Your search keyword '"intrusion detection"' showing total 916 results

1. A novel hybrid framework for Cloud Intrusion Detection System using system call sequence analysis.

Author

Chaudhari, Ashish, Gohil, Bhavesh, and Rao, Udai Pratap

Abstract

Cloud Computing offers on-demand infrastructure, platform and software services over the Internet on a pay-as-you-use model. Many e-commerce businesses and social networking sites are moving towards the cloud. Security breaches have also started to grow along with their popularity. The malicious processes can target virtualization-based cloud infrastructure and harm virtual resources, thereby becoming a threat to the cloud. Several Intrusion Detection Systems (IDSs) have been developed to detect attacks based on predefined behavior patterns. However, malicious processes can hide their behavior in the presence of security mechanisms on a Virtual Machine (VM). With the increasing frequency of such attacks, IDSs must be improved using Machine Learning (ML) and Deep Learning (DL) techniques. This study proposes a novel intrusion detection framework that can detect known and unknown attacks by system call sequence analysis. The framework analyzes the system call sequences of VMs with a hybrid model of Long Short Term Memory (LSTM) and system call frequency-based anomaly detection techniques. The proposed framework is evaluated using the Australian Defence Force Academy-Linux Dataset (ADFA-LD) dataset. Compared to the existing frameworks, the highest accuracy of 97.2% and a false positive rate of 2.4% are achieved for our proposed framework. [ABSTRACT FROM AUTHOR]

Published

2024

2. IDS-XGbFS: a smart intrusion detection system using XGboostwith recent feature selection for VANET safety.

Author

Amaouche, Sara, AzidineGuezzaz, Benkirane, Said, and MouradeAzrour

Abstract

The Vehicular Ad Hoc Network (VANET) is a novel and innovative technology which is part of the Intelligent Transportation Systems (ITS). VANET is a network composed of a collection of vehicles and other roadside components that are interconnected wirelessly. The intention underlying the development of this technology is the improvement of the vehicle environment and the enhancement of vehicle and driver safety. Nevertheless, since VANETs operate wirelessly and under complicated conditions, they are susceptible to a variety of attacks by malicious actors. Traditional techniques such as encryption are no longer effective, so new techniques using intrusion detection systems IDS have attracted the attention of a large number of researchers. The IDS scans the entire network and identifies all the possible harmful nodes present in the network. The present paper covers the problem of the identification of attacks in VANET by using XGBoost. The effectiveness analysis of the proposed models has been realized on the NSL-KDD and 5RoutingMetrics datasets combined with various feature selection techniques Boruta and Adaptive Synthetic Sampling Approach (ADASYN). Furthermore, the acquired results are being compared to two of the last most used ensemble methods CatBoost and convolutional neural networks CNN.In comparison with the other IDSs, our model approach achieves high performance in accuracy, recall and precision. [ABSTRACT FROM AUTHOR]

Published

2024

3. Hardening of the Internet of Things by using an intrusion detection system based on deep learning.

Author

Varastan, Bahman, Jamali, Shahram, and Fotohi, Reza

Abstract

The Internet of Things (IoTs) is a complex and large network of all kinds of equipment and things that covers various areas such as military networks, industrial networks, smart urban infrastructures, education, and many other areas, high volume of traffic, and the growing number of connected equipment. to these networks has made intrusion detection in these networks a challenging issue; Therefore, protecting these networks from various attacks is of particular importance and can be established through planning and establishing effective security controls. One of these important and effective methods of security control is the use of an intrusion detection system (IDS). Due to the ability of machine learning and deep learning methods to learn from existing real examples, they are used to prevent, predict, and intelligently and quickly track complex and unknown future examples. The most important ability and feature of these methods are to detect and predict new attacks, which in many cases are mutated or inspired by previous attacks. Therefore, IoTs control and security systems use and develop new methods in creating safe and intelligent communication between their devices and equipment, which are activated using advanced deep learning and machine methods. Also, the success and advancements of deep learning methods in various fields and fields with extensive data have made activists in the field of the internet interested in these methods. In this paper, to solve the mentioned problems and challenges, we also present a new and effective method of detection based on long short-term memory (LSTM)–recurrent neural network (RNN) and kernel principal component analysis (PCA). To achieve data preprocessing, high accuracy detection rate, feature extraction, and attack detection is embedded in an end-to-end or global detection method. We have used the NSL-KDD dataset to evaluate the results and check the presented idea. The results of our experiments and simulations show that the proposed IDS-LSTM attack detection strategy and idea has better performance than several detection and prediction strategies that use neural networks, support vector machines (SVM). [ABSTRACT FROM AUTHOR]

Published

2024

4. Machine learning-based intrusion detection: feature selection versus feature extraction.

Author

Ngo, Vu-Duc, Vuong, Tuan-Cuong, Van Luong, Thien, and Tran, Hung

Abstract

Internet of Things (IoTs) has been playing an important role in many sectors, such as smart cities, smart agriculture, smart healthcare, and smart manufacturing. However, IoT devices are highly vulnerable to cyber-attacks, which may result in security breaches and data leakages. To effectively prevent these attacks, a variety of machine learning-based network intrusion detection methods for IoT networks have been developed, which often rely on either feature extraction or feature selection techniques for reducing the dimension of input data before being fed into machine learning models. This aims to make the detection complexity low enough for real-time operations, which is particularly vital in any intrusion detection systems. This paper provides a comprehensive comparison between these two feature reduction methods of intrusion detection in terms of various performance metrics, namely, precision rate, recall rate, detection accuracy, as well as runtime complexity, in the presence of the modern UNSW-NB15 dataset as well as both binary and multiclass classification. For example, in general, the feature selection method not only provides better detection performance but also lower training and inference time compared to its feature extraction counterpart, especially when the number of reduced features K increases. However, the feature extraction method is much more reliable than its selection counterpart, particularly when K is very small, such as K = 4 . Additionally, feature extraction is less sensitive to changing the number of reduced features K than feature selection, and this holds true for both binary and multiclass classifications. Based on this comparison, we provide a useful guideline for selecting a suitable intrusion detection type for each specific scenario, as detailed in Table 14 at the end of Sect. 4. Note that such the comparison between feature selection and feature extraction over UNSW-NB15 as well as theoretical guideline have been overlooked in the literature. [ABSTRACT FROM AUTHOR]

Published

2024

5. A new approach for detecting process injection attacks using memory analysis.

Author

Nasereddin, Mohammed and Al-Qassas, Raad

Subjects

*COMPUTER storage devices, *PARALLEL programming, *MEMORY

Abstract

This paper introduces a new approach for examining and analyzing fileless malware artifacts in computer memory. The proposed approach offers the distinct advantage of conducting a comprehensive live analysis of memory without the need for periodic memory dumping. Once a new process arrives, log files are collected by monitoring the Event Tracing for Windows facility as well as listing the executables of the active process for violation detection. The proposed approach significantly reduces detection time and minimizes resource consumption by adopting parallel computing (programming), where the main software (Master) divides the work, organizes the process of searching for artifacts, and distributes tasks to several agents. A dataset of 17411 malware samples is used in the assessment of the new approach. It provided satisfactory and reliable results in dealing with at least six different process injection techniques including classic DLL injection, reflective DLL injection, process hollowing, hook injection, registry modifications, and.NET DLL injection. The detection accuracy rate has reached 99.93 % with a false-positive rate of 0.068 % . Moreover, the accuracy was monitored in the case of launching several malwares using different process injection techniques simultaneously, and the detector was able to detect them efficiently. Also, it achieved a detection time with an average of 0.052 msec per detected malware. [ABSTRACT FROM AUTHOR]

Published

2024

6. MLSTL-WSN: machine learning-based intrusion detection using SMOTETomek in WSNs.

Author

Talukder, Md. Alamin, Sharmin, Selina, Uddin, Md Ashraf, Islam, Md Manowarul, and Aryal, Sunil

Subjects

*INTRUSION detection systems (Computer security), *WIRELESS sensor networks, *CYBER physical systems, *MACHINE learning, *FALSE alarms

Abstract

In the domain of cyber-physical systems, wireless sensor networks (WSNs) play a pivotal role as infrastructures, encompassing both stationary and mobile sensors. These sensors self-organize and establish multi-hop connections for communication, collectively sensing, gathering, processing, and transmitting data about their surroundings. Despite their significance, WSNs face rapid and detrimental attacks that can disrupt functionality. Existing intrusion detection methods for WSNs encounter challenges such as low detection rates, computational overhead, and false alarms. These issues stem from sensor node resource constraints, data redundancy, and high correlation within the network. To address these challenges, we propose an innovative intrusion detection approach that integrates machine learning (ML) techniques with the Synthetic Minority Oversampling Technique Tomek Link (SMOTE-TomekLink) algorithm. This blend synthesizes minority instances and eliminates Tomek links, resulting in a balanced dataset that significantly enhances detection accuracy in WSNs. Additionally, we incorporate feature scaling through standardization to render input features consistent and scalable, facilitating more precise training and detection. To counteract imbalanced WSN datasets, we employ the SMOTE-Tomek resampling technique, mitigating overfitting and underfitting issues. Our comprehensive evaluation, using the wireless sensor network dataset (WSN-DS) containing 374,661 records, identifies the optimal model for intrusion detection in WSNs. The standout outcome of our research is the remarkable performance of our model. In binary classification scenarios, it achieves an accuracy rate of 99.78%, and in multiclass classification scenarios, it attains an exceptional accuracy rate of 99.92%. These findings underscore the efficiency and superiority of our proposal in the context of WSN intrusion detection, showcasing its effectiveness in detecting and mitigating intrusions in WSNs. [ABSTRACT FROM AUTHOR]

Published

2024

7. DeepRoughNetID: A Robust Framework for Network Anomaly Intrusion Detection with High Detection Rates.

Author

Nalini, M., Yamini, B., Sinthia, P., and S, Praveena Rachel Kamala

Abstract

Network security faces challenges, including reduced true positives, increased false positives, and inadequate anomaly detection efficacy. This paper introduces the DeepRoughNetID (DRNID) approach to address these issues and confront the increasing cyberattack threat in modern communication systems. DRNID presents an innovative framework for network intrusion detection, incorporating kNNImputer, GreedyRoughSelector, DeepVAEEnsembler, and IntrusionNet components. kNNImputer enables adaptable data preprocessing by leveraging instance-based learning, facilitating efficient handling of evolving datasets without necessitating full retraining. GreedyRoughSelector enhances classifier performance through systematic attribute selection, focusing on relevant features while eliminating redundancies. DeepVAEEnsembler leverages Variational Autoencoders (VAEs) to learn underlying data distributions, enabling robust anomaly detection. IntrusionNet utilizes VAEs to classify intrusions, providing a comprehensive solution to network security challenges. By integrating these components, DRNID offers a refined approach that promises significant advancements in network intrusion detection. The experimental results demonstrate the effectiveness of DRNID, with an impressive accuracy of 98.8% achieved through 10-fold cross-validation. DRNID exhibits superior performance compared to existing methods across various datasets, showcasing its robust anomaly detection capabilities. This methodology empowers organizations to proactively prevent security violations and safeguard sensitive data from malicious entities. Beyond its theoretical contributions, our research carries tangible implications for strengthening cybersecurity defenses across diverse sectors, including telecommunications, finance, and healthcare. [ABSTRACT FROM AUTHOR]

Published

2024

8. Tides of Blockchain in IoT Cybersecurity.

Author

Ahakonye, Love Allen Chijioke, Nwakanma, Cosmas Ifeanyi, and Kim, Dong-Seong

Subjects

*BLOCKCHAINS, *INTERNET of things, *INTERNET security, *INTRUSION detection systems (Computer security), *ARTIFICIAL intelligence

Abstract

This paper surveys the implementation of blockchain technology in cybersecurity in Internet of Things (IoT) networks, presenting a comprehensive framework that integrates blockchain technology with intrusion detection systems (IDS) to enhance IDS performance. This paper reviews articles from various domains, including AI, blockchain, IDS, IoT, and Industrial IoT (IIoT), to identify emerging trends and challenges in this field. An analysis of various approaches incorporating AI and blockchain demonstrates the potentiality of integrating AI and blockchain to transform IDS. This paper's structure establishes the foundation for further investigation and provides a blueprint for the development of IDS that is accessible, scalable, transparent, immutable, and decentralized. A demonstration from case studies integrating AI and blockchain shows the viability of combining the duo to enhance performance. Despite the challenges posed by resource constraints and privacy concerns, it is notable that blockchain is the key to securing IoT networks and that continued innovation in this area is necessary. Further research into lightweight cryptography, efficient consensus mechanisms, and privacy-preserving techniques is needed to realize all of the potential of blockchain-powered cybersecurity in IoT. [ABSTRACT FROM AUTHOR]

Published

2024

9. Research on Virus Propagation Network Intrusion Detection Based on Graph Neural Network.

Author

Ying, Xianer, Pan, Mengshuang, Chen, Xiner, Zhou, Yiyi, Liu, Jianhua, Li, Dazhi, Guo, Binghao, and Zhu, Zihao

Abstract

The field of network security is highly concerned with intrusion detection, which safeguards the security of computer networks. The invention and application of intrusion detection technology play indispensable roles in network security, and it is crucial to investigate and comprehend this topic. Recently, with the continuous occurrence of intrusion incidents in virus propagation networks, traditional network detection algorithms for virus propagation have encountered limitations and have struggled to detect these incidents effectively and accurately. Therefore, updating the intrusion detection algorithm of the virus-spreading network is imperative. This paper introduces a novel system for virus propagation, whose core is a graph-based neural network. By organically combining two modules—a standardization module and a computation module—this system forms a powerful GNN model. The standardization module uses two methods, while the calculation module uses three methods. Through permutation and combination, we obtain six GNN models with different characteristics. To verify their performance, we conducted experiments on the selected datasets. The experimental results show that the proposed algorithm has excellent capabilities, high accuracy, reasonable complexity, and excellent stability in the intrusion detection of virus-spreading networks, making the network more secure and reliable. [ABSTRACT FROM AUTHOR]

Published

2024

10. A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of Things.

Author

Ahmad, Ijaz, Wan, Zhong, Ahmad, Ashfaq, and Ullah, Syed Sajid

Abstract

The proliferation of Internet of Things (IoT) devices and their integration into critical infrastructure and business operations has rendered them susceptible to malware and cyber-attacks. Such malware presents a threat to the availability and reliability of IoT devices, and a failure to address it can have far-reaching impacts. Due to the limited resources of IoT devices, traditional rule-based detection systems are often ineffective against sophisticated attackers. This paper addressed these issues by designing a new framework that uses a machine learning (ML) algorithm for the detection of malware. Additionally, it also employed sequential detection architecture and evaluated eight malware datasets. The design framework is lightweight and effective in data processing and feature selection algorithms. Moreover, this work proposed a classification model that utilizes one support vector machine (SVM) algorithm and is individually tuned with three different optimization algorithms. The employed optimization algorithms are Nuclear Reactor Optimization (NRO), Artificial Rabbits Optimization (ARO), and Particle Swarm Optimization (PSO). These algorithms are used to explore a diverse search space and ensure robustness in optimizing the SVM for malware detection. After extensive simulations, our proposed framework achieved the desired accuracy among eleven existing ML algorithms and three proposed ensemblers (i.e., NRO_SVM, ARO_SVM, and PSO_SVM). Among all algorithms, NRO_SVM outperforms the others with an accuracy rate of 97.8%, an F1 score of 97%, and a recall of 99%, and has fewer false positives and false negatives. In addition, our model successfully identified and prevented malware-induced attacks with a high probability of recognizing new evolving threats. [ABSTRACT FROM AUTHOR]

Published

2024

11. PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detection.

Author

Mahindru, Arvind, Arora, Himani, Kumar, Abhinav, Gupta, Sachin Kumar, Mahajan, Shubham, Kadry, Seifedine, and Kim, Jungeun

Subjects

*FEATURE selection, *MACHINE learning, *MALWARE, *RESEARCH personnel

Abstract

The challenge of developing an Android malware detection framework that can identify malware in real-world apps is difficult for academicians and researchers. The vulnerability lies in the permission model of Android. Therefore, it has attracted the attention of various researchers to develop an Android malware detection model using permission or a set of permissions. Academicians and researchers have used all extracted features in previous studies, resulting in overburdening while creating malware detection models. But, the effectiveness of the machine learning model depends on the relevant features, which help in reducing the value of misclassification errors and have excellent discriminative power. A feature selection framework is proposed in this research paper that helps in selecting the relevant features. In the first stage of the proposed framework, t-test, and univariate logistic regression are implemented on our collected feature data set to classify their capacity for detecting malware. Multivariate linear regression stepwise forward selection and correlation analysis are implemented in the second stage to evaluate the correctness of the features selected in the first stage. Furthermore, the resulting features are used as input in the development of malware detection models using three ensemble methods and a neural network with six different machine-learning algorithms. The developed models' performance is compared using two performance parameters: F-measure and Accuracy. The experiment is performed by using half a million different Android apps. The empirical findings reveal that malware detection model developed using features selected by implementing proposed feature selection framework achieved higher detection rate as compared to the model developed using all extracted features data set. Further, when compared to previously developed frameworks or methodologies, the experimental results indicates that model developed in this study achieved an accuracy of 98.8%. [ABSTRACT FROM AUTHOR]

Published

2024

12. An adversarial environment reinforcement learning-driven intrusion detection algorithm for Internet of Things.

Author

Mahjoub, Chahira, Hamdi, Monia, Alkanhel, Reem Ibrahim, Mohamed, Safa, and Ejbali, Ridha

Subjects

*INTRUSION detection systems (Computer security), *DEEP reinforcement learning, *REINFORCEMENT learning, *COMPUTER network traffic, *INTERNET of things, *DATABASES

Abstract

The increasing prevalence of Internet of Things (IoT) systems has made them attractive targets for malicious actors. To address the evolving threats and the growing complexity of detection, there is a critical need to search for and develop new algorithms that are fast and robust in detecting and classifying dangerous network traffic. In this context, deep reinforcement learning (DRL) is gaining recognition as a prospective solution in numerous fields as it enables autonomous agents to cooperate with their environment for decision-making without relying on human experts. This article presents an innovative approach to intrusion detection in IoT systems using an adversarial reinforcement learning (RL) algorithm known for its exceptional predictive capabilities. The predictive process relies on a classifier, implemented as a streamlined and highly efficient neural network. Embedded within this classifier is a policy function meticulously trained using an innovative RL model. Importantly, this model ensures that the environment's behavior is dynamically fine-tuned simultaneously with the learning process, improving the overall effectiveness of the intrusion detection approach. The efficiency of our proposal was assessed using the Bot-IoT database, consisting of a mixture of legitimate IoT network traffic and simulated attack scenarios. Our scheme shows superior performance compared to existing ones. Therefore, our approach to IoT intrusion detection can be considered a valuable alternative to existing methods, capable of significantly improving the IoT systems' security. [ABSTRACT FROM AUTHOR]

Published

2024

13. Intrusion detection system based on the beetle swarm optimization and K‐RMS clustering algorithm.

Author

Pran, S. Gokul, Raja, Sivakami, and Jeyasudha, S.

Subjects

*INTRUSION detection systems (Computer security), *ARTIFICIAL neural networks, *COMPUTER network traffic, *SUPPORT vector machines, *ALGORITHMS, *CLASSIFICATION algorithms

Abstract

Summary: Intrusion detection is a cyber‐security method that is significant for network security. It is utilized to detect behaviors that compromise security and privacy within a network or in the context of a computer system. To enhance the identification, an Intrusion Detection System Based on the Beetle Swarm Optimization and K‐RMS Clustering Algorithm cluster‐based hybrid classifiers is proposed in this manuscript. Here, the data is amassed from CICIDS2017 dataset. Then the data is preprocessed to eradicate the unwanted noise. After completing the preprocessed data, it can be clustered by using K‐RMS clustering algorithm. This algorithm cluster the entire data to the associated cluster set depending on the data behavior. The classification algorithm is considered to predict the data as normal or attacking behaviors. The hybrid classification is used to predict the data. The solitary predictor aims to achieve high detection rates and accuracy. The hybrid classifiers, such as support vector machines, artificial neural networks are applied to recognize the normal or intruder. The performance of the SVM‐ANN‐IDS method attains 22.05%, 15.87%, 27.25% higher accuracy, 23.90% and 28.53% higher precision, 29.29%, 19.19% and 23.27% higher specificity and 18.28%, 24.36% and 27.49% greater recall when compared to the existing models, like developing novel deep‐learning model to improve network intrusion categorization (DNN‐IDS), Intrusion identification scheme on real‐time data traffic under machine learning techniques along feature selection method (RNN‐SVM‐IDS) and recurrent deep learning basis feature fusion ensemble meta‐classifier for intellectual network intrusion identification scheme (RNN‐IDS) respectively. [ABSTRACT FROM AUTHOR]

Published

2024

14. Comparative study of ML models for IIoT intrusion detection: impact of data preprocessing and balancing.

Author

Eid, Abdulrahman Mahmoud, Soudan, Bassel, Nasif, Ali Bou, and Injadat, MohammadNoor

Subjects

*MACHINE learning, *INTRUSION detection systems (Computer security), *NAIVE Bayes classification, *RANDOM forest algorithms, *SUPPORT vector machines, *K-nearest neighbor classification, *DECISION trees

Abstract

This study investigates the effectiveness of six prominent machine learning models—random forest, decision trees, K-nearest neighbor, logistic regression, support vector machines, and Naïve Bayes—for intrusion detection systems in industrial Internet of Things environments. The evaluation encompasses the effects of data preprocessing techniques, including feature engineering, data normalization, recoding, and missing data mitigation. Furthermore, the research delves into dataset balancing, examining the effects of six different techniques on model performance. The investigations are conducted using the domain-specific WUSTL-IIOT-2021 dataset, which captures the unique characteristics of IIoT data. The study also investigates multi-class attack identification utilizing an innovative SMOTE-based multi-class balancing approach to tackle dataset imbalances. The results indicate that data preprocessing and intelligent dataset balancing produce consistent enhancements in the classification performance of the selected models across binary and multi-classification tasks. Random forest emerges as the standout algorithm, delivering consistently high performance with computational efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

15. Improved deep learning intrusion detection model based on GAN data enhancement.

Author

Shuangyuan, Li, Qichang, Li, Mengfan, Li, and Yanchang, Lv

Abstract

With the development of information technology, the number and methods of cyber attacks continue to increase, making network security issues increasingly important. Intrusion detection has become a vital means of dealing with cyber threats. Current intrusion detection methods predominantly rely on machine learning. However, machine learning suffers from limitations in detection capability and the requirement for extensive feature engineering. Additionally, current intrusion detection datasets face the challenge of data imbalance. To address these challenges, this paper proposes a novel solution leveraging Generative Adversarial Networks (GANs) to balance the dataset and introduces an attention mechanism into the generator to efficiently extract key feature information, the mechanism can effectively sort the key information of the data and quickly capture important features. Subsequently, a combination of 1D Convolutional Neural Networks (1DCNN) and Bidirectional Gated Recurrent Units (BiGRU) is employed to construct a classification model capable of extracting both spatial and temporal features. Furthermore, Particle Swarm Optimization (PSO) is utilized to optimize the input weights and hidden biases of the model, so as to further improve the accuracy and robustness of the model. Finally, the model is trained and implemented for network intrusion detection. To demonstrate the applicability of the model, experiments were conducted using the NSL-KDD dataset and the UNSW-NB15 dataset. The final results showed that the proposed model outperformed other models, achieving accuracies of 99.15% and 97.33% on the respective datasets. This indicates that the model improves the efficiency of network intrusion detection and better ensures the effectiveness of network security. [ABSTRACT FROM AUTHOR]

Published

2024

16. RobEns: Robust Ensemble Adversarial Machine Learning Framework for Securing IoT Traffic.

Author

Alkadi, Sarah, Al-Ahmadi, Saad, and Ben Ismail, Mohamed Maher

Subjects

*MACHINE learning, *INTERNET of things, *INTRUSION detection systems (Computer security)

Abstract

Recently, Machine Learning (ML)-based solutions have been widely adopted to tackle the wide range of security challenges that have affected the progress of the Internet of Things (IoT) in various domains. Despite the reported promising results, the ML-based Intrusion Detection System (IDS) proved to be vulnerable to adversarial examples, which pose an increasing threat. In fact, attackers employ Adversarial Machine Learning (AML) to cause severe performance degradation and thereby evade detection systems. This promoted the need for reliable defense strategies to handle performance and ensure secure networks. This work introduces RobEns, a robust ensemble framework that aims at: (i) exploiting state-of-the-art ML-based models alongside ensemble models for IDSs in the IoT network; (ii) investigating the impact of evasion AML attacks against the provided models within a black-box scenario; and (iii) evaluating the robustness of the considered models after deploying relevant defense methods. In particular, four typical AML attacks are considered to investigate six ML-based IDSs using three benchmarking datasets. Moreover, multi-class classification scenarios are designed to assess the performance of each attack type. The experiments indicated a drastic drop in detection accuracy for some attempts. To harden the IDS even further, two defense mechanisms were derived from both data-based and model-based methods. Specifically, these methods relied on feature squeezing as well as adversarial training defense strategies. They yielded promising results, enhanced robustness, and maintained standard accuracy in the presence or absence of adversaries. The obtained results proved the efficiency of the proposed framework in robustifying IDS performance within the IoT context. In particular, the accuracy reached 100% for black-box attack scenarios while preserving the accuracy in the absence of attacks as well. [ABSTRACT FROM AUTHOR]

Published

2024

17. Intrusion Detection Based on Adaptive Sample Distribution Dual-Experience Replay Reinforcement Learning.

Author

Tan, Haonan, Wang, Le, Zhu, Dong, and Deng, Jianyu

Subjects

*INTRUSION detection systems (Computer security), *REINFORCEMENT learning, *MACHINE learning, *INTERNET security, *CYBERTERRORISM, *PSYCHOLOGICAL feedback, *REINFORCEMENT (Psychology), *DATA distribution

Abstract

In order to cope with ever-evolving and increasing cyber threats, intrusion detection systems have become a crucial component of cyber security. Compared with signature-based intrusion detection methods, anomaly-based methods typically employ machine learning techniques to train detection models and possess the capability to discover unknown attacks. However, intrusion detection methods face the challenge of low detection rates for minority class attacks due to imbalanced data distributions. Traditional intrusion detection algorithms address this issue by resampling or generating synthetic data. Additionally, reinforcement learning, as a machine learning method that interacts with the environment to obtain feedback and improve performance, is gradually being considered for application in the field of intrusion detection. This paper proposes a reinforcement-learning-based intrusion detection method that innovatively uses adaptive sample distribution dual-experience replay to enhance a reinforcement learning algorithm, aiming to effectively address the issue of imbalanced sample distribution. We have also developed a reinforcement learning environment specifically designed for intrusion detection tasks. Experimental results demonstrate that the proposed model achieves favorable performance on the NSL-KDD, AWID, and CICIoT2023 datasets, effectively dealing with imbalanced data and showing better classification performance in detecting minority attacks. [ABSTRACT FROM AUTHOR]

Published

2024

18. Real-time data fusion for intrusion detection in industrial control systems based on cloud computing and big data techniques.

Author

Abid, Ahlem, Jemili, Farah, and Korbaa, Ouajdi

Subjects

*INDUSTRIAL controls manufacturing, *MULTISENSOR data fusion, *DATA fusion (Statistics), *CLOUD computing, *BIG data, *PROCESS capability, *INTRUSION detection systems (Computer security)

Abstract

Intrusion detection in industrial control systems (ICS) is crucial for maintaining secu rity in modern industries. However, the rapid growth of data generated from various sources presents significant challenges, as complex and diverse attacks continue to threaten the integrity of these systems. Traditional intrusion detection systems face limitations in effectively detecting intrusions and suffer from processing delays. To address these issues, there is an urgent need for a real-time and efficient IDS. This study introduces a novel approach to real-time intrusion detection in ICS by leveraging Cloud Computing and Big Data techniques for data fusion. By fusing mul tiple streams of data, our approach enhances intrusion detection performance, reduces false alarm rates, and produces more consistent and accurate results. The contributions of this work are two-fold. Firstly, we propose a real-time IDS that overcomes the limitations of traditional systems through the efficient processing capabilities of Cloud Computing and Big Data techniques. Secondly, we employ data fusion to integrate diverse data sources, resulting in improved intrusion detection accuracy and efficiency. Our proposed IDS achieves higher accuracy rates and demonstrates superior efficiency in detecting intrusions compared to existing solutions. These findings underscore the potential of our approach in enhancing ICS security and mitigating risks posed by evolving attacks. [ABSTRACT FROM AUTHOR]

Published

2024

19. Intrusion detection in internet of things-based smart farming using hybrid deep learning framework.

Author

Kethineni, Keerthi and Pradeepini, G.

Subjects

*METAHEURISTIC algorithms, *AGRICULTURE, *INTRUSION detection systems (Computer security), *DENIAL of service attacks, *DEEP learning, *WILD horses, *SENSOR placement

Abstract

Smart agriculture is a popular domain due to its intensified growth in recent times. This domain aggregates the advantages of several computing technologies, where the IoT is the most popular and beneficial. In this work, a novel and effective deep learning-based framework is developed to detect intrusions in smart farming systems. The architecture is three-tier, with the first tier being the sensor layer, which involves the placement of sensors in agricultural areas. The second tier is the Fog Computing Layer (FCL), which consists of Fog nodes, and the proposed IDS is implemented in each Fog node. The gathered information is transferred to this fog layer for further data analysis. The third tier is the cloud computing layer, which provides data storage and end-to-end services. The proposed model includes a fused CNN model with the bidirectional gated recurrent unit (Bi-GRU) model to detect and classify intruders. An attention mechanism is included within the BiGRU model to find the key features responsible for identifying the DDoS attack. In addition, the accuracy of the classification model is improved by using a nature-inspired meta-heuristic optimization algorithm called the Wild Horse Optimization (WHO) algorithm. The last layer is the cloud layer, which collects data from fog nodes and offers storage services. The proposed system will be implemented in the Python platform, using ToN-IoT and APA-DDoS attack datasets for assessment. The proposed system outperforms the existing methods in accuracy (99.35%), detection rate (98.99%), precision (99.9%) and F-Score (99.08%) for the APA DDoS attack dataset and the achieved accuracy of the ToN-IoT dataset (99.71%), detection rate (99.02%), precision (99.89%) and F-score (99.05%). [ABSTRACT FROM AUTHOR]

Published

2024

20. Intrusion detection for power grid: a review.

Author

Dasgupta, Rupshali, Pramanik, Meghabriti, Mitra, Pabitra, and Chowdhury, Dipanwita Roy

Subjects

*GRIDS (Cartography), *RESEARCH personnel, *CYBERTERRORISM

Abstract

Cyber-attacks on power system assets are increasingly causing disruption of operations for modern-day utilities. Intrusion detection systems are essential for the detection and categorization of these attacks in real-time. A large number of researchers and practitioners have developed such systems for protecting various power grid components against a number of possible attacks. In this paper, we review the studies and outline their significance. We first briefly describe various power system components that are vulnerable to attack. Then we categorize known attack types. Finally, we present the literature referring to these aspects of building intrusion detection systems for power grids. [ABSTRACT FROM AUTHOR]

Published

2024

21. ICS-IDS: application of big data analysis in AI-based intrusion detection systems to identify cyberattacks in ICS networks.

Author

Ali, Bakht Sher, Ullah, Inam, Al Shloul, Tamara, Khan, Izhar Ahmed, Khan, Ijaz, Ghadi, Yazeed Yasin, Abdusalomov, Akmalbek, Nasimov, Rashid, Ouahada, Khmaies, and Hamam, Habib

Subjects

*INTRUSION detection systems (Computer security), *ARTIFICIAL intelligence, *FISHER discriminant analysis, *BIG data, *CYBERTERRORISM, *INDUSTRIAL controls manufacturing, *DATA analysis

Abstract

The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant destructive impact of viruses such as Slammer, worms, Stuxnet, Duqu, Seismic Net, and Flame on critical infrastructures in various countries. The key challenge is constructing the intrusion detection system (IDS) framework to deal with imbalanced datasets. Many researchers work especially on binary classification, but multi-classification is a more challenging and still active research area. To deal with the multi-class imbalanced classification problem, we outline an instance-based intrusion detection technique named ICS-IDS, for intrusion detection in ICS systems specific to SCADA networks. The developed technique consists of two core components, the data preparation component, and the detection component. The data preparation component uses the normalization, Fisher Discriminant Analysis, and k-neighbor's method to scale the data, reduce the dimensionality, and resample the dataset, respectively. To learn the latent representations and discern harmful vectors from attacked data, the detection/recognition component leverages an efficient instance-based learner. The proposed ICS-IDS model outperforms existing attractive methods in detecting sophisticated attack vectors in ICS data, achieving 99% accuracy and 99% detection rates (DR) on an industrial network dataset. This proves the methodology's practicality for implementing security in real-world ICS networks. [ABSTRACT FROM AUTHOR]

Published

2024

22. Intrusion detection method based on imbalanced learning classification.

Author

Li, Xiangjun, Kong, Ke, Shen, Hua, Wei, Zhixiang, and Liao, Xiaofeng

Abstract

Unbalanced data in intrusion detection seriously affect the overall performance of intrusion detection methods. This paper proposes an intrusion detection algorithm based on unbalanced learning (ID-UL) for unbalanced learning. It uses two strategies to address the issues brought about by unbalanced data. First, the data grouping strategy based on integrated learning alleviates the extreme data imbalance and avoids the negative impact on imbalanced learning. Meanwhile, to avoid the possible negative impact brought by unbalanced data on the learning procedures of convolutional neural networks, the strategy of assigning weight to the loss function is adopted. Besides, a method for determining the weight value is designed to make the model supervise the learning of attack samples during the training process. Experimental results on the NSL-KDD dataset show that the method in this paper can effectively improve the detection of attack classes, and the overall detection accuracy reaches 81.48%. ID-UL has the same significant effect on other imbalanced datasets. [ABSTRACT FROM AUTHOR]

Published

2024

23. Intrusion Detection Using Bat Optimization Algorithm and DenseNet for IoT and Cloud Based Systems.

Author

Bella, H. Kanakadurga and Vasundra, S.

Subjects

*OPTIMIZATION algorithms, *INTERNET of things, *TIME complexity, *DEEP learning, *MANUAL labor, *INTRUSION detection systems (Computer security)

Abstract

In Internet of Things (IoT) and cloud systems, Intrusion Detection (ID) is very vital for protecting the security infrastructures. ID techniques are extensively used to detect and track malicious threats in cloud and IoT systems. In the IoT based ID, the conventional techniques work based on the manual traffic feature values that increase the complexity of the networks and achieve a limited detection rate on the larger IoT databases. For addressing the above-stated issues and achieving high classification results, an effective deep learning based ID-System (IDS) is implemented in this article. Initially, the IoT data is acquired from the NSW-NB15 and NSL-KDD databases, and then, the standard scaling normalization technique, known as Min-Max normalization, is applied to select the dominant attributes and to eliminate outliers from the acquired databases. Additionally, the optimal features are selected from the rescaled normalized data by implementing the Bat optimization algorithm. The selection of optimal features decreases the computational complexity and training time of the IDS. The chosen optimal features are passed into the DenseNet model for carrying out intrusion attack detection. Particularly, in the binary-class classification, the Bat-based DenseNet model obtained 98.89% and 98.40% of accuracy on the UNSW-NB15 and NSL-KDD databases, correspondingly. The obtained simulation results prove the higher effectiveness of the current study when it is related to the state-of-the-art classifiers. [ABSTRACT FROM AUTHOR]

Published

2024

24. Energy efficiency in 5G systems: A systematic literature review.

Author

Maiwada, Umar Danjuma, Danyaro, Kamaluddeen Usman, Sarlan, Aliza, Liew, M.S., Taiwo, Ayankunle, and Audi, Umar Ismaila

Subjects

*TECHNOLOGICAL innovations, *DENIAL of service attacks, *5G networks, *PROCESS capability, *DIGITAL twins, *SALTWATER encroachment, *ENERGY consumption, *CHILDREN with intellectual disabilities

Abstract

To ensure Energy Efficiency (EE) and better Quality of service (QoS), it is necessary to analyze the energy saving possibilities for low resource utilization in the current networks caused by rigorous QoS requirements and implementing EE approach in the planned model for performance improvement. Distributed Denial of Service (DDoS) attacks aim to exhaust the network's processing and communication capacity by saturating it with packets and generating malicious traffic. There are numerous advantages that make Digital Twin (DT) and Intrusion Detection technique (ID) an effective remedy for a range of (fifth generation) 5G problems. A DDoS attack must be immediately detected and stopped before a legitimate user can access the target of the attacker for the 5G network to provide an efficient energy service. Although they clearly show promise in assisting with the creation and implementation of the challenging 5G environment, Digital Twins is still a relatively new technology for 5G networks but will increase EE. In this research, a thorough examination of the materials was carried out to identify the most cutting-edge DT and ID methods. The purpose of this study was to comprehend the problems with Energy Efficiency, the need for DT, and the methods for dealing with large-scale attack by DDoS on Energy Efficient networks. Only 94 of the 1555 articles produced by the procedure were determined to be relevant using inclusion and exclusion criteria. The outcome demonstrates that in 5G networks, DT, and its fundamental approaches, like QoS and DDoS attack mitigation, can be used to regulate the network's Energy Efficiency. Numerous practical applications focusing on 5G Systems use their own principles. The effectiveness of these strategies was evaluated using several assessment criteria, including DT, Intrusion Detection, QoS, Energy Efficiency, and 5G Systems. Each study issue is thoroughly explained, along with typical methods, advantages, disadvantages, and performance metrics. Energy economy, network reliability, privacy, and cost reduction are all considerably increased by the implementation of intrusion detection technology in 5G systems. The decision is supported by the technology's demonstrated efficacy, scalability, real-time detection capacities, low error level, and personalized learning attributes, all of which contribute to the long-term viability of 5G networks as an entire system. [ABSTRACT FROM AUTHOR]

Published

2024

25. STNet: A Time-Frequency Analysis-Based Intrusion Detection Network for Distributed Optical Fiber Acoustic Sensing Systems.

Author

Zeng, Yiming, Zhang, Jianwei, Zhong, Yuzhong, Deng, Lin, and Wang, Maoning

Subjects

*OPTICAL fiber networks, *OPTICAL fibers, *HIGH speed trains, *OPTICAL time-domain reflectometry, *OPTICAL fiber detectors, *FALSE alarms

Abstract

Distributed optical fiber acoustic sensing (DAS) is promising for long-distance intrusion-anomaly detection tasks. However, realistic settings suffer from high-intensity interference noise, compromising the detection performance of DAS systems. To address this issue, we propose STNet, an intrusion detection network based on the Stockwell transform (S-transform), for DAS systems, considering the advantages of the S-transform in terms of noise resistance and ability to detect disturbances. Specifically, the signal detected by a DAS system is divided into space–time data matrices using a sliding window. Subsequently, the S-transform extracts the time-frequency features channel by channel. The extracted features are combined into a multi-channel time-frequency feature matrix and presented to STNet. Finally, a non-maximum suppression algorithm (NMS), suitable for locating intrusions, is used for the post-processing of the detection results. To evaluate the effectiveness of the proposed method, experiments were conducted using a realistic high-speed railway environment with high-intensity noise. The experimental results validated the satisfactory performance of the proposed method. Thus, the proposed method offers an effective solution for achieving high intrusion detection rates and low false alarm rates in complex environments. [ABSTRACT FROM AUTHOR]

Published

2024

26. A network intrusion detection framework on sparse deep denoising auto-encoder for dimensionality reduction.

Author

Manjunatha, B. A., Shastry, K. Aditya, Naresh, E., Pareek, Piyush Kumar, and Reddy, Kadiri Thirupal

Subjects

*COMPUTER network traffic, *INTRUSION detection systems (Computer security), *SUPPORT vector machines

Abstract

In today's internet-driven world, a multitude of attacks occurs daily, propelled by a vast user base. The effective detection of these numerous attacks is a growing area of research, primarily accomplished through intrusion detection systems (IDS). IDS are vital for monitoring network traffic to identify malicious activities, such as Denial of Service, Probe, Remote-to-Local, and User-to-Root attacks. Our research focused on evaluating different auto-encoders for enhancing network intrusion detection. The proposed method sparse deep denoising auto-encoder approach produces the dimensionality reduction used to predict and classify attacks in datasets. With the most records among the datasets by training the auto-encoder on normal network data, this utilized reconstruction error as an indicator of anomalies. We tested our approach using standard datasets like KDDCup99, NSL-KDD, UNSW-NB15, and NMITIDS. Remarkably, our sparse deep denoising auto-encoder achieved an accuracy of over 96% based solely on reconstruction error. The primary aim of this work is to improve intrusion detection by achieving higher detection accuracy compared to existing methods. [ABSTRACT FROM AUTHOR]

Published

2024

27. Optimizing anomaly-based attack detection using classification machine learning.

Author

Gouda, Hany Abdelghany, Ahmed, Mohamed Abdelslam, and Roushdy, Mohamed Ismail

Subjects

*DEEP learning, *MACHINE learning, *CONVOLUTIONAL neural networks, *K-nearest neighbor classification, *DIGITAL technology, *RANDOM forest algorithms

Abstract

One of the significant aspects of our digital world is that data are literally everywhere, and it is increasing. On the other hand, the number of cyberattacks aiming to seize this data and use it illegally is increasing at an exponential rate, and this is the challenge. Therefore, intrusion detection systems (IDS) have attracted considerable interest from researchers and industries. In this regard, machine learning (ML) techniques are playing a pivotal role as they put the responsibility of analyzing enormous amounts of data, finding patterns, classifying intrusions, and solving issues on computers instead of humans. This paper implements two separate classification layers of ML-based algorithms with the recently published NF-UQ-NIDS-v2 dataset, preprocessing two volumes of sample records (100 k and 10 million), utilizing MinMaxScaler, LabelEncoder, selecting superlative features by recursive feature elimination, normalizing the data, and optimizing hyper-parameters for classical algorithms and neural networks. With a small dataset volume, the results of the classical algorithms layer show high detection accuracy rates for support vector (98.26%), decision tree (98.78%), random forest (99.07%), K-nearest neighbors (98.16%), CatBoost (99.04%), and gradient boosting (98.80%). In addition, the layer of neural network algorithms has proven to be a very powerful technology when using deep learning, particularly due to its unique ability to effectively handle enormous amounts of data and detect hidden correlations and patterns; it showed high detection results, which were (98.87%) for long short-term memory and (98.56%) for convolutional neural networks. [ABSTRACT FROM AUTHOR]

Published

2024

28. Ensemble averaging deep neural network for botnet detection in heterogeneous Internet of Things devices.

Author

Wardana, Aulia Arif, Kołaczek, Grzegorz, Warzyński, Arkadiusz, and Sukarno, Parman

Subjects

*ARTIFICIAL neural networks, *BOTNETS, *INTERNET of things, *SPAM email

Abstract

The botnet attack is one of the coordinated attack types that can infect Internet of Things (IoT) devices and cause them to malfunction. Botnets can steal sensitive information from IoT devices and control them to launch another attack, such as a Distributed Denial-of-Service (DDoS) attack or email spam. This attack is commonly detected using a network-based Intrusion Detection System (NIDS) that monitors the network device's activity. However, IoT network is dynamic and IoT devices have many types with different configurations and vendors in IoT environments. Therefore, this research proposes an Intrusion Detection System (IDS) by ensemble-ing traffic from heterogeneous IoT devices. This research proposes Deep Neural Network (DNN) to create a training model from each heterogeneous IoT device. After that, each training model from each heterogeneous IoT device is used to predict the traffic. The prediction results from each training model are averaged using the ensemble averaging method to determine the final result. This research used the N-BaIoT dataset to validate the proposed IDS model. Based on experimental results, ensemble averaging DNN can detect botnet attacks in heterogeneous IoT devices with an average accuracy of 97.21, precision of 91.41, recall of 87.31, and F1-score 88.48. [ABSTRACT FROM AUTHOR]

Published

2024

29. Improved minority attack detection in Intrusion Detection System using efficient feature selection algorithms.

Author

Rejimol Robinson, R. R., Anagha Madhav, K. P., and Thomas, Ciza

Abstract

Machine Learning and Data Mining algorithms are used extensively to enhance the performance of Intrusion Detection Systems. The number of training instances and the dimensionality of data are crucial factors affecting the performance of the model built during the training of any supervised learning algorithms. A sufficient proportion of instances having relevant features from all classes of attacks and normal traffic are considered most desirable while building the classification model that classifies the network traffic into attack and normal. This paper proposes a methodology to improve the accuracy of the model by giving importance to the relevant features that can contribute to model building. The feature selection using correlation‐based and information gain‐based techniques during training and testing contributes much to the detection of stealthier attacks and minority attacks. Then the features of the less detected attacks are identified as the second phase of the filter that is used to improve the performance. The relevant features of stealthy attacks are identified based on the correlation of corresponding features of the attack and normal data as the attacks are made stealthy mostly by making it resemble the normal traffic. Finally, the attacks that are rarely found in the training data are oversampled to improve their detection. CICIDS 2017 data set is employed as it comprises stealthier attacks generated using modern tools. NSL KDD data set is also used for evaluation to compare the proposed work with existing literature as it is used in most of the available literature. The results show superior performance with an accuracy of 99.8%, false positive rate of 0.2%, and a detection rate and 99.8%. [ABSTRACT FROM AUTHOR]

Published

2024

30. 多尺度卷积与双注意力机制融合的入侵检测方法.

Author

陈 虹, 李泓绪, and 金海波

Abstract

In order to improve the accuracy of internet intrusion detection methods, an intrusion detection method combining convolution neural network and attention mechanism is proposed. Using Borderline-SMOTE oversampling algorithm and MinMax normalization to preprocess data, effectively alleviate the problem of large differences in the amount of intrusion data, and improve the detection performance of unbalanced data; the convolution neural network inception structure is used for multi-scale feature extraction of data, and the attention mechanism is used for dimension update to improve the accuracy of feature expression when the model processes massive data. The experiment shows that the average accuracy of the intrusion detection method is 99.57%. Compared with SVM, CNN, RNN, and BLS-GMM, the accuracy increases by 4.48%, 1.35%, 1.62% and 0.04% respectively, and the recall increases by 4.48%, 1.36%, 1.62% and 0.14% respectively. [ABSTRACT FROM AUTHOR]

Published

2024

31. Privacy-preserving intrusion detection in Internet of medical things neural networks using a novel recurrent U-Net auto-encoder algorithm for biomedical applications.

Author

Ragul Vignesh, M., Srihari, K., and Karthik, S.

Subjects

*INTRUSION detection systems (Computer security), *RECURRENT neural networks, *BODY area networks, *INTERNET of things, *ALGORITHMS, *PRINCIPAL components analysis, *FEATURE extraction

Abstract

The rapid development of Internet of Things (IoT) technology has enabled the emergence of the Internet of Medical Things (IoMT), especially in body area network applications. To protect sensitive medical data, it is essential to ensure privacy preservation and detect intrusions in this context. This study proposes a novel intrusion detection system that protects the privacy of IoMT networks, specifically in the context of body area networks. For feature extraction, the system employs a recurrent U-Net autoencoder algorithm, which effectively captures temporal dependencies in IoMT data. In addition, privacy is protected through the combination of data anonymization techniques and data classification using Principal Component Analysis (PCA). Combining the recurrent U-Net autoencoder algorithm, privacy preservation mechanisms, and PCA-based data classification, the proposed system architecture comprises the U-Net autoencoder algorithm. The proposed method is superior to existing approaches in terms of accuracy, precision, recall, F-measure, and classification loss, as demonstrated by experimental evaluations. This research contributes to the field of privacy protection and intrusion detection in IoMT, specifically in body area network applications. [ABSTRACT FROM AUTHOR]

Published

2024

32. Crook node identification system in VANET using CRF based feature selection and data mining classification techniques.

Author

Mahalakshmi, G. and Uma, E.

Subjects

*INTRUSION detection systems (Computer security), *INTELLIGENT transportation systems, *SYSTEM identification, *DATA mining, *FEATURE selection, *RANDOM fields, *SUPPORT vector machines

Abstract

Intelligent Transportation Systems have become integral to daily life, with VANETs (vehicular ad-hoc networks) playing the pivotal role. VANETs, the subsets of MANETs, employ vehicles as nodes to establish intelligent transport systems. However, due to critical applications such as military use, these networks are susceptible to attacks. With features like high mobility, dynamic network topology, and coverage issues, security breaches are a concern. This necessitates a secure routing algorithm to mitigate attacks and ensure message delivery. In our study, we utilize the UNSW-NB15 intrusion detection dataset to develop training and testing models. Our proposed novel intrusion detection system employs a feature selection algorithm that prioritizes significant arriving traffic attributes. This algorithm enhances abnormal activity detection while minimizing associated features. To achieve this, we modify the Conditional Random Field algorithm with fuzzy-based rules, resulting in a more efficient selection of influential and contributing features for detecting attacks such as DoS, Worms, Fuzzers, and Shellcode. Through appropriate feature selection using the modified Conditional Random Field and Support Vector Machine classification system in our experiments, we demonstrate a notable increase in security by reducing the false positive rate. Additionally, our approach excels in detecting accuracy of Fuzzers (98.86%), DoS (98.80%), Worms (34.45%), and Shellcode (89.308%), ultimately enhancing network performance. These findings underscore the effectiveness of our proposed method in enhancing intrusion detection and overall network efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

33. An early discovery of intrusion attack using novel optimized deep learning for internet of things.

Author

Anandha Kumar, M., Shanmuga Priya, M., and Arunprakash, R.

Subjects

*DEEP learning, *INTERNET of things, *PARTICLE swarm optimization, *COMPUTER network traffic, *COMPUTER network security, *MATHEMATICAL optimization

Abstract

In the past couple of years, neural networks have gained widespread use in network security analysis. This type of analysis is usually performed in a nonlinear and highly correlated manner. Due to the immense amount of data traffic, the current models are prone to false alarms and poor detection. Deep-learning models can help security researchers identify and extract data features that are related to an attack. They can also minimize the data's dimensionality and detect intrusions. Unfortunately, the complexity of the network structure and hidden neurons of a deep-learning model can be set by error-prone procedures. In order to improve the performance of deep learning models, a new algorithm is proposed. This method combines a gradient boost regression and particle swarm optimization. The proposes a method called the Spark-DBN-SVM-GBR algorithm. The simulations conducted proposed algorithm revealed that it has a better accuracy rate than other deep learning models and the experiments conducted on the PSO-GBR algorithm revealed that it performed better than the current optimization technique when detecting unauthorized attack activities. [ABSTRACT FROM AUTHOR]

Published

2024

34. Artificial intelligence for classification and regression tree based feature selection method for network intrusion detection system in various telecommunication technologies.

Author

Kumar, Neeraj and Kumar, Upendra

Subjects

*ARTIFICIAL intelligence, *REGRESSION trees, *TELECOMMUNICATION systems, *TIME complexity, *MACHINE learning, *FEATURE selection, *PYTHON programming language

Abstract

Now a days, secure data communication over computer network system is a major issue in which impact of feature reduction plays a vital role to secure network by early detection of intrusion. It not only keeps a deep impact on the performance of existing Intrusion Detection System (IDS) algorithms but also affects the computational complexity. Although lots of techniques have been offered for feature reduction by researchers and they have their own perks and quirks, but still they are several flows. To manipulate the same dataset for different classifiers and to select different number of features for the detection of attacks are not only having too much computational cost but also time consuming. The experiments have been carried out using "Python" programming language based library "Scikit‐Learn" software on "Kddcup99" dataset from UCI machine learning repository as a test bed. In this article a classification and regression trees (CART) based feature selection algorithm has been proposed which offers optimum set of features. Further optimum set of features has been offered by our proposed work passed over various classifiers for training and testing to establish network intrusion detection system (NIDS). We have compared the performance accuracy of various existing machine learning (ML) based classification algorithms and obtained higher performance accuracy with lower computational cost. The proposed algorithm having optimum time complexity and accuracy in designing of IDS. [ABSTRACT FROM AUTHOR]

Published

2024

35. Lightweight real-time WiFi-based intrusion detection system using LightGBM.

Author

Bhutta, Areeb Ahmed, Nisa, Mehr un, and Mian, Adnan Noor

Subjects

*MACHINE learning, *FEATURE selection, *TECHNOLOGICAL innovations, *WIRELESS Internet, *QUALITY of service, *INTERNET of things, *INTRUSION detection systems (Computer security)

Abstract

Attacks on WiFi networks can cause network failures and denial of service for authentic users. To identify such attacks, the deployment of a WiFi Intrusion Detection System (IDS) is crucial. The key objective of WiFi IDS is to protect the network by examining WiFi traffic and classifying it as an attack or normal. The state-of-the-art anomaly-based WiFi IDSs use machine learning (ML) to learn the characteristics of past attacks from WiFi traffic datasets. A lot of research is done on advanced ML-based IDSs but work on WiFi-based IDSs is very limited and is based on old ML models. Most of our communications and devices are dependent on WiFi, therefore there is a dire need to update WiFi IDSs with the latest lightweight ML models. Even though old ML models are effective, they have to suffer from large training and testing times along with high computational costs due to large traffic features and outdated algorithms. Moreover, with emerging technologies like the Internet of Things and big data, WiFi traffic is increasing rapidly. Therefore, the issue of computational cost needs to be addressed properly. Thus, in this research, we propose an efficient ML-based WiFi IDS that utilizes a lightweight state-of-the-art ML model and optimum feature selection to reduce computational cost and provide high performance. With the help of MAC layer information and radiotap headers, our WiFi IDS can detect WiFi attacks that go undetected through normal network-based IDS. The proposed WiFi IDS uses a Light Gradient Boosting Machine (LightGBM) that combines several weak learners into a single, better generalizable, strong learner and uses Gradient-based One Side Sampling to downsample data instances with small gradients during training. The experimental results prove that the proposed solution outperforms other classifiers in accuracy, precision, recall, F1 score, training time, and testing time. The proposed solution provides better accuracy with 26 times less training time and 20% less test time compared to XGBoost. The proposed solution can classify real-time WiFi traffic in the order of microseconds and can be trained efficiently with new data. [ABSTRACT FROM AUTHOR]

Published

2024

36. Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning.

Author

Kose, Nuri Alperen, Jinad, Razaq, Rasheed, Amar, Shashidhar, Narasimha, Baza, Mohamed, and Alshahrani, Hani

Subjects

*INTELLIGENT transportation systems, *MACHINE learning, *INDUSTRIAL controls manufacturing, *MICROCONTROLLERS, *RANDOM forest algorithms, *DECISION trees, *RELIABILITY in engineering

Abstract

Embedded system technologies are increasingly being incorporated into manufacturing, smart grid, industrial control systems, and transportation systems. However, the vast majority of today's embedded platforms lack the support of built-in security features which makes such systems highly vulnerable to a wide range of cyber-attacks. Specifically, they are vulnerable to malware injection code that targets the power distribution system of an ARM Cortex-M-based microcontroller chipset (ARM, Cambridge, UK). Through hardware exploitation of the clock-gating distribution system, an attacker is capable of disabling/activating various subsystems on the chip, compromising the reliability of the system during normal operation. This paper proposes the development of an Intrusion Detection System (IDS) capable of detecting clock-gating malware deployed on ARM Cortex-M-based embedded systems. To enhance the robustness and effectiveness of our approach, we fully implemented, tested, and compared six IDSs, each employing different methodologies. These include IDSs based on K-Nearest Classifier, Random Forest, Logistic Regression, Decision Tree, Naive Bayes, and Stochastic Gradient Descent. Each of these IDSs was designed to identify and categorize various variants of clock-gating malware deployed on the system. We have analyzed the performance of these IDSs in terms of detection accuracy against various types of clock-gating malware injection code. Power consumption data collected from the chipset during normal operation and malware code injection attacks were used for models' training and validation. Our simulation results showed that the proposed IDSs, particularly those based on K-Nearest Classifier and Logistic Regression, were capable of achieving high detection rates, with some reaching a detection rate of 0.99. These results underscore the effectiveness of our IDSs in protecting ARM Cortex-M-based embedded systems against clock-gating malware. [ABSTRACT FROM AUTHOR]

Published

2024

37. Exploring the effect of training-time randomness on the performance of deep neural networks for intrusion detection.

Author

Catillo, Marta, Pecchia, Antonio, and Villano, Umberto

Subjects

*ARTIFICIAL neural networks, *SUPERVISED learning, *DEEP learning, *INTRUSION detection systems (Computer security), *SELECTION (Plant breeding), *SEED yield, *MACHINE learning

Abstract

The number of papers on machine learning and deep neural networks applied to intrusion detection systems (IDS) is ever-increasing. Differently from existing work on the topic, this paper explores the effect of training-time randomness of deep neural networks, which is overlooked by the related literature. Training-time randomness is regulated by the seed of the pseudorandom number generator, and affects the performance of IDS models. The seed selection is studied in conjunction with other critical learning parameters: to the best of our knowledge, there are no similar studies in IDS. The experiments are done with a recent and widely consolidated intrusion detection benchmark, which is used to train and test a neural network under different combinations of seeds and parameters both in supervised and semi-supervised learning modes. The results are inferred by a mixture of explorative analysis, design of experiments, and analysis of variance. According to the results, the choice of the seed yields either excellent or scarce detection metrics; more importantly, the seed selection might be as relevant as the other major learning parameters assessed. [ABSTRACT FROM AUTHOR]

Published

2024

38. RLET: a lightweight model for ubiquitous multi-class intrusion detection in sustainable and secured smart environment.

Author

Dhingra, Bhavya, Jain, Vidhi, Sharma, Deepak Kumar, Gupta, Koyel Datta, and Kukreja, Deepika

Subjects

*MACHINE learning, *INTRUSION detection systems (Computer security), *TECHNOLOGICAL innovations, *WATER pipelines, *RANDOM forest algorithms, *CYBERTERRORISM

Abstract

In today's data-driven society, every device produces data every day, and digitalization has transformed all data digital. However, access to any kind of data is now effortless due to technological advancements. Cyber-attacks on the network provide a risk to the network and data, which, if it gets into the wrong hands, might be very challenging to manage. Therefore, the best way to deal with this issue is to prevent any kind of cyber-attack before it starts by early detection. The suggested model is a soft voting of the random forest, light gradient boosting and extra tree classifiers (RLET). This architecture creates a robust, quick and lightweight machine learning model that helps to overcome this challenge and makes it widely used. Three tree-based models are combined in RLET, a soft voting ensemble with improved memory optimization characteristics. Each model quickly processes a certain component of the data to maintain speed, and ensembling enables the model to maintain efficiency. For multi-class intrusion detection, the suggested model achieved an AUC-ROC score of 99.79 for the gas pipeline dataset and 99.76 for the water pipeline dataset. [ABSTRACT FROM AUTHOR]

Published

2024

39. Virtual Machine Migration-Based Intrusion Detection System in Cloud Environment Using Deep Recurrent Neural Network.

Author

Srinivas, B. V., Mandal, Indrajit, and Keshavarao, Seetharam

Abstract

Cloud system attracts users with the desired features, and in the meanwhile, cloud system may experience various security issues. An effective intrusion detection system is offered by the proposed Sail Fish Dolphin Optimization-based Deep Recurrent Neural Network (SFDO-based Deep RNN), which is utilized to identify anomalies in the cloud architecture. The developed SFDO is formed by integrating Sail Fish Optimizer (SFO) and Dolphin Echolocation (DE) algorithm. Virtual Machine (VM) migration and cloud data management are accomplished using ChicWhale algorithm. Some of the attribute features are collected from the cloud model such that these features are grouped using Fuzzy C-Means (FCM) clustering. The feature fusion process is carried out by a Deep RNN classifier that has been trained using the specified SFDO technique in order to achieve the intrusion detection mechanism. The approach with the lowest error value is thought to be the best approach for intruder detection, according to the fitness function. Using the BoT-IoT dataset, the proposed method's accuracy, detection rate (DR), and false-positive rate (FPR) were assessed. The results showed that it outperformed the previous methods with values of 0.9614, 0.9648, and 0.0429, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

40. Exponential Squirrel Search Algorithm-Based Deep Classifier for Intrusion Detection in Cloud Computing with Big Data Assisted Spark Framework.

Author

Polepally, Vijayakumar, Jagannadha Rao, D. B., Kalpana, Parsi, and Nagendra Prabhu, S.

Abstract

Intrusion detection systems (IDS) are extensively employed for detecting suspicious behaviors in hosts. The ability of distributed IDS solutions makes it viable to combine and handle various kinds of sensors and generate alerts to different hosts positioned in distributed platforms. However, to offer secure and feasible services in a cloud platform is an imperative issue due to the impacts of attacks. This paper devises a novel IDS framework using cloud data to counter the influence of attacks. Here, the spark architecture is employed for discovering the intrusions. The pre-processing is applied to the input data for removing artifacts and noise considering input data. Thereafter, the feature extraction and feature fusion are performed in slave nodes. The feature fusion is carried out with the proposed Exponential Squirrel Search Algorithm (ExpSSA) algorithm. The fused features are considered in a deep-stacked autoencoder (Deep SAE) for performing effective intrusion detection. The proposed ExpSSA is adapted to train Deep SAE for tuning optimum weights. The exponential weighted moving average (EWMA) and squirrel search algorithm (SSA) are combined to create the proposed ExpSSA. The proposed ExpSSA-based Deep SAE offered improved performance compared to other techniques with the highest accuracy, detection rate of 0.846, and minimal FPR. [ABSTRACT FROM AUTHOR]

Published

2024

41. A Hybrid Machine Learning Based Intrusion Detection System for MIL-STD-1553.

Author

Çiloğlu, Yunus Emre and Bahtiyar, Şerif

Subjects

*INTRUSION detection systems (Computer security), *MACHINE learning, *NATURAL language processing, *ERROR rates

Abstract

MIL-STD-1553 is a communication standard developed by the US Department of Defense in 1975, primarily utilized in military aircraft, ground vehicles, and spacecraft. Due to its dual-redundant data bus structure, high reliability, and low error rate, it finds applications in safety-critical systems. Despite being considered secure at the time of its development, MIL-STD-1553-based systems have gradually become vulnerable over time, presenting easy targets for attackers. In this research, we propose the utilization of a new hybrid method based on machine learning and natural language processing for MIL-STD-1553, aiming to perform anomaly-based intrusion detection. In doing so, we employ Stochastic Gradient Descent and BERT algorithms, previously unused for intrusion detection in the MIL-STD-1553 system. The proposed system was experimentally evaluated against cyber-attacks. We observed that the hybrid intrusion detection system provides satisfactory results in detecting intrusions on MIL-STD-1553 data bus. Overall, experimental results show that the proposed system may be used to detect intrusions on MIL-STD-1553 based communications. [ABSTRACT FROM AUTHOR]

Published

2024

42. Intrusion detection and mitigation of attacks in microgrid using enhanced deep belief network.

Author

Durairaj, Danalakshmi, Venkatasamy, Thiruppathy Kesavan, Mehbodniya, Abolfazl, Umar, Syed, and Alam, Tanweer

Subjects

*INTRUSION detection systems (Computer security), *MICROGRIDS, *DENIAL of service attacks, *ELECTRIC power distribution grids, *GREEDY algorithms, *DEEP learning

Abstract

The convergence from the electric grid to the smart microgrid motivates the incorporation of the intrusion detection system to identify intruders and mitigate the resultant damages to ensure system stability. It is planned to employ the Deep Belief Network (DBN), which is one of the deep learning techniques with some improvement to detect the attacks in a microgrid. To improve the accuracy of the detection, a rule-based detection technique is added to enhance the detection of intruders using DBN. The proposed technique is supported with the layered micro-grid architecture that makes the system flexible and simple toward the implementation. The proposed Enhanced DBN (EDBN) performance is measured in different bus representations for identifying the higher hit rate and rejection rate, lesser miss rate and false-positive rate. Two attacks, such as False Data Injection and Denial of Service attacks, are generated by Greedy Algorithm and are detected by the proposed technique. Compared to the existing detection and control system, the proposed EDBN technique provides accuracy higher than 92%, false alarm rate less than 1%. Thus, the experimental results show that the proposed technique accuracy is higher than the existing intrusion detection techniques in a microgrid. [ABSTRACT FROM AUTHOR]

Published

2024

43. A decentralized framework for enhancing security in power systems through blockchain technology and trading system.

Author

Kesavan, V. Thiruppathy, Danalakshmi, D., Gopi, R., and Venkatesan, R.

Subjects

*SECURITY systems, *BLOCKCHAINS, *ENERGY consumption, *DATA privacy, *ENERGY infrastructure, *SUPPORT vector machines, *ELECTRIC transients, *EMAIL security

Abstract

The primary objective of implementing secure smart power networks is to reduce the risk of data privacy breaches, including adversarial data poisoning and inference attacks. This study presents a novel approach, namely the Blockchain-based Power System Security Model (BC-PSSM), to augment security measures within power systems. The proposed method utilizes blockchain technology to enhance the security of data storage and verification and the mechanisms for data signing and authentication. It employs decentralized detection to improve the effectiveness and precision of intrusion detection with a Support Vector Machine (SVM). The BC-PSSM method exhibits promising outcomes in multiple facets of power system security detection, as evidenced by thorough simulations and evaluations. The simulation results demonstrate a significant decrease in computational burden and energy consumption by maintaining a high energy output level. The BCPSSM algorithm performs remarkably in detection and false positive rates, resulting in heightened security and enhanced efficiency. The results also illustrate the positive impact of BC-PSSM in enhancing the security of power systems, offering robust protection against cybersecurity threats. BC-PSSM aims to enhance the security of power systems, thereby promoting a more robust and dependable energy infrastructure. This initiative plays a crucial role in protecting essential assets and mitigating the potential threats posed by cyber-attacks. The BC-PSSM algorithm enhanced efficiency to 92.15% and boosted overall security to 96.34%. It achieved this by achieving an amazing identification rate of 96.75% and an extraordinarily low false positive rate of 1.82%. [ABSTRACT FROM AUTHOR]

Published

2024

44. Bi-channel hybrid GAN attention based anomaly detection system for multi-domain SDN environment.

Author

Prabu, Saranya and Padmanabhan, Jayashree

Subjects

*ANOMALY detection (Computer security), *SUPERVISED learning, *DEEP learning, *GENERATIVE adversarial networks, *SOFTWARE-defined networking

Abstract

Software-Defined Networking (SDN) is a strategy that leads the network via software by separating its control plane from the underlying forwarding plane. In support of a global digital network, multi-domain SDN architecture emerges as a viable solution. However, the complex and ever-evolving nature of network threats in a multi-domain environment presents a significant security challenge for controllers in detecting abnormalities. Moreover, multi-domain anomaly detection poses a daunting problem due to the need to process vast amounts of data from diverse domains. Deep learning models have gained popularity for extracting high-level feature representations from massive datasets. In this work, a novel deep neural network architecture, supervised learning based LD-BiHGA (Low Dimensional Bi-channel Hybrid GAN Attention) system is designed to learn class-specific features for accurate anomaly detection. Two asymmetric GANs are employed for learning the normal and abnormal network flows separately. Then, to extract more relevant features, a bi-channel attention mechanism is added. This is the first study to introduce an innovative hybrid architecture that merges bi-channel hybrid GANs with attention models for the purpose of anomaly detection in a multi-domain SDN environment that effectively handles real-time unbalanced data. The suggested architecture demonstrates its effectiveness on three benchmark datasets, achieving an average accuracy improvement of 7.225% on balanced datasets and 3.335% on imbalanced datasets compared to previous intrusion detection system (IDS) architectures in the literature. [ABSTRACT FROM AUTHOR]

Published

2024

45. A High-Performance Multimodal Deep Learning Model for Detecting Minority Class Sample Attacks.

Author

Yu, Li, Xu, Liuquan, and Jiang, Xuefeng

Subjects

*DEEP learning, *GENERATIVE adversarial networks, *COMPUTER network traffic

Abstract

A large amount of sensitive information is generated in today's evolving network environment. Some hackers utilize low-frequency attacks to steal sensitive information from users. This generates minority attack samples in real network traffic. As a result, the data distribution in real network traffic is asymmetric, with a large number of normal traffic and a rare number of attack traffic. To address the data imbalance problem, intrusion detection systems mainly rely on machine-learning-based methods to detect minority attacks. Although this approach can detect minority attacks, the performance is not satisfactory. To solve the above-mentioned problems, this paper proposes a novel high-performance multimodal deep learning method. The method is based on deep learning. It captures the features of minority class attacks based on generative adversarial networks, which in turn generate high-quality minority class sample attacks. Meanwhile, it uses the designed multimodal deep learning model to learn the features of minority attacks. The integrated classifier then utilizes the learned features for multi-class classification. This approach achieves 99.55% and 99.95% F-measure, 99.56% and 99.96% accuracy on the CICIDS2017 dataset and the NSL-KDD dataset, respectively, with the highest false positives at only 3.4%. This exceeds the performance of current state-of-the-art methods. [ABSTRACT FROM AUTHOR]

Published

2024

46. Machine Learning and Blockchain: A Bibliometric Study on Security and Privacy.

Author

Valencia-Arias, Alejandro, González-Ruiz, Juan David, Verde Flores, Lilian, Vega-Mori, Luis, Rodríguez-Correa, Paula, and Sánchez Santos, Gustavo

Subjects

*MACHINE learning, *SCIENTIFIC literature, *ARTIFICIAL intelligence, *BLOCKCHAINS, *BIBLIOMETRICS, *WEB databases

Abstract

Machine learning and blockchain technology are fast-developing fields with implications for multiple sectors. Both have attracted a lot of interest and show promise in security, IoT, 5G/6G networks, artificial intelligence, and more. However, challenges remain in the scientific literature, so the aim is to investigate research trends around the use of machine learning in blockchain. A bibliometric analysis is proposed based on the PRISMA-2020 parameters in the Scopus and Web of Science databases. An objective analysis of the most productive and highly cited authors, journals, and countries is conducted. Additionally, a thorough analysis of keyword validity and importance is performed, along with a review of the most significant topics by year of publication. Co-occurrence networks are generated to identify the most crucial research clusters in the field. Finally, a research agenda is proposed to highlight future topics with great potential. This study reveals a growing interest in machine learning and blockchain. Topics are evolving towards IoT and smart contracts. Emerging keywords include cloud computing, intrusion detection, and distributed learning. The United States, Australia, and India are leading the research. The research proposes an agenda to explore new applications and foster collaboration between researchers and countries in this interdisciplinary field. [ABSTRACT FROM AUTHOR]

Published

2024

47. Rapid Forecasting of Cyber Events Using Machine Learning-Enabled Features.

Author

Ahmed, Yussuf, Azad, Muhammad Ajmal, and Asyhari, Taufiq

Subjects

*MACHINE learning, *STANDARD deviations, *CYBERTERRORISM, *FORECASTING, *BIG data, *INFRASTRUCTURE (Economics)

Abstract

In recent years, there has been a notable surge in both the complexity and volume of targeted cyber attacks, largely due to heightened vulnerabilities in widely adopted technologies. The Prediction and detection of early attacks are vital to mitigating potential risks from cyber attacks and network resilience. With the rapid increase of digital data and the increasing complexity of cyber attacks, big data has become a crucial tool for intrusion detection and forecasting. By leveraging the capabilities of unstructured big data, intrusion detection and forecasting systems can become more effective in detecting and preventing cyber attacks and anomalies. While some progress has been made on attack prediction, little attention has been given to forecasting cyber events based on time series and unstructured big data. In this research, we used the CSE-CIC-IDS2018 dataset, a comprehensive dataset containing several attacks on a realistic network. Then we used time-series forecasting techniques to construct time-series models with tuned parameters to assess the effectiveness of these techniques, which include Sequential Minimal Optimisation for regression (SMOreg), linear regression and Long Short-Term Memory (LSTM) to forecast the cyber events. We used machine learning algorithms such as Naive Bayes and random forest to evaluate the performance of the models. The best performance results of 90.4% were achieved with Support Vector Machine (SVM) and random forest. Additionally, Mean Absolute Error (MAE) and Root Mean Square Error (RMSE) metrics were used to evaluate forecasted event performance. SMOreg's forecasted events yielded the lowest MAE, while those from linear regression exhibited the lowest RMSE. This work is anticipated to contribute to effective cyber threat detection, aiming to reduce security breaches within critical infrastructure. [ABSTRACT FROM AUTHOR]

Published

2024

48. Secure and optimized intrusion detection scheme using LSTM-MAC principles for underwater wireless sensor networks.

Author

Rajasoundaran, S., Kumar, S. V. N. Santhosh, Selvi, M., Thangaramya, K., and Arputharaj, Kannan

Subjects

*WIRELESS sensor networks, *GENERATIVE adversarial networks, *DEEP learning, *DATA transmission systems, *INTRUSION detection systems (Computer security), *MACHINE learning, *ACCESS control

Abstract

Underwater Wireless Sensor Networks (UWSNs) are the type of WSNs that transmit the data through water medium and monitor the oceanic conditions, water contents, under-sea habitations, underwater beings and military objects. Unlike air medium, water channel creates stronger communication barriers. In addition, the malicious data injection and other network attacks create security problems during data communication. Protecting the vulnerable UWSN channel is not an easy task under critical water conditions. Many research works proposed in the literature used cryptography principles and intelligent intrusion detection systems to secure the network activities from malicious nodes. However, the need for Machine Learning (ML) and Deep Learning (DL) associated Medium Access Control (MAC) principles is expected for handling the barriers in uncertain UWSN. In this regard, this article proposes a new Intrusion detection system with Integrated Secure MAC principles and Long Short-Term Memory (LSTM) architectures for organizing real-time neighbor monitoring tasks. The proposed system implements Generative Adversarial Network (GAN) driven UWSN channel assessment models and Secure LSTM-MAC principles to protect the data communication. In this regard, the proposed model creates the Intrusion Detection System (IDS) using trained distributed agents. These agents run in each legitimate sensor node contain novel LSTM-MAC engine, intrusion dataset, rule-based monitoring techniques, Secure Hashing Algorithm-3 (SHA-3), Two Fish algorithm and packet filtering tools. The proposed LSTM and agent-based model drives adaptive MAC channel operations to avoid malicious traffics in to legitimate nodes. In addition, this work implements neighbor-based packet monitoring, signal jamming and alert messaging procedures to build reliable security services against different types of attacks. The experiments and the observations reveal the performance of proposed techniques is proved to be 5% to 10% higher than existing techniques in various aspects measured with different metrics. [ABSTRACT FROM AUTHOR]

Published

2024

49. A novel intrusion detection system for internet of things devices and data.

Author

Kaushik, Ajay and Al-Raweshidy, Hamed

Subjects

*INTERNET of things, *INTRUSION detection systems (Computer security), *GENETIC algorithms, *ELECTRONIC data processing, *ALGORITHMS

Abstract

As we enter the new age of the Internet of Things (IoT) and wearable gadgets, sensors, and embedded devices are extensively used for data aggregation and its transmission. The extent of the data processed by IoT networks makes it vulnerable to outside attacks. Therefore, it is important to design an intrusion detection system (IDS) that ensures the security, integrity, and confidentiality of IoT networks and their data. State-of-the-art IDSs have poor detection capabilities and incur high communication and device overhead, which is not ideal for IoT applications requiring secured and real-time processing. This research presents a teaching-learning-based optimization enabled intrusion detection system (TLBO-IDS) which effectively protects IoT networks from intrusion attacks and also ensures low overhead at the same time. The proposed TLBO-IDS can detect analysis attacks, fuzzing attacks, shellcode attacks, worms, denial of service (Dos) attacks, exploits, and backdoor intrusion attacks. TLBO-IDS is extensively tested and its performance is compared with state-of-the-art algorithms. In particular, TLBO-IDS outperforms the bat algorithm and genetic algorithm (GA) by 22.2% and 40% respectively. [ABSTRACT FROM AUTHOR]

Published

2024

50. Emerging network communication for malicious node detection in wireless multimedia sensor networks.

Author

Jayadhas, S. Arockia, Roslin, S. Emalda, and Florin, W.

Subjects

*WIRELESS sensor networks, *DEEP learning, *CONVOLUTIONAL neural networks, *MACHINE learning, *INTRUSION detection systems (Computer security), *RANDOM forest algorithms, *WILDLIFE conservation

Abstract

Wireless sensor networks (WMSNs) are becoming increasingly popular in many fields, from academia to transportation, environmental monitoring, wildlife preservation, and military espionage. Therefore, examining potential threats, power consumption, vulnerability recognition, and systemic vulnerability characteristics is essential to develop a reliable information security approach for WSNs. As a result, it is becoming increasingly crucial for the technical community to conduct intrusion recognition method evaluations. Since this is the case, using deep learning techniques in creating intrusion identification and mitigation systems for wireless multimedia sensor networks is essential. This article examines how well different machine learning and deep learning algorithms perform in attack identification systems. Testing the efficacy of different methods on the WMSN-DS database through experimentation is essential. In this work, we combine the power of a Convolutional Neural Network classifier with a Random Forest. To accomplish this, a Convolutional Neural Network with a Random Forest Classifier is used. The intrusion detection system (IDS) is a crucial technique proposed in this study for WMSN. To address this issue, the current study proposal uses deep Learning with a Random Forest classifier to detect and prevent attacks and to promote efficient forwarding in WMSNs. Multiple WMSN assaults have been investigated, and the results of these investigations have been critically evaluated. [ABSTRACT FROM AUTHOR]

Published

2024