GeoGuard: A Hybrid Deep Learning Intrusion Detection System with Integrated Geo-Intelligence and Contextual Awareness

GeoGuard is an advanced and adaptable hybrid Intrusion Detection System (IDS) used to identify, sort, and react instantaneously to cyber threats. Unlike conventional systems reliant on signature-based identification or superficial learning techniques, GeoGuard uses one-dimensional convolutional neural networks (1D CNN), Bidirectional Long Short-Term Memory(BiLSTM) units, and Multi-Head Attention (MHA) mechanisms, a multilayered deep learning design enabling the model to effectively extract both spatial and temporal characteristics in network traffic enhances contextual perception and detection performance. Four widely adopted benchmark datasets were used to test the system. To ensure consistency and generalizability, all datasets underwent standardized preprocessing techniques including normalization, noise removal, and feature extraction. Using Focal Loss and weighted class training which provide higher detection levels for less represented types of attacks, GeoGuard faces the classic problem of class imbalance. GeoGuard proved to be especially effective due to because of the added clue of geo-location tagging perpetrator IP addresses to legitimate spatial locations. With this extra level of geo-intelligence, experts can detect geo-fencing violations, order responses by geographic hotspots, and trends in the origins of attacks. GeoGuard provides attention heatmaps and per-class prediction confidence to further enhance transparency, giving security operations teams a clear image of the reason behind each decision. In terms of performance, GeoGuard demonstrated excellent accuracy for all types of datasets.