Search

Your search keyword '"intrusion detection"' showing total 9,730 results
Start Over Descriptor "intrusion detection"
9,730 results on '"intrusion detection"'

2. SNIPER: Detect Complex Attacks Accurately from Traffic

Author

Yu, Changlong, Zhang, Bo, Kuang, Boyu, Fu, Anmin, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xia, Zhe, editor, and Chen, Jiageng, editor

Published
2025
Full Text
View/download PDF

5. FedMADE: Robust Federated Learning for Intrusion Detection in IoT Networks Using a Dynamic Aggregation Method

Author

Sun, Shihua, Sharma, Pragya, Nwodo, Kenechukwu, Stavrou, Angelos, Wang, Haining, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Mouha, Nicky, editor, and Nikiforakis, Nick, editor

Published
2025
Full Text
View/download PDF

7. Securing Networks: A Deep Learning Approach with Explainable AI (XAI) and Federated Learning for Intrusion Detection

Author

Fatema, Kazi, Anannya, Mehrin, Dey, Samrat Kumar, Su, Chunhua, Mazumder, Rashed, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Chen, Xiaofeng, editor, and Huang, Xinyi, editor

Published
2025
Full Text
View/download PDF

9. A differential privacy aided DeepFed intrusion detection system for IoT applications.

Author

Anwar, Sayeda Suaiba, Asaduzzaman, and Sarker, Iqbal H.

Abstract

In the rapidly‐developing Internet of Things (IoT) ecosystem, safeguarding the privacy and accuracy of linked devices and networks is of utmost importance, with the challenge lying in effective implementation of intrusion detection systems on resource‐constrained IoT devices. This study introduces a differential privacy (DP)‐aided DeepFed architecture for intrusion detection in IoT contexts as a novel approach to addressing these difficulties. To build an intrusion detection model, we combined components of a convolutional neural network with bidirectional long short‐term memory. We apply this approach to the Bot‐IoT dataset, which was rigorously curated by the University of New South Wales (UNSW) and N‐BaIoT dataset. Our major goal is to create a model that delivers high accuracy while protecting privacy, an often‐overlooked aspect of IoT security. Intrusion detection tasks are distributed across multiple IoT devices using federated learning principles to protect data privacy, incorporating the DP framework to gauge and minimize information leakage, all while investigating the intricate relationship between privacy and accuracy in pursuit of an ideal compromise. The trade‐off between privacy preservation and model accuracy is investigated by adjusting the privacy loss and noise multiplier. Our research enhances IoT security by introducing a deep learning model for intrusion detection in IoT devices, explores the integration of DP in federated learning framework for IoT and offers guidance on minimizing the accuracy‐privacy trade‐off based on specific privacy and security needs. Our study explores the privacy‐accuracy trade‐off by examining the effects of varying epsilon values on accuracy for various delta values for a range of clients between 5 and 25. We also investigate the influence of several noise multipliers on accuracy and find a consistent accuracy curve, especially around a noise multiplier value of about 0.5. The findings of this study have the possibilities to enhance IoT ecosystem security and privacy, contributing to the IoT landscape's trustworthiness and sustainability. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

10. BRDO: Blockchain Assisted Intrusion Detection Using Optimized Deep Stacked Network.

Author

N, Kumaran and J S, Shyam Mohan

Abstract

The blockchain model exposed its adaptability in various areas, including inter-banking, supply chain management, international payment, etc. The anomaly intrusion in blockchain mostly threatens the privacy and security of information, thus secure intrusion detection technique is highly essential. Presently, blockchain is incorporated into intrusion detection model for improving the overall system performance. However, the existing methods are not sufficient for detecting recent network attacks. Therefore, the blockchain-enabled intrusion detection is developed in this paper based on the Battle Royale Dingo optimization (BRDO) driven deep stacked network model. Here, a deep stacked network is applied for detecting the intrusion, and it is trained based on the optimization model for enhancing detection performance. The designed BRDO-based deep stacked network achieved improved performance than traditional techniques with regards to testing accuracy, True Positive Rate (TPR), and False Positive Rate (FPR) of 0.9106, 0.9180, and 0.9186. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

11. Novel Multi-Class Network Intrusion Detection Mechanism Combining RUS and GAN with Dynamically Adjusted Data Balancing Strategy.

Author

JHIH-YANG FONG and CHIH-HUNG WANG

Subjects
GENERATIVE adversarial networks, DEEP learning, WIRELESS Internet, 5G networks, INTERNET of things
Abstract

The diversification of network applications has become more comprehensive with the development of 5G mobile networks and Internet of things (IoT). Traditional intrusion detection system using rule-based anomaly technology is obviously insufficient for the changing network environment. Integrating the deep learning (DL) model can help intrusion detection system discover newly or unknown hacker's behavior. However, the quality of training dataset for DL is usually critical. If the dataset has not enough amount for training or is imbalanced for some kinds of attack categories, these situations may influence the detection accuracy. This paper aims to enhance the usage of dataset by dynamically adjusting the records of categories using Random Under-Sampling (RUS) and Generative Adversarial Network (GAN) models. The experiments show that the proposed approach has superior results in terms of the accuracy and some kinds of recall rates, compared to the evaluations of several previous studies. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

12. A Generalized Lightweight Intrusion Detection Model With Unified Feature Selection for Internet of Things Networks.

Author

Nath N, Renya and Nath, Hiran V.

Abstract

The applicability of the Internet of Things (IoT) cutting across different domains has resulted in newer "things" acquiring IP connectivity. These things, technically known as IoT devices, are vulnerable to diverse security threats. Consequently, there has been an exponential increase in IoT malware over the past 5 years, and securing IoT devices from such attacks is a pressing concern in the current era. However, the traditional peripheral security measures do not comply with the lightweight security requirements of the IoT ecosystem. Considering this, we propose a lightweight intrusion detection model for IoT networks (LIDM‐IoT) that demonstrates similar efficiency in exposing malicious activities compared with the existing computationally expensive methods. The crux of the proposed model is that it provides efficient attack detection with lower computational requirements in IoT networks. LIDM‐IoT achieves the feat through a novel unified feature selection strategy that unifies filter‐based and embedded feature selection methods. The proposed feature selection strategy reduces the feature space by 94%. Also, we use only the records of a single attack type to build the model using the XGBoost algorithm. We have tested LIDM‐IoT with unseen attack types to ensure its generalized behavior. The results indicate that the proposed model exhibits efficient attack detection, with a reduced feature set, in IoT networks compared with the state‐of‐the‐art models. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

13. SRFE: A stepwise recursive feature elimination approach for network intrusion detection systems.

Author

Qasem, Abdelaziz Alshaikh, Qutqut, Mahmoud H., Alhaj, Fatima, and Kitana, Asem

Abstract

Network intrusion detection systems (NIDSs) have evolved into a significant subject in cybersecurity research, mainly due to the growth of cyberattacks and intelligence, which also led to the usage of machine learning (ML) to advance and enhance NIDSs. A NIDS is the first line of defense in any environment, and it detects external and internal attacks. Recently, intrusion mechanisms have become more sophisticated and challenging to detect. Researchers have applied techniques such as ML to detect intruders and secure networks. This paper proposes a novel approach called SRFE (Stepwise Recursive Feature Elimination) to improve the performance and efficiency of predictive models for NIDSs. Our approach depends primarily on recursive feature elimination, which operates on a simple yet effective principle. We experimented with four classification algorithms, namely Support Vector Machine (SVM), Naive Bayes (NB), J48, and Random Forest (RF), on the most widely used dataset in the cybersecurity domain (NSL-KDD). The approach is mainly built on the features' significance ranking using the Information Gain (IG) method. We conduct multiple experiments according to three scenarios. Each scenario contains various rounds, and in each round, we train the classifiers to eliminate the three lowest-ranked features stepwise. Our experiments show that the RF and J48 classifiers outperform other binary classifiers with an accuracy of 99.80% and 99.66%, respectively. Furthermore, both classifiers obtained the best results in the multiclass classification task; J48 achieved an accuracy of 99.53% in round number seven, and the RF achieved 99.69% in the fifth round. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

14. Statistical methods utilizing structural properties of time-evolving networks for event detection.

Author

Bansal, Monika and Sharma, Dolly

Subjects
ANOMALY detection (Computer security), TIME-varying networks, FRAUD, TERRORISM, SOCIAL networks
Abstract

With the advancement of technology, real-world networks have become vulnerable to many attacks such as cyber-crimes, terrorist attacks, and financial frauds. Accuracy and scalability are the two principal but contrary characteristics for algorithms detecting such attacks (or events) in these time-varying networks. However, existing approaches confirm to either of these two prerequisites. Hence, we propose two algorithms designated as GraphAnomaly and GraphAnomaly-CS, both satisfying these two requirements together. Given a stream of time-evolving real-world network edges, the proposed algorithms first extract the local structure of network graphs by identifying the relationship between egonets and their properties, and then use this information in Chi-square statistics to discover (1) anomalous time-points at which many network nodes deviate from their normal behavior and (2) those nodes and features that majorly contribute to the change. The proposed algorithms are (a) accurate: upto 7 to 12% more accurate than state-of-the-art methods; (b) speedy: process millions of edges within a few minutes; (c) scalable: scale linearly with the number of edges and nodes in the network graph; (d) theoretically sound: providing theoretical guarantees on the false positive probability of algorithms; We show theoretically and experimentally that the proposed algorithms successfully detect anomalies in time-evolving edge streams. We have selected six baselines, five evaluation metrics, and six real-world network datasets from three different network classes for empirical analysis. The experimental results show that both algorithms are efficient at detecting anomalies in networks that reduce false positives and false negatives in the results, especially in successive time-points. Furthermore, algorithms discover the maximum number of critical events from real-world networks, demonstrating their effectiveness over baselines. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

15. A covert attack detection strategy combining physical dynamics and effective features-based stacked transformer for the networked robot systems.

Author

Shao, Xingmao, Xie, Lun, Li, Chiqin, and Wang, Zhiliang

Abstract

Networked robots are vulnerable to malicious covert attack, which malevolently manipulates sensor and controller data without authorization and compromises the security of the robot's physical process seriously. In response, this paper proposes a novel intrusion detection strategy using physical dynamics and an effective features-based stacked Transformer network (PD-EFST-IDS), to reveal the stealth of incursion with the assistance of unfalsifiable current data. The proposed IDS takes the predicted errors of the EFST network as the benchmark, and reports abnormal activity when the actual errors between predictions of the PD and the measurements deviate from the reference patterns. Specifically, the simplified dynamics model is initially established based on the estimated parameters screened by the orthogonal trigonometric decomposition, and the errors between the predicted torques and the credible measurements can be obtained. Subsequently, to solve the problem of PD model error and the tiny attack payload further being submerged due to uncertain factors such as disturbances and unmodeled factors, an EFST network is proposed for reconstructing torque error in joint space. Wherein the feature reconstruction module is prepared for embedding the critical current feature missing under attack, making it possible to maintain prediction accuracy even under malicious attacks. Then, we invoke another Transformer module for predicting errors, and it is further compared with actual ones to identify abnormal trajectories. The feasibility of EFST was demonstrated in actual experiments. The detection in three attack scenarios, and quantitative experiments examine our detection strategy. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

16. Network Intrusion Detection Based on Spatial Features and Generative Adversarial Networks.

Author

ZHANG Zhen, ZHOU Yicheng, and TIAN Hongpeng

Abstract

Address issues such as the inadequate consideration of inter-feature correlations in existing intrusion detection methods and the need for improved detection accuracy on high-dimensional discrete datasets, a network intrusion detection method MBGAN based on spatial features and generative adversarial networks was proposed. Initially, a transformation approach was devised to convert one-dimensional data into two-dimensional grayscale images, enabling convolutional kernels to capture richer contextual information. Subsequently, a bidirectional generative adversarial network model was employed for anomaly detection. The model was trained using network traffic images, incorporating the minimum Wasserstein distance and gradient penalty techniques to mitigate mode collapse and instability during generative adversarial network training. Experimental verification showed that the detection accuracy of the proposed method on the NSL-KDD, UNSW-NB15 and CICIDIS2017 datasets was 97. 4%, 92. 3% and 94. 8%, the recall rates were 97. 2%, 93. 1% and 95. 6%, and the F1 were 97. 3%, 93. 0% and 95. 2%, respectively, which were better than those of other methods. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

17. ASR-Fed: agnostic straggler-resilient semi-asynchronous federated learning technique for secured drone network.

Author

Ihekoronye, Vivian Ukamaka, Nwakanma, Cosmas Ifeanyi, Kim, Dong-Seong, and Lee, Jae Min

Abstract

Federated Learning (FL) has emerged as a transformative artificial intelligence paradigm, facilitating knowledge sharing among distributed edge devices while upholding data privacy. However, dynamic networks and resource-constrained devices such as drones, face challenges like power outages and network contingencies, leading to the straggler effect that impedes the global model performance. To address this, we present ASR-Fed, a novel agnostic straggler-resilient semi-asynchronous FL aggregating algorithm. ASR-Fed incorporates a selection function to dynamically utilize updates from high-performing and active clients, while circumventing contributions from straggling clients during future aggregations. We evaluate the effectiveness of ASR-Fed using two prominent cyber-security datasets, WSN-DS, and Edge-IIoTset, and perform simulations with different deep learning models across formulated unreliable network scenarios. The simulation results demonstrate ASR-Fed's effectiveness in achieving optimal accuracy while significantly reducing communication costs when compared with other FL aggregating protocols. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

18. RESEARCH ON COLLABORATIVE DEFENSE METHOD OF HOSPITAL NETWORK CLOUD BASED ON END-TO-END EDGE COMPUTING.

Author

HUIHONG YANG, SHUIJUNI LIN, QIFAN HE, and QIRONG YU

Subjects
INFORMATION technology, PUBLIC health infrastructure, EDGE computing, ANOMALY detection (Computer security), HOSPITALS, INTRUSION detection systems (Computer security)
Abstract

This research introduces a groundbreaking collaborative defense mechanism that utilizes end-to-end edge computing to bolster the security of decentralized hospital cloud systems. By integrating intrusion detection systems, firewalls, anomaly detection, and threat intelligence in a unified manner through the efficiency of edge computing, this approach marks a significant advancement in healthcare cybersecurity. Through rigorous testing with a substantial dataset, the system demonstrated exceptional performance metrics, including a remarkable 95% accuracy in threat detection, a low false positive rate, and a swift response time of merely 0.25 seconds. Notably, the system effectively mitigates computational overhead, thereby optimizing resource utilization. Comparative analysis with existing methodologies underscores the superiority of this novel framework, particularly in terms of geolocation accuracy, the minimization of false positives, and expedited reaction capabilities. This study's collaborative defense strategy, underpinned by end-to-end edge computing, presents a holistic and innovative solution to the escalating cyber threats facing healthcare infrastructures. By redefining the parameters of security in medical settings, it paves the way for a safer and more resilient healthcare information technology ecosystem. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

19. An Accurate Approach for Intrusion Detection System Using Chaotic Maps, NPO, and SVM.

Author

Jabbar Aboud, Zinah Sattar, Tawil, Rami, and Kadhm, Mustafa Salam

Subjects
PATTERN recognition systems, FEATURE selection, MACHINE learning, TECHNOLOGICAL innovations, TECHNOLOGICAL progress, INTRUSION detection systems (Computer security)
Abstract

The internet and technological advancements have facilitated faster communication and information sharing. However, cybercrime, including malware, phishing, and ransomware, remains a severe problem despite technical progress. Detecting the intrusion via Intrusion Detection System IDS in network communication and wireless networks WSN is a big challenge that grown with the rapid development of the technologies. The detection accuracy of the IDS mainly depends on the relevant features of the incoming data from the internet. Selecting the most relevant features within the optimal attributes is one of the primary stage of the machine learning and pattern recognition modules. Finding the feature subset from the present or existing features that will improve the algorithms' learning performance in terms of accuracy and learning time is the main goal of feature selection. Therefore, this paper proposes an accurate approach for intrusion detection in the network and WSN using machine learning methods include Chaotic Maps, Nomadic People Optimizer (NPO), and SVM. The proposed approach has five main stages which are: data collection, pre-processing, feature selection, classification, and evaluation. An improved version of NPO based on chaotic map called CNPO is proposed. The proposed CNPO uses chaotic maps to initialize the population and solution distribution. Besides, a proposed fitness function for CNPO based on SVM is proposed. The CNPO is employed for feature selection task by selecting only the most relevant features from the input dataset. The proposed approach evaluated using two datasets and achieve accuracy 99.96% and 99.98 for NSL-KDD, and WSN-DS respectively. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

20. 物联网入侵检测的随机特征图神经网络模型.

Author

罗国宇, 汪学舜, and 戴锦友

Abstract

Copyright of Journal of Computer Engineering & Applications is the property of Beijing Journal of Computer Engineering & Applications Journal Co Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

21. Explainable AI-based innovative hybrid ensemble model for intrusion detection.

Author

Ahmed, Usman, Jiangbin, Zheng, Almogren, Ahmad, Khan, Sheharyar, Sadiq, Muhammad Tariq, Altameem, Ayman, and Rehman, Ateeq Ur

Subjects
COMPUTER network traffic, ARTIFICIAL intelligence, COMPUTER networks, COMPUTER network security, FEATURE selection, INTRUSION detection systems (Computer security)
Abstract

Cybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or anomalous behaviour within computer network systems, consequently opposing sensitive information. Traditional IDS approaches often struggle with high false positive rates and the ability to adapt embryonic attack patterns. This work asserts a novel Hybrid Adaptive Ensemble for Intrusion Detection (HAEnID), an innovative and powerful method to enhance intrusion detection, different from the conventional techniques. HAEnID is composed of a string of multi-layered ensemble, which consists of a Stacking Ensemble (SEM), a Bayesian Model Averaging (BMA), and a Conditional Ensemble method (CEM). HAEnID combines the best of these three ensemble techniques for ultimate success in detection with a considerable cut in false alarms. A key feature of HAEnID is an adaptive mechanism that allows ensemble components to change over time as network traffic patterns vary and new threats appear. This way, HAEnID would provide adequate protection as attack vectors change. Furthermore, the model would become more interpretable and explainable using Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed Ensemble model for intrusion detection on CIC-IDS 2017 achieves excellent accuracy (97-98%), demonstrating effectiveness and consistency across various configurations. Feature selection further enhances performance, with BMA-M (20) reaching 98.79% accuracy. These results highlight the potential of the ensemble model for accurate and reliable intrusion detection and, hence, is a state-of-the-art choice for accuracy and explainability. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

22. A Robust Model for Predicting Abnormal Behavior in Vehicular Networks  using AdaBoost and Chi-Square.

Author

Amaouche, Sara, Guezzaz, Azidine, Benkirane, Said, and Azrour, Mourade

Subjects
DENIAL of service attacks, CYBERTERRORISM, FEATURE selection, VEHICULAR ad hoc networks, INTERNET security
Abstract

Nowadays, VANETs are becoming a very interesting research topic for researchers as the benefits are very high in terms of ensuring driver comfort, enhancing road effectiveness and minimizing the risk of accidents. VANET is a wireless network directly linked to the Internet that links multiple vehicles through the use of OBUs (onboard units) to contact and communicate with the other units and RSUs (roadside units). This can be both an advantage and a risk for VANETs as the number of communications offered by this type of network including both vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V) forms of communication continues to grow, making VANETs increasingly susceptible to many types of cyber security attacks, such as denial of service attacks DOS, false and alternative messages, drive-by downloads, and false alarms. By identifying misbehaving vehicles, intrusion detection systems (IDS) significantly contribute to the protection of vehicle networks. In this research, we present an ensemble learning method, AdaBoost, as the basis for an IDS. To address the attack class imbalance problem, we employed the synthetic minority oversampling approach, or SMOTE, and for feature selection, we used the Chi-Squared technique. By creating new synthetic examples close to the other objects, the SMOTE technique helps to improve the minority classes while preventing overfitting, and Chi squared aids in the solution of the feature selection issue by examining the relationship between features. The NSL-KDD and UNSW-NB15 datasets, two of the most popular datasets these days, will be utilized to test our model. The following metrics were employed to assess our proposed model: It accomplishes this by creating new synthetic examples in feature space that are near to the other points (that is, members of the minority class). Chi squared then assists us in selecting features by examining the relationship between features that utilize the three new features. The tree datasets NSL-KDD, UNSW-NB15, and TON-IOTthree of the most popular datasets these days—are utilized to test our model. The following metrics have been applied to assess our suggested model. We used 10 cross-validation, f1-score, accuracy, precision, and recall to our model. Our model approach outperforms the current IDSs in terms of accuracy, recall, and precision, scoring nearly 100% on all metrics (accuracy, precession, recall, and f1-score). [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

23. Enhanced intrusion detection framework for securing IoT network using principal component analysis and CNN.

Author

Mazid, Abdul, Kirmani, Sheeraz, and Abid, Manaullah

Subjects
*CONVOLUTIONAL neural networks, *SMART devices, *PRINCIPAL components analysis, *PEARSON correlation (Statistics), *DEEP learning
Abstract

The Internet of Things (IoT) has transformed our world by connecting smart devices and enabling seamless interactions. This reliance, however, has led to new security issues and types of attacks. It is of the utmost importance to safeguard the security of IoT networks, with network intrusion detection systems (NIDS) having a significant impact. This paper proposes a novel approach integrating Principal Component Analysis (PCA), Pearson Correlation Coefficient (PCC), and Convolutional Neural Network (CNN) to overcome these security issues. Our innovative method reduces data dimensionality and selects highly correlated features using PCC and PCA, addressing overfitting and improving model performance while maintaining high computational speed and low costs. Our approach uniquely distinguishes between benign and threat packets by employing 1D-CNN, 2D-CNN, and 3D-CNN algorithms trained on Edge-IIoTset and NSL-KDD benchmark datasets. The findings from our experiments indicate that the proposed framework significantly enhances accuracy, precision, recall, and F1-score compared to existing models for both binary and multiclass classifications. Our binary classification models achieved exceptional performance, with an average accuracy of 99.76%, 99.79% precision, 99.89% recall, and 99.85% F1-score on the Edge-IIoTset dataset. On the NSL-KDD dataset, the models attained 99.20% accuracy, 98.07% precision, 97.95% recall, and 97.71% F1-score. For multiclass classification, the proposed model demonstrated an average accuracy of 99.41%, precision of 98.61%, recall of 98.49%, and an F1-score of 98.56% on the Edge-IIoTset dataset. On the NSL-KDD dataset, the model achieved 92.43% accuracy, 93.21% precision, 93.60% recall, and a 93.7% F1-score. Our research introduces a significant advancement that substantially improves NIDS capabilities, making IoT networks safer and more connected. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

24. Optimized Ensemble Learning Models Based on Clustering and Hybrid Deep Learning for Wireless Intrusion Detection.

Author

Pitchandi, Perumal, Nivaashini, M., and Grace, R. Kingsy

Subjects
*MACHINE learning, *DEEP learning, *FEATURE selection, *CONVOLUTIONAL neural networks, *PRINCIPAL components analysis, *INTRUSION detection systems (Computer security)
Abstract

Machine learning (ML) and deep learning (DL) are used in numerous fields, particularly to develop effective intrusion detection systems (IDS). Existing wireless network IDS, which rely on a single ML algorithm and have limitations. These include a high rate of false positives, difficulties in recognizing distinct attack patterns, and a high acquisition cost for annotated training datasets. However, hostile threats are always evolving, networks need a smart security solution. In comparison to other ML approaches, DL algorithms are more successful in intrusion detection. This paper presents a DL based ensemble model that combines Multi-verse through Chaotic Atom Search Optimization (MCA) for preprocessing, which eliminates unsolicited/recurrent information in the dataset. The process of optimized feature selection uses Principal Component Analysis (PCA), Chaotic Manta-ray Foraging Optimizations (CMFO), and a grounded grouping method to partition the optimized feature dataset into k-diverse clusters. The recommended model then stacks Support Vector Machine (SVM) as the ensemble model's meta-learner classifier, pre-training the hybrid DL prototypes using the optimized feature dataset cluster. The CNN-LSTM and CNN-GRU models, which integrate Convolutional Neural Networks (CNN), Long Short-Term Memory (LSTM), and Gated Recurrent Unit (GRU), are the hybrid DL prototype's key components. The suggested model's performance has been enhanced and compared to six ML techniques: NB, SVM, J48, RF, MLP, and kNN models, utilizing measures such as accuracy, precision, recall, and F-measure. The public can access the Aegean Wi-Fi Intrusion Dataset (AWID) which is used for evaluating the recommended model and is outperformed the contemporary models in the literature. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

25. ShNFN: Shepard Neuro-Fuzzy Network for Intrusion Detection in Fog Computing.

Author

Ganeshan, R, Sravani, Meesala, Kalidindi, Archana, and Om Prakash, P G

Subjects
*COMPUTER network traffic, *CONVOLUTIONAL neural networks, *CASCADE connections, *DISTRIBUTED computing, *FEATURE selection, *INTRUSION detection systems (Computer security)
Abstract

Fog computing is a type of distributed computing that makes data storage and computation closer to the network edge. While fog computing offers numerous advantages, it also introduces several challenges, particularly in terms of security. Intrusion Detection System (IDS) plays a crucial role in securing fog computing environments by monitoring network traffic and system activities for signs of malicious behavior. Several techniques can be employed to enhance intrusion detection in fog computing environments. Accordingly, this paper proposes a Shepard Neuro-Fuzzy Network (ShNFN) for intrusion detection in fog computing. Initially, in the cloud layer, the input data are passed to data transformation to transform the unstructured data into structured form. Here, data transformation is done employing the Box-Cox transformation. Following this, the feature selection is done in terms of information gain and symmetric uncertainty process and it is used to create a relationship between two variables. After that, the data are classified by employing the proposed ShNFN. The ShNFN is attained by fusing two networks, such as Cascade Neuro-Fuzzy Network (Cascade NFN) and Shepard Convolutional Neural Networks (ShCNN). After this, the physical process is executed at the endpoint layer. Finally, intrusion detection is accomplished in the fog layer by the proposed ShNFN method. The performance of the intrusion detection using ShNFN is calculated by the metrics of recall, F-measure and precision. The proposed method achieves the values of 93.3%, 92.5% and 94.8% for recall, F-measure, and precision, respectively. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

26. MTC-NET: A Multi-Channel Independent Anomaly Detection Method for Network Traffic.

Author

Zhao, Xiaoyong, Huang, Chengjin, and Wang, Lei

Subjects
*COMPUTER network traffic, *ANOMALY detection (Computer security), *ARTIFICIAL intelligence, *TRANSFORMER models, *TRAFFIC flow
Abstract

In recent years, deep learning-based approaches, particularly those leveraging the Transformer architecture, have garnered widespread attention for network traffic anomaly detection. However, when dealing with noisy data sets, directly inputting network traffic sequences into Transformer networks often significantly degrades detection performance due to interference and noise across dimensions. In this paper, we propose a novel multi-channel network traffic anomaly detection model, MTC-Net, which reduces computational complexity and enhances the model's ability to capture long-distance dependencies. This is achieved by decomposing network traffic sequences into multiple unidimensional time sequences and introducing a patch-based strategy that enables each sub-sequence to retain local semantic information. A backbone network combining Transformer and CNN is employed to capture complex patterns, with information from all channels being fused at the final classification header in order to achieve modelling and detection of complex network traffic patterns. The experimental results demonstrate that MTC-Net outperforms existing state-of-the-art methods in several evaluation metrics, including accuracy, precision, recall, and F1 score, on four publicly available data sets: KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

27. Collaborative intrusion detection using weighted ensemble averaging deep neural network for coordinated attack detection in heterogeneous network.

Author

Wardana, Aulia Arif, Kołaczek, Grzegorz, Warzyński, Arkadiusz, and Sukarno, Parman

Subjects
*ARTIFICIAL neural networks, *COMPUTER network traffic, *CYBERTERRORISM, *DEEP learning
Abstract

Detecting coordinated attacks in cybersecurity is challenging due to their sophisticated and distributed nature, making traditional Intrusion Detection Systems often ineffective, especially in heterogeneous networks with diverse devices and systems. This research introduces a novel Collaborative Intrusion Detection System (CIDS) using a Weighted Ensemble Averaging Deep Neural Network (WEA-DNN) designed to detect such attacks. The WEA-DNN combines deep learning techniques and ensemble methods to enhance detection capabilities by integrating multiple Deep Neural Network (DNN) models, each trained on different data subsets with varying architectures. Differential Evolution optimizes the model's contributions by calculating optimal weights, allowing the system to collaboratively analyze network traffic data from diverse sources. Extensive experiments on real-world datasets like CICIDS2017, CSE-CICIDS2018, CICToNIoT, and CICBotIoT show that the CIDS framework achieves an average accuracy of 93.8%, precision of 78.6%, recall of 60.4%, and an F1-score of 62.4%, surpassing traditional ensemble models and matching the performance of local DNN models. This demonstrates the practical benefits of WEA-DNN in improving detection capabilities in real-world heterogeneous network environments, offering superior adaptability and robustness in handling complex attack patterns. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

28. Robust intrusion detection for network communication on the Internet of Things: a hybrid machine learning approach.

Author

Soltani, Nasim, Rahmani, Amir Masoud, Bohlouli, Mahdi, and Hosseinzadeh, Mehdi

Subjects
*SUPERVISED learning, *FISHER discriminant analysis, *COMPUTER networks, *K-nearest neighbor classification, *MACHINE learning, *INTRUSION detection systems (Computer security)
Abstract

The importance and growth of the Internet of Things (IoT) in computer networks and applications have been increasing. Additionally, many of these applications generate large volumes of data, which are critical and require protection against attacks. Various techniques have been proposed to identify and counteract these threats. In this paper, we offer a hybrid machine learning approach (using the k-nearest neighbors and random forests as supervised classifiers) to enhance the accuracy of intrusion detection systems and minimize the risk of potential attacks. Also, we employ backward elimination and linear discriminant analysis algorithms for feature reduction and to lower computational costs. Following the training phase, when discrepancies arose between the decisions of the classifiers, the ultimate determination was supported by ISO/IEC 27001 regulations. The performance of the proposed model was assessed within a Python programming framework, utilizing the CICIDS 2017, NSL-KDD, and TON-IoT datasets. The outcomes illustrated that the proposed approach attained a noteworthy accuracy of 99.96% in the multi-class classification of CICIDS 2017, 99.37% in the binary classification of the NSL-KDD dataset, and 99.96% in the multi-class classification of TON-IoT dataset. Furthermore, the attack success rate for each dataset stands at 0.05%, 0.24%, and 0% respectively, demonstrating a significant reduction compared to other methods. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

29. A deep analysis of nature-inspired and meta-heuristic algorithms for designing intrusion detection systems in cloud/edge and IoT: state-of-the-art techniques, challenges, and future directions.

Author

Hu, Wengui, Cao, Qingsong, Darbandi, Mehdi, and Jafari Navimipour, Nima

Subjects
*MACHINE learning, *METAHEURISTIC algorithms, *COMPUTER performance, *FEATURE selection, *CLOUD computing, *INTRUSION detection systems (Computer security)
Abstract

The number of cloud-, edge-, and Internet of Things (IoT)-based applications that produce sensitive and personal data has rapidly increased in recent years. The IoT is a new model that integrates physical objects and the Internet and has become one of the principal technological evolutions of computing. Cloud computing is a paradigm for centralized computing that gathers resources in one place and makes them available to consumers via the Internet. Despite the vast array of resources that cloud computing offers, real-time mobile applications might not find it acceptable because it is typically located far from users. However, in applications where low latency and high dependability are required, edge computing—which disperses resources to the network edge—is becoming more and more popular. Though it has less processing power than traditional cloud computing, edge computing offers resources in a decentralized way that can react to customers' needs more quickly. There has been a sharp increase in attackers stealing data from these applications since the data is so sensitive. Thus, a powerful Intrusion Detection System (IDS) that can identify intruders is required. IDS are essential for the cybersecurity of the IoT, cloud, and edge architectures. Investigators have mostly embraced the use of deep learning algorithms as a means of protecting the IoT environment. However, these techniques have some issues with computational complexity, long processing times, and poor precision. Feature selection approaches can be utilized to overcome these problems. Optimization methods, including bio-inspired algorithms, are applied as feature selection approaches to enhance the classification accuracy of IDS systems. Based on the cited sources, it appears that no study has looked into these difficulties in depth. This research thoroughly analyzes the current literature on intrusion detection and using nature-inspired algorithms to safeguard IoT and cloud/edge settings. This article examines pertinent analyses and surveys on the aforementioned subjects, dangers, and outlooks. It also examines many frequently used algorithms in the development of IDSs used in IoT security. The findings demonstrate their efficiency in addressing IoT and cloud/edge ecosystem security issues. Moreover, it has been shown that the methods put out in the literature might improve IDS security and dependability in terms of precision and execution speed. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

31. Efficient SVH2M for information anomaly detection in manufacturing processes on system call.

Author

Chao-Hsien Hsieh, Fengya Xu, Qingqing Yang, and Dehong Kong

Subjects
HIDDEN Markov models, COMPUTER network traffic, MANUFACTURING processes, SUPPORT vector machines, MARKOV processes
Abstract

With the integration of the manufacturing process in the Internet, cybersecurity becomes even more important in the process of factory operations. Because of the complexity of data traffic in the manufacturing industry, the identification and classification of anomalous behavior is an important direction of current research. System calls are made at the operating system level. Therefore, the use of system call sequences can detect potential threats much earlier. So, this paper chooses system call information as the research object. System call orderliness is an ideal property for analysis of using hidden Markov model. In terms of methodology, the SVH2M model improves the performance and efficiency of attack detection in manufacturing systems. The SVH2M model combines pSVM with mHMM. The pSVM and mHMM models use SVMPSA and PATA. pSVM is first used to initially categorize the system call sequences into normal and abnormal categories. The classification of pSVM can reduce the amount of data. This reduces the error rate of mHMM processing. Next, mHMM is built for different types of known anomalies. The SVH2M model in the false positive rate is lower than that of hidden Markov model. The experimental results show that the AUC of the improved model is increased by 17%. The average Mismatch Rate is reduced by 16%. The performance and efficiency of detecting anomalous information are improved in manufacturing systems. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

32. Anomaly-based Intrusion Detection Techniques in Internet of Things Ecosystem: A Review.

Author

EDJE, E. A., EDE, H. E., OMEDE, E. U., ATONUJE, E., and OGEH, C.

Subjects
INTERNET of things, INTERNET security, CYBERTERRORISM, CYBERCRIMINALS, CYBERSPACE
Abstract

With a vast array of smart and connected devices and applications available in many areas, including green IoT-based agriculture, smart farming, smart homes, smart transportation, smart health, smart grid, smart cities, and smart environment, the Internet of Things (IoT) technology has emerged to enhance people's lives. IoT devices are susceptible to cyberattacks. Though, researchers have sufficiently embraced the use of diverse techniques and algorithms as a means of securing data and information generated and transmitted in the Internet of Things ecosystem. Additionally, these techniques have been effectively applied in a number of domains, demonstrating its superiority in tackling intrusion detection attacks. The anomaly-based Intrusion Detection System (IDS) has an edge in identifying zero-day attacks because signature-based detection is limited when it comes to unknown threats. Therefore, this paper explicitly and systematically analyzed current techniques deployed in IoT ecosystem for the detection of anomaly-based intrusion attacks. Also, the processes and functionalities adopted by the techniques to predict the abnormality-based intrusion attacks, development and simulation tools adopted to implement and evaluate the effectiveness and performance of the techniques are highlight and discussed extensively. Finally, a summary of challenges and weaknesses of the techniques are briefly discussed, for onward investigation in future researches. [ABSTRACT FROM AUTHOR]

Published
2024

33. Optimizing intrusion detection in 5G networks using dimensionality reduction techniques.

Author

Salah, Zaher, Elsoud, Esraa, Al-Sit, Waleed, Alhenawi, Esraa, Alshraiedeh, Fuad, and Alshdaifat, Nawaf

Subjects
COMPUTER network traffic, IEEE 802.11 (Standard), COMPUTER network security, CYBERTERRORISM, 5G networks, INTRUSION detection systems (Computer security)
Abstract

The proliferation of internet of things (IoT) technologies has expanded the user base of the internet, but it has also exposed users to increased cyber threats. Intrusion detection systems (IDSs) play a vital role in safeguarding against cybercrimes by enabling early threat response. This research uniquely centers on the critical dimensionality aspects of wireless datasets. This study focuses on the intricate interplay between feature dimensionality and intrusion detection systems. We rely on the renowned IEEE 802.11 security-oriented AWID3 dataset to implement our experiments since AWID was the first dataset created from wireless network traffic and has been developed into AWID3 by capturing and studying traces of a wide variety of attacks sent into the IEEE 802.1X extensible authentication protocol (EAP) environment. This research unfolds in three distinct phases, each strategically designed to enhance the efficacy of our framework, using multinominal class, multi-numeric class, and binary class. The best accuracy achieved was 99% in the three phases, while the lowest accuracy was 89.1%, 60%, and 86.7% for the three phases consecutively. These results offer a comprehensive understanding of the intricate relationship between wireless dataset dimensionality and intrusion detection effectiveness. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

34. Data Mining Approach for Evil Twin Attack Identification in Wi-Fi Networks.

Author

Banakh, Roman, Nyemkova, Elena, Justice, Connie, Piskozub, Andrian, and Lakh, Yuriy

Subjects
MACHINE learning, IEEE 802.11 (Standard), WIRELESS sensor networks, COMPUTER networking equipment, COMPUTER network security, INTRUSION detection systems (Computer security)
Abstract

Recent cyber security solutions for wireless networks during internet open access have become critically important for personal data security. The newest WPA3 network security protocol has been used to maximize this protection; however, attackers can use an Evil Twin attack to replace a legitimate access point. The article is devoted to solving the problem of intrusion detection at the OSI model's physical layers. To solve this, a hardware–software complex has been developed to collect information about the signal strength from Wi-Fi access points using wireless sensor networks. The collected data were supplemented with a generative algorithm considering all possible combinations of signal strength. The k-nearest neighbor model was trained on the obtained data to distinguish the signal strength of legitimate from illegitimate access points. To verify the authenticity of the data, an Evil Twin attack was physically simulated, and a machine learning model analyzed the data from the sensors. As a result, the Evil Twin attack was successfully identified based on the signal strength in the radio spectrum. The proposed model can be used in open access points as well as in large corporate and home Wi-Fi networks to detect intrusions aimed at substituting devices in the radio spectrum where IEEE 802.11 networking equipment operates. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

35. Blockchain based federated learning for intrusion detection for Internet of Things.

Author

Sun, Nan, Wang, Wei, Tong, Yongxin, and Liu, Kexin

Abstract

In Internet of Things (IoT), data sharing among different devices can improve manufacture efficiency and reduce workload, and yet make the network systems be more vulnerable to various intrusion attacks. There has been realistic demand to develop an efficient intrusion detection algorithm for connected devices. Most of existing intrusion detection methods are trained in a centralized manner and are incapable to identify new unlabeled attack types. In this paper, a distributed federated intrusion detection method is proposed, utilizing the information contained in the labeled data as the prior knowledge to discover new unlabeled attack types. Besides, the blockchain technique is introduced in the federated learning process for the consensus of the entire framework. Experimental results are provided to show that our approach can identify the malicious entities, while outperforming the existing methods in discovering new intrusion attack types. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

36. Detect and Prevent Attacks of Intrusion in IOT Devices using Game Theory with Ant Colony Optimization (ACO).

Author

Aruna, S., N., Kalaivani, M., Mohammedkasim, Devi, D. Prabha, and Thirumangaialwar, E. Babu

Subjects
ANT algorithms, COMPUTER network security, INTERNET of things, FORAGING behavior, GAME theory, ANT behavior
Abstract

A more extensive attack surface for cyber incursions has resulted from the fast expansion of Internet of Things (IoT) devices, calling for more stringent security protocols. This research introduces a new method for protecting Internet of Things (IoT) networks against intrusion assaults by combining Game Theory with Ant Colony Optimization (ACO). Various cyber dangers are becoming more common as a result of the networked nature and frequently inadequate security measures of IoT devices. Because these threats are ever-changing and intricate, traditional security measures can't keep up. An effective optimization method for allocating resources and pathfinding is provided by ACO, which takes its cues from the foraging behavior of ants, while Game Theory provides a strategic framework for modeling the interactions between attackers and defenders. Attackers and defenders in the proposed system are modeled as players in a game where the objective is to maximize their payout. Minimizing damage by anticipating and minimizing assaults is the defender's task. The monitoring pathways are optimized and resources are allocated effectively with the help of ACO. In response to changes in network conditions, the system dynamically modifies defensive tactics by updating the game model in real time. The results of the simulation show that the suggested method successfully increases the security of the Internet of Things. Compared to 87.4% using conventional approaches, the detection accuracy increased to 95.8%. From 10.5 seconds down to 7.3 seconds, the average reaction time to identified incursions was cut in half. Furthermore, there was a 20% improvement in resource utilization efficiency, guaranteeing that defensive and monitoring resources were allocated optimally. Internet of Things (IoT) network security is greatly improved by combining Game Theory with Ant Colony Optimization. In addition to enhancing detection accuracy and reaction times, this combination method guarantees resource efficiency. The results demonstrate the practicality of this approach, which offers a solid foundation for protecting Internet of Things devices from ever-changing cyber dangers. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

37. Harnessing Decision Tree-guided Dynamic Oversampling for Intrusion Detection.

Author

Kaur, Ritinder and Gupta, Neha

Subjects
DATA augmentation, LEARNING strategies, MINORITIES
Abstract

Imbalanced datasets present a significant challenge in the realm of intrusion detection, as the rare attacks are often overshadowed by the normal instances. To tackle this issue, it is essential to utilize the various strategies of imbalanced learning that aim to mitigate the effects of class imbalance and improve the performance of intrusion detection systems. One effective approach for dealing with class imbalance is through data augmentation methods like the Synthetic Minority Oversampling Technique (SMOTE). This research presents a novel data resampling approach that performs adaptive synthetic sampling on rare and complex samples by using decision boundaries. The benchmark dataset NSL-KDD was used to evaluate and validate the effectiveness of this approach. The experimental results demonstrated a significant improvement in the detection accuracy of rare classes, achieving 42% for u2r instances and 83 % for r2l instances. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

38. A Secure Framework for WSN-IoT Using Deep Learning for Enhanced Intrusion Detection.

Author

Kumar, Chandraumakantham Om, Gajendran, Sudhakaran, Marappan, Suguna, Zakariah, Mohammed, and Almazyad, Abdulaziz S.

Subjects
DEEP learning, FEATURE selection, TIME complexity, WIRELESS sensor networks, INTRUSION detection systems (Computer security), FEATURE extraction
Abstract

The security of the wireless sensor network-Internet of Things (WSN-IoT) network is more challenging due to its randomness and self-organized nature. Intrusion detection is one of the key methodologies utilized to ensure the security of the network. Conventional intrusion detection mechanisms have issues such as higher misclassification rates, increased model complexity, insignificant feature extraction, increased training time, increased run time complexity, computation overhead, failure to identify new attacks, increased energy consumption, and a variety of other factors that limit the performance of the intrusion system model. In this research a security framework for WSN-IoT, through a deep learning technique is introduced using Modified Fuzzy-Adaptive DenseNet (MF_AdaDenseNet) and is benchmarked with datasets like NSL-KDD, UNSWNB15, CIDDS-001, Edge IIoT, Bot IoT. In this, the optimal feature selection using Capturing Dingo Optimization (CDO) is devised to acquire relevant features by removing redundant features. The proposed MF_AdaDenseNet intrusion detection model offers significant benefits by utilizing optimal feature selection with the CDO algorithm. This results in enhanced Detection Capacity with minimal computation complexity, as well as a reduction in False Alarm Rate (FAR) due to the consideration of classification error in the fitness estimation. As a result, the combined CDO-based feature selection and MF_AdaDenseNet intrusion detection mechanism outperform other state-of-the-art techniques, achieving maximal Detection Capacity, precision, recall, and F-Measure of 99.46%, 99.54%, 99.91%, and 99.68%, respectively, along with minimal FAR and Mean Absolute Error (MAE) of 0.9% and 0.11. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

39. Cyber Security within Smart Cities: A Comprehensive Study and a Novel Intrusion Detection-Based Approach.

Author

Houichi, Mehdi, Jaidi, Faouzi, and Bouhoula, Adel

Subjects
SMART cities, INTERNET of things, QUALITY of life, ARTIFICIAL intelligence, INTERNET security
Abstract

The expansion of smart cities, facilitated by digital communications, has resulted in an enhancement of the quality of life and satisfaction among residents. The Internet of Things (IoT) continually generates vast amounts of data, which is subsequently analyzed to offer services to residents. The growth and development of IoT have given rise to a new paradigm. A smart city possesses the ability to consistently monitor and utilize the physical environment, providing intelligent services such as energy, transportation, healthcare, and entertainment for both residents and visitors. Research on the security and privacy of smart cities is increasingly prevalent. These studies highlight the cybersecurity risks and the challenges faced by smart city infrastructure in handling and managing personal data. To effectively uphold individuals’ security and privacy, developers of smart cities must earn the trust of the public. In this article, we delve into the realms of privacy and security within smart city applications. Our comprehensive study commences by introducing architecture and various applications tailored to smart cities. Then, concerns surrounding security and privacy within these applications are thoroughly explored subsequently. Following that, we delve into several research endeavors dedicated to addressing security and privacy issues within smart city applications. Finally, we emphasize our methodology and present a case study illustrating privacy and security in smart city contexts. Our proposal consists of defining an Artificial Intelligence (AI) based framework that allows: Thoroughly documenting penetration attempts and cyberattacks; promptly detecting any deviations from security standards; monitoring malicious behaviors and accurately tracing their sources; and establishing strong controls to effectively repel and prevent such threats. Experimental results using the Edge-IIoTset (Edge Industrial Internet of Things Security Evaluation Test) dataset demonstrated good accuracy. They were compared to related state-of-the-art works, which highlight the relevance of our proposal. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

40. GRU Enabled Intrusion Detection System for IoT Environment with Swarm Optimization and Gaussian Random Forest Classification.

Author

Shoab, Mohammad and Alsbatin, Loiy

Subjects
PARTICLE swarm optimization, RANDOM forest algorithms, DEEP learning, SEARCH algorithms, FEATURE extraction, INTRUSION detection systems (Computer security)
Abstract

In recent years, machine learning (ML) and deep learning (DL) have significantly advanced intrusion detection systems, effectively addressing potential malicious attacks across networks. This paper introduces a robust method for detecting and categorizing attacks within the Internet of Things (IoT) environment, leveraging the NSL-KDD dataset. To achieve high accuracy, the authors used the feature extraction technique in combination with an autoencoder, integrated with a gated recurrent unit (GRU). Therefore, the accurate features are selected by using the cuckoo search algorithm integrated particle swarm optimization (PSO), and PSO has been employed for training the features. The final classification of features has been carried out by using the proposed RF-GNB random forest with the Gaussian Naïve Bayes classifier. The proposed model has been evaluated and its performance is verified with some of the standard metrics such as precision, accuracy rate, recall F1-score, etc., and has been compared with different existing models. The generated results that detected approximately 99.87% of intrusions within the IoT environments, demonstrated the high performance of the proposed method. These results affirmed the efficacy of the proposed method in increasing the accuracy of intrusion detection within IoT network systems. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

41. Deep Learning Based Intrusion Detection System of IoT Technology: Accuracy Versus Computational Complexity.

Author

Mutleg, Maryam Lazim, Mahmood, Ali Majeed, and Jawad Al-Nayar, Muna Mohammed

Subjects
COMPUTER network traffic, CYBERTERRORISM, DEEP learning, COMPUTATIONAL complexity, INTERNET of things
Abstract

The Internet of Things' (IoT) rapid growth has resulted in a rise in vulnerabilities, making safeguarding IoT systems against intrusions and illegal access a top priority. Intrusion Detection Systems (IDS) are essential for keeping an eye out for irregularities in network traffic. However, the challenge lies in the IDS's ability to detect attacks within high-speed networks while minimizing computational complexity promptly. To improve detection efficiency in IoT networks, we proposed lightweight detection models in this paper that are based on Long Short-Term Memory (LSTM), Bidirectional LSTM (Bi-LSTM), Gated Recurrent Unit (GRU), and a GRU-based self-attention mechanism. The Grid Search (GS) algorithm optimizes the models by adjusting the hyperparameters, such as the learning rate and the number of hidden units. The proposed models are evaluated using the ToN-IoT dataset. The achieved detection accuracy for all models is as follows: 97% for GRU, 98.1% for LSTM, 98.4% for Bi-LSTM, and 99% for the GRU-based self-attention mechanism. Furthermore, the GRU-based self-attention mechanism has fewer parameters, which leads to a significant saving in classification time of up to 84% compared to GRU. These findings demonstrate that the GRU-based self-attention mechanism is superior in accuracy and computational efficiency, which makes it particularly effective for real-time intrusion detection in IoT networks. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

42. Intrusion detection using KK-RF and balanced Gini - Entropy approach.

Author

K, Ramani and N, Chandrakala

Subjects
RANDOM forest algorithms, FEATURE selection, FEATURE extraction, ENTROPY, NEIGHBORHOODS, INTRUSION detection systems (Computer security)
Abstract

In the era of advanced cyber developments, intrusions becomes a common event in any network. Although there are research studies and developers found ways to improve the detection models, there is some problem that persists in the intrusion models such as extracting key features from a large dataset, and delayed detection is a critical issue that needs to be addressed. Hence the proposed study aimed to develop a model that could extract key features from the dataset and use them effectively in the detection of threats. The study incorporates two approaches, one is feature extraction by the K-Nearest Neighbourhood, and feature selection by the K-Best approach. And the other is the balanced Gini-Entropy approach for the Random Forest (RF) classifier. This combined approach by KNN, K-best, and RF is referred to as (KK-RF). This combined approach of feature extraction, selection, and classification results in an effective threat detection model with high accuracy of about 99.61%. Moreover the proposed model has achieved precision and the recall rates of 97.3 and 96.6% respectively. Concurrently, the model attained markable F1-score of 96.6 respectively. Also, from the comparison results, it is observed that the proposed model had higher performance. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

43. Security establishment using deep convolutional network model in cyber-physical systems.

Author

Meganathan, R., B, Manjunath, Anand, R., and Murugesh, V.

Subjects
RECURRENT neural networks, DENIAL of service attacks, CYBER physical systems, SUPPORT vector machines, DEEP learning, BOTNETS
Abstract

This study develops an active security control strategy for Cyber-Physical Systems (CPSs) that are subject to attacks known as Denial-of-Service (DoS), which can target both channels from the controller to the actuator and from the controller to the sensor. Due to attack cost restrictions, the linked channels are subject to a limit on the number of continuous DoS attacks. A proactive security control method is then developed to combat two-channel DoS attacks, depending on a method for identifying IoT intrusions. Using the CICIDS dataset for attack detection, we examined the effectiveness of the Deep Convolutional Network Model (DCNM), a suggested deep learning model. The addressed CPS can be asymptotically stable against DoS assaults under the security controller's active security control technique without sacrificing control performance. Recent tests and simulations show how effective the security control strategy is active. The proposed model gives better trade-off compared to existing approaches like Deep Belief Networks (DBN), Recurrent Neural Networks (RNN), Support Vector Machines (SVM), Supervised Neural Networks (SNN) and Feed Forward Neural Networks (FNN). The proposed model gives 99.3%, 99.5%, 99.5%, 99.6%, 99%, 98.9%, 99% accuracy with normal attack detection, botnet attack detection, Brute force attack detection, DoS attack detection, Infiltration attack detection, Portscan attack detection and web attack detection respectively. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

44. Deep Learning for Network Intrusion Detection in Virtual Networks.

Author

Spiekermann, Daniel, Eggendorfer, Tobias, and Keller, Jörg

Subjects
VIRTUAL private networks, DEEP learning, VIRTUAL reality, CRITICAL currents, MACHINE learning, VIRTUAL networks, INTRUSION detection systems (Computer security)
Abstract

As organizations increasingly adopt virtualized environments for enhanced flexibility and scalability, securing virtual networks has become a critical part of current infrastructures. This research paper addresses the challenges related to intrusion detection in virtual networks, with a focus on various deep learning techniques. Since physical networks do not use encapsulation, but virtual networks do, packet analysis based on rules or machine learning outcomes for physical networks cannot be transferred directly to virtual environments. Encapsulation methods in current virtual networks include VXLAN (Virtual Extensible LAN), an EVPN (Ethernet Virtual Private Network), and NVGRE (Network Virtualization using Generic Routing Encapsulation). This paper analyzes the performance and effectiveness of network intrusion detection in virtual networks. It delves into challenges inherent in virtual network intrusion detection with deep learning, including issues such as traffic encapsulation, VM migration, and changing network internals inside the infrastructure. Experiments on detection performance demonstrate the differences between intrusion detection in virtual and physical networks. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

45. Machine Learning-Based Intrusion Detection Methods in IoT Systems: A Comprehensive Review.

Author

Kikissagbe, Brunel Rolack and Adda, Meddi

Subjects
DEEP learning, MACHINE learning, INTERNET of things, SECURITY systems, INTRUSION detection systems (Computer security), INTERNET
Abstract

The rise of the Internet of Things (IoT) has transformed our daily lives by connecting objects to the Internet, thereby creating interactive, automated environments. However, this rapid expansion raises major security concerns, particularly regarding intrusion detection. Traditional intrusion detection systems (IDSs) are often ill-suited to the dynamic and varied networks characteristic of the IoT. Machine learning is emerging as a promising solution to these challenges, offering the intelligence and flexibility needed to counter complex and evolving threats. This comprehensive review explores different machine learning approaches for intrusion detection in IoT systems, covering supervised, unsupervised, and deep learning methods, as well as hybrid models. It assesses their effectiveness, limitations, and practical applications, highlighting the potential of machine learning to enhance the security of IoT systems. In addition, the study examines current industry issues and trends, highlighting the importance of ongoing research to keep pace with the rapidly evolving IoT security ecosystem. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

46. FLSec-RPL: a fuzzy logic-based intrusion detection scheme for securing RPL-based IoT networks against DIO neighbor suppression attacks.

Author

Kim, Chenset, So-In, Chakchai, Kongsorot, Yanika, and Aimtongkham, Phet

Subjects
END-to-end delay, INTERNET of things, MODERN society, FUZZY logic, BANDWIDTHS
Abstract

The Internet of Things (IoT) has gained popularity and is widely used in modern society. The growth in the sizes of IoT networks with more internet-connected devices has led to concerns regarding privacy and security. In particular, related to the routing protocol for low-power and lossy networks (RPL), which lacks robust security functions, many IoT devices in RPL networks are resource-constrained, with limited computing power, bandwidth, memory, and battery life. This causes them to face various vulnerabilities and potential attacks, such as DIO neighbor suppression attacks. This type of attack specifically targets neighboring nodes through DIO messages and poses a significant security threat to RPL-based IoT networks. Recent studies have proposed methods for detecting and mitigating this attack; however, they produce high false-positive and false-negative rates in detection tasks and cannot fully protect RPL networks against this attack type. In this paper, we propose a novel fuzzy logic-based intrusion detection scheme to secure the RPL protocol (FLSec-RPL) to protect against this attack. Our method is built of three key phases consecutively: (1) it tracks attack activity variables to determine potential malicious behaviors; (2) it performs fuzzy logic-based intrusion detection to identify malicious neighbor nodes; and (3) it provides a detection validation and blocking mechanism to ensure that both malicious and suspected malicious nodes are accurately detected and blocked. To evaluate the effectiveness of our method, we conduct comprehensive experiments across diverse scenarios, including Static-RPL and Mobile-RPL networks. We compare the performance of our proposed method with that of the state-of-the-art methods. The results demonstrate that our method outperforms existing methods in terms of the detection accuracy, F1 score, power consumption, end-to-end delay, and packet delivery ratio metrics. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

47. Ensemble random forest and deep convolutional neural networks in detecting and classifying the multiple intrusions from near real‐time cloud datasets.

Author

Khan, Minhaj and Haroon, Mohd.

Abstract

Due to rapidly growing Internet facilities, intruders can steal and misuse the data saved and stored digitally. In this case, securing digital data is challenging but prominent for various purposes. However, the traditional techniques are insufficient to secure these computer networks and cloud information with a 100% success rate. Recently, machine‐ or deep‐learning‐enabled methods have been used to secure network information, but with some limits. Therefore, the study emphasizes detecting and classifying network intrusion using the proposed ensemble and deep learning models. In this case, we developed the ensemble learning‐enabled random forest algorithm and deep learning‐enabled deep convolutional neural network (CNN) models for securing near real‐time cloud information and designed the intrusion detection system accordingly. The complex and high‐volume CSE‐CICIDS2018 datasets were used to test the developed model in Python programming language implemented with several Python libraries. The outcome of the proposed models indicates that the developed models are promising in securing the cloud information with 97.73% and 99.91% accuracies via ensemble‐random forest and deep CNN models. Thus, the present study models can be applied to other real‐time datasets and computer networks to detect cyber threats effectively. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

48. DeepRoughNetID: A Robust Framework for Network Anomaly Intrusion Detection with High Detection Rates.

Author

Nalini, M., Yamini, B., Sinthia, P., and S, Praveena Rachel Kamala

Subjects
*ANOMALY detection (Computer security), *COMPUTER network security, *TELECOMMUNICATION systems, *TELECOMMUNICATION, *INTERNET security, *INTRUSION detection systems (Computer security)
Abstract

Network security faces challenges, including reduced true positives, increased false positives, and inadequate anomaly detection efficacy. This paper introduces the DeepRoughNetID (DRNID) approach to address these issues and confront the increasing cyberattack threat in modern communication systems. DRNID presents an innovative framework for network intrusion detection, incorporating kNNImputer, GreedyRoughSelector, DeepVAEEnsembler, and IntrusionNet components. kNNImputer enables adaptable data preprocessing by leveraging instance-based learning, facilitating efficient handling of evolving datasets without necessitating full retraining. GreedyRoughSelector enhances classifier performance through systematic attribute selection, focusing on relevant features while eliminating redundancies. DeepVAEEnsembler leverages Variational Autoencoders (VAEs) to learn underlying data distributions, enabling robust anomaly detection. IntrusionNet utilizes VAEs to classify intrusions, providing a comprehensive solution to network security challenges. By integrating these components, DRNID offers a refined approach that promises significant advancements in network intrusion detection. The experimental results demonstrate the effectiveness of DRNID, with an impressive accuracy of 98.8% achieved through 10-fold cross-validation. DRNID exhibits superior performance compared to existing methods across various datasets, showcasing its robust anomaly detection capabilities. This methodology empowers organizations to proactively prevent security violations and safeguard sensitive data from malicious entities. Beyond its theoretical contributions, our research carries tangible implications for strengthening cybersecurity defenses across diverse sectors, including telecommunications, finance, and healthcare. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

49. Green Intrusion Detection Systems: A Comprehensive Review and Directions.

Author

Roy, Swapnoneel, Sankaran, Sriram, and Zeng, Mini

Subjects
*ANOMALY detection (Computer security), *INTERNET of things, *ENERGY consumption, *INTERNET security, *CYBER physical systems
Abstract

Intrusion detection systems have proliferated with varying capabilities for data generation and learning towards detecting abnormal behavior. The goal of green intrusion detection systems is to design intrusion detection systems for energy efficiency, taking into account the resource constraints of embedded devices and analyzing energy–performance–security trade-offs. Towards this goal, we provide a comprehensive survey of existing green intrusion detection systems and analyze their effectiveness in terms of performance, overhead, and energy consumption for a wide variety of low-power embedded systems such as the Internet of Things (IoT) and cyber physical systems. Finally, we provide future directions that can be leveraged by existing systems towards building a secure and greener environment. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results