ENHANCED CYBERATTACK DETECTION IN INTERNET OF VEHICLES USING DEEP RESIDUAL NEURAL NETWORKS

ABSTRACTWireless sensor network (WSN) contains the distributed autonomous devices with the sensing capability of physical and environmental conditions. During the clustering operation, the consumption of more energy causes the draining in battery power that leads to minimum network lifetime. Hence, the WSN devices are initially operated on low-power sleep mode to maximise the lifetime. But, the attacks arrival cause the disruption in low-power operating called denial of service (DoS) attacks. The conventional intrusion detection (ID) approaches such as rule-based and anomaly-based methods effectively detect the DoS attacks. But, the energy consumption and false detection rate are more. The absence of attack information and broadcast of its impact to the other cluster head (CH) leads to easy DoS attacks arrival. This article combines the isolation and routing tables to detect the attack in the specific cluster and broadcasts the information to other CH. The intercommunication between the CHs prevents the DoS attacks effectively. In addition, the swarm-based defence approach is proposed to migrate the fault channel to normal operating channel through frequency hop approaches. The comparative analysis between the proposed table-based intrusion detection systems (IDSs) and swarm-based defence approaches with the traditional IDS regarding the parameters of transmission overhead/efficiency, energy consumption, and false positive/negative rates proves the capability of DoS prediction/prevention in WSN.

It is increasingly difficult to identify complex cyberattacks in a wide range of industries, such as the Internet of Vehicles (IoV). The IoV is a network of vehicles that consists of sensors, actuators, network layers, and communication systems between vehicles. Communication plays an important role as an essential part of the IoV. Vehicles in a network share and deliver information based on several protocols. Due to wireless communication between vehicles, the whole network can be sensitive towards cyber-attacks.In these attacks, sensitive information can be shared with a malicious network or a bogus user, resulting in malicious attacks on the IoV. For the last few years, detecting attacks in the IoV has been a challenging task. It is becoming increasingly difficult for traditional Intrusion Detection Systems (IDS) to detect these newer, more sophisticated attacks, which employ unusual patterns. Attackers disguise themselves as typical users to evade detection. These problems can be solved using deep learning. Many machine-learning and deep-learning (DL) models have been implemented to detect malicious attacks; however, feature selection remains a core issue. Through the use of training empirical data, DL independently defines intrusion features. We built a DL-based intrusion model that focuses on Denial of Service (DoS) assaults in particular. We used K-Means clustering for feature scoring and ranking. After extracting the best features for anomaly detection, we applied a novel model, i.e., an Explainable Neural Network (xNN), to classify attacks in the CICIDS2019 dataset and UNSW-NB15 dataset separately. The model performed well regarding the precision, recall, F1 score, and accuracy. Comparatively, it can be seen that our proposed model xNN performed well after the feature-scoring technique. In dataset 1 (UNSW-NB15), xNN performed well, with the highest accuracy of 99.7%, while CNN scored 87%, LSTM scored 90%, and the Deep Neural Network (DNN) scored 92%. xNN achieved the highest accuracy of 99.3% while classifying attacks in the second dataset (CICIDS2019); the Convolutional Neural Network (CNN) achieved 87%, Long Short-Term Memory (LSTM) achieved 89%, and the DNN achieved 82%. The suggested solution outperformed the existing systems in terms of the detection and classification accuracy.

With the emergence of networked devices, from the Internet of Things (IoT) nodes and cellular phones to vehicles connected to the Internet, there has been an ever-growing expansion of attack surfaces in the Internet of Vehicles (IoV). In the past decade, there has been a rapid growth in the automotive industry as network-enabled and electronic devices are now integral parts of vehicular ecosystems. These include the development of automobile technologies, namely, Connected and Autonomous Vehicles (CAV) and electric vehicles. Attacks on IoV may lead to malfunctioning of Electronic Control Unit (ECU), brakes, control steering issues, and door lock issues that can be fatal in CAV. To mitigate these risks, there is need for a lightweight model to identify attacks on vehicular systems. In this article, an efficient model of an Intrusion Detection System (IDS) is developed to detect anomalies in the vehicular system. The dataset used in this study is an In-Vehicle Network (IVN) communication protocol, i.e., Control Area Network (CAN) dataset generated in a real-time environment. The model classifies different types of attacks on vehicles into reconnaissance, Denial of Service (DoS), and fuzzing attacks. Experimentation with performance metrics of accuracy, precision, recall, and F-1 score are compared across a variety of classification models. The results demonstrate that the proposed model outperforms other classification models.

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

Software Defined Networking (SDN) is new technology over the traditional networks. With the new framework design of SDN, security is a big challenge. Number of attacks can be possible in data plane and control plane in SDN. One of the preliminary attacks in SDN is Denial-of-Service (DoS) attack. Providing security to control plane using traditional intrusion detection system (IDS) to mitigate DoS attack is a challenge. DoS attack in SDN affects performance and behavior of network. Legitimate hosts are not able to communicate with server after creation of DoS attack. This paper aims to detect and mitigates DoS attack in SDN. For detection and mitigation of DoS attack we used two techniques-1) Rule based approach using Snort tool 2) Anomaly based approach using BRO tool. For DoS attack creation we employ Hping3 and Low Orbit Ion Cannon (LOIC) tools. We evaluate the performance of technique using parameters like packet loss, average time and round-trip time. Further work can be extended by reducing false positives and false negatives in IDS. False positives are false alarms generated on normal traffic. Which may help to improve the performance IDS.

The increasing complexity and scale of Internet of Vehicles (IoV) networks pose significant security challenges, necessitating the development of advanced intrusion detection systems (IDS). Traditional IDS approaches, such as rule-based and signature-based methods, are often inadequate in detecting novel and sophisticated attacks due to their limited adaptability and dependency on predefined patterns. To overcome these limitations, machine learning (ML) and deep learning (DL)-based IDS have been introduced, offering better generalization and the ability to learn from data. However, these models can still struggle with zero-day attacks, require large volumes of labeled data, and may be vulnerable to adversarial examples. In response to these challenges, Generative AI-based IDS—leveraging models such as Generative Adversarial Networks (GANs), Variational Autoencoders (VAEs), and Transformers—have emerged as promising solutions that offer enhanced adaptability, synthetic data generation for training, and improved detection capabilities for evolving threats. This survey provides an overview of IoV architecture, vulnerabilities, and classical IDS techniques while focusing on the growing role of Generative AI in strengthening IoV security. It discusses the current landscape, highlights the key challenges, and outlines future research directions aimed at building more resilient and intelligent IDS for the IoV ecosystem.

The Internet of Vehicles (IoV) presents complex cybersecurity challenges, particularly against Denial-of-Service (DoS) and spoofing attacks targeting the Controller Area Network (CAN) bus. This study leverages the CICIoV2024 dataset, comprising six distinct classes of benign traffic and various types of attacks, to evaluate advanced machine learning techniques for instrusion detection systems (IDS). The models XGBoost, Random Forest, AdaBoost, Extra Trees, Logistic Regression, and Deep Neural Network were tested under realistic, imbalanced data conditions, ensuring that the evaluation reflects real-world scenarios where benign traffic dominates. Using hyperparameter optimization with Optuna, we achieved significant improvements in detection accuracy and robustness. Ensemble methods such as XGBoost and Random Forest consistently demonstrated superior performance, achieving perfect accuracy and macro-average F1-scores, even when detecting minority attack classes, in contrast to previous results for the CICIoV2024 dataset. The integration of optimized hyperparameter tuning and a broader methodological scope culminated in an IDS framework capable of addressing diverse attack scenarios with exceptional precision.

Ad hoc networks are a new paradigm of wireless communication for mobile hosts. Security is an important issue for ad hoc networks, especially for those security-sensitive applications. The salient features of ad hoc networks pose both challenges and opportunities in achieving security goals. One such goal is to consider not only malicious attacks launched from outside a network, but also take into account the attacks from within the network by compromised nodes. Various ways are possible to overcome vulnerabilities in Wireless Ad hoc Networks from attacks and threats. One of the most widely used solution is designing an intrusion detection system (IDS) that suites the security needs and characteristics of ad hoc networks for effective and efficient performance against intrusions. This paper investigates the serious and harmful attack, "denial of service" (DoS) that exhibit in multiple forms across different layers of protocol stack. To defend against this attack, we propose a novel approach "cross layer based intrusion detection system"(CIDS) that performs accurate diagnosis of malicious attacks by analyzing the pattern of trace files, overcome the demerits such as false positives present in traditional IDS, thereby providing secure communication between nodes that communicate with each other to route the traffic from source to destination and also increase the efficiency of the network performance. The simulations conducted in ns2 and proved that our work achieved high performance with fewer overheads.

The Internet of Things (IoT) is omnipresent, exposing a large number of devices that often lack security controls to the public Internet. In the modern world, many everyday processes depend on these devices, and their service outage could lead to catastrophic consequences. There are many Deep Packet Inspection (DPI) based intrusion detection systems (IDS). However, their linear computational complexity induced by the event-driven nature poses a power-demanding obstacle in resource-constrained IoT environments. In this paper, we shift away from the traditional IDS as we introduce a novel and lightweight framework, relying on a time-driven algorithm to detect Distributed Denial of Service (DDoS) attacks by employing Machine Learning (ML) algorithms leveraging the newly engineered features containing system and network utilization information. These features are periodically generated, and there are only ten of them, resulting in a low and constant algorithmic complexity. Moreover, we leverage IoT-specific patterns to detect malicious traffic as we argue that each Denial of Service (DoS) attack leaves a unique fingerprint in the proposed set of features. We construct a dataset by launching some of the most prevalent DoS attacks against an IoT device, and we demonstrate the effectiveness of our approach with high accuracy. The results show that standalone IoT devices can detect and classify DoS and, therefore, arguably, DDoS attacks against them at a low computational cost with a deterministic delay.

Wireless sensor networks (WSNs) are increasingly being used for data monitoring and collection purposes. Typically, they consist of a large number of sensor nodes that are used remotely to collect data about the activities and conditions of a particular area, for example, temperature, pressure, motion. Each sensor node is usually small, inexpensive, and relatively easy to deploy compared to other sensing methods. For this reason, WSNs are used in a wide range of applications and industries. However, WSNs are vulnerable to different kinds of security threats and attacks. This is primarily because they are very limited in resources like power, storage, bandwidth, and processing power that could have been used in developing their defense. To ensure their security, an effective Intrusion detection system (IDS) need to be in place to detect these attacks even under these constraints. Today, traditional IDS are less effective as these malicious attacks are becoming more intelligent, frequent, and complex. Denial of service (DOS) attack is one of the main types of attacks that threaten WSNs. For this reason, we review related works that focus on detecting DoS attacks in WSN. In addition, we developed and implemented several Deep learning (DL) based IDS. These systems were trained on a specialized dataset for WSNs called WSN-DS in detecting four types of DoS attacks that affects WSNs. They include the Blackhole, Grayhole, Flooding, and Scheduling attacks. Finally, we evaluated and compared the results and we discuss possible future works.

The rise of Industry 4.0 has led to the widespread adoption of Industrial Internet of Things (IIoT) devices, enhancing manufacturing efficiency while introducing significant cybersecurity risks. IIoT environments are highly susceptible to cyber threats such as Denial-of-Service (DoS), SQL injection, and ransomware, which can lead to production downtime and data breaches. Traditional intrusion detection systems (IDS) often fail to detect evolving threats, resulting in high false negative rates. This research proposes an advanced IDS integrating Convolutional Neural Networks (CNN) with Long Short-Term Memory (LSTM) to enhance IIoT security. By leveraging both spatial and temporal feature extraction, the proposed model effectively identifies network anomalies in real-time industrial environments. This study contributes to IIoT cybersecurity by developing an IDS capable of improving threat detection through the integration of CNN and LSTM architectures. The approach enhances pattern recognition and sequential dependency modeling, making it more adaptive to dynamic cyber threats. The model is trained and evaluated on a large-scale IIoT dataset, achieving a binary classification accuracy of 71%, outperforming several state-of-the-art models. The CNN-LSTM IDS demonstrates a strong ability to recognize normal traffic, with a recall of 99%, significantly reducing false alarms. In multi-class classification, the model successfully identifies certain high-volume attack types, such as DDoS. These findings underscore both the strengths and limitations of deep learning-based intrusion detection in IIoT environments. While the proposed model offers significant improvements, further research is needed to address the detection of low-frequency attacks and optimize classification performance.

The use of autonomous vehicles (AVs) is a promising technology in Intelligent Transportation Systems (ITSs) to improve safety and driving efficiency. Vehicle-to-everything (V2X) technology enables communication among vehicles and other infrastructures. However, AVs and Internet of Vehicles (IoV) are vulnerable to different types of cyber-attacks such as denial of service, spoofing, and sniffing attacks. In this paper, an intelligent intrusion detection system (IDS) is proposed based on tree-structure machine learning models. The results from the implementation of the proposed intrusion detection system on standard data sets indicate that the system has the ability to identify various cyber-attacks in the AV networks. Furthermore, the proposed ensemble learning and feature selection approaches enable the proposed system to achieve high detection rate and low computational cost simultaneously.

Security issues in Internet of Vehicles (IoV): A comprehensive survey

The Internet of Things (IoT) has experienced rapid expansion, which has resulted in an increased vulnerability to Distributed Denial of Service (DDoS) assaults. These attacks pose significant dangers to environments that are struggling with limited resources. When confronted with high-dimensional datasets, traditional intrusion detection systems (IDS) sometimes experience difficulties, which results in inefficient detection and a rise in the number of false alarms. In order to overcome this issue, a feature selection strategy that based on Particle Swarm Optimization (PSO) is proposed and paired with a deep learning model for efficient DDoS detection in Internet of Things (IoT) networks. A rigorous preparation of benchmark datasets, such as BoT-IoT, SDN-IoT, and KDDCUP1999, provides the foundation for the methodology. This preprocessing ensures that the data is both consistent and accurate. After that, PSO is utilized to choose the features that are most pertinent, so dramatically lowering the dimensionality of the data while maintaining the essential attack-related characteristics. In order to improve learning stability and reduce overfitting, an Artificial Neural Network (ANN) is trained using the optimized dataset. The training process includes batch normalization, dropout regularization, and early stopping. Achieving up to 96% accuracy with reduced false positives and greater generalization, the experimental results reveal significant gains in accuracy, precision, recall, and F1-score. The results demonstrate that the use of PSO-based feature selection improves detection efficiency, which makes the system appropriate for Internet of Things contexts that have limited computational resources.

The growth of the Internet of Things (IoT) has resulted in several revolutionary applications, such as smart cities, cyber-physical systems, and the Internet of vehicles (IoV). Within the IoV infrastructure, vehicles are comprised of various electronic intelligent sensors or devices used to obtain data and communicate the necessary information with their surroundings. One of the major concerns about the implementation of these sensors or devices is data vulnerability; thus, it is necessary to present a solution that provides security, trust, and privacy to communicating entities and to secure vehicle data from malicious entities. In modern vehicles, the controller area network (CAN) is a fundamental scheme for controlling the interaction among different in-vehicle network sensors. However, not enough security features are present that support data encryption, authorization, and authentication mechanisms to secure the network from cyber or malicious intrusions such as denial of service and fuzzy attacks. An intrusion detection system is presented in this work based on the deep learning architecture to protect the CAN bus in vehicles. The VGG architecture is used and trained for different network intrusion patterns in order to detect malicious attacks. The experiments are performed using the CAN-intrusion-dataset. The experimental findings demonstrate that the presented deep learning system significantly reduces the false positive rate (FPR) compared to the conventional machine learning techniques. The overall accuracy of the system is 96% with FPR of 0.6%.