Your search keyword '"Intrusion detection system"' showing total 26,140 results

1. A Scientific Classification-Based Survey of Intrusion Detection System Using Machine Learning Approach

Author

Srivastava, Neha, Singh, R. K., Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Bairwa, Amit Kumar, editor, Tiwari, Varun, editor, Vishwakarma, Santosh Kumar, editor, Tuba, Milan, editor, and Ganokratanaa, Thittaporn, editor

Published

2025

2. Hybrid Optimization-Based Support Vector Machine for Detecting the Network Attacks in IoT

Author

Alzubi, Jafar A., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Fortino, Giancarlo, editor, Kumar, Akshi, editor, Swaroop, Abhishek, editor, and Shukla, Pancham, editor

Published

2025

3. Comparison of Machine Learning Based Anomaly Detection Methods for ADS-B System

Author

Çevik, Nurşah, Akleylek, Sedat, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Mammadova, Gulchohra, editor, Aliev, Telman, editor, and Aida-zade, Kamil, editor

Published

2025

4. GES Intrusion Detection Approach Based on Graph Neural Network for Industrial IoT

Author

Manikandan, Amrutha, Singh, Avdhesh Kumar, Chauhan, Anamika, Das, Swagatam, Series Editor, Bansal, Jagdish Chand, Series Editor, Jaiswal, Ajay, editor, Anand, Sameer, editor, Hassanien, Aboul Ella, editor, and Azar, Ahmad Taher, editor

Published

2025

5. Lightweight Intrusion Detection for IoT Systems Using Artificial Neural Networks

Author

Saleh, Radhwan A. A., Al-Awami, Louai, Ghaleb, Mustafa, Abudaqa, Anas A., Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

6. Utilizing Cobb-Douglas Production Function in the Modeling of Joint Security and Quality of Service (QoS) in 5G Network

Author

Ting, Tiew On, Chien, Su Fong, Bozorgchenani, Arash, Yang, Xin-She, Series Editor, Dey, Nilanjan, Series Editor, and Fong, Simon, Series Editor

Published

2025

7. GTBNN: game-theoretic and bayesian neural networks to tackle security attacks in intelligent transportation systems.

Author

Gill, Komal Singh, Saxena, Sharad, Sharma, Anju, and Dhillon, Arwinder

Subjects

*TECHNOLOGICAL innovations, *PROCESS capability, *BAYESIAN analysis, *MATHEMATICAL optimization, *CLOUD computing

Abstract

The extensive implementation of cloud computing has brought about a significant transformation in multiple industries, encompassing major corporations, individual consumers, and nascent technological advancements. Cloud computing services have been widely adopted by Intelligent Transportation Systems (ITS) in order to optimize communication, data storage, and processing capabilities. ITS infrastructure is very vulnerable to security concerns due to its sensitive nature, hence requiring the implementation of efficient Intrusion Detection Systems (IDS) to identify potential threats. This study presents a new method to improve the accuracy of IDS in identifying attacks in the ITS Cloud environment by using game theoretic and bayesian optimized bayesian neural network (GTBNN). The Game-theoretic Model effectively tackles the issue of non-cooperative behavior between attackers and defenders. This model is combined with a Bayesian Optimized Bayesian Neural Network (BNN) to achieve efficient optimization and testing. The performance of our framework is evaluated on three benchmark datasets, namely UNSW-NB15, CICIDS, and Bot-IoT. The experimental findings demonstrate significant enhancements in detection rates across all datasets, exhibiting respective increases of 9.66%, 3.75%, and 4.16% and significant decreases in False Positive Rates (FPR) of 0.01%, 0.026%, and 0.138% for the respective datasets. The presented approach utilizes game-theoretic ideas and Bayesian optimization techniques to provide a distinctive and influential solution for improving the accuracy and efficiency of IDS in protecting vital ITS infrastructure. [ABSTRACT FROM AUTHOR]

Published

2024

8. Enhancing network security using unsupervised learning approach to combat zero-day attack.

Author

Perumal, Rajakumar, Karuppiah, Tamilarasi, Panneerselvam, Uppiliraja, Annamalai, Venkatesan, and Kaliyaperumal, Prabu

Subjects

SUPPORT vector machines, DEEP learning, MACHINE learning, COMPUTER network security

Abstract

Machine learning (ML) and advanced neural network methodologies like deep learning (DL) techniques have been increasingly utilized in developing intrusion detection systems (IDS). However, the growing quantity and diversity of cyber-attacks pose a significant challenge for IDS solutions reliant on historical attack signatures. This highlights the industry's need for resilient IDSs that can identify zero-day attacks. Current studies focusing on outlier-based zero-day detection are hindered by elevated false-negative rates, thereby constraining their practical efficacy. This paper suggests utilizing an autoencoder (AE) approach for zero-day attack detection, aiming to achieve high recall while minimizing false negatives. Evaluation is conducted using well-established IDS datasets, CICIDS2017 and CSECICIDS2018. The model's efficacy is demonstrated by contrasting its performance with that of a one-class support vector machine (OCSVM). The research underscores the OCSVM's capability in distinguishing zero-day attacks from normal behavior. Leveraging the encoding-decoding capabilities of AEs, the proposed model exhibits promising results in detecting complex zero-day attacks, achieving accuracies ranging from 93% to 99% across datasets. Finally, the paper discusses the balance between recall and fallout, offering valuable insights into model performance. [ABSTRACT FROM AUTHOR]

Published

2024

9. HybGBS: A hybrid neural network and grey wolf optimizer for intrusion detection in a cloud computing environment.

Author

Sumathi, S and Rajesh, R

Subjects

ARTIFICIAL neural networks, GREY Wolf Optimizer algorithm, SELF-organizing systems, BACK propagation, FEATURE selection, INTRUSION detection systems (Computer security)

Abstract

Summary: The cloud computing environment is subject to unprecedented cyber‐attacks as its infrastructure and protocols may contain vulnerabilities and bugs. Among these, Distributed Denial of Service (DDoS) is chosen by most cyber extortionists, creating unusual traffic that drains cloud resources, making them inaccessible to customers and end users. Hence, security solutions to combat this attack are in high demand. The existing DDoS detection techniques in literature have many drawbacks, such as overfitting, delay in detection, low detection accuracy for attacks that target multiple victims, and high False Positive Rate (FPR). In this proposed study, an Artificial Neural Network (ANN) based hybrid GBS (Grey Wolf Optimizer (GWO) + Back Propagation Network (BPN) + Self Organizing Map (SOM)) Intrusion Detection System (IDS) is proposed for intrusion detection in the cloud computing environment. The base classifier, BPN, was chosen for our research after evaluating the performance of a comprehensive set of neural network algorithms on the standard benchmark UNSW‐NS 15 dataset. BPN intrusion detection performance is further enhanced by combining it with SOM and GWO. Hybrid Feature Selection (FS) is made using a correlation‐based approach and Stratified 10‐fold cross‐validation (STCV) ranking based on Weight matrix value (W). These selected features are further fine‐tuned using metaheuristic GWO hyperparameter tuning based on a fitness function. The proposed IDS technique is validated using the standard benchmark UNSW‐NS 15 dataset, which consists of 1,75,341 and 82,332 attack cases in the training and testing datasets. This study's findings demonstrate that the proposed ANN‐based hybrid GBS IDS model outperforms other existing IDS models with a higher intrusion detection accuracy of 99.40%, fewer false alarms (0.00389), less error rate (0.001), and faster prediction time (0.29 ns). [ABSTRACT FROM AUTHOR]

Published

2024

10. Bridging the gap: advancing the transparency and trustworthiness of network intrusion detection with explainable AI.

Author

Islam, Md. Tohidul, Syfullah, Md. Khalid, Rashed, Md.Golam, and Das, Dipankar

Abstract

With the explosive rise of internet usage and the development of web applications across various platforms, ensuring network and system security has become a critical concern. While machine learning (ML) and deep learning (DL) have revolutionized intrusion detection systems (IDSs), their effectiveness is hampered by a crucial limitation: opacity. These "black box" models lack human interpretability, transparency, explainability, and logical reasoning in their prediction outputs, greatly hindering mainstream adoption, confidence, and trust in these systems. This study proposes a novel XAI-based framework that integrates explanations at every stage of the machine-learning pipeline and combines local and global, intrinsic and post-hoc, and model-agnostic and model-specific explanations. We also introduce ExplainDTC, SecureForest-RFE, RationaleNet, and CNNShield architectures in network security solutions. These architectures leverage the UNSW-NB15 dataset to detect network intrusions with high accuracy and provide quantifiable, human-interpretable explanations for their decisions to build trust through explainability. To explain how a decision is made by the models, we integrate multiple XAI methods such as LIME, SHAP, ElI5, and ProtoDash on top of our architectures. The generated explanations provide quantifiable insights into the influential factors and their respective impact on network intrusion predictions. Additionally, we provide comprehensive textual explanations alongside visualizations in XAI, empowering diverse audiences with transparent, reproducible insights into model decision-making. Thus, our approach introduces more transparency, richness in explainability, trust, and effectiveness between the decisions made by our improved IDS models and the users, facilitating the path for a more secure digital future. [ABSTRACT FROM AUTHOR]

Published

2024

11. HFCCW: A Novel Hybrid Filter-Clustering-Coevolutionary Wrapper Feature Selection Approach for Network Anomaly Detection.

Author

Sharma, Niharika and Arora, Bhavna

Abstract

Network anomaly detection (NAD) is a crucial Artificial Intelligence (AI)-based security solution for protecting computer networks. However, analyzing high-dimensional data is a significant impediment for NAD systems. The process of Feature Selection (FS) addresses this challenge by reducing or eliminating irrelevant or redundant features. Conventional FS algorithms face the drawbacks of diminished accuracy, elevated computational costs, and the inclusion of irrelevant and redundant features. This paper presents a novel three-fold Hybrid Filter-Clustering-Coevolutionary Wrapper (HFCCW) based FS approach to overcome these issues. The proposed method integrates filter and clustering techniques in the initial phases to prevent irrelevant and redundant features from being included. The first phase involves removing irrelevant features by employing the Fisher score filter method, followed by the application of clustering based on the Minimum Spanning Tree (MST) in the second phase. The second phase aims to eliminate redundant features and effectively narrow down the search space of the coevolutionary algorithm in the third phase. The method employed in the third phase adeptly integrates the strengths of particle swarm optimization (PSO) and binary grey wolf optimization (BGWO) techniques, effectively harmonizing the exploration and exploitation trade-off in the optimization process. The incorporation of the Levy Flight (LF) concept in the final iterations of BGWOPSO enhances the search steps of GWO during the third phase. It addresses the issue of GWO being confined to local optima. This improvement is achieved by applying BLFGWOPSO in the final phase of the proposed HFCCW approach. Empirical findings on the CICIDS2017 dataset substantiate the efficacy of the proposed method in enhancing classification accuracy, selecting optimal feature subsets with fewer features, reducing computing costs and improving convergence rates. Furthermore, the proposed method achieves a favorable trade-off between accuracy and computing time when contrasted with state-of-the-art methods such as filter, metaheuristic-based wrapper, and hybrid FS approaches. [ABSTRACT FROM AUTHOR]

Published

2024

12. Unveiling intrusions: explainable SVM approaches for addressing encrypted Wi-Fi traffic in UAV networks.

Author

Bayrak, Sengul

Subjects

WIRELESS communications, ARTIFICIAL intelligence, DATA transmission systems, GEOGRAPHIC information systems, SUPPORT vector machines, INTRUSION detection systems (Computer security)

Abstract

Unmanned aerial vehicles (UAVs), also known as drones, have become instrumental in various domains, including agriculture, geographic information systems, media, logistics, security, and defense. These UAVs often rely on wireless communication networks for data transmission, making them vulnerable to cyberattacks. To address these challenges, it is necessary to detect potential threats by analyzing the encrypted Wi-Fi traffic data generated by UAVs. This study aimed to develop a linear SVM model that is enhanced with explainable artificial intelligence (XAI) techniques and fine-tuned using Bayesian optimization for intrusion detection systems (IDSs); the model is specifically designed to identify malware threats targeting UAVs. This research utilized encrypted Wi-Fi traffic data derived from three different UAV networks, namely, Parrot Bebop 1, DBPower UDI, and DJI Spark, while considering unidirectional and bidirectional communication flow modes. SVM-based intrusion detection models have been modeled on these datasets, identified their key features using the local interpretable model-agnostic explanations (LIME) technique, and conducted a cost analysis of the proposed modeling approach. The incorporation of the LIME method enabled to highlight the features that are highly indicative of cyberattacks and provided valuable insights into the importance of each feature in the context of intrusion detection. In conclusion, this interpretable IDS model, fine-tuned with Bayesian optimization, demonstrated its superiority over the state-of-the-art methods, proving its efficacy in detecting and mitigating threats to UAVs while offering a cost-effective solution. [ABSTRACT FROM AUTHOR]

Published

2024

13. Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review.

Author

Najafli, Sepide, Toroghi Haghighat, Abolfazl, and Karasfi, Babak

Subjects

COMPUTER network security, INTERNET of things, CLOUD computing, RESEARCH personnel, DATA analytics, DEEP learning

Abstract

The Internet of Things (IoT) has been used in various aspects. Fundamental security issues must be addressed to accelerate and develop the Internet of Things. An intrusion detection system (IDS) is an essential element in network security designed to detect and determine the type of attacks. The use of deep learning (DL) shows promising results in the design of IDS based on IoT. DL facilitates analytics and learning in the dynamic IoT domain. Some deep learning-based IDS in IOT sensors cannot be executed, because of resource restrictions. Although cloud computing could overcome limitations, the distance between the cloud and the end IoT sensors causes high communication costs, security problems and delays. Fog computing has been presented to handle these issues and can bring resources to the edge of the network. Many studies have been conducted to investigate IDS based on IoT. Our goal is to investigate and classify deep learning-based IDS on fog processing. In this paper, researchers can access comprehensive resources in this field. Therefore, first, we provide a complete classification of IDS in IoT. Then practical and important proposed IDSs in the fog environment are discussed in three groups (binary, multi-class, and hybrid), and are examined the advantages and disadvantages of each approach. The results show that most of the studied methods consider hybrid strategies (binary and multi-class). In addition, in the reviewed papers the average Accuracy obtained in the binary method is better than the multi-class. Finally, we highlight some challenges and future directions for the next research in IDS techniques. [ABSTRACT FROM AUTHOR]

Published

2024

14. Performance Analysis of Anomaly-Based Network Intrusion Detection Using Feature Selection and Machine Learning Techniques.

Author

Seniaray, Sumedha and Jindal, Rajni

Subjects

MACHINE learning, FEATURE selection, COMPUTER network traffic, SYSTEMS availability, COMPUTER network security, INTRUSION detection systems (Computer security)

Abstract

Data and information, being a critical part of the Internet, are vital to network security. Intrusion Detection System (IDS) is required to preserve confidentiality, data integrity, and system availability from attacks. IDS collects network data from various places that may contain features that are redundant and irrelevant, leading to an increase in processing time and low detection rate. This study proposes a three-phase network-based IDS to counter this issue. Initially, network data is captured and preprocessed. In the second phase, we perform feature extraction, selection, and ranking to obtain the optimal feature set. A novel Dynamic Mutual Information-based Genetic Algorithm for feature selection (DMI-GA), aiming to enhance the performance of machine learning (ML) techniques by identifying an optimal set of features, is also proposed in this work. Finally, well-known ML models are employed to detect intrusions within this refined set of network traffic features. Experimental results demonstrate a significant improvement in detection accuracy when the ML models are trained and tested on an optimal set of features. It is also observed that DMI-GA combined with the Random Forest classifier, achieves the highest detection accuracy of 99.94%, surpassing the performance of existing state-of-the-art anomaly-based network intrusion detection systems. A comprehensive statistical analysis of these ML methods is also conducted using 10-fold and Leave-One-Out cross-validation strategies, as it mitigates overfitting and offers a thorough evaluation of the model's performance, resulting in an average accuracy of 99.91%. [ABSTRACT FROM AUTHOR]

Published

2024

15. A novel multi-scale network intrusion detection model with transformer.

Author

Xi, Chiming, Wang, Hui, and Wang, Xubin

Subjects

*TRANSFORMER models, *DEEP learning, *MULTISCALE modeling, *SPINE, *DESIGN

Abstract

Network is an essential tool today, and the Intrusion Detection System (IDS) can ensure the safe operation. However, with the explosive growth of data, current methods are increasingly struggling as they often detect based on a single scale, leading to the oversight of potential features in the extensive traffic data, which may result in degraded performance. In this work, we propose a novel detection model utilizing multi-scale transformer namely IDS-MTran. In essence, the collaboration of multi-scale traffic features broads the pattern coverage of intrusion detection. Firstly, we employ convolution operators with various kernels to generate multi-scale features. Secondly, to enhance the representation of features and the interaction between branches, we propose Patching with Pooling (PwP) to serve as a bridge. Next, we design multi-scale transformer-based backbone to model the features at diverse scales, extracting potential intrusion trails. Finally, to fully capitalize these multi-scale branches, we propose the Cross Feature Enrichment (CFE) to integrate and enrich features, and then output the results. Sufficient experiments show that compared with other models, the proposed method can distinguish different attack types more effectively. Specifically, the accuracy on three common datasets NSL-KDD, CIC-DDoS 2019 and UNSW-NB15 has all exceeded 99%, which is more accurate and stable. [ABSTRACT FROM AUTHOR]

Published

2024

16. Advanced mathematical modeling of mitigating security threats in smart grids through deep ensemble model.

Author

Sharaf, Sanaa A., Ragab, Mahmoud, Albogami, Nasser, AL-Malaise AL-Ghamdi, Abdullah, Sabir, Maha Farouk, Maghrabi, Louai A., Ashary, Ehab Bahaudien, and Alaidaros, Hashem

Subjects

*ARTIFICIAL intelligence, *RENEWABLE energy sources, *MACHINE learning, *TELECOMMUNICATION, *DEEP learning, *INTRUSION detection systems (Computer security), *SMART power grids

Abstract

A smart grid (SG) is a cutting-edge electrical grid that utilizes digital communication technology and automation to effectively handle electricity consumption, distribution, and generation. It incorporates energy storage systems, smart meters, and renewable energy sources for bidirectional communication and enhanced energy flow between grid modules. Due to their cyberattack vulnerability, SGs need robust safety measures to protect sensitive data, ensure public safety, and maintain a reliable power supply. Robust safety measures, comprising intrusion detection systems (IDSs), are significant to protect against malicious manipulation, unauthorized access, and data breaches in grid operations, confirming the electricity supply chain's integrity, resilience, and reliability. Deep learning (DL) improves intrusion recognition in SGs by effectually analyzing network data, recognizing complex attack patterns, and adjusting to dynamic threats in real-time, thereby strengthening the reliability and resilience of the grid against cyber-attacks. This study develops a novel Mountain Gazelle Optimization with Deep Ensemble Learning based intrusion detection (MGODEL-ID) technique on SG environment. The MGODEL-ID methodology exploits ensemble learning with metaheuristic approaches to identify intrusions in the SG environment. Primarily, the MGODEL-ID approach utilizes Z-score normalization to convert the input data into a uniform format. Besides, the MGODEL-ID approach employs the MGO model for feature subset selection. Meanwhile, the detection of intrusions is performed by an ensemble of three classifiers such as long short-term memory (LSTM), deep autoencoder (DAE), and extreme learning machine (ELM). Eventually, the dung beetle optimizer (DBO) is utilized to tune the hyperparameter tuning of the classifiers. A widespread simulation outcome is made to demonstrate the improved security outcomes of the MGODEL-ID model. The experimental values implied that the MGODEL-ID model performs better than other models. [ABSTRACT FROM AUTHOR]

Published

2024

17. Smart Collaborative Intrusion Detection System for Securing Vehicular Networks Using Ensemble Machine Learning Model.

Author

El-Gayar, Mostafa Mahmoud, Alrslani, Faheed A. F., and El-Sappagh, Shaker

Subjects

*MACHINE learning, *DENIAL of service attacks, *CYBERTERRORISM, *INTERNET of things, *INDUSTRY 4.0

Abstract

The advent of the Fourth Industrial Revolution has positioned the Internet of Things as a pivotal force in intelligent vehicles. With the source of vehicle-to-everything (V2X), Internet of Things (IoT) networks, and inter-vehicle communication, intelligent connected vehicles are at the forefront of this transformation, leading to complex vehicular networks that are crucial yet susceptible to cyber threats. The complexity and openness of these networks expose them to a plethora of cyber-attacks, from passive eavesdropping to active disruptions like Denial of Service and Sybil attacks. These not only compromise the safety and efficiency of vehicular networks but also pose a significant risk to the stability and resilience of the Internet of Vehicles. Addressing these vulnerabilities, this paper proposes a Dynamic Forest-Structured Ensemble Network (DFSENet) specifically tailored for the Internet of Vehicles (IoV). By leveraging data-balancing techniques and dimensionality reduction, the DFSENet model is designed to detect a wide range of cyber threats effectively. The proposed model demonstrates high efficacy, with an accuracy of 99.2% on the CICIDS dataset and 98% on the car-hacking dataset. The precision, recall, and f-measure metrics stand at 95.6%, 98.8%, and 96.9%, respectively, establishing the DFSENet model as a robust solution for securing the IoV against cyber-attacks. [ABSTRACT FROM AUTHOR]

Published

2024

18. A few-shot learning based method for industrial internet intrusion detection.

Author

Wang, Yahui, Zhang, Zhiyong, Zhao, Kejing, Wang, Peng, and Wu, Ruirui

Subjects

*CONVOLUTIONAL neural networks, *INTRUSION detection systems (Computer security), *EUCLIDEAN distance, *INTERNET

Abstract

In response to the issue of insufficient model detection capability caused by the lack of labeled samples and the existence of new types of attacks in the industrial internet, a few-shot learning-based intrusion detection method is proposed.The method constructs the encoder of the prototypical network using a one-dimensional convolutional neural network (1D-CNN) and an attention mechanism, and employs the squared Euclidean distance function as the metric function to improve the prototypical network. This approach aims to enhance the accuracy of intrusion detection in scenarios with scarce labeled samples and the presence of new types of attacks.inally, simulation experiments are conducted on the few-shot learning-based intrusion detection system. The results demonstrate that the method achieves accuracy rates of 86.35% and 91.25% on the CIC-IDS 2017 and GasPipline datasets, respectively, while also exhibiting significant advantages in detecting new types of attacks. [ABSTRACT FROM AUTHOR]

Published

2024

19. SFC-NIDS: a sustainable and explainable flow filtering based concept drift-driven security approach for network introspection.

Author

Singh, Arjun, Mishra, Preeti, Vinod, P., Gaur, Avantika, and Conti, Mauro

Subjects

*ARTIFICIAL neural networks, *MACHINE learning, *VIRTUAL machine systems, *COMPUTER network traffic, *HYPERVISOR (Computer software), *INTRUSION detection systems (Computer security)

Abstract

The evolving behavior of the attacks may affect the decision boundaries of the trained machine learning models. The issue has not been well investigated, especially with hypervisor-based security solutions where virtual machine (VM)'s network artifacts are introspected and analyzed. In this paper, we proposed a sustainable and explainable flow-filtering-based concept drift-driven network intrusion detection approach, called 'SFC-NIDS' which introspects network activities by analyzing VM traffic profile. The VM traffic is captured and pre-processed at the hypervisor to extract important network artifacts. The redundant and trivial network flows have been filtered using the proposed gradient descent-based flow filtering mechanism and validated using explainability. SFC-NIDS employs auto-encoders to reconstruct the traffic features to capture additional patterns. Afterward, the 1D-convolution neural network has been employed to learn and detect malicious attack flows. The model's sustainability is ensured by integrating the drift detection mechanism with the decision model to retrain it with evolving attack patterns. The approach has been validated with virtual network traffic artifacts collected at the hypervisor and provides 98.9% accuracy, 99.03%, and F1-Score. In addition, the approach has also been validated using the KDD99 dataset, showcasing an accuracy of 99.97% and an F1-Score of 99.98%. [ABSTRACT FROM AUTHOR]

Published

2024

20. A comprehensive node-based botnet detection framework for IoT network.

Author

Aldaej, Abdulaziz, Ahanger, Tariq Ahamed, Atiquzzaman, Mohammed, and Ullah, Imdad

Subjects

*INTERNET of things, *DEFAULT (Finance), *BOTNETS, *MEMORY

Abstract

The number of cyber-attacks targeting the Internet of Things (IoT) has elevated in the last decade. This is due to the inherent security vulnerabilities inside IoT endpoints, as well as the broad acceptance and usage of Industrial IoT. In this context, botnets have arisen as a significant risk to IoT-based infrastructures by exploiting security flaws in firmware, including weak or default passwords, to hack devices. In this article, research is performed on an Intrusion Detection System (IDS) that can be installed within an IoT device to increase visibility and help devices become more secure. The presented research framework termed a Blockchain-inspired Botnet Detection System (BDS) includes the node-level IDS. Moreover, the comprehensive architecture of the node-level BDS framework is discussed. Using the ISOT, IoT23, and BoTIoT datasets, the performance of the presented model is assessed for alerts, detection rates, detection delay, and peak CPU and memory usage. Based on the computational results effective outcomes were registered for the proposed technique. [ABSTRACT FROM AUTHOR]

Published

2024

21. Intrusion Detection System Application with Machine Learning.

Author

HACIBEYOĞLU, Mehmet, ARICI, Ferda Nur, and KARAALTUN, Muhammed

Subjects

MACHINE learning, CLASSIFICATION algorithms, DATA mining, INFORMATION technology security, SECURITY systems, DEEP learning

Abstract

Copyright of Afyon Kocatepe University Journal of Science & Engineering / Afyon Kocatepe Üniversitesi Fen Ve Mühendislik Bilimleri Dergisi is the property of Afyon Kocatepe University, Faculty of Science & Literature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

22. Towards Ensemble Feature Selection for Lightweight Intrusion Detection in Resource-Constrained IoT Devices.

Author

Fatima, Mahawish, Rehman, Osama, Rahman, Ibrahim M. H., Ajmal, Aisha, and Park, Simon Jigwan

Subjects

FEATURE selection, COMPUTER performance, MACHINE learning, INTERNET of things, SECURITY systems

Abstract

The emergence of smart technologies and the wide adoption of the Internet of Things (IoT) have revolutionized various sectors, yet they have also introduced significant security challenges due to the extensive attack surface they present. In recent years, many efforts have been made to minimize the attack surface. However, most IoT devices are resource-constrained with limited processing power, memory storage, and energy sources. Such devices lack the sufficient means for running existing resource-hungry security solutions, which in turn makes it challenging to secure IoT networks from sophisticated attacks. Feature Selection (FS) approaches in Machine Learning enabled Intrusion Detection Systems (IDS) have gained considerable attention in recent years for having the potential to detect sophisticated cyber-attacks while adhering to the resource limitations issues in IoT networks. Apropos of that, several researchers proposed FS-enabled IDS for IoT networks with a focus on lightweight security solutions. This work presents a comprehensive study discussing FS-enabled lightweight IDS tailored for resource-constrained IoT devices, with a special focus on the emerging Ensemble Feature Selection (EFS) techniques, portraying a new direction for the research community to inspect. The research aims to pave the way for the effective design of futuristic FS/EFS-enabled lightweight IDS for IoT networks, addressing the critical need for robust security measures in the face of resource limitations. [ABSTRACT FROM AUTHOR]

Published

2024

23. An Intrusion Detection System for 5G SDN Network Utilizing Binarized Deep Spiking Capsule Fire Hawk Neural Networks and Blockchain Technology.

Author

Nayak, Nanavath Kiran Singh and Bhattacharyya, Budhaditya

Subjects

DATA transmission systems, BLOCKCHAINS, SOFTWARE-defined networking, ACQUISITION of data, ALGORITHMS

Abstract

The advent of 5G heralds unprecedented connectivity with high throughput and low latency for network users. Software-defined networking (SDN) plays a significant role in fulfilling these requirements. However, it poses substantial security challenges due to its inherent centralized management strategy. Moreover, SDN confronts limitations in handling malicious traffic under 5G's extensive data flow. To deal with these issues, this paper presents a novel intrusion detection system (IDS) designed for 5G SDN networks, leveraging the advanced capabilities of binarized deep spiking capsule fire hawk neural networks (BSHNN) and blockchain technology, which operates across multiple layers. Initially, the lightweight encryption algorithm (LEA) is used at the data acquisition layer to authenticate mobile users via trusted third parties. Followed by optimal switch selection using the mud-ring algorithm in the switch layer, and the data flow rules are secured by employing blockchain technology incorporating searchable encryption algorithms within the blockchain plane. The domain controller layer utilizes binarized deep spiking capsule fire hawk neural network (BSHNN) for real-time data packet classification, while the smart controller layer uses enhanced adapting hidden attribute-weighted naive bayes (EAWNB) to identify suspicious packets during data transmission. The experimental results show that the proposed technique outperforms the state-of-the-art approaches in terms of accuracy (98.02%), precision (96.40%), detection rate (96.41%), authentication time (16.2 s), throughput, delay, and packet loss ratio. [ABSTRACT FROM AUTHOR]

Published

2024

24. Machine Learning for Cloud Data Classification and Anomaly Intrusion Detection.

Author

Megouache, Leila, Zitouni, Abdelhafid, Sadouni, Salheddine, and Djoudi, Mahieddine

Subjects

INFORMATION technology security, MACHINE learning, ARTIFICIAL intelligence, K-means clustering, ANOMALY detection (Computer security), INTRUSION detection systems (Computer security)

Abstract

The sheer volume of applications, data and users working in the cloud creates an ecosystem far too large to protect against possible attacks. Several attack detection mechanisms have been proposed to minimize the risk of data loss backed up to the cloud. However, these techniques are not reliable enough to protect them; this is due to the reasons of scalability, distribution and resource limitations. As a result, Information Technology Security experts may feel powerless against the growing threats plaguing the cloud. For that, we provide a reliable way to detect attackers who want to break into cloud data. In our framework, we have no labels and no predefined classes on historical data, and we wish to identify similar models to form homogeneous groups from our observations. Then, we will use a k-means clustering algorithm to handle unlabelled data, and a combination approach of clustering and classification. We start with a k-means clustering algorithm for generating a labelled dataset from an unlabelled dataset. By harnessing the power of a labelled dataset, we can train the extreme learning machine classifier to become an exceptional tool for intrusion detection. By utilizing this resampling technique, we can generate additional data sets to significantly enhance the system's capability to identify and thwart attacks. The innovation of this approach stems from its integration of clustering and classification into a unified learning model. The cutting-edge framework has been successfully implemented on the renowned KDD99 dataset, producing impressive numerical results that not only affirm its exceptional accuracy but also highlight the significant time-saving advantages of this innovative approach. [ABSTRACT FROM AUTHOR]

Published

2024

25. An Efficient CNN-Based Intrusion Detection System for IoT: Use Case Towards Cybersecurity.

Author

Deshmukh, Amogh and Ravulakollu, Kiran

Subjects

CONVOLUTIONAL neural networks, ARTIFICIAL intelligence, INFORMATION networks, QUANTUM computing, DEEP learning, INTRUSION detection systems (Computer security)

Abstract

Today's environment demands that cybersecurity be given top priority because of the increase in cyberattacks and the development of quantum computing capabilities. Traditional security measures have relied on cryptographic techniques to safeguard information systems and networks. However, with the adaptation of artificial intelligence (AI), there is an opportunity to enhance cybersecurity through learning-based methods. IoT environments, in particular, work with lightweight systems that cannot handle the large data communications typically required by traditional intrusion detection systems (IDSs) to find anomalous patterns, making it a challenging problem. A deep learning-based framework is proposed in this study with various optimizations for automatically detecting and classifying cyberattacks. These optimizations involve dimensionality reduction, hyperparameter tuning, and feature engineering. Additionally, the framework utilizes an enhanced Convolutional Neural Network (CNN) variant called Intelligent Intrusion Detection Network (IIDNet) to detect and classify attacks efficiently. Layer optimization at the architectural level is used to improve detection performance in IIDNet using a Learning-Based Intelligent Intrusion Detection (LBIID) algorithm. The experimental study conducted in this paper uses a benchmark dataset known as UNSW-NB15 and demonstrated that IIDNet achieves an outstanding accuracy of 95.47% while significantly reducing training time and excellent scalability, outperforming many existing intrusion detection models. [ABSTRACT FROM AUTHOR]

Published

2024

26. Leveraging Digital Twins and Intrusion Detection Systems for Enhanced Security in IoT-Based Smart City Infrastructures.

Author

El-Hajj, Mohammed

Subjects

DENIAL of service attacks, DIGITAL twins, VIRTUAL machine systems, CENTRAL processing units, DIGITAL certificates, INTRUSION detection systems (Computer security)

Abstract

In this research, we investigate the integration of an Intrusion Detection System (IDS) with a Digital Twin (DT) to enhance the cybersecurity of physical devices in cyber–physical systems. Using Eclipse Ditto as the DT platform and Snort as the IDS, we developed a near-realistic test environment that included a Raspberry Pi as the physical device and a Kali Linux virtual machine to perform common cyberattacks such as Hping3 flood attacks and NMAP reconnaissance scans. The results demonstrated that the IDS effectively detected Hping3-based flood attacks but showed limitations in identifying NMAP scans, suggesting areas for IDS configuration improvements. Furthermore, the study uncovered significant system resource impacts, including high Central Processing Unit (CPU) usage during SYN and ACK flood attacks and persistent memory usage after Network Mapper (NMAP) scans, highlighting the need for enhanced recovery mechanisms. This research presents a novel approach by coupling a Digital Twin with an IDS, enabling real-time monitoring and providing a dual perspective on both system performance and security. The integration offers a holistic method for identifying vulnerabilities and understanding resource impacts during cyberattacks. The work contributes new insights into the use of Digital Twins for cybersecurity and paves the way for further research into automated defense mechanisms, real-world validation of the proposed model, and the incorporation of additional attack scenarios. The results suggest that this combined approach holds significant promise for enhancing the security and resilience of IoT devices and other cyber–physical systems. [ABSTRACT FROM AUTHOR]

Published

2024

27. APSO-CNN-SE: An Adaptive Convolutional Neural Network Approach for IoT Intrusion Detection.

Author

Yunfei Ban, Damin Zhang, Qing He, and Qianwen Shen

Subjects

CONVOLUTIONAL neural networks, COMPUTER network traffic, DENIAL of service attacks, PARTICLE swarm optimization, COMPUTER network security, INTRUSION detection systems (Computer security), BOTNETS

Abstract

The surge in connected devices and massive data aggregation has expanded the scale of the Internet of Things (IoT) networks. The proliferation of unknown attacks and related risks, such as zero-day attacks and Distributed Denial of Service (DDoS) attacks triggered by botnets, have resulted in information leakage and property damage. Therefore, developing an efficient and realistic intrusion detection system (IDS) is critical for ensuring IoT network security. In recent years, traditional machine learning techniques have struggled to learn the complex associations between multidimensional features in network traffic, and the excellent performance of deep learning techniques, as an advanced version of machine learning, has led to their widespread application in intrusion detection. In this paper, we propose an Adaptive Particle Swarm Optimization Convolutional Neural Network Squeeze-and-Excitation (APSO-CNN-SE) model for implementing IoT network intrusion detection. A 2D CNN backbone is initially constructed to extract spatial features from network traffic. Subsequently, a squeeze-and-excitation channel attention mechanism is introduced and embedded into the CNN to focus on critical feature channels. Lastly, the weights and biases in the CNN-SE are extracted to initialize the population individuals of the APSO. As the number of iterations increases, the population’s position vector is continuously updated, and the cross-entropy loss function value is minimized to produce the ideal network architecture. We evaluated the models experimentally using binary and multiclassification on the UNSW-NB15 and NSL-KDD datasets, comparing and analyzing the evaluation metrics derived from each model. Compared to the base CNN model, the results demonstrate that APSO-CNNSE enhances the binary classification detection accuracy by 1.84% and 3.53% and the multiclassification detection accuracy by 1.56% and 2.73% on the two datasets, respectively. Additionally, the model outperforms the existing models like DT, KNN, LR, SVM, LSTM, etc., in terms of accuracy and fitting performance. This means that the model can identify potential attacks or anomalies more precisely, improving the overall security and stability of the IoT environment. [ABSTRACT FROM AUTHOR]

Published

2024

28. Enhancing Internet of Things Intrusion Detection Using Artificial Intelligence.

Author

Bar, Shachar, Prasad, P. W. C., and Sayeed, Md Shohel

Subjects

GRAPH neural networks, ARTIFICIAL intelligence, FEDERATED learning, COMPUTER network traffic, MACHINE learning

Abstract

Escalating cyber security threats and the increased use of Internet of Things (IoT) devices require utilisation of the latest technologies available to supply adequate protection. The aim of Intrusion Detection Systems (IDS) is to prevent malicious attacks that corrupt operations and interrupt data flow, which might have significant impact on critical industries and infrastructure. This research examines existing IDS, based on Artificial Intelligence (AI) for IoT devices, methods, and techniques. The contribution of this study consists of identification of the most effective IDS systems in terms of accuracy, precision, recall and F1-score; this research also considers training time. Results demonstrate that Graph Neural Networks (GNN) have several benefits over other traditional AI frameworks through their ability to achieve in excess of 99% accuracy in a relatively short training time, while also capable of learning from network traffic the inherent characteristics of different cyber-attacks. These findings identify the GNN (a Deep Learning AI method) as the most efficient IDS system. The novelty of this research lies also in the linking between high yielding AI-based IDS algorithms and the AI-based learning approach for data privacy protection. This research recommends Federated Learning (FL) as the AI training model, which increases data privacy protection and reduces network data flow, resulting in a more secure and efficient IDS solution. [ABSTRACT FROM AUTHOR]

Published

2024

29. XSSer: hybrid deep learning for enhanced cross-site scripting detection.

Author

Odeh, Ammar and Abu Taleb, Anas

Subjects

CONVOLUTIONAL neural networks, MACHINE learning, DEEP learning, RECURRENT neural networks, INTERNET content

Abstract

The importance of an effective cross-site scripting (XSS) detection system cannot be overstated in web security. XSS attacks continue to be a prevalent and severe threat to web applications, making the need for robust detection systems more crucial than ever. This paper introduced a hybrid model that leverages deep learning algorithms, combining recurrent neural network (RNN) and convolutional neural network (CNN) architectures. Our hybrid RNN-CNN model emerged as the top performer in our evaluation, demonstrating outstanding performance across key metrics. It achieved an impressive accuracy of 96.74%, excelling inaccurate predictions. Notably, the precision score reached an impressive 97.78%, highlighting its precision in identifying positive instances while minimizing false positives. Furthermore, the model's recall score of 95.65% showcased its ability to capture a substantial portion of true positive instances. This resulted in an exceptional F1-Score of 96.70, underlining the model's remarkable balance between precision and recall. Compared to other models in the evaluation, our proposed model unequivocally demonstrated its leadership, emphasizing its excellence in detecting potential XSS vulnerabilities within web content. [ABSTRACT FROM AUTHOR]

Published

2024

30. Enhancing internet of things security: evaluating machine learning classifiers for attack prediction.

Author

Arabiat, Areen and Altayeb, Muneera

Subjects

ARTIFICIAL neural networks, FISHER discriminant analysis, SMART cities, CYBERTERRORISM, DEEP learning, INTRUSION detection systems (Computer security)

Abstract

The internet of things (IoT) has contributed to improving the quality of service and operational efficiency in many areas, such as smart cities, but this technology has faced a major dilemma: the problem of cyber-attacks of various types. In this study, we relied on the use of machine learning (ML) and deep learning (DL) techniques to present a proposed model of an intrusion detection system (IDS) for detecting different types of IoT attacks that include ARP_poisoning, DOS_SYN_Hping, MQTT_Publish, NMAP_FIN_SCAN, NMAP_OS_DETECTION, and Thing_Speak. However, the proposed model is built using Orange3 data mining tools. The model consists of random forest (RF), artificial neural network (ANN), logistic regression (LR), and support vector machine (SVM) classifiers. On the other hand, the data set that is used was obtained from the Kaggle platform's real-time IoT infrastructure data set, called RT-IoT2022. The data set consists of a huge number of records, which are processed and then reduced to 7,481 records using linear discriminant analysis. In the next stage, the data set is fed to the Orange3 data mining tool, which is divided into 70% of the training dataset and 30% of the test dataset, in addition to using fold-cross validation to increase accuracy and avoid overfitting. Thus, the experimental results showed the superiority of RF with a classification accuracy of (99.9%), while the accuracy in ANN reached (99.8%), (97.8%) in LR, and finally, for SVM, the accuracy reached (92.9%). [ABSTRACT FROM AUTHOR]

Published

2024

31. Deep learning model for elevating internet of things intrusion detection.

Author

Dash, Nitu, Chakravarty, Sujata, and Rath, Amiya Kumar

Subjects

INTERNET of things, MACHINE learning, MATHEMATICAL optimization, EVERYDAY life, DEEP learning, INTRUSION detection systems (Computer security)

Abstract

The internet of things (IoT) greatly impacts daily life by enabling efficient data exchange between objects and servers. However, cyber-attacks pose a serious threat to IoT devices. Intrusion detection systems (IDS) are vital for safeguarding networks, and machine learning methods are increasingly used to enhance security. Continuous improvement in accuracy and performance is crucial for effective IoT security. Deep learning not only outshines traditional machine learning methods but also holds untapped potential in fortifying IDS systems. This paper introduces an innovative deep learning framework tailored for anomaly detection within IoT networks, leveraging bidirectional long short-term memory (BiLSTM) and gated recurrent unit (GRU) architectures. The hyper parameters of the proposed model are optimized using the JAYA optimization technique. These models are validated using IoT-23 and MQTTset datasets. Several performance metrics including accuracy, precision, recall, F-score, true negative rate (TNR), false positive rate (FPR), and false negative rate (FNR), have been selected to assess the effectiveness of the suggested model. The empirical results are scrutinized and juxtaposed with prevailing approaches in the realm of intrusion detection for IoT. Notably, the proposed method emerges as showcasing superior accuracy when contrasted with existing methods. [ABSTRACT FROM AUTHOR]

Published

2024

32. Conflict-driven learning scheme for multi-agent based intrusion detection in internet of things.

Author

Attluri, Durga Bhavani and Prabhakara, Srivani

Subjects

MACHINE learning, REINFORCEMENT learning, COMPUTER network security, INTERNET of things, MULTIAGENT systems, INTRUSION detection systems (Computer security)

Abstract

This paper introduces an effective intrusion detection system (IDS) for the internet of things (IoT) that employs a conflict-driven learning model within a multi-agent architecture to enhance network security. A double deep Q-network (DDQN) reinforcement learning algorithm is implemented in the proposed IDS with two specialized agents, the defender and the challenger. These agents engaged in an antagonistic adaptation process that dynamically refined their strategies through continual interaction within a custom-made environment designed using OpenAI Gym. The defender agent aims to identify and mitigate threats by matching the actions of the challenger agent, which is designed to simulate potential attacks in the environment. The study introduces a binary reward mechanism to encourage both agents to explore and exploit different actions and discover new strategies as a response to adversarial actions. The results showcase the effectiveness of the proposed IDS in terms of higher detection rate the comparative analysis also validates the effectiveness of the proposed IDS scheme with an accuracy of approximately 96%, outperforming similar existing approaches. [ABSTRACT FROM AUTHOR]

Published

2024

33. Domain knowledge free cloud-IDS with lightweight embedding method.

Author

Kim, Yongsik, Park, Gunho, and Kim, Huy Kang

Subjects

NATURAL language processing, CLOUD computing security measures, ANOMALY detection (Computer security), PERSONALLY identifiable information, SAWLOGS

Abstract

The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments through diverse security solutions. However, security solutions are limited in preventing advanced attacks because it is challenging to reflect the environment of each user. This paper proposes a Cloud Intrusion Detection System (C-IDS) that adapts to each user's cloud environment and performs real-time attack detection using Natural Language Processing (NLP). Notably, the C-IDS learns the deployed client environment logs and detects anomalies using the Seq2Seq model with BI-LSTM and Bahdanau attention. We used multiple domain datasets, Linux, Windows, Hadoop, OpenStack, Apache, OpenSSH, and CICIDS2018 to verify the performance of the C-IDS. C-IDS consists of a 'recognition' that identifies logs in the deployed environment and a 'detection' that discovers anomalies. The recognition results showed an average accuracy of 98.2% for multiple domain datasets. Moreover, the detection results based on the trained model exhibited an average accuracy of 94.2% for the Hadoop, OpenStack, Apache, and CICIDS2018 datasets. [ABSTRACT FROM AUTHOR]

Published

2024

34. Fuzzy K-Means with M-KMP: a security framework in pyspark environment for intrusion detection.

Author

Begum, Gousiya, Ul Huq, S. Zahoor, and Kumar, A. P. Siva

Subjects

MACHINE learning, COMPUTER network security, ALGORITHMS, INTRUSION detection systems (Computer security), INSTRUCTIONAL systems

Abstract

In recent times, IDS (Intrusion Detection System) has become a significant tool for improvising network security through the detection of abnormal and normal data. It is vital as it permits one to identify and respond to incoming malicious traffic. The intruders have also enhanced the inclusion of attacks in systems with a recent increase in data. Concurrently, ML (Machine Learning) algorithms can learn from corresponding data that has been afforded. With the provision of new data, the accuracy and efficacy of the ML model to take decisions to enhance with training. However, with the evolution of big data, ML has turned incapable of handling huge data interpretation issues which made most of the conventional systems explore high FP (False Positive) rates and low accuracy rates. This gave rise to pyspark which serves as a platform for addressing these issues that the ML method fails to solve. ML in pyspark is a scale and easy to use. Considering this, the present research intends to propose ML-based algorithms for classifying intrusion detection in a pyspark environment. This study proposes a security framework named Fuzzy K-Means with M-KMP (Modified-Knuth Morris Pratt) wherein the clustering is accomplished by Fuzzy K-means which is capable of exploring data points that potentially relate to multiple clusters. Whereas, M-KMP achieves information matching on the clustered data for assessment of the information occurrence on the allocated threat data that will serve as an assistance for security developers in attack prevention. The efficiency of this proposed work is confirmed through the results. [ABSTRACT FROM AUTHOR]

Published

2024

35. Shielding networks: enhancing intrusion detection with hybrid feature selection and stack ensemble learning.

Author

Alsaffar, Ali Mohammed, Nouri-Baygi, Mostafa, and Zolbanin, Hamed M.

Subjects

MACHINE learning, INTERNET, FEATURE selection, COMPUTER network traffic, COMPUTER networks, INTRUSION detection systems (Computer security)

Abstract

The frequent usage of computer networks and the Internet has made computer networks vulnerable to numerous attacks, highlighting the critical need to enhance the precision of security mechanisms. One of the most essential measures to safeguard networking resources and infrastructures is an intrusion detection system (IDS). IDSs are widely used to detect, identify, and track malicious threats. Although various machine learning algorithms have been used successfully in IDSs, they are still suffering from low prediction performances. One reason behind the low accuracy of IDSs is that existing network traffic datasets have high computational complexities that are mainly caused by redundant, incomplete, and irrelevant features. Furthermore, standalone classifiers exhibit restricted classification performance and typically fail to produce satisfactory outcomes when dealing with imbalanced, multi-category traffic data. To address these issues, we propose an efficient intrusion detection model, which is based on hybrid feature selection and stack ensemble learning. Our hybrid feature selection method, called MI-Boruta, combines mutual information (MI) as a filter method and the Boruta algorithm as a wrapper method to determine optimal features from our datasets. Then, we apply stacked ensemble learning by using random forest (RF), Catboost, and XGBoost algorithms as base learners with multilayer perceptron (MLP) as meta-learner. We test our intrusion detection model on two widely recognized benchmark datasets, namely UNSW-NB15 and CICIDS2017. We show that our proposed IDS outperforms existing IDSs in almost all performance criteria, including accuracy, recall, precision, F1-Score, false positive rate, true positive rate, and error rate. [ABSTRACT FROM AUTHOR]

Published

2024

36. Enhancing Cybersecurity in Healthcare: Evaluating Ensemble Learning Models for Intrusion Detection in the Internet of Medical Things.

Author

Alsolami, Theyab, Alsharif, Bader, and Ilyas, Mohammad

Subjects

*MACHINE learning, *SUPPORT vector machines, *CYBERTERRORISM, *RANDOM forest algorithms, *INTERNET security, *INTRUSION detection systems (Computer security)

Abstract

This study investigates the efficacy of machine learning models for intrusion detection in the Internet of Medical Things, aiming to enhance cybersecurity defenses and protect sensitive healthcare data. The analysis focuses on evaluating the performance of ensemble learning algorithms, specifically Stacking, Bagging, and Boosting, using Random Forest and Support Vector Machines as base models on the WUSTL-EHMS-2020 dataset. Through a comprehensive examination of performance metrics such as accuracy, precision, recall, and F1-score, Stacking demonstrates exceptional accuracy and reliability in detecting and classifying cyber attack incidents with an accuracy rate of 98.88%. Bagging is ranked second, with an accuracy rate of 97.83%, while Boosting yielded the lowest accuracy rate of 88.68%. [ABSTRACT FROM AUTHOR]

Published

2024

37. CSO-DQN: Circle Search Optimization-based Deep Q-Learning Network for Intrusion Detection System in Cloud Environment.

Author

Pravin, Albert, Prem Jacob, T., and Raja Kumar, R.

Abstract

In general, the attackers probably create security-related threats from diverse insecure applications. These attackers execute various nasty activities like establishing hidden rootkit processes, hindering host-based security systems, changing the characteristics of applications, etc. The attackers utilize compromised tenant virtual machines for producing attacks with minor changes to avoid accurate prediction. To deal with these shortcomings, we proposed an efficient novel Deep Q-learning network-based circle search (DQL-CS) algorithm to detect intrusion in a cloud environment. The dataset is pre-processed initially by employing the Term Frequency-Inverse Document Frequency (TF-IDF) approach, which sequentially organizes normal and intrusion traces, and then the collected feature sequences are extracted using n-gram sampling. This process makes the classifier enhance the detection and classification performance. Followed by the extraction process, the classification process is executed using the proposed Deep Q-learning network-based circle search (DQL-CS) algorithm. The proposed DQL-CS algorithm accurately identifies and categorizes the attacks as two different classes normal and malevolent. Then the applications generating the malicious behavior are examined by the cloud admin using an alert generation system and are isolated automatically. The developed intrusion detection system is evaluated using three different malware databases such as the UNM dataset, windows malware dataset, and KDD99 dataset as the input. The accuracy rate of the UNM dataset of the proposed DQL-CS method is higher than other conventional approaches. [ABSTRACT FROM AUTHOR]

Published

2024

38. An Effective Intrusion Detection System for Edge Computing Using ConvNeXt and ResNet152V2.

Author

Balusa, Vasavi Sravanthi and Srinivas, K.

Subjects

*GENERATIVE adversarial networks, *DEEP learning, *EDGE computing, *DATA augmentation, *FEATURE extraction, *INTRUSION detection systems (Computer security)

Abstract

The proliferation of edge computing, driven by network applications and wireless devices, increases the vulnerability of confidential information to security risks. In this environment, existing intrusion detection algorithms fail to satisfy the requirements of prompt responses, heavy network load management, inadequate extraction of features, and imprecise model classification. In this work, the imbalanced data problem in the input dataset is mitigated using the Data Augmentation Generative Adversarial Network (DAGAN). Next, an efficient ConvNeXt-based feature extraction method is created to retrieve the key characteristics from the dataset for every class. Last, multi-attack intrusion detection is achieved through the deployment of an optimized deep learning classifier based on ResNet152V2. Furthermore, simulation experiments are carried out on the ToN-IoT and BoT-IoT datasets, and the outcomes demonstrate that our suggested model performs better than the existing models, with accuracy levels of 99.20% and 99.31%, respectively. These findings show that this approach is successful in building and refining large-scale IDS in the edge computing framework. [ABSTRACT FROM AUTHOR]

Published

2024

39. Hybrid Sine-Cosine Chimp optimization based feature selection with deep learning model for threat detection in IoT sensor networks.

Author

Alkhonaini, Mimouna Abdullah, Mazroa, Alanoud Al, Aljebreen, Mohammed, Ben Haj Hassine, Siwar, Allafi, Randa, Dutta, Ashit Kumar, Alsubai, Shtwai, and Khamparia, Aditya

Subjects

FEATURE selection, RECURRENT neural networks, SENSOR networks, CONVOLUTIONAL neural networks, SMART cities, DEEP learning

Abstract

Internet of Things (IoT) sensor networks are connected systems of physical devices set with actuators, sensors, and communication abilities, allowing them to gather, spread, and exchange information with centralized methods. These networks are essential in numerous businesses, such as healthcare, manufacturing, agriculture, and smart cities, as they deliver real-time observation, data-driven insights, and automation. Threat recognition in IoT sensor networks is a vital feature of safeguarding the protection and consistency of interconnected systems in the IoT. As IoT sensor networks endure to increase across various industries, the vulnerability to malicious actions and cyber-attacks increases. Threat recognition utilizing deep learning (DL) leverages neural networks to examine complex patterns and anomalies in data, permitting the identification of potential safety threats. DL techniques like convolutional neural networks (CNNs) or recurrent neural networks (RNNs) excel at learning complex representations of data and feature extraction, making them suitable for identifying sophisticated attacks in different fields, including cybersecurity. This research develops a Hybrid Sine-Cosine Chimp Optimization Feature Selection with a Deep Learning (HSCCOFS-DL) approach for Threat Recognition in IoT Sensor Networks. The foremost aim of the HSCCOFS-DL system lies in the automated detection of threats using DL models. To accomplish this, the HSCCOFS-DL approach undergoes a data normalization process. Besides, the selection of features can be performed using the HSCCO algorithm. Meanwhile, the symmetrical autoencoder (SAE) technique effectively classifies threats. Finally, the sparrow search algorithm (SSA) can be applied to the selection of the hyperparameter of the SAE system. The experimental assessment of the HSCCOFS-DL technique takes place on a benchmark dataset. The simulation results indicated that the HSCCOFS-DL approach attains enhanced performance over other methods. [ABSTRACT FROM AUTHOR]

Published

2024

40. Enhancing IoT Security: A Deep Learning and Active Learning Approach to Intrusion Detection.

Author

Mahdi, Hawraa Fadel and Khadhim, Ban Jawad

Abstract

In response to the escalating demand for robust security solutions in increasingly complex Internet of Things (IoT) networks, this study introduces an advanced Intrusion Detection System (IDS) leveraging both deep learning and active learning techniques. This research addresses the unique challenges posed by IoT environments, such as limited resources and diverse network components, which traditional security measures fail to adequately protect. Employing a BiLSTM model integrated with an active learning strategy, our approach achieved impressive results, including precision, recall, and F1-scores close to 1, and a total accuracy of 0.99. The inclusion of active learning enables the IDS to focus on the most informative data subsets, enhancing processing efficiency and reducing computational demands essential for IoT contexts. This method demonstrates significant promise for detecting sophisticated cyber threats and providing an effective tool for real-world applications. The performance of the proposed model has been rigorously validated on well-established cybersecurity datasets and through simulations in an IoT network environment, confirming its scalability and efficiency. Future work will address potential limitations such as computational demands and adaptability to diverse IoT device architectures, ensuring broader applicability and robustness of the IDS in varied IoT scenarios. [ABSTRACT FROM AUTHOR]

Published

2024

41. A hierarchical hybrid intrusion detection model for industrial internet of things.

Author

Wang, Zhendong, Yang, Xin, Zeng, Zhiyuan, He, Daojing, and Chan, Sammy

Subjects

FEATURE selection, DEEP learning, INTERNET of things, INTERNET security, INTRUSION detection systems (Computer security), FALSE alarms

Abstract

With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68%, 98.50%, and 99.85%, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

42. Securing IoT networks: A robust intrusion detection system leveraging feature selection and LGBM.

Author

Ramesh Kumar, M. and Sudhakaran, Pradeep

Subjects

COMPUTER network traffic, DENIAL of service attacks, COMPUTER network security, FEATURE selection, SUBSET selection, INTRUSION detection systems (Computer security)

Abstract

Intrusion Detection System (IDS) is designed being help and safeguard IoT networks from potential threats. Distributed Denial of Service (DDoS) assaults are a pernicious kind of cyber-attacks causing server disruptions in modern cyber-security world. Detecting unauthorized and suspicious activities by observing data traffic flows is crucial for enhanced network security. So, this research paper proposes an innovative solution to IoT environment by designing effective intrusion detection module. It benefits from the working principle of different modules that are operated for data dimensionality reduction, feature optimization and deep classification to maximize network security by identifying normal and malicious traffic flows. The detection process commences with data pre-processing steps such as null set removal and redundant feature elimination that provide a clear and concise representation of the data. Next, we employ the Random Subset Feature Selection (RSFS) technique to minimize dimension of preprocessed information by eliminating duplicate or redundant features. The selected feature subsets are then used as the initial search space for the Mutation Boosted Golden Jackal Optimization (MBGJO) algorithm. It helps to predict optimal attributes that contribute most effectively to detection of different attack classes. Finally, the Light Gradient Boosting Machine (LGBM) algorithm is used to train the ideal feature set and detect various attack classes in the CIC-DDoS2019 dataset. By employing this algorithm, we ensure that our detection system remains scalable and capable of handling diverse attack scenarios. Experimental findings demonstrate that our IDS attains an impressive accuracy of 99.7%. Moreover, it surpasses other state-of-the-art mechanisms with regard to scalability and security. Our intrusion detection system thus provides an effective solution for safeguarding IoT networks against potential threats. [ABSTRACT FROM AUTHOR]

Published

2024

43. Advancing IoT security: a comprehensive AI-based trust framework for intrusion detection.

Author

Kaliappan, Chandra Prabha, Palaniappan, Kanmani, Ananthavadivel, Devipriya, and Subramanian, Ushasukhanya

Subjects

ARTIFICIAL intelligence, CONVOLUTIONAL neural networks, SMART devices, HUMAN behavior models, REINFORCEMENT learning, INTRUSION detection systems (Computer security)

Abstract

Over the years, the Internet of Things (IoT) devices have shown rapid proliferation and development in various domains. However, the widespread adoption of smart devices significantly ameliorates the possibility of several security challenges. To address these challenges, this research presents an advanced AI-enhanced trust framework for IoT Intrusion detection to safeguard IoT environments from any potential intrusion attempts. The proposed framework integrates cutting-edge AI techniques for intrusion detection which identifies the anomalies based on the device behavior and responds dynamically to emerging threats. Initially, a robust Intrusion Detection System (IDS) is developed based on an Isolation Forest (IF) algorithm and Autoencoders (AE) to promptly identify anomalies in real-time. Then, behavioral Modeling is performed by employing Long Short-Term Memory (LSTM) and Convolutional Neural Networks (CNNs) for precise behavioral understanding of IoT devices. Additionally, the Bayesian Network is used to perform adaptive trust assessment and the Reinforcement Learning based Proximal Policy Optimization (PPO) for providing dynamic responses to the detected anomalies. The proposed framework is practically implemented and evaluated using IoTID20 and N-BaIoT datasets, and compared with baseline intrusion detection methods including, CNN-TSODE, cuLSTMGRU, ELETL-IDS, Fed-Inforce-Fusion, and Conv-LSTM. The results demonstrate that the proposed framework achieves high efficiency and outperformed other baseline methods by obtaining a detection accuracy of 98.25%, recall of 96.8%, and precision of 97.45%. Overall, the proposed AI-Enhanced Trust Framework offers a promising solution by identifying the intrusion endeavors effectively and contributing toward the attainment of secure and trustworthy IoT ecosystems. [ABSTRACT FROM AUTHOR]

Published

2024

44. RPL-based attack detection approaches in IoT networks: review and taxonomy.

Author

Alfriehat, Nadia, Anbar, Mohammed, Aladaileh, Mohammed, Hasbullah, Iznan, Shurbaji, Tamarah A., Karuppayah, Shankar, and Almomani, Ammar

Abstract

The Routing Protocol for Low-Power and Lossy Networks (RPL) plays a crucial role in the Internet of Things (IoT) and Wireless Sensor Networks. However, ensuring the RPL protocol’s security is paramount due to its susceptibility to various attacks. These attacks disrupt data transmission and can substantially damage network topology by depleting critical resources. This paper presents a comprehensive survey addressing several key components in response to this challenge. Firstly, it categorizes potential attacks targeting the RPL protocol based on their impact on network performance and explores effective mechanisms to secure the protocol against them. The study identifies the most destructive and problematic threats affecting RPL functionality. Furthermore, it provides valuable insights into the security challenges of the RPL protocol and discusses their real-world implications for deploying and maintaining IoT and sensor networks. To underscore the uniqueness of the survey, we offer a qualitative comparison with other surveys in the same field. While this study acknowledges certain limitations, such as intentionally focusing only on reviewing RPL-specific attacks, it is a valuable reference for future researchers seeking to comprehend and mitigate attacks targeting RPL. It also suggests areas for further research in this domain. [ABSTRACT FROM AUTHOR]

Published

2024

45. DDoS Attacks Detection with Half Autoencoder-Stacked Deep Neural Network.

Author

Benmohamed, Emna, Thaljaoui, Adel, Khediri, Salim El, Aladhadh, Suliman, and Alohali, Mansor

Subjects

ARTIFICIAL neural networks, DENIAL of service attacks, FEATURE selection, TRAFFIC monitoring, INFRASTRUCTURE (Economics)

Abstract

With the growth in services supplied over the internet, network infrastructure has become more exposed to cyber-attacks, particularly Distributed Denial of Service (DDoS) attacks, which can easily cause the disruption of services. The key factor for fighting against these attacks is the earlier separation and detection of the traffic in networks. In this paper, a novel approach, named Half Autoencoder-Stacked DNNs (HAE-SDNN) model, is proposed. We suggest using a Stacked Deep Neural Networks (SDNN) model. as a deep learning model, in order to detect DDoS attacks. Our approach allows feature selection from a preprocessed dataset using a Half AutoEncoder (HAE), resulting in a final set of important features. These features are subsequently used to train the DNNs that are stacked together by applying Softmax layer to combine their outputs. Experiments were performed on a benchmark cybersecurity dataset, named CICDDoS2017, containing various DDoS attack types. The experimental results demonstrate that the introduced model attained an overall accuracy rate of 99.95%. Moreover, the HAE-SDNN model outperformed existing models, highlighting its superiority in accurately classifying attacks. [ABSTRACT FROM AUTHOR]

Published

2024

46. Generative AI and Cognitive Computing-Driven Intrusion Detection System in Industrial CPS.

Author

Islam, Shareeful, Javeed, Danish, Saeed, Muhammad Shahid, Kumar, Prabhat, Jolfaei, Alireza, and Islam, A. K. M. Najmul

Abstract

Industrial Cyber-Physical Systems (ICPSs) are becoming more and more networked and essential to modern infrastructure. This has led to an increase in the complexity of their dynamics and the challenges of protecting them from advanced cyber threats have escalated. Conventional intrusion detection systems (IDS) often struggle to interpret high-dimensional, sequential data efficiently and extract meaningful features. They are characterized by low accuracy and a high rate of false positives. In this article, we adopt the computational design science approach to design an IDS for ICPS, driven by Generative AI and cognitive computing. Initially, we designed a Long Short-Term Memory-based Sparse Variational Autoencoder (LSTM-SVAE) technique to extract relevant features from complex data patterns efficiently. Following this, a Bidirectional Recurrent Neural Network with Hierarchical Attention (BiRNN-HAID) is constructed. This stage focuses on proficiently identifying potential intrusions by processing data with enhanced focus and memory capabilities. Next, a Cognitive Enhancement for Contextual Intrusion Awareness (CE-CIA) is designed to refine the initial predictions by applying cognitive principles. This enhances the system's reliability by effectively balancing sensitivity and specificity, thereby reducing false positives. The final stage, Interpretive Assurance through Activation Insights in Detection Models (IAA-IDM), involves the visualizations of mean activations of LSTM and GRU layers for providing in-depth insights into the decision-making process for cybersecurity analysts. Our framework undergoes rigorous testing on two publicly accessible industrial datasets, ToN-IoT and Edge-IIoTset, demonstrating its superiority over both baseline methods and recent state-of-the-art approaches. [ABSTRACT FROM AUTHOR]

Published

2024

47. Enhancing IoT network defense: advanced intrusion detection via ensemble learning techniques.

Author

El Hajla, Salah, Ennaji, El Mahfoud, Maleh, Yassine, and Mounir, Soufyane

Subjects

COMPUTER network traffic, MACHINE learning, ANOMALY detection (Computer security), CYBERTERRORISM, DATA integrity

Abstract

The Internet of things (IoT) has evolved significantly, automating daily activities by connecting numerous devices. However, this growth has increased cybersecurity threats, compromising data integrity. To address this, intrusion detection systems (IDSs) have been developed, mainly using predefined attack patterns. With rising cyber-attacks, improving IDS effectiveness is crucial, and machine learning is a key solution. This research enhances IDS capabilities by introducing binary attack identification and multiclass attack categorization for IoT traffic, aiming to improve IDS performance. Our framework uses the 'BoT-IoT' and 'TON-IoT' datasets, which include various IoT network traffic and cyber-attack scenarios, such as DDoS and data infiltration, to train machine learning and ensemble models. Specifically, it combines three machine learning models-decision tree, resilient backpropagation (RProp) multilayer perceptron (MLP), and logistic regression-into ensemble methods like voting and stacking to improve prediction accuracy and reduce detection errors. These ensemble classifiers outperform individual models, demonstrating the benefit of diverse learning techniques. Our framework achieves high accuracy, with 99.99% for binary classification on the BoT-IoT dataset and 97.31% on the ToN-IoT dataset. For multiclass classification, it achieves 99.99% on BoT-IoT and 96.32% on ToN-IoT, significantly enhancing IDS effectiveness against IoT cybersecurity threats. [ABSTRACT FROM AUTHOR]

Published

2024

48. Detection of cyberattacks using bidirectional generative adversarial netwo.

Author

Vallabhaneni, Rohith, Vaddadi, Srinivas A., Vadakkethil Somanathan Pillai, Sanjaikanth E, Addula, Santosh Reddy, and Ananthan, Bhuvanesh

Subjects

GENERATIVE adversarial networks, TELECOMMUNICATION, DEEP learning, DATABASES, COMPUTER network security

Abstract

Due to the progress of communication technologies, diverse information is transmitted in distributed systems via a network model. Concurrently, with the evolution of communication technologies, the attacks have broadened, raising concerns about the security of networks. For dealing with different attacks, the analysis of intrusion detection system (IDS) has been carried out. Conventional IDS rely on signatures and are time-consuming for updation, often lacking coverage for all kinds of attacks. Deep learning (DL), specifically generative methods demonstrate potential in detecting intrusions through network data analysis. This work presents a bidirectional generative adversarial network (BiGAN) for the detection of cyberattacks using the IoT23 database. This BiGAN model efficiently detected different attacks and the accuracy and F-score values achieved were 98.8% and 98.2% respectively. [ABSTRACT FROM AUTHOR]

Published

2024

49. Rat Swarm Optimization with Improved Gated Recurrent Unit for Intrusion Detection System.

Author

Parabathina, Anitha, Dabbiru, Madhavi, and Kasukurthi, Venkata Rao

Subjects

ARTIFICIAL neural networks, RATS, CLASSIFICATION, INTEGERS, ENCODING

Abstract

The Intrusion Detection System (IDS) has gained significant attention due to enhanced network utilization. However, various types of IDS approaches have been established in conventional research which focus on recognizing intrusions from datasets with the assistance of classification problems. However, the conventional techniques are unable to recognize malicious attacks due to the class imbalance issue. To overcome this issue, the Rat Swarm Optimization with Improved Self-Attention based Gated Recurrent Unit (RSO-ISAGRU) is proposed in this research for IDS classification. The RSO selects a set of best features by updating their positions based on their chasing and attack behavior. The weights are assigned by a self-attention mechanism which enables the ISAGRU to adopt attack patterns and enhance classification accuracy. The dataset is preprocessed by hash encoding and min-max normalization which convert the categorical feature into an integer format and normalizes the features. The accuracy, precision, recall and f1-score are taken as parameters for estimate RSO-ISAGRU performance. The RSO-ISAGRU achieves accuracy of 99.86%, 98.64%, 99.72%, and 99.83% for NSL-KDD, UNSW-NB15, CICIDS-2017, and CICIDS-2018 datasets when compared to ImmuneNet and Deep Neural Network (DNN). [ABSTRACT FROM AUTHOR]

Published

2024

50. Advanced mathematical modeling of mitigating security threats in smart grids through deep ensemble model

Author

Sanaa A. Sharaf, Mahmoud Ragab, Nasser Albogami, Abdullah AL-Malaise AL-Ghamdi, Maha Farouk Sabir, Louai A. Maghrabi, Ehab Bahaudien Ashary, and Hashem Alaidaros

Subjects

Smart Grid, Mathematical models, Deep learning, Intrusion detection system, Artificial Intelligence, Medicine, Science

Abstract

Abstract A smart grid (SG) is a cutting-edge electrical grid that utilizes digital communication technology and automation to effectively handle electricity consumption, distribution, and generation. It incorporates energy storage systems, smart meters, and renewable energy sources for bidirectional communication and enhanced energy flow between grid modules. Due to their cyberattack vulnerability, SGs need robust safety measures to protect sensitive data, ensure public safety, and maintain a reliable power supply. Robust safety measures, comprising intrusion detection systems (IDSs), are significant to protect against malicious manipulation, unauthorized access, and data breaches in grid operations, confirming the electricity supply chain’s integrity, resilience, and reliability. Deep learning (DL) improves intrusion recognition in SGs by effectually analyzing network data, recognizing complex attack patterns, and adjusting to dynamic threats in real-time, thereby strengthening the reliability and resilience of the grid against cyber-attacks. This study develops a novel Mountain Gazelle Optimization with Deep Ensemble Learning based intrusion detection (MGODEL-ID) technique on SG environment. The MGODEL-ID methodology exploits ensemble learning with metaheuristic approaches to identify intrusions in the SG environment. Primarily, the MGODEL-ID approach utilizes Z-score normalization to convert the input data into a uniform format. Besides, the MGODEL-ID approach employs the MGO model for feature subset selection. Meanwhile, the detection of intrusions is performed by an ensemble of three classifiers such as long short-term memory (LSTM), deep autoencoder (DAE), and extreme learning machine (ELM). Eventually, the dung beetle optimizer (DBO) is utilized to tune the hyperparameter tuning of the classifiers. A widespread simulation outcome is made to demonstrate the improved security outcomes of the MGODEL-ID model. The experimental values implied that the MGODEL-ID model performs better than other models.

Published

2024