Search Results (161)

Recent advancements across various sectors have resulted in a significant increase in the utilization of smart gadgets. This augmentation has resulted in an expansion of the network and the devices linked to it. Nevertheless, the development of the network has concurrently resulted in a rise in policy infractions impacting information security. Finding intruders immediately is a critical component of maintaining network security. The intrusion detection system is useful for network security because it can quickly identify threats and give alarms. In this paper, a new approach for network intrusion detection was proposed. Combining the results of machine learning models like the random forest, decision tree, k-nearest neighbors, and XGBoost with logistic regression as a meta-model is what this method is based on. For the feature selection technique, the proposed approach creates an advanced method that combines the correlation-based feature selection with an embedded technique based on XGBoost. For handling the challenge of an imbalanced dataset, a SMOTE-TOMEK technique is used. The suggested algorithm is tested on the NSL-KDD and CIC-IDS datasets. It shows a high performance with an accuracy of 99.99% for both datasets. These results prove the effectiveness of the proposed approach. Full article

Network intrusion detection systems can identify intrusion behavior in a network by analyzing network traffic data. It is challenging to detect a very small proportion of intrusion data from massive network traffic and identify the attack class in intrusion detection tasks. Many existing intrusion detection studies often fail to fully extract the spatial features of network traffic and make reasonable use of temporal features. In this paper, we propose ADFCNN-BiLSTM, a novel deep neural network for network intrusion detection. ADFCNN-BiLSTM uses deformable convolution and an attention mechanism to adaptively extract the spatial features of network traffic data, and it pays attention to the important features from both channel and spatial perspectives. It uses BiLSTM to mine the temporal features from the traffic data and employs the multi-head attention mechanism to allow the network to focus on the time-series information related to suspicious traffic. In addition, ADFCNN-BiLSTM addresses the issue of class imbalance during the training process at both the data level and algorithm level. We evaluated the proposed ADFCNN-BiLSTM on three standard datasets, i.e., NSL-KDD, UNSW-NB15, and CICDDoS2019. The experimental results show that ADFCNN-BiLSTM outperforms the state-of-the-art model in terms of accuracy, detection rate, and false-positive rate. Full article

The implementation of comprehensive security measures is a critical factor in the rapid growth of industrial control networks. Federated Learning has emerged as a viable solution for safeguarding privacy in machine learning. The effectiveness of pattern detection in models is diminished as a result of the difficulty in extracting attack information from extremely large datasets and obtaining an adequate number of examples for specific types of attacks. A robust Federated Learning method, CGFL, is introduced in this study to resolve the challenges presented by data distribution discrepancies and client class imbalance. By employing a data generation strategy to generate balanced datasets for each client, CGFL enhances the global model. It employs a data generator that integrates artificially generated data with the existing data from local clients by employing label correction and data generation techniques. The geometric median aggregation technique was implemented to enhance the security of the aggregation process. The model was simulated and evaluated using the CIC-IDS2017 dataset, NSL-KDD dataset, and CSE-CIC-IDS2018 dataset. The experimental results indicate that CGFL does an effective job of enhancing the accuracy of ICS attack detection in Federated Learning under imbalanced sample conditions. Full article

The increase in cybersecurity threats has made attack detection systems critically important. Traditional deep learning methods often require large amounts of data and struggle to understand relationships between features effectively. With their self-attention mechanism, Transformers excel in modeling complex relationships and long-term dependencies. They are also adaptable to various data types and sources, making them advantageous in large-scale attack detection scenarios. This paper introduces the FPE–Transformer framework, leveraging the strengths of the Transformer architecture. FPE–Transformer incorporates an innovative feature positional encoding mechanism that encodes the positional information of each feature separately, enabling a deeper understanding of feature relationships and more precise attack detection. Additionally, the model includes a ClassificationHead for enhanced accuracy and complex pattern recognition. The framework’s performance was validated using the NSL-KDD and CIC-IDS2017 datasets, demonstrating its superiority over traditional methods in detecting diverse attack types and improving overall performance. This study highlights FPE–Transformer’s innovative approach and ability to address key limitations of traditional deep learning methods, establishing it as a robust solution for modern attack detection challenges. Full article

Network intrusion detection models are vital techniques for ensuring cybersecurity. However, existing models face several challenges, such as insufficient feature extraction capabilities, dataset imbalance, and suboptimal detection accuracy. In this paper, a new type of model (ResIncepNet-SA) based on InceptionNet, Resnet, and convolutional neural networks with a self-attention mechanism was proposed to detect network intrusions. The model used the PCA-ADASYN algorithm to compress network traffic features, extract high-correlation feature datasets, and oversample and balance the feature datasets to classify abnormal network traffic. The experimental results show that the accuracy, precision, recall, and F1-score of the proposed ResIncepNet-SA model using the NSL-KDD dataset reach 0.99366, 0.99343, 0.99339, and 0.99338, respectively. This model enhances the accuracy of abnormal network traffic detection and outperforms existing models when applied to imbalanced datasets, offering a new solution for network traffic intrusion detection. Full article

Intrusion detection has been a vast-surveyed topic for many decades as network attacks are tremendously growing. This has heightened the need for security in networks as web-based communication systems are advanced nowadays. The proposed work introduces an intelligent semi-supervised intrusion detection system based on different algorithms to classify the network attacks accurately. Initially, the pre-processing is accomplished using null value dropping and standard scaler normalization. After pre-processing, an enhanced Deep Reinforcement Learning (EDRL) model is employed to extract high-level representations and learn complex patterns from data by means of interaction with the environment. The enhancement of deep reinforcement learning is made by associating a deep autoencoder (AE) and an improved flamingo search algorithm (IFSA) to approximate the Q-function and optimal policy selection. After feature representations, a support vector machine (SVM) classifier, which discriminates the input into normal and attack instances, is employed for classification. The presented model is simulated in the Python platform and evaluated using the UNSW-NB15, CICIDS2017, and NSL-KDD datasets. The overall classification accuracy is 99.6%, 99.93%, and 99.42% using UNSW-NB15, CICIDS2017, and NSL-KDD datasets, which is higher than the existing detection frameworks. Full article

In light of the escalating complexity of the cyber threat environment, the role of Collaborative Intrusion Detection Systems (CIDSs) in reinforcing contemporary cybersecurity defenses is becoming ever more critical. This paper presents a Blockchain-based Collaborative Intrusion Detection Framework (BCIDF), an innovative methodology aimed at enhancing the efficacy of threat detection and information dissemination. To address the issue of alert collisions during data exchange, an Alternating Random Assignment Selection Mechanism (ARASM) is proposed. This mechanism aims to optimize the selection process of domain leader nodes, thereby partitioning traffic and reducing the size of conflict domains. Unlike conventional CIDS approaches that typically rely on independent node-level detection, our framework incorporates a Weighted Random Forest (WRF) ensemble learning algorithm, enabling collaborative detection among nodes and significantly boosting the system’s overall detection capability. The viability of the BCIDF framework has been rigorously assessed through extensive experimentation utilizing the NSL-KDD dataset. The empirical findings indicate that BCIDF outperforms traditional intrusion detection systems in terms of detection precision, offering a robust and highly effective solution within the realm of cybersecurity. Full article

With the rapid proliferation of the Internet, network security issues that threaten users have become increasingly severe, despite the widespread benefits of Internet access. Most existing intrusion detection systems (IDS) suffer from suboptimal performance due to data imbalance and feature redundancy, while also facing high computational complexity in areas such as feature selection and optimization. To address these challenges, this study proposes a novel network intrusion detection method based on an improved binary simulated annealing algorithm (IBSA) and TPE-FL-LightGBM. First, by integrating Focal Loss into the loss function of the LightGBM classifier, we introduce cost-sensitive learning, which effectively mitigates the impact of class imbalance on model performance and enhances the model’s ability to learn difficult-to-classify samples. Next, significant improvements are made to the simulated annealing algorithm, including adaptive adjustments of the initial temperature and Metropolis criterion, the incorporation of multi-neighborhood search strategies, and the integration of an S-shaped transfer function. These improvements enable the IBSA method to achieve efficient optimal feature selection with fewer iterations. Finally, the Tree-structured Parzen Estimator (TPE) algorithm is employed to optimize the structure of the FL-LightGBM classifier, further enhancing its performance. Through comprehensive visual analysis, ablation studies, and comparative experiments on the NSL-KDD and UNSW-NB15 datasets, the reliability of the proposed network intrusion detection method is validated. Full article

Network Intrusion Detection Systems (NIDSs) are vital for safeguarding Internet of Things (IoT) networks from malicious attacks. Modern NIDSs utilize Machine Learning (ML) techniques to combat evolving threats. This study systematically examined adversarial attacks originating from the image domain against ML-based NIDSs, while incorporating a diverse selection of ML models. Specifically, we evaluated both white-box and black-box attacks on nine commonly used ML-based NIDS models. We analyzed the Projected Gradient Descent (PGD) attack, which uses gradient descent on input features, transfer attacks, the score-based Zeroth-Order Optimization (ZOO) attack, and two decision-based attacks: Boundary and HopSkipJump. Using the NSL-KDD dataset, we assessed the accuracy of the ML models under attack and the success rate of the adversarial attacks. Our findings revealed that the black-box decision-based attacks were highly effective against most of the ML models, achieving an attack success rate exceeding 86% across eight models. Additionally, while the Logistic Regression and Multilayer Perceptron models were highly susceptible to all the attacks studied, the instance-based ML models, such as KNN and Label Spreading, exhibited resistance to these attacks. These insights will contribute to the development of more robust NIDSs against adversarial attacks in IoT environments. Full article

The rapid growth of data streams, propelled by the proliferation of sensors and Internet of Things (IoT) devices, presents significant challenges for real-time clustering of high-dimensional data. Traditional clustering algorithms struggle with high dimensionality, memory and time constraints, and adapting to dynamically evolving data. Existing dimensionality reduction methods often neglect feature ranking, leading to suboptimal clustering performance. To address these issues, we introduce E-Stream, a novel entropy-based clustering algorithm for high-dimensional data streams. E-Stream performs real-time feature ranking based on entropy within a sliding time window to identify the most informative features, which are then utilized with the DenStream algorithm for efficient clustering. We evaluated E-Stream using the NSL-KDD dataset, comparing it against DenStream, CluStream, and MR-Stream. The evaluation metrics included the average F-Measure, Jaccard Index, Fowlkes–Mallows Index, Purity, and Rand Index. The results show that E-Stream outperformed the baseline algorithms in both clustering accuracy and computational efficiency while effectively reducing dimensionality. E-Stream also demonstrated significantly less memory consumption and fewer computational requirements, highlighting its suitability for real-time processing of high-dimensional data streams. Despite its strengths, E-Stream requires manual parameter adjustment and assumes a consistent number of active features, which may limit its adaptability to diverse datasets. Future work will focus on developing a fully autonomous, parameter-free version of the algorithm, incorporating mechanisms to handle missing features and improving the management of evolving clusters to enhance robustness and adaptability in dynamic IoT environments. Full article

The number of connected IoT devices is increasing significantly due to their many benefits, including automation, improved efficiency and quality of life, and reducing waste. However, these devices have several vulnerabilities that have led to the rapid growth in the number of attacks. Therefore, several machine learning-based intrusion detection system (IDS) tools have been developed to detect intrusions and suspicious activity to and from a host (HIDS—Host IDS) or, in general, within the traffic of a network (NIDS—Network IDS). The proposed work performs a comparative analysis and an ablative study among recent machine learning-based NIDSs to develop a benchmark of the different proposed strategies. The proposed work compares both shallow learning algorithms, such as decision trees, random forests, Naïve Bayes, logistic regression, XGBoost, and support vector machines, and deep learning algorithms, such as DNNs, CNNs, and LSTM, whose approach is relatively new in the literature. Also, the ensembles are tested. The algorithms are evaluated on the KDD-99, NSL-KDD, UNSW-NB15, IoT-23, and UNB-CIC IoT 2023 datasets. The results show that the NIDS tools based on deep learning approaches achieve better performance in detecting network anomalies than shallow learning approaches, and ensembles outperform all the other models. Full article

In the face of constantly changing cyber threats, a variety of actions, tools, and regulations must be considered to safeguard information assets and guarantee the confidentiality, reliability, and availability of digital resources. The purpose of this research is to create an artificial intelligence (AI)-driven system to enhance sustainability for cyber threat detection in Internet of Things (IoT) environments. This study proposes a modern technique named Artificial Fish Swarm-driven Weight-normalized Adaboost (AF-WAdaBoost) for optimizing accuracy and sustainability in identifying attacks, thus contributing to heightening security in IoT environments. CICIDS2017, NSL-KDD, and UNSW-NB15 were used in this study. Min-max normalization is employed to pre-process the obtained raw information. The proposed model AF-WAdaBoost dynamically adjusts classifiers, enhancing accuracy and resilience against evolving threats. Python is used for model implementation. The effectiveness of the suggested AF-WAdaBoost model in identifying different kinds of cyber-threats in IoT systems is examined through evaluation metrics like accuracy (98.69%), F-measure (94.86%), and precision (95.72%). The experimental results unequivocally demonstrate that the recommended model performed better than other traditional approaches, showing essential enhancements in accuracy and strength, particularly in a dynamic environment. Integrating AI-driven detection balances offers sustainability in cybersecurity, ensuring the confidentiality, reliability, and availability of information assets, and also helps in optimizing the accuracy of systems. Full article

Intrusion detection in network systems is a critical challenge due to the ever-increasing volume and complexity of cyber-attacks. Traditional methods often struggle with high-dimensional data and the need for real-time detection. This paper proposes a comprehensive intrusion detection method utilizing a novel wrapped feature selection approach combined with a long short-term memory classifier optimized with the whale optimization algorithm to address these challenges effectively. The proposed method introduces a novel feature selection technique using a multi-layer perceptron and a hybrid genetic algorithm-particle swarm optimization algorithm to select salient features from the input dataset, significantly reducing dimensionality while retaining critical information. The selected features are then used to train a long short-term memory network, optimized by the whale optimization algorithm to enhance its classification performance. The effectiveness of the proposed method is demonstrated through extensive simulations of intrusion detection tasks. The feature selection approach effectively reduced the feature set from 78 to 68 features, maintaining diversity and relevance. The proposed method achieved a remarkable accuracy of 99.62% in DDoS attack detection and 99.40% in FTP-Patator/SSH-Patator attack detection using the CICIDS-2017 dataset and an anomaly attack detection accuracy of 99.6% using the NSL-KDD dataset. These results highlight the potential of the proposed method in achieving high detection accuracy with reduced computational complexity, making it a viable solution for real-time intrusion detection. Full article

In recent years, with the development of the Internet of Things and distributed computing, the “server-edge device” architecture has been widely deployed. This study focuses on leveraging autoencoder technology to address the binary classification problem in network intrusion detection, aiming to develop a lightweight model suitable for edge devices. Traditional intrusion detection models face two main challenges when directly ported to edge devices: inadequate computational resources to support large-scale models and the need to improve the accuracy of simpler models. To tackle these issues, this research utilizes the Extreme Learning Machine for its efficient training speed and compact model size to implement autoencoders. Two improvements over the latest related work are proposed: First, to improve data purity and ultimately enhance detection performance, the data are partitioned into multiple regions based on the prediction results of these autoencoders. Second, autoencoder characteristics are leveraged to further investigate the data within each region. We used the public dataset NSL-KDD to test the behavior of the proposed mechanism. The experimental results show that when dealing with multi-class attacks, the model’s performance was significantly improved, and the accuracy and F1-Score were improved by 3.5% and 2.9%, respectively, maintaining its lightweight nature. Full article

In recent years, deep learning-based approaches, particularly those leveraging the Transformer architecture, have garnered widespread attention for network traffic anomaly detection. However, when dealing with noisy data sets, directly inputting network traffic sequences into Transformer networks often significantly degrades detection performance due to interference and noise across dimensions. In this paper, we propose a novel multi-channel network traffic anomaly detection model, MTC-Net, which reduces computational complexity and enhances the model’s ability to capture long-distance dependencies. This is achieved by decomposing network traffic sequences into multiple unidimensional time sequences and introducing a patch-based strategy that enables each sub-sequence to retain local semantic information. A backbone network combining Transformer and CNN is employed to capture complex patterns, with information from all channels being fused at the final classification header in order to achieve modelling and detection of complex network traffic patterns. The experimental results demonstrate that MTC-Net outperforms existing state-of-the-art methods in several evaluation metrics, including accuracy, precision, recall, and F1 score, on four publicly available data sets: KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017. Full article