overhead.

But this architectural revolution has quietly created a cybersecurity problem. Serverless functions are stateless by design — each invocation carries no memory of previous requests. Traditional firewalls and IDS, built around persistent sessions and stable network boundaries, simply cannot keep up with functions that live for milliseconds.

1.2 Zero-Trust Security Paradigm

Zero-Trust rejects the perimeter security model entirely: "never trust, always verify." NIST SP 800-207 formalises this as three core principles — continuous verification of every access request, minimum necessary privilege, and designing systems that assume breaches will occur. When paired with machine learning, ZTA becomes a dynamic, adaptive enforcement layer rather than a set of static rules...

▼ Open the full interactive report below

Comprehensive Research Report

Full 40-page technical report — open to all, no subscription required

Comprehensive Report

Towards a Serverless Intelligent Firewall:
AI-Driven Security & Zero-Trust Architectures

Md Anisur Rahman Chowdhury et al.

Gannon University • University of the Potomac

40+Pages

15+Figures

8Tables

6Charts

Report Contents

📄 Executive Summary
📄 Introduction & Motivation
📄 Literature Review (12 papers)
📄 Methodology & Dataset Analysis
📄 LSTM Architecture & Equations
📄 Baseline Models (DT, SVM, CNN)
📄 Detailed Results with All Figures
📄 Statistical Significance Analysis
📄 Comparative SOTA Analysis
📄 Conclusion & Future Work
📄 Full Reference List

👁 View Full Report Online ⭳ Download Report PDF

Interactive Research Poster

Explore the research at a glance — open to all, downloadable

About the Poster

A single-page interactive conference poster (48"×36") summarizing the entire study — CG 2026 academic template, ideal for conferences and presentations.