Your search keyword '"Intrusion Detection"' showing total 9,610 results

1. Securing Networks: A Deep Learning Approach with Explainable AI (XAI) and Federated Learning for Intrusion Detection

Author

Fatema, Kazi, Anannya, Mehrin, Dey, Samrat Kumar, Su, Chunhua, Mazumder, Rashed, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Chen, Xiaofeng, editor, and Huang, Xinyi, editor

Published

2025

2. Online Network Intrusion Detection System for IOT Structure Using Machine Learning Techniques

Author

Mahalakshmi, K., Jaison, B., Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Geetha, R., editor, Dao, Nhu-Ngoc, editor, and Khalid, Saeed, editor

Published

2025

3. ShNFN: Shepard Neuro-Fuzzy Network for Intrusion Detection in Fog Computing.

Author

Ganeshan, R, Sravani, Meesala, Kalidindi, Archana, and Om Prakash, P G

Subjects

*COMPUTER network traffic, *CONVOLUTIONAL neural networks, *CASCADE connections, *DISTRIBUTED computing, *FEATURE selection, *INTRUSION detection systems (Computer security)

Abstract

Fog computing is a type of distributed computing that makes data storage and computation closer to the network edge. While fog computing offers numerous advantages, it also introduces several challenges, particularly in terms of security. Intrusion Detection System (IDS) plays a crucial role in securing fog computing environments by monitoring network traffic and system activities for signs of malicious behavior. Several techniques can be employed to enhance intrusion detection in fog computing environments. Accordingly, this paper proposes a Shepard Neuro-Fuzzy Network (ShNFN) for intrusion detection in fog computing. Initially, in the cloud layer, the input data are passed to data transformation to transform the unstructured data into structured form. Here, data transformation is done employing the Box-Cox transformation. Following this, the feature selection is done in terms of information gain and symmetric uncertainty process and it is used to create a relationship between two variables. After that, the data are classified by employing the proposed ShNFN. The ShNFN is attained by fusing two networks, such as Cascade Neuro-Fuzzy Network (Cascade NFN) and Shepard Convolutional Neural Networks (ShCNN). After this, the physical process is executed at the endpoint layer. Finally, intrusion detection is accomplished in the fog layer by the proposed ShNFN method. The performance of the intrusion detection using ShNFN is calculated by the metrics of recall, F-measure and precision. The proposed method achieves the values of 93.3%, 92.5% and 94.8% for recall, F-measure, and precision, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

4. Enhanced intrusion detection framework for securing IoT network using principal component analysis and CNN.

Author

Mazid, Abdul, Kirmani, Sheeraz, and Abid, Manaullah

Subjects

*CONVOLUTIONAL neural networks, *SMART devices, *PRINCIPAL components analysis, *PEARSON correlation (Statistics), *DEEP learning

Abstract

The Internet of Things (IoT) has transformed our world by connecting smart devices and enabling seamless interactions. This reliance, however, has led to new security issues and types of attacks. It is of the utmost importance to safeguard the security of IoT networks, with network intrusion detection systems (NIDS) having a significant impact. This paper proposes a novel approach integrating Principal Component Analysis (PCA), Pearson Correlation Coefficient (PCC), and Convolutional Neural Network (CNN) to overcome these security issues. Our innovative method reduces data dimensionality and selects highly correlated features using PCC and PCA, addressing overfitting and improving model performance while maintaining high computational speed and low costs. Our approach uniquely distinguishes between benign and threat packets by employing 1D-CNN, 2D-CNN, and 3D-CNN algorithms trained on Edge-IIoTset and NSL-KDD benchmark datasets. The findings from our experiments indicate that the proposed framework significantly enhances accuracy, precision, recall, and F1-score compared to existing models for both binary and multiclass classifications. Our binary classification models achieved exceptional performance, with an average accuracy of 99.76%, 99.79% precision, 99.89% recall, and 99.85% F1-score on the Edge-IIoTset dataset. On the NSL-KDD dataset, the models attained 99.20% accuracy, 98.07% precision, 97.95% recall, and 97.71% F1-score. For multiclass classification, the proposed model demonstrated an average accuracy of 99.41%, precision of 98.61%, recall of 98.49%, and an F1-score of 98.56% on the Edge-IIoTset dataset. On the NSL-KDD dataset, the model achieved 92.43% accuracy, 93.21% precision, 93.60% recall, and a 93.7% F1-score. Our research introduces a significant advancement that substantially improves NIDS capabilities, making IoT networks safer and more connected. [ABSTRACT FROM AUTHOR]

Published

2024

5. Collaborative intrusion detection using weighted ensemble averaging deep neural network for coordinated attack detection in heterogeneous network.

Author

Wardana, Aulia Arif, Kołaczek, Grzegorz, Warzyński, Arkadiusz, and Sukarno, Parman

Subjects

*ARTIFICIAL neural networks, *COMPUTER network traffic, *CYBERTERRORISM, *DEEP learning

Abstract

Detecting coordinated attacks in cybersecurity is challenging due to their sophisticated and distributed nature, making traditional Intrusion Detection Systems often ineffective, especially in heterogeneous networks with diverse devices and systems. This research introduces a novel Collaborative Intrusion Detection System (CIDS) using a Weighted Ensemble Averaging Deep Neural Network (WEA-DNN) designed to detect such attacks. The WEA-DNN combines deep learning techniques and ensemble methods to enhance detection capabilities by integrating multiple Deep Neural Network (DNN) models, each trained on different data subsets with varying architectures. Differential Evolution optimizes the model's contributions by calculating optimal weights, allowing the system to collaboratively analyze network traffic data from diverse sources. Extensive experiments on real-world datasets like CICIDS2017, CSE-CICIDS2018, CICToNIoT, and CICBotIoT show that the CIDS framework achieves an average accuracy of 93.8%, precision of 78.6%, recall of 60.4%, and an F1-score of 62.4%, surpassing traditional ensemble models and matching the performance of local DNN models. This demonstrates the practical benefits of WEA-DNN in improving detection capabilities in real-world heterogeneous network environments, offering superior adaptability and robustness in handling complex attack patterns. [ABSTRACT FROM AUTHOR]

Published

2024

6. Robust intrusion detection for network communication on the Internet of Things: a hybrid machine learning approach.

Author

Soltani, Nasim, Rahmani, Amir Masoud, Bohlouli, Mahdi, and Hosseinzadeh, Mehdi

Subjects

*SUPERVISED learning, *FISHER discriminant analysis, *COMPUTER networks, *K-nearest neighbor classification, *MACHINE learning, *INTRUSION detection systems (Computer security)

Abstract

The importance and growth of the Internet of Things (IoT) in computer networks and applications have been increasing. Additionally, many of these applications generate large volumes of data, which are critical and require protection against attacks. Various techniques have been proposed to identify and counteract these threats. In this paper, we offer a hybrid machine learning approach (using the k-nearest neighbors and random forests as supervised classifiers) to enhance the accuracy of intrusion detection systems and minimize the risk of potential attacks. Also, we employ backward elimination and linear discriminant analysis algorithms for feature reduction and to lower computational costs. Following the training phase, when discrepancies arose between the decisions of the classifiers, the ultimate determination was supported by ISO/IEC 27001 regulations. The performance of the proposed model was assessed within a Python programming framework, utilizing the CICIDS 2017, NSL-KDD, and TON-IoT datasets. The outcomes illustrated that the proposed approach attained a noteworthy accuracy of 99.96% in the multi-class classification of CICIDS 2017, 99.37% in the binary classification of the NSL-KDD dataset, and 99.96% in the multi-class classification of TON-IoT dataset. Furthermore, the attack success rate for each dataset stands at 0.05%, 0.24%, and 0% respectively, demonstrating a significant reduction compared to other methods. [ABSTRACT FROM AUTHOR]

Published

2024

7. A deep analysis of nature-inspired and meta-heuristic algorithms for designing intrusion detection systems in cloud/edge and IoT: state-of-the-art techniques, challenges, and future directions.

Author

Hu, Wengui, Cao, Qingsong, Darbandi, Mehdi, and Jafari Navimipour, Nima

Subjects

*MACHINE learning, *METAHEURISTIC algorithms, *COMPUTER performance, *FEATURE selection, *CLOUD computing, *INTRUSION detection systems (Computer security)

Abstract

The number of cloud-, edge-, and Internet of Things (IoT)-based applications that produce sensitive and personal data has rapidly increased in recent years. The IoT is a new model that integrates physical objects and the Internet and has become one of the principal technological evolutions of computing. Cloud computing is a paradigm for centralized computing that gathers resources in one place and makes them available to consumers via the Internet. Despite the vast array of resources that cloud computing offers, real-time mobile applications might not find it acceptable because it is typically located far from users. However, in applications where low latency and high dependability are required, edge computing—which disperses resources to the network edge—is becoming more and more popular. Though it has less processing power than traditional cloud computing, edge computing offers resources in a decentralized way that can react to customers' needs more quickly. There has been a sharp increase in attackers stealing data from these applications since the data is so sensitive. Thus, a powerful Intrusion Detection System (IDS) that can identify intruders is required. IDS are essential for the cybersecurity of the IoT, cloud, and edge architectures. Investigators have mostly embraced the use of deep learning algorithms as a means of protecting the IoT environment. However, these techniques have some issues with computational complexity, long processing times, and poor precision. Feature selection approaches can be utilized to overcome these problems. Optimization methods, including bio-inspired algorithms, are applied as feature selection approaches to enhance the classification accuracy of IDS systems. Based on the cited sources, it appears that no study has looked into these difficulties in depth. This research thoroughly analyzes the current literature on intrusion detection and using nature-inspired algorithms to safeguard IoT and cloud/edge settings. This article examines pertinent analyses and surveys on the aforementioned subjects, dangers, and outlooks. It also examines many frequently used algorithms in the development of IDSs used in IoT security. The findings demonstrate their efficiency in addressing IoT and cloud/edge ecosystem security issues. Moreover, it has been shown that the methods put out in the literature might improve IDS security and dependability in terms of precision and execution speed. [ABSTRACT FROM AUTHOR]

Published

2024

8. A Survey on the Applications of Semi-supervised Learning to Cyber-security.

Author

Mvula, Paul Kiyambu, Branco, Paula, Jourdan, Guy-Vincent, and Viktor, Herna Lydia

Published

2024

9. A Secure Framework for WSN-IoT Using Deep Learning for Enhanced Intrusion Detection.

Author

Kumar, Chandraumakantham Om, Gajendran, Sudhakaran, Marappan, Suguna, Zakariah, Mohammed, and Almazyad, Abdulaziz S.

Subjects

DEEP learning, FEATURE selection, TIME complexity, WIRELESS sensor networks, INTRUSION detection systems (Computer security), FEATURE extraction

Abstract

The security of the wireless sensor network-Internet of Things (WSN-IoT) network is more challenging due to its randomness and self-organized nature. Intrusion detection is one of the key methodologies utilized to ensure the security of the network. Conventional intrusion detection mechanisms have issues such as higher misclassification rates, increased model complexity, insignificant feature extraction, increased training time, increased run time complexity, computation overhead, failure to identify new attacks, increased energy consumption, and a variety of other factors that limit the performance of the intrusion system model. In this research a security framework for WSN-IoT, through a deep learning technique is introduced using Modified Fuzzy-Adaptive DenseNet (MF_AdaDenseNet) and is benchmarked with datasets like NSL-KDD, UNSWNB15, CIDDS-001, Edge IIoT, Bot IoT. In this, the optimal feature selection using Capturing Dingo Optimization (CDO) is devised to acquire relevant features by removing redundant features. The proposed MF_AdaDenseNet intrusion detection model offers significant benefits by utilizing optimal feature selection with the CDO algorithm. This results in enhanced Detection Capacity with minimal computation complexity, as well as a reduction in False Alarm Rate (FAR) due to the consideration of classification error in the fitness estimation. As a result, the combined CDO-based feature selection and MF_AdaDenseNet intrusion detection mechanism outperform other state-of-the-art techniques, achieving maximal Detection Capacity, precision, recall, and F-Measure of 99.46%, 99.54%, 99.91%, and 99.68%, respectively, along with minimal FAR and Mean Absolute Error (MAE) of 0.9% and 0.11. [ABSTRACT FROM AUTHOR]

Published

2024

10. Cyber Security within Smart Cities: A Comprehensive Study and a Novel Intrusion Detection-Based Approach.

Author

Houichi, Mehdi, Jaidi, Faouzi, and Bouhoula, Adel

Subjects

SMART cities, INTERNET of things, QUALITY of life, ARTIFICIAL intelligence, INTERNET security

Abstract

The expansion of smart cities, facilitated by digital communications, has resulted in an enhancement of the quality of life and satisfaction among residents. The Internet of Things (IoT) continually generates vast amounts of data, which is subsequently analyzed to offer services to residents. The growth and development of IoT have given rise to a new paradigm. A smart city possesses the ability to consistently monitor and utilize the physical environment, providing intelligent services such as energy, transportation, healthcare, and entertainment for both residents and visitors. Research on the security and privacy of smart cities is increasingly prevalent. These studies highlight the cybersecurity risks and the challenges faced by smart city infrastructure in handling and managing personal data. To effectively uphold individuals’ security and privacy, developers of smart cities must earn the trust of the public. In this article, we delve into the realms of privacy and security within smart city applications. Our comprehensive study commences by introducing architecture and various applications tailored to smart cities. Then, concerns surrounding security and privacy within these applications are thoroughly explored subsequently. Following that, we delve into several research endeavors dedicated to addressing security and privacy issues within smart city applications. Finally, we emphasize our methodology and present a case study illustrating privacy and security in smart city contexts. Our proposal consists of defining an Artificial Intelligence (AI) based framework that allows: Thoroughly documenting penetration attempts and cyberattacks; promptly detecting any deviations from security standards; monitoring malicious behaviors and accurately tracing their sources; and establishing strong controls to effectively repel and prevent such threats. Experimental results using the Edge-IIoTset (Edge Industrial Internet of Things Security Evaluation Test) dataset demonstrated good accuracy. They were compared to related state-of-the-art works, which highlight the relevance of our proposal. [ABSTRACT FROM AUTHOR]

Published

2024

11. GRU Enabled Intrusion Detection System for IoT Environment with Swarm Optimization and Gaussian Random Forest Classification.

Author

Shoab, Mohammad and Alsbatin, Loiy

Subjects

PARTICLE swarm optimization, RANDOM forest algorithms, DEEP learning, SEARCH algorithms, FEATURE extraction, INTRUSION detection systems (Computer security)

Abstract

In recent years, machine learning (ML) and deep learning (DL) have significantly advanced intrusion detection systems, effectively addressing potential malicious attacks across networks. This paper introduces a robust method for detecting and categorizing attacks within the Internet of Things (IoT) environment, leveraging the NSL-KDD dataset. To achieve high accuracy, the authors used the feature extraction technique in combination with an autoencoder, integrated with a gated recurrent unit (GRU). Therefore, the accurate features are selected by using the cuckoo search algorithm integrated particle swarm optimization (PSO), and PSO has been employed for training the features. The final classification of features has been carried out by using the proposed RF-GNB random forest with the Gaussian Naïve Bayes classifier. The proposed model has been evaluated and its performance is verified with some of the standard metrics such as precision, accuracy rate, recall F1-score, etc., and has been compared with different existing models. The generated results that detected approximately 99.87% of intrusions within the IoT environments, demonstrated the high performance of the proposed method. These results affirmed the efficacy of the proposed method in increasing the accuracy of intrusion detection within IoT network systems. [ABSTRACT FROM AUTHOR]

Published

2024

12. Blockchain based federated learning for intrusion detection for Internet of Things.

Author

Sun, Nan, Wang, Wei, Tong, Yongxin, and Liu, Kexin

Abstract

In Internet of Things (IoT), data sharing among different devices can improve manufacture efficiency and reduce workload, and yet make the network systems be more vulnerable to various intrusion attacks. There has been realistic demand to develop an efficient intrusion detection algorithm for connected devices. Most of existing intrusion detection methods are trained in a centralized manner and are incapable to identify new unlabeled attack types. In this paper, a distributed federated intrusion detection method is proposed, utilizing the information contained in the labeled data as the prior knowledge to discover new unlabeled attack types. Besides, the blockchain technique is introduced in the federated learning process for the consensus of the entire framework. Experimental results are provided to show that our approach can identify the malicious entities, while outperforming the existing methods in discovering new intrusion attack types. [ABSTRACT FROM AUTHOR]

Published

2024

13. Detect and Prevent Attacks of Intrusion in IOT Devices using Game Theory with Ant Colony Optimization (ACO).

Author

Aruna, S., N., Kalaivani, M., Mohammedkasim, Devi, D. Prabha, and Thirumangaialwar, E. Babu

Subjects

ANT algorithms, COMPUTER network security, INTERNET of things, FORAGING behavior, GAME theory, ANT behavior

Abstract

A more extensive attack surface for cyber incursions has resulted from the fast expansion of Internet of Things (IoT) devices, calling for more stringent security protocols. This research introduces a new method for protecting Internet of Things (IoT) networks against intrusion assaults by combining Game Theory with Ant Colony Optimization (ACO). Various cyber dangers are becoming more common as a result of the networked nature and frequently inadequate security measures of IoT devices. Because these threats are ever-changing and intricate, traditional security measures can't keep up. An effective optimization method for allocating resources and pathfinding is provided by ACO, which takes its cues from the foraging behavior of ants, while Game Theory provides a strategic framework for modeling the interactions between attackers and defenders. Attackers and defenders in the proposed system are modeled as players in a game where the objective is to maximize their payout. Minimizing damage by anticipating and minimizing assaults is the defender's task. The monitoring pathways are optimized and resources are allocated effectively with the help of ACO. In response to changes in network conditions, the system dynamically modifies defensive tactics by updating the game model in real time. The results of the simulation show that the suggested method successfully increases the security of the Internet of Things. Compared to 87.4% using conventional approaches, the detection accuracy increased to 95.8%. From 10.5 seconds down to 7.3 seconds, the average reaction time to identified incursions was cut in half. Furthermore, there was a 20% improvement in resource utilization efficiency, guaranteeing that defensive and monitoring resources were allocated optimally. Internet of Things (IoT) network security is greatly improved by combining Game Theory with Ant Colony Optimization. In addition to enhancing detection accuracy and reaction times, this combination method guarantees resource efficiency. The results demonstrate the practicality of this approach, which offers a solid foundation for protecting Internet of Things devices from ever-changing cyber dangers. [ABSTRACT FROM AUTHOR]

Published

2024

14. Optimizing intrusion detection in 5G networks using dimensionality reduction techniques.

Author

Salah, Zaher, Elsoud, Esraa, Al-Sit, Waleed, Alhenawi, Esraa, Alshraiedeh, Fuad, and Alshdaifat, Nawaf

Subjects

COMPUTER network traffic, IEEE 802.11 (Standard), COMPUTER network security, CYBERTERRORISM, 5G networks, INTRUSION detection systems (Computer security)

Abstract

The proliferation of internet of things (IoT) technologies has expanded the user base of the internet, but it has also exposed users to increased cyber threats. Intrusion detection systems (IDSs) play a vital role in safeguarding against cybercrimes by enabling early threat response. This research uniquely centers on the critical dimensionality aspects of wireless datasets. This study focuses on the intricate interplay between feature dimensionality and intrusion detection systems. We rely on the renowned IEEE 802.11 security-oriented AWID3 dataset to implement our experiments since AWID was the first dataset created from wireless network traffic and has been developed into AWID3 by capturing and studying traces of a wide variety of attacks sent into the IEEE 802.1X extensible authentication protocol (EAP) environment. This research unfolds in three distinct phases, each strategically designed to enhance the efficacy of our framework, using multinominal class, multi-numeric class, and binary class. The best accuracy achieved was 99% in the three phases, while the lowest accuracy was 89.1%, 60%, and 86.7% for the three phases consecutively. These results offer a comprehensive understanding of the intricate relationship between wireless dataset dimensionality and intrusion detection effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

15. Intrusion detection using KK-RF and balanced Gini - Entropy approach.

Author

K, Ramani and N, Chandrakala

Subjects

RANDOM forest algorithms, FEATURE selection, FEATURE extraction, ENTROPY, NEIGHBORHOODS, INTRUSION detection systems (Computer security)

Abstract

In the era of advanced cyber developments, intrusions becomes a common event in any network. Although there are research studies and developers found ways to improve the detection models, there is some problem that persists in the intrusion models such as extracting key features from a large dataset, and delayed detection is a critical issue that needs to be addressed. Hence the proposed study aimed to develop a model that could extract key features from the dataset and use them effectively in the detection of threats. The study incorporates two approaches, one is feature extraction by the K-Nearest Neighbourhood, and feature selection by the K-Best approach. And the other is the balanced Gini-Entropy approach for the Random Forest (RF) classifier. This combined approach by KNN, K-best, and RF is referred to as (KK-RF). This combined approach of feature extraction, selection, and classification results in an effective threat detection model with high accuracy of about 99.61%. Moreover the proposed model has achieved precision and the recall rates of 97.3 and 96.6% respectively. Concurrently, the model attained markable F1-score of 96.6 respectively. Also, from the comparison results, it is observed that the proposed model had higher performance. [ABSTRACT FROM AUTHOR]

Published

2024

16. Security establishment using deep convolutional network model in cyber-physical systems.

Author

Meganathan, R., B, Manjunath, Anand, R., and Murugesh, V.

Subjects

RECURRENT neural networks, DENIAL of service attacks, CYBER physical systems, SUPPORT vector machines, DEEP learning, BOTNETS

Abstract

This study develops an active security control strategy for Cyber-Physical Systems (CPSs) that are subject to attacks known as Denial-of-Service (DoS), which can target both channels from the controller to the actuator and from the controller to the sensor. Due to attack cost restrictions, the linked channels are subject to a limit on the number of continuous DoS attacks. A proactive security control method is then developed to combat two-channel DoS attacks, depending on a method for identifying IoT intrusions. Using the CICIDS dataset for attack detection, we examined the effectiveness of the Deep Convolutional Network Model (DCNM), a suggested deep learning model. The addressed CPS can be asymptotically stable against DoS assaults under the security controller's active security control technique without sacrificing control performance. Recent tests and simulations show how effective the security control strategy is active. The proposed model gives better trade-off compared to existing approaches like Deep Belief Networks (DBN), Recurrent Neural Networks (RNN), Support Vector Machines (SVM), Supervised Neural Networks (SNN) and Feed Forward Neural Networks (FNN). The proposed model gives 99.3%, 99.5%, 99.5%, 99.6%, 99%, 98.9%, 99% accuracy with normal attack detection, botnet attack detection, Brute force attack detection, DoS attack detection, Infiltration attack detection, Portscan attack detection and web attack detection respectively. [ABSTRACT FROM AUTHOR]

Published

2024

17. Machine Learning-Based Intrusion Detection Methods in IoT Systems: A Comprehensive Review.

Author

Kikissagbe, Brunel Rolack and Adda, Meddi

Subjects

DEEP learning, MACHINE learning, INTERNET of things, SECURITY systems, INTRUSION detection systems (Computer security), INTERNET

Abstract

The rise of the Internet of Things (IoT) has transformed our daily lives by connecting objects to the Internet, thereby creating interactive, automated environments. However, this rapid expansion raises major security concerns, particularly regarding intrusion detection. Traditional intrusion detection systems (IDSs) are often ill-suited to the dynamic and varied networks characteristic of the IoT. Machine learning is emerging as a promising solution to these challenges, offering the intelligence and flexibility needed to counter complex and evolving threats. This comprehensive review explores different machine learning approaches for intrusion detection in IoT systems, covering supervised, unsupervised, and deep learning methods, as well as hybrid models. It assesses their effectiveness, limitations, and practical applications, highlighting the potential of machine learning to enhance the security of IoT systems. In addition, the study examines current industry issues and trends, highlighting the importance of ongoing research to keep pace with the rapidly evolving IoT security ecosystem. [ABSTRACT FROM AUTHOR]

Published

2024

18. Deep Learning for Network Intrusion Detection in Virtual Networks.

Author

Spiekermann, Daniel, Eggendorfer, Tobias, and Keller, Jörg

Subjects

VIRTUAL private networks, DEEP learning, VIRTUAL reality, CRITICAL currents, MACHINE learning, VIRTUAL networks, INTRUSION detection systems (Computer security)

Abstract

As organizations increasingly adopt virtualized environments for enhanced flexibility and scalability, securing virtual networks has become a critical part of current infrastructures. This research paper addresses the challenges related to intrusion detection in virtual networks, with a focus on various deep learning techniques. Since physical networks do not use encapsulation, but virtual networks do, packet analysis based on rules or machine learning outcomes for physical networks cannot be transferred directly to virtual environments. Encapsulation methods in current virtual networks include VXLAN (Virtual Extensible LAN), an EVPN (Ethernet Virtual Private Network), and NVGRE (Network Virtualization using Generic Routing Encapsulation). This paper analyzes the performance and effectiveness of network intrusion detection in virtual networks. It delves into challenges inherent in virtual network intrusion detection with deep learning, including issues such as traffic encapsulation, VM migration, and changing network internals inside the infrastructure. Experiments on detection performance demonstrate the differences between intrusion detection in virtual and physical networks. [ABSTRACT FROM AUTHOR]

Published

2024

19. FLSec-RPL: a fuzzy logic-based intrusion detection scheme for securing RPL-based IoT networks against DIO neighbor suppression attacks.

Author

Kim, Chenset, So-In, Chakchai, Kongsorot, Yanika, and Aimtongkham, Phet

Subjects

END-to-end delay, INTERNET of things, MODERN society, FUZZY logic, BANDWIDTHS

Abstract

The Internet of Things (IoT) has gained popularity and is widely used in modern society. The growth in the sizes of IoT networks with more internet-connected devices has led to concerns regarding privacy and security. In particular, related to the routing protocol for low-power and lossy networks (RPL), which lacks robust security functions, many IoT devices in RPL networks are resource-constrained, with limited computing power, bandwidth, memory, and battery life. This causes them to face various vulnerabilities and potential attacks, such as DIO neighbor suppression attacks. This type of attack specifically targets neighboring nodes through DIO messages and poses a significant security threat to RPL-based IoT networks. Recent studies have proposed methods for detecting and mitigating this attack; however, they produce high false-positive and false-negative rates in detection tasks and cannot fully protect RPL networks against this attack type. In this paper, we propose a novel fuzzy logic-based intrusion detection scheme to secure the RPL protocol (FLSec-RPL) to protect against this attack. Our method is built of three key phases consecutively: (1) it tracks attack activity variables to determine potential malicious behaviors; (2) it performs fuzzy logic-based intrusion detection to identify malicious neighbor nodes; and (3) it provides a detection validation and blocking mechanism to ensure that both malicious and suspected malicious nodes are accurately detected and blocked. To evaluate the effectiveness of our method, we conduct comprehensive experiments across diverse scenarios, including Static-RPL and Mobile-RPL networks. We compare the performance of our proposed method with that of the state-of-the-art methods. The results demonstrate that our method outperforms existing methods in terms of the detection accuracy, F1 score, power consumption, end-to-end delay, and packet delivery ratio metrics. [ABSTRACT FROM AUTHOR]

Published

2024

20. Green Intrusion Detection Systems: A Comprehensive Review and Directions.

Author

Roy, Swapnoneel, Sankaran, Sriram, and Zeng, Mini

Subjects

*ANOMALY detection (Computer security), *INTERNET of things, *ENERGY consumption, *INTERNET security, *CYBER physical systems

Abstract

Intrusion detection systems have proliferated with varying capabilities for data generation and learning towards detecting abnormal behavior. The goal of green intrusion detection systems is to design intrusion detection systems for energy efficiency, taking into account the resource constraints of embedded devices and analyzing energy–performance–security trade-offs. Towards this goal, we provide a comprehensive survey of existing green intrusion detection systems and analyze their effectiveness in terms of performance, overhead, and energy consumption for a wide variety of low-power embedded systems such as the Internet of Things (IoT) and cyber physical systems. Finally, we provide future directions that can be leveraged by existing systems towards building a secure and greener environment. [ABSTRACT FROM AUTHOR]

Published

2024

21. A micro Reinforcement Learning architecture for Intrusion Detection Systems.

Author

Darabi, Boshra, Bag-Mohammadi, Mozafar, and Karami, Mojtaba

Subjects

*REINFORCEMENT learning

Published

2024

22. A transfer learning-based intrusion detection system for zero-day attack in communication-based train control system.

Author

Lu, He, Zhao, Yanan, Song, Yajing, Yang, Yang, He, Guanjie, Yu, Haiyang, and Ren, Yilong

Subjects

*CONVOLUTIONAL neural networks, *WIRELESS communications security, *WIRELESS communications, *TIME-varying networks, *MACHINE performance, *CYBER physical systems

Abstract

Communication-based train control (CBTC) system is a typical cyber-physical system with open wireless communication that is vulnerable to attacks. To protect the security of wireless communication in the CBTC system, machine learning-based intrusion detection system (IDS) has been extensively researched. However, the performance of a machine learning-based IDS highly depends on feature design, and the spatial and temporal correlation of network data attributes makes it difficult to design features manually. Meanwhile, this type of IDS can only detect known attacks that are contained in the training dataset and fail to detect new attacks (i.e., zero-day attacks). To cope with the above issue, we propose a novel IDS based on transfer learning for the CBTC system. The proposed IDS leverages an optimized one-dimensional convolutional neural network block and long short-term memory to automatically extract spatial and temporal features from the original data. Furthermore, a knowledge transfer method is utilized to transfer the features to enable zero-day attack detection. We evaluate the proposed IDS on a dataset representing the CBTC system network data. The results show that the proposed IDS can achieve 99.32% accuracy for known attacks and 93.21% average F1-Score for zero-day attacks. [ABSTRACT FROM AUTHOR]

Published

2024

23. An industrial network intrusion detection algorithm based on IGWO-GRU.

Author

Yang, Wei, Shan, Yao, Wang, Jiaxuan, and Yao, Yu

Subjects

*GREY Wolf Optimizer algorithm, *COMPUTER network traffic, *NATURAL gas pipelines, *INDUSTRIAL controls manufacturing, *TRAFFIC engineering, *INTRUSION detection systems (Computer security)

Abstract

The openness and interconnectedness of industrial control systems (ICSs) is increasing, leading to a heightened risk of network-based attacks. Although research on industrial intrusion detection is ongoing, current methods often overlook the unique characteristics of industrial control flows. This study introduced an industrial network intrusion detection algorithm based on the improved gray wolf optimizer (IGWO) gated recurrent unit (GRU) model. Starting with the temporal aspects of industrial control network traffic, a simple GRU was chosen as the network model. By integrating the gray wolf optimizer (GWO) with autonomous learning methods, the algorithm could address the slow convergence caused by large volumes of industrial control network traffic. In response to the slow convergence of the GWO and its low optimization accuracy, this study developed the improved gray wolf optimizer (IGWO). By simulating an intrusion detection system (IDS) using datasets from the Natural Gas Pipeline Control System and Secure Water Treatment (SWaT) datasets, the experimental results demonstrated that the IGWO-GRU algorithm exhibited considerable advantages in terms of accuracy, false alarm rate, and false report rate, thereby enhancing the security capabilities of ICSs. [ABSTRACT FROM AUTHOR]

Published

2024

24. Malicious detection model with artificial neural network in IoT-based smart farming security.

Author

Mohy-eddine, Mouaad, Guezzaz, Azidine, Benkirane, Said, and Azrour, Mourade

Subjects

*ARTIFICIAL neural networks, *RADIAL basis functions, *CYBERTERRORISM, *FEATURE selection, *SUPPORT vector machines

Abstract

The Internet of Things (IoT) tunes modern technologies, including wireless sensors and cloud computing, to create a homogeneous and highly effective environment. Therefore, IoT has emerged in various fields of life, such as healthcare, industry, and agriculture. Agriculture is among the primary components of developing nations' financial states and is vital in maintaining human life. However, the human capacity to reproduce far exceeds the capability of our planet to secure the food required for our lives. Hence, the emergence of IoT in this industry has seen essential advancements to help boost agriculture production and quality. In addition, this emergence exposes the smart agriculture environment to considerable cyber threats. This paper presents a network intrusion detection system (NIDS) to mitigate smart agriculture security vulnerabilities. We developed our framework using radial basis functions neural networks (RBFNN) to detect and classify intrusions in the IoT network. To get our model to perform in its best form, we applied crowd wisdom tree-based machine learning (ML) techniques to select relevant features from the datasets, such as random Forrest (RF), AdaBoost (ADA), extra trees (ET), LightGBM (LGBM), and XGBoost (XGB). We implemented a single-class support vector machine (1-CSVM) to detect and remove outliers. We evaluated our model using NF-Bot-IoT and NF-ToN-IoT datasets. It scored 99.25% accuracy (ACC) and 82.97% Matthews correlation coefficient (MCC) and 90.05% MCC and 96.92% ACC on preprocessed NF-Bot-IoT and NF-ToN-IoT, respectively. Our model showed outstanding performance in overcoming the NF-Bot-IoT dataset imbalance. [ABSTRACT FROM AUTHOR]

Published

2024

25. Intrusion detection and prevention systems in industrial IoT network.

Author

Sharma, Sangeeta, Kumar, Ashish, Rathore, Navdeep Singh, and Sharma, Shivanshu

Abstract

The Industrial IoT system often struggles to identify malignant traffic and may cause disruption in the flow of work or even hazardous situations. The previously described techniques to identify such intrusions work well but not enough to be implemented in such environments where it is very difficult to identify malignant traffic in loads of benign ones. Hence, an intrusion detection system is needed that works well with very highly unbalanced datasets. Therefore, we developed a transformer model that gives a high accuracy and combined it with a boosting module that decreases false negatives, which is highly required. This model is applied to the UNSW-2018-IoT-Botnet dataset, which is publicly available in the cloudstor network. Thus, the classified traffic identified as malignant is eliminated from the system using prevention techniques. The paper also extends the model to classify among five different traffics for the same dataset, in which some of the traffics are very difficult to distinguish, such as DoS and DDoS traffic. The experiments on such data sets have shown much better results, which proves that the model classifies well and can be implemented practically as well. [ABSTRACT FROM AUTHOR]

Published

2024

26. Hybrid deep architecture for intrusion detection in cyber‐physical system: An optimization‐based approach.

Author

Arumugam, Sajeev Ram, Paul, P. Mano, Issac, Berin Jeba Jingle, and Ananth, J. P.

Subjects

*CONVOLUTIONAL neural networks, *FISHER discriminant analysis, *CHOICE (Psychology), *OPTIMIZATION algorithms, *FEATURE extraction, *INTRUSION detection systems (Computer security), *CYBER physical systems

Abstract

Summary: Intrustion Detection System (IDS) refers to the gear or software that monitors a network or system for malicious activity or policy violations. Periodically, the system records any intrusion action or breach, which frequently modifies the administrator. Cyber Physical System (CPS) is particularly called as networked connected system, in which the system components are spatially distributed and integrated via the communication network. The control mechanism ensures computation significance; however, the system does affect attacks. Researchers are trying to handle this issue via the existing anomaly datasets. In this way, this paper follows an intrusion detection system under three major stages including extraction of features, selection of feature, and detection. The primary stage is the extraction of Statistical features like standard deviation, mean, mode, variance, and median, as well as higher‐order statistical features like moment, percentile, improved correlation, kurtosis, mutual information, skewness, flow‐based features, and information gain‐based features. The curse of dimensionality becomes a significant problem in this scenario, so it is crucial to choose the right features. Improved Linear Discriminant Analysis (LDA) is utilized to choose the right features. The selected features are subjected to a Hybrid classifier for final detection. Here, models like CNN (Convolutional Neural Network) and Bi‐GRU (Bidirectional Gated Recurrent Unit) are combined. A new Bernoulli Map Estimated Arithmetic Optimization Algorithm (BMEAOA) is added to train the system by adjusting the ideal weights of the two classifiers, leading to improved detection outcomes. Ultimately, the effectiveness is assessed in comparison to the other traditional techniques. [ABSTRACT FROM AUTHOR]

Published

2024

27. Ensemble Learning Based Intrusion Detection for Wireless Sensor Network Environment.

Author

Kumar, Vikas, Wahi, Charu, Sagar, Bharat Bhushan, and Manjul, Manisha

Subjects

WIRELESS sensor networks, INDUSTRIAL robots, SECURITY systems, FEATURE selection, RANDOM forest algorithms, INTRUSION detection systems (Computer security)

Abstract

WSNs are integral to various applications, ranging from environmental monitoring to industrial automation. However, their vulnerability to malicious activities necessitates robust security measures. The proposed Ensemble Intrusion Detection System (ENS-IDS) leverages machine learning techniques to detect anomalies in the WSN data, identifying potential intrusions or security breaches. The system incorporates feature selection, model training, and real-time monitoring to enhance its accuracy and responsiveness. Evaluation metrics, including precision, recall, and F1 score, demonstrate the effectiveness of the ENS-IDS in mitigating security threats within the WSN environment. The presented ENS-IDS is evaluated on KDD and CICIDS2017 dataset and comparison on known classifiers such as SVM, random forest, extra tree, KNN, logistic regression, decision tree and ensemble classifiers such as XGBoost, CatBoost and LGBM. Our model ENS-IDS has given better accuracy, precision, recall and F1-score. [ABSTRACT FROM AUTHOR]

Published

2024

28. 对抗学习辅助增强的增量式入侵检测系统.

Author

武晓栋, 金志刚, 陈旭阳, and 刘 凯

Subjects

DATA distribution, DEEP learning, GENERALIZATION, PARTICIPATION, INTRUSION detection systems (Computer security), STORAGE

Abstract

Copyright of Journal of Harbin Institute of Technology. Social Sciences Edition / Haerbin Gongye Daxue Xuebao. Shehui Kexue Ban is the property of Harbin Institute of Technology and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

29. 基于自监督图神经网络和混合神经网络的入侵检测.

Author

王明

Abstract

Copyright of Cyber Security & Data Governance is the property of Editorial Office of Information Technology & Network Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

30. An efficient intrusion detection system for IoT security using CNN decision forest.

Author

Bella, Kamal, Guezzaz, Azidine, Benkirane, Said, Azrour, Mourade, Fouad, Yasser, S. Benyeogor, Mbadiwe, and Innab, Nisreen

Subjects

FEATURE selection, CONVOLUTIONAL neural networks, DEEP learning, PRINCIPAL components analysis, RANDOM forest algorithms

Abstract

The adoption and integration of the Internet of Things (IoT) have become essential for the advancement of many industries, unlocking purposeful connections between objects. However, the surge in IoT adoption and integration has also made it a prime target for malicious attacks. Consequently, ensuring the security of IoT systems and ecosystems has emerged as a crucial research area. Notably, advancements in addressing these security threats include the implementation of intrusion detection systems (IDS), garnering considerable attention within the research community. In this study, and in aim to enhance network anomaly detection, we present a novel intrusion detection approach: the Deep Neural Decision Forest-based IDS (DNDF-IDS). The DNDF-IDS incorporates an improved decision forest model coupled with neural networks to achieve heightened accuracy (ACC). Employing four distinct feature selection methods separately, namely principal component analysis (PCA), LASSO regression (LR), SelectKBest, and Random Forest Feature Importance (RFFI), our objective is to streamline training and prediction processes, enhance overall performance, and identify the most correlated features. Evaluation of our model on three diverse datasets (NSL-KDD, CICIDS2017, and UNSW-NB15) reveals impressive ACC values ranging from 94.09% to 98.84%, depending on the dataset and the feature selection method. Notably, our model achieves a remarkable prediction time of 0.1 ms per record. Comparative analyses with other recent random forest and Convolutional Neural Networks (CNN) based models indicate that our DNDF-IDS performs similarly or even outperforms them in certain instances, particularly when utilizing the top 10 features. One key advantage of our novel model lies in its ability to make accurate predictions with only a few features, showcasing an efficient utilization of computational resources. [ABSTRACT FROM AUTHOR]

Published

2024

31. Enhancing intrusion detection performance using explainable ensemble deep learning.

Author

Ben Ncir, Chiheb Eddine, Ben HajKacem, Mohamed Aymen, and Alattas, Mohammed

Subjects

DEEP learning, MACHINE learning, COMPUTER network security, ALGORITHMS, INTRUSION detection systems (Computer security), CLASSIFICATION

Abstract

Given the exponential growth of available data in large networks, the need for an accurate and explainable intrusion detection system has become of high necessity to effectively discover attacks in such networks. To deal with this challenge, we propose a two-phase Explainable Ensemble deep learning-based method (EED) for intrusion detection. In the first phase, a new ensemble intrusion detection model using three one-dimensional long short-term memory networks (LSTM) is designed for an accurate attack identification. The outputs of three classifiers are aggregated using a meta-learner algorithm resulting in refined and improved results. In the second phase, interpretability and explainability of EED outputs are enhanced by leveraging the capabilities of SHape Additive exPplanations (SHAP). Factors contributing to the identification and classification of attacks are highlighted which allows security experts to understand and interpret the attack behavior and then implement effective response strategies to improve the network security. Experiments conducted on real datasets have shown the effectiveness of EED compared to conventional intrusion detection methods in terms of both accuracy and explainability. The EED method exhibits high accuracy in accurately identifying and classifying attacks while providing transparency and interpretability. [ABSTRACT FROM AUTHOR]

Published

2024

32. LSF-IDM: Deep learning-based lightweight semantic fusion intrusion detection model for automotive.

Author

Cheng, Pengzhou, Hua, Lei, Jiang, Haobin, and Liu, Gongshen

Subjects

LANGUAGE models, DEEP learning, FALSE alarms, AUTONOMOUS vehicles, CLASSIFICATION

Abstract

Controller Area Network (CAN) is increasing connectivity to the external environment for intelligent interconnection in autonomous vehicles, as well as posing serious vulnerability from various attacks due to the lack of CAN frame encryption and authentication. Existing Deep Learning (DL)-based intrusion detection models cannot satisfy the balance between detection performance and efficiency, and have higher false alarms when the attack is concealed within a contextual feature. In this paper, we propose a lightweight intrusion detection model that can detect various attacks in real time based on semantic fusion, named LSF-IDM. This model first captures the context as the semantic feature of messages by the Pre-trained Language Model (PLM). Afterward, the lightweight model (e.g., BiLSTM and DNN) learns the fused feature from an input packet's classification and its output distribution in PLM based on knowledge distillation. Also, a weight sampler and Focal Loss (FL) are applied in this work to alleviate the long tail effect spawned by the category imbalance. The extensive evaluation results on real-world car-hacking and ORNL intrusion datasets show that the proposed model provides enough performance and real-time competitiveness in attack detection. [ABSTRACT FROM AUTHOR]

Published

2024

33. Bootstrap and MRCD Estimators in Hotelling's T 2 Control Charts for Precise Intrusion Detection.

Author

Prasetya, Ichwanul Kahfi, Ahsan, Muhammad, Mashuri, Muhammad, and Lee, Muhammad Hisyam

Subjects

STATISTICAL process control, COMPUTER network traffic, ANOMALY detection (Computer security), COMPUTER network security, INTRUSION detection systems (Computer security)

Abstract

Intrusion detection systems (IDS) are crucial in safeguarding network security by identifying unauthorized access attempts through various techniques. Statistical Process Control (SPC), particularly Hotelling's T2 control charts, is noted for monitoring network traffic against known attack patterns or anomaly detection. This research advances the domain by incorporating robust statistical estimators—namely, the Fast-MCD and MRCD (Minimum Regularized Covariance Determinant) estimators—into bootstrap-enhanced Hotelling's T2 control charts. These enhanced charts aim to strengthen detection accuracy by offering improved resistance to outlier contamination, a prevalent challenge in intrusion detection. The methodology emphasizes the MRCD estimator's robustness in overcoming the limitations of traditional T2 charts, especially in environments with a high incidence of outliers. Applying the proposed bootstrap-based robust T2 charts to the UNSW-NB15 dataset illustrates a marked enhancement in intrusion detection performance. Results indicate superior performance of the proposed method over conventional T2 and Fast-MCD-based T2 charts in detection accuracy, even in varied levels of outlier contamination. Despite increasing execution time, the precision and reliability in detecting intrusions present a justified trade-off. The findings underscore the significant potential of integrating robust statistical methods to enhance IDS effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

34. A Lightweight Intrusion Detection System Using Convolutional Neural Network and Long Short-Term Memory in Fog Computing.

Author

Alzahrani, Hawazen, Sheltami, Tarek, Barnawi, Abdulaziz, Imam, Muhammad, and Yaser, Ansar

Subjects

CONVOLUTIONAL neural networks, DEEP learning, FALSE alarms, DIGITAL technology, RASPBERRY Pi

Abstract

The Internet of Things (IoT) links various devices to digital services and significantly improves the quality of our lives. However, as IoT connectivity is growing rapidly, so do the risks of network vulnerabilities and threats. Many interesting Intrusion Detection Systems (IDSs) are presented based on machine learning (ML) techniques to overcome this problem. Given the resource limitations of fog computing environments, a lightweight IDS is essential. This paper introduces a hybrid deep learning (DL) method that combines convolutional neural networks (CNN) and long short-term memory (LSTM) to build an energy-aware, anomaly-based IDS. We test this system on a recent dataset, focusing on reducing overhead while maintaining high accuracy and a low false alarm rate. We compare CICIoT2023, KDD-99 and NSL-KDD datasets to evaluate the performance of the proposed IDS model based on key metrics, including latency, energy consumption, false alarm rate and detection rate metrics. Our findings show an accuracy rate over 92% and a false alarm rate below 0.38%. These results demonstrate that our system provides strong security without excessive resource use. The practicality of deploying IDS with limited resources is demonstrated by the successful implementation of IDS functionality on a Raspberry Pi acting as a Fog node. The proposed lightweight model, with a maximum power consumption of 6.12 W, demonstrates its potential to operate effectively on energy-limited devices such as low-power fog nodes or edge devices. We prioritize energy efficiency while maintaining high accuracy, distinguishing our scheme from existing approaches. Extensive experiments demonstrate a significant reduction in false positives, ensuring accurate identification of genuine security threats while minimizing unnecessary alerts. [ABSTRACT FROM AUTHOR]

Published

2024

35. Network Intrusion Detection Method Based on Improved Multi-factorial Optimization Bat Algorithm.

Author

ZHANG Zhen, ZHANG Siyuan, and TIAN Hongpeng

Abstract

In addressing the challenge of diminished intrusion detection accuracy resulting from the abundance of redundant and irrelevant features in high-dimensional network data, an improved multi-factorial optimization bat algorithm (IMFBA) was introduced for precise data feature selection, with the ultimate goal of improving network intrusion detection accuracy. Within the multi-factorial optimization framework, global and local feature selection tasks were formulated. Information exchange between these tasks was facilitated by selection and vertical cultural transmission operators, strategically designed based on the bat algorithm. The global feature selection task was accelerated in identifying optimal solution spaces, thereby enhancing the algorithm's convergence speed and stability. By incorporating the reverse learning strategy and differential evolution into the bat algorithm, the initial solution selection stage and individual updating process were refined to address the absence of a mutation mechanism, fostering solution diversity and aiding the algorithm in escaping local optima. An adaptive parameter adjustment strategy was introduced, determining weightings for guiding individual updates based on potential optimal solution quality. This could mitigate the risk of knowledge negative transfer during multi-task feature selection, achieving a balance between global exploration and local exploitation. The feature subsets selected by IMFBA demonstrate classification accuracy of 95.37% and 85.14% on the KDD CUP 99 and NSL-KDD intrusion detection datasets, respectively. This reflected increased by 3.01 percentage points and 9.78 percentage points compared to the complete dataset. Experiment results confirm the efficacy of EMFBA in selecting higher-quality feature subsets and, consequently, enhancing network intrusion detection accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

36. Intrusion detection system for cloud environment based on convolutional neural networks and PSO algorithm.

Author

Rosline, Gnanam Jeba and Rani, Pushpa

Subjects

CONVOLUTIONAL neural networks, PARTICLE swarm optimization, DEEP learning, COMPUTER network security, DATA security failures, INTRUSION detection systems (Computer security)

Abstract

Authentication of clients and their applications to cloud services is a major concern. Network security and the identification of hostile activities are greatly aided by intrusion detection systems (IDS). In general, optimisation strategies can be applied to improve IDS model performance. Convolutional neural networks (CNN) and other deep learning (DL) algorithms is utilised to enhance IDS’s capability to identify and categories intrusions. IDSs can identify prior attacks, adapt to changing threats, and minimise false positives by utilising these strategies. In this work, a lightweight CNN is proposed for intrusion detection in cloud environment. The main contribution of this research is to use particle swarm optimization (PSO), ametaheuristic algorithm to find the CNNs optimal parameters that comprise the number of convolutional layers, the size of the filter utilized in the convolutional procedure, the number of convolutional filters, and the batch size. Heuristicbased searches are useful for solving these kinds of problems. The experimental outcomes demonstrate that the proposed method reaches 91.70% of accuracy, 91.82% of precision, 91.99% of recall and 91.90% of F1-score. Cloud providers can gain from improved security measures by incorporating the proposed IDS paradigm into cloud settings, thereby minimizing unauthorized access and any data breaches. [ABSTRACT FROM AUTHOR]

Published

2024

37. A Complete EDA and DL Pipeline for Softwarized 5G Network Intrusion Detection.

Author

Moubayed, Abdallah

Subjects

WIRELESS Internet, 5G networks, DEEP learning, MACHINE learning, INTRUSION detection systems (Computer security), DATA analysis

Abstract

The rise of 5G networks is driven by increasing deployments of IoT devices and expanding mobile and fixed broadband subscriptions. Concurrently, the deployment of 5G networks has led to a surge in network-related attacks, due to expanded attack surfaces. Machine learning (ML), particularly deep learning (DL), has emerged as a promising tool for addressing these security challenges in 5G networks. To that end, this work proposed an exploratory data analysis (EDA) and DL-based framework designed for 5G network intrusion detection. The approach aimed to better understand dataset characteristics, implement a DL-based detection pipeline, and evaluate its performance against existing methodologies. Experimental results using the 5G-NIDD dataset showed that the proposed DL-based models had extremely high intrusion detection and attack identification capabilities (above 99.5% and outperforming other models from the literature), while having a reasonable prediction time. This highlights their effectiveness and efficiency for such tasks in softwarized 5G environments. [ABSTRACT FROM AUTHOR]

Published

2024

38. Attention-Driven Transfer Learning Model for Improved IoT Intrusion Detection.

Author

Abdelhamid, Salma, Hegazy, Islam, Aref, Mostafa, and Roushdy, Mohamed

Subjects

IMAGE analysis, DATA security failures, DEEP learning, INTERNET of things, DATA distribution

Abstract

The proliferation of Internet of Things (IoT) devices has become inevitable in contemporary life, significantly affecting myriad applications. Nevertheless, the pervasive use of heterogeneous IoT gadgets introduces vulnerabilities to malicious cyber-attacks, resulting in data breaches that jeopardize the network's integrity and resilience. This study proposes an Intrusion Detection System (IDS) for IoT environments that leverages Transfer Learning (TL) and the Convolutional Block Attention Module (CBAM). We extensively evaluate four prominent pre-trained models, each integrated with an independent CBAM at the uppermost layer. Our methodology is validated using the BoT-IoT dataset, which undergoes preprocessing to rectify the imbalanced data distribution, eliminate redundancy, and reduce dimensionality. Subsequently, the tabular dataset is transformed into RGB images to enhance the interpretation of complex patterns. Our evaluation results demonstrate that integrating TL models with the CBAM significantly improves classification accuracy and reduces false-positive rates. Additionally, to further enhance the system performance, we employ an Ensemble Learning (EL) technique to aggregate predictions from the two best-performing models. The final findings prove that our TL-CBAM-EL model achieves superior performance, attaining an accuracy of 99.93% as well as high recall, precision, and F1-score. Henceforth, the proposed IDS is a robust and efficient solution for securing IoT networks. [ABSTRACT FROM AUTHOR]

Published

2024

39. HIDE-6G: Advanced Intrusion Detection System for Secure 6G Network using Deep Learning.

Author

Hema, Mamidipaka, R., Gurunadha, A., Neelima, N., Muthukumaran, A., Geetha, and S., Manjula

Subjects

OPTIMIZATION algorithms, DEEP learning, CAPSULE neural networks, PRINCIPAL components analysis, FEATURE selection, INTRUSION detection systems (Computer security)

Abstract

Sixth-generation (6G) wireless networks are anticipated to undergo trials and installations as early as 2030, offering unprecedented capacity, dependability, and efficiency. However, attention is shifting towards the development of 6G networks to meet the demands of emerging applications. The transition to 6G brings new challenges, particularly in the realm of intrusion detection, where the sophistication of attacks necessitates advanced security solutions. To eliminate this challenge, a novel Hybrid Intrusion DEtection system for the 6G network (HIDE-6G) has been proposed to detect intrusion in the 6G network. The proposed method leverages advanced techniques such as Principal Component Analysis (PCA) for dimensionality reduction, a Spotted Hyena Optimization Algorithm for feature selection, and a Capsule Network-based Deep Autoencoder (CapsDA) for effective anomaly detection. The performance of the HIDE-6G is estimated using the NSL-KDD and CICIDS 2019 datasets, demonstrating superior results compared to existing techniques such as AD6GN, IDSoft, and LA-HLRW. According to the comparison analysis, the proposed HIDE-6G technique's detection rate is 6.10%, 22.27%, and 20.7% greater than the existing HADES-IoT, H3SC-DLIDS, and F-BIDS techniques respectively. [ABSTRACT FROM AUTHOR]

Published

2024

40. A Bibliometric Review of Intrusion Detection Research in IoT: Evolution, Collaboration, and Emerging Trends.

Author

Goranin, Nikolaj, Hora, Simran Kaur, and Čenys, Habil Antanas

Subjects

BIBLIOMETRICS, CITATION analysis, INTERNET of things, MACHINE learning, SECURITY systems, INTRUSION detection systems (Computer security)

Abstract

As the IoT market continues to rapidly expand, ensuring the security of IoT systems becomes increasingly critical. This paper aims to identify emerging trends and technologies in IoT intrusion detection. A bibliometric analysis of research trends in IoT intrusion detection, leveraging data from the Web of Science (WoS) repository, is conducted to understand the landscape of publications in this field. The analysis reveals a significant increase in publications on intrusion detection in IoT, indicating growing research interest. Research articles are the leading category of publications, and the analysis also highlights the collaborative linkages among authors, institutions, and nations. Co-occurrence analysis and citation analysis provide insights into the relationships among keywords and the impact of publications. The study also identifies keyword and publication citation burst detection, with recommendations for future research focusing on advanced machine learning techniques to enhance intrusion/anomaly detection. This comprehensive analysis offers valuable guidance for diverse and extensive applications in IoT intrusion detection. [ABSTRACT FROM AUTHOR]

Published

2024

41. Comparative Analysis of Deep Convolutional Neural Network—Bidirectional Long Short-Term Memory and Machine Learning Methods in Intrusion Detection Systems.

Author

Udurume, Miracle, Shakhov, Vladimir, and Koo, Insoo

Subjects

MACHINE learning, CONVOLUTIONAL neural networks, COMPUTER network traffic, COMPUTER network security, SUPPORT vector machines, INTRUSION detection systems (Computer security), DEEP learning

Abstract

Particularly in Internet of Things (IoT) scenarios, the rapid growth and diversity of network traffic pose a growing challenge to network intrusion detection systems (NIDs). In this work, we perform a comparative analysis of lightweight machine learning models, such as logistic regression (LR) and k-nearest neighbors (KNNs), alongside other machine learning models, such as decision trees (DTs), support vector machines (SVMs), multilayer perceptron (MLP), and random forests (RFs) with deep learning architectures, specifically a convolutional neural network (CNN) coupled with bidirectional long short-term memory (BiLSTM), for intrusion detection. We assess these models' scalability, performance, and robustness using the NSL-KDD and UNSW-NB15 benchmark datasets. We evaluate important metrics, such as accuracy, precision, recall, F1-score, and false alarm rate, to offer insights into the effectiveness of each model in securing network systems within IoT deployments. Notably, the study emphasizes the utilization of lightweight machine learning models, highlighting their efficiency in achieving high detection accuracy while maintaining lower computational costs. Furthermore, standard deviation metrics have been incorporated into the accuracy evaluations, enhancing the reliability and comprehensiveness of our results. Using the CNN-BiLSTM model, we achieved noteworthy accuracies of 99.89% and 98.95% on the NSL-KDD and UNSW-NB15 datasets, respectively. However, the CNN-BiLSTM model outperforms lightweight traditional machine learning methods by a margin ranging from 1.5% to 3.5%. This study contributes to the ongoing efforts to enhance network security in IoT scenarios by exploring a trade-off between traditional machine learning and deep learning techniques. [ABSTRACT FROM AUTHOR]

Published

2024

42. Advancing cybersecurity: a comprehensive review of AI-driven detection techniques.

Author

Salem, Aya H., Azzam, Safaa M., Emam, O. E., and Abohany, Amr A.

Subjects

CYBERTERRORISM, METAHEURISTIC algorithms, ARTIFICIAL intelligence, MACHINE learning, CYBER intelligence (Computer security)

Abstract

As the number and cleverness of cyber-attacks keep increasing rapidly, it's more important than ever to have good ways to detect and prevent them. Recognizing cyber threats quickly and accurately is crucial because they can cause severe damage to individuals and businesses. This paper takes a close look at how we can use artificial intelligence (AI), including machine learning (ML) and deep learning (DL), alongside metaheuristic algorithms to detect cyber-attacks better. We've thoroughly examined over sixty recent studies to measure how effective these AI tools are at identifying and fighting a wide range of cyber threats. Our research includes a diverse array of cyberattacks such as malware attacks, network intrusions, spam, and others, showing that ML and DL methods, together with metaheuristic algorithms, significantly improve how well we can find and respond to cyber threats. We compare these AI methods to find out what they're good at and where they could improve, especially as we face new and changing cyber-attacks. This paper presents a straightforward framework for assessing AI Methods in cyber threat detection. Given the increasing complexity of cyber threats, enhancing AI methods and regularly ensuring strong protection is critical. We evaluate the effectiveness and the limitations of current ML and DL proposed models, in addition to the metaheuristic algorithms. Recognizing these limitations is vital for guiding future enhancements. We're pushing for smart and flexible solutions that can adapt to new challenges. The findings from our research suggest that the future of protecting against cyber-attacks will rely on continuously updating AI methods to stay ahead of hackers' latest tricks. [ABSTRACT FROM AUTHOR]

Published

2024

43. An online intrusion detection method for industrial control systems based on extended belief rule base.

Author

Qian, Guangyu, Li, Jinyuan, He, Wei, Zhang, Wei, and Cao, You

Subjects

*INDUSTRIAL controls manufacturing, *INFORMATION storage & retrieval systems

Abstract

Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model's adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments. [ABSTRACT FROM AUTHOR]

Published

2024

44. Optimized common features selection and deep-autoencoder (OCFSDA) for lightweight intrusion detection in Internet of things.

Author

Otokwala, Uneneibotejit, Petrovski, Andrei, and Kalutarage, Harsha

Subjects

*FEATURE selection, *INTRUSION detection systems (Computer security), *INTERNET of things, *INFRASTRUCTURE (Economics), *COST control, *TIME management

Abstract

Embedded systems, including the Internet of things (IoT), play a crucial role in the functioning of critical infrastructure. However, these devices face significant challenges such as memory footprint, technical challenges, privacy concerns, performance trade-offs and vulnerability to cyber-attacks. One approach to address these concerns is minimising computational overhead and adopting lightweight intrusion detection techniques. In this study, we propose a highly efficient model called optimized common features selection and deep-autoencoder (OCFSDA) for lightweight intrusion detection in IoT environments. The proposed OCFSDA model incorporates feature selection, data compression, pruning, and deparameterization. We deployed the model on a Raspberry Pi4 using the TFLite interpreter by leveraging optimisation and inferencing with semi-supervised learning. Using the MQTT-IoT-IDS2020 and CIC-IDS2017 datasets, our experimental results demonstrate a remarkable reduction in the computation cost in terms of time and memory use. Notably, the model achieved an overall average accuracies of 99% and 97%, along with comparable performance on other important metrics such as precision, recall, and F1-score. Moreover, the model accomplished the classification tasks within 0.30 and 0.12 s using only 2KB of memory. [ABSTRACT FROM AUTHOR]

Published

2024

45. 网络安全态势预测技术研究综述.

Author

卢臻阳

Subjects

*SUPPORT vector machines, *SITUATIONAL awareness, *PREDICTION models, *INFORMATION technology security, *TIME series analysis

Abstract

In order to further reduce the probability of multiple networks being attacked, different types of network security situation prediction models have received widespread attention and in depth research from scholars both domestically and internationally. With the rapid development of situational awareness modeling technology, various novel technical solutions such as neural networks, time series, and support vector machines have been introduced into the prediction model of network security situations, deeply optimizing and improving the means and methods of situational prediction models, thereby further improving the accuracy of situational prediction models. This study reviews and sorts out the research history and development process of network security situation prediction technology, elaborates on the main principles and current development status of situation prediction models, analyzes the shortcomings and deficiencies of current technical solutions, and points out the future research directions of network security situation prediction model technology. [ABSTRACT FROM AUTHOR]

Published

2024

46. Effective ensemble based intrusion detection and energy efficient load balancing using sunflower optimization in distributed wireless sensor network.

Author

Prasanth, V. S., Mary Posonia, A., and Parveen Akhther, A.

Abstract

Wireless sensor networks (WSNs) play a very important role in providing real-time data access for big data and internet of things applications. Despite this, WSNs’ open deployment makes them highly susceptible to various malicious attacks, energy constraints, and decentralized governance. For mission-critical applications in WSNs, it is crucial to identify rogue sensor devices and remove the sensed data they contain. The resource-constrained nature of sensor devices prevents the direct application of standard cryptography and authentication techniques in WSNs. Low latency and energy-efficient methods are therefore needed. An efficient and safe routing system is created in this study. Initially the outliers are detected from deployed nodes using stacking based ensemble learning approach. Deep neural network (DNN) and long short term memory (LSTM) are two different basic classifiers and multilayer perceptron (MLP) is utilized as a Meta classifier in the ensemble method. The normal nodes are considered for further process. Then, distance, density and residual energy based cluster head selection and cluster formations are done. Sunflower optimization algorithm (SOA) is employed in this approach for routing purpose to improve energy efficiency and load balancing. Superior transmission routing can potentially obtained by taking the shortest way. This proposed method achieves 95% accuracy for the intrusion detection phase and 92% is the packet delivery ratio for energy efficient routing. Consequently, the proposed method is the most effective option for load balancing with intrusion detection. [ABSTRACT FROM AUTHOR]

Published

2024

47. Detecting the penetration of malicious behavior in big data using hybrid algorithms.

Author

Wang, Yue and Shi, Yan

Abstract

Information security must be maintained because the amount of data in the world today is growing exponentially. The issues related to security are growing as big data usage increases. Finding ways to identify intrusions into networks and information systems is one of the major issues in this subject. It is imperative and important to enhance intrusion detection skills in order to address malevolent behavior in large data. This paper presents a scalable approach to harmful data detection. Three variables have been considered in this strategy and model: scalability, user review, and temporal progress. High volumes of data can be processed using this technology. Time is split into time periods for data training in this system, and each time interval uses users' review information to train the data. Large volumes of data require sophisticated strategies to handle, and scalability in storage allows for faster processing and fewer computations. This approach is a kind of hardware–software hybrid solution for malware detection. A fresh approach to feature extraction has also been applied. In the suggested method, the bacteria algorithm in conjunction with the immune system algorithm has been utilized for the prediction operation, and the modified support vector machine algorithm and optical density have been utilized for classification. Based on the findings, the suggested combination algorithm outperforms other comparable techniques with a 21% detection rate, a 62% false alarm rate, a 15% accuracy rate, and a 73% training duration. [ABSTRACT FROM AUTHOR]

Published

2024

48. A Comprehensive Survey on Advanced Persistent Threat (APT) Detection Techniques.

Author

Krishnapriya, Singamaneni and Singh, Sukhvinder

Subjects

CYBERTERRORISM, KILL chain (Military science), GOAL (Psychology), INTERNET security, CORPORATION reports

Abstract

The increase in number of people using the Internet leads to increased cyberattack opportunities. Advanced Persistent Threats, or APTs, are among the most dangerous targeted cyberattacks. APT attacks utilize various advanced tools and techniques for attacking targets with specific goals. Even countries with advanced technologies, like the US, Russia, the UK, and India, are susceptible to this targeted attack. APT is a sophisticated attack that involves multiple stages and specific strategies. Besides, TTP (Tools, Techniques, and Procedures) involved in the APT attack are commonly new and developed by an attacker to evade the security system. However, APTs are generally implemented in multiple stages. If one of the stages is detected, we may apply a defense mechanism for subsequent stages, leading to the entire APT attack failure. The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges. This survey paper will provide knowledge about APT attacks and their essential steps. This follows the case study of known APT attacks, which will give clear information about the APT attack process—in later sections, highlighting the various detection methods defined by different researchers along with the limitations of the work. Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack. [ABSTRACT FROM AUTHOR]

Published

2024

49. Identifying malicious traffic under concept drift based on intraclass consistency enhanced variational autoencoder.

Author

Luo, Xiang, Liu, Chang, Gou, Gaopeng, Xiong, Gang, Li, Zhen, and Fang, Binxing

Abstract

Accurate identification of malicious traffic is crucial for implementing effective defense counter-measures and has led to extensive research efforts. However, the continuously evolving techniques employed by adversaries have introduced the issues of concept drift, which significantly affects the performance of existing methods. To tackle this challenge, some researchers have focused on improving the separability of malicious traffic representation and designing drift detectors to reduce the number of false positives. Nevertheless, these methods often overlook the importance of enhancing the generalization and intraclass consistency in the representation. Additionally, the detectors are not sufficiently sensitive to the variations among different malicious traffic classes, which results in poor performance and limited robustness. In this paper, we propose intraclass consistency enhanced variational autoencoder with Class-Perception detector (ICE-CP) to identify malicious traffic under concept drift. It comprises two key modules during training: intraclass consistency enhanced (ICE) representation learning and Class-Perception (CP) detector construction. In the first module, we employ a variational autoencoder (VAE) in conjunction with Kullback-Leibler (KL)-divergence and cross-entropy loss to model the distribution of each input malicious traffic flow. This approach simultaneously enhances the generalization, interclass consistency, and intraclass differences in the learned representation. Consequently, we obtain a compact representation and a trained classifier for non-drifting malicious traffic. In the second module, we design the CP detector, which generates a centroid and threshold for each malicious traffic class separately based on the learned representation, depicting the boundaries between drifting and non-drifting malicious traffic. During testing, we utilize the trained classifier to predict malicious traffic classes for the testing samples. Then, we use the CP detector to detect the potential drifting samples using the centroid and threshold defined for each class. We evaluate ICE-CP and some advanced methods on various real-world malicious traffic datasets. The results show that our method outperforms others in identifying malicious traffic and detecting potential drifting samples, demonstrating outstanding robustness among different concept drift settings. [ABSTRACT FROM AUTHOR]

Published

2024

50. An Iron Oxide and Polyaniline Composite-Based Triboelectric Nanogenerator for Intrusion Detection Sensor.

Author

Kim, Inkyum, Park, Jihyeon, Chun, Seungwoo, Yun, Jonghyeon, Lee, Minwoo, Goh, Tae Sik, Park, Wook, Choi, Hyuk Jin, and Kim, Daewon

Subjects

KELVIN probe force microscopy, NANOGENERATORS, MAGNETIC flux density, PHYSICAL & theoretical chemistry, FERRIC oxide, TRIBOELECTRICITY

Abstract

An increase in the number of small electronics is anticipated, requiring the preparation of an adequate powering method. A triboelectric nanogenerator, capable of scavenging ambient mechanical energy, is proposed as an efficient means to reduce power consumption for self-sustainable sensors, although its electrical output needs enhancement to broaden its technological applicability. In this work, a magnetic composite comprising iron oxide and polyaniline was synthesized to augment triboelectricity through the modulation of magnetic field intensity using physical chemistry. The crystallinity of the composite, chemical bonding, and structure of the surface are analyzed. The surface potential of the composite, embedded into polydimethylsiloxane, is quantitatively evaluated by using Kelvin probe force microscopy. By amalgamating magnetic flux density and triboelectric outputs, the optimization of the triboelectric layer is achieved, yielding output values of 93.86 V, 6.9 µA, and 127.5 µW. Following a reduction in surface adhesion after the powder coating process, a wind-based triboelectric nanogenerator is fabricated. Its excellent sensitivity to wind and exceptional long-term endurance are assessed, confirming its suitability as a sensor. The practicality of employing this device in intrusion detection, leveraging a wireless door-opening sensor, is demonstrated using synthesized composite materials. [ABSTRACT FROM AUTHOR]

Published

2024