Enhanced intrusion detection system IoT network security model by feed forward neural network and machine learning.

Intrusion detection systems (IDS) play an important role in security monitoring to identify anomalous or suspicious activities. Traditional IDS could be signature-based (or rule-based) or anomaly-based (or analytics-based). With the objectives of detecting zero-day attacks, analytics-based IDS have attracted great interest of the cybersecurity community. Furthermore, machine learning (ML) techniques have been extensively explored for advancing analytics-based IDS. Many ML techniques have been studied to improve the efficiency of intrusion detection and some have shown good performance. However, traditional supervised learning algorithms need strong supervision information, fully correctly labeled (FCL) data, to train an accurate model. Whereas, with the rapid development of network and communication technologies, the volume of network traffic and system logs has increased drastically in recent years, especially with the introduction of Next Generation Broadband Network (NGBN) and 5G networks. This caused huge pressure on analytics-based IDS because, for ML to train predictive models, security-relevant data need to be labeled manually, hence leading to practical barriers to achieving effective IDS. In order to avoid being overly dependent on strong supervision information, weakly supervised learning techniques, which utilize incomplete, inexact, or possibly inaccurate labels, have been studied by cybersecurity researchers in that such weak supervision information are easier and cheaper to obtain than FCL data. This research aims to explore the feasibility of weakly supervised learning techniques in IDS tasks so as to reduce the reliance on a massive amount of strong supervision information, which will only continue to grow tremendously in the big data society. We also investigated the detection stability of the proposed scheme when inaccurate weak supervision information is provided. In this article, we propose an IDS model training scheme that is based on a weakly supervised learning algorithm, which requires only unlabeled data. Experiments have been performed on three publicly available IDS evaluation datasets. The results showed that the proposed scheme performs well and is even better than some supervised learning-based IDS (SL-IDS) models. Experimental results also indicated that the weakly supervised learning based IDS model is robust and can be applied in real world situations. Besides, we examined detection performance of the proposed method when it faces class-imbalanced training data and the experiment results show that it performs better than the compared methods.

Technological breakthroughs in the Internet of Things (IoT) easily promote smart lives for humans by connecting everything through the Internet. The de facto standardised IoT routing strategy is the routing protocol for low-power and lossy networks (RPL), which is applied in various heterogeneous IoT applications. Hence, the increase in reliance on the IoT requires focus on the security of the RPL protocol. The top defence layer is an intrusion detection system (IDS), and the heterogeneous characteristics of the IoT and variety of novel intrusions make the design of the RPL IDS significantly complex. Most existing IDS solutions are unified models and cannot detect novel RPL intrusions. Therefore, the RPL requires a customised global attack knowledge-based IDS model to identify both existing and novel intrusions in order to enhance its security. Federated transfer learning (FTL) is a trending topic that paves the way to designing a customised RPL-IoT IDS security model in a heterogeneous IoT environment. In this paper, we propose a federated-transfer-learning-assisted customised distributed IDS (FT-CID) model to detect RPL intrusion in a heterogeneous IoT. The design process of FT-CID includes three steps: dataset collection, FTL-assisted edge IDS learning, and intrusion detection. Initially, the central server initialises the FT-CID with a predefined learning model and observes the unique features of different RPL-IoTs to construct a local model. The experimental model generates an RPL-IIoT dataset with normal and abnormal traffic through simulation on the Contiki-NG OS. Secondly, the edge IDSs are trained using the local parameters and the globally shared parameters generated by the central server through federation and aggregation of different local parameters of various edges. Hence, transfer learning is exploited to update the server's and edges' local and global parameters based on relational knowledge. It also builds and customised IDS model with partial retraining through local learning based on globally shared server knowledge. Finally, the customised IDS in the FT-CID model enforces the detection of intrusions in heterogeneous IoT networks. Moreover, the FT-CID model accomplishes high RPL security by implicitly utilising the local and global parameters of different IoTs with the assistance of FTL. The FT-CID detects RPL intrusions with an accuracy of 85.52% in tests on a heterogeneous IoT network.

This research utilizes machine learning (ML), and especially deep learning (DL), techniques for efficient feature extraction of intrusion attacks. We use DL to provide better learning and utilize machine learning multilayer perceptron (MLP) as an intrusion detection (IDS) and intrusion prevention (IPS) system (IDPS) method. We deploy DL and MLP together as DLMLP. DLMLP improves the high detection of all intrusion attack features on the Internet of Things (IoT) device dataset, known as the CICIoT2023 dataset. We reference the CICIoT2023 dataset from the Canadian Institute of Cybersecurity (CIC) IoT device dataset. Our proposed method, the deep learning multilayer perceptron intrusion detection and prevention system model (DLMIDPSM), provides IDPST (intrusion detection and prevention system topology) capability. We use our proposed IDPST to capture, analyze, and prevent all intrusion attacks in the dataset. Moreover, our proposed DLMIDPSM employs a combination of artificial neural networks, ANNs, convolutional neural networks (CNNs), and recurrent neural networks (RNNs). Consequently, this project aims to develop a robust real-time intrusion detection and prevention system model. DLMIDPSM can predict, detect, and prevent intrusion attacks in the CICIoT2023 IoT dataset, with a high accuracy of above 85% and a high precision rate of 99%. Comparing the DLMIDPSM to the other literature, deep learning models and machine learning (ML) models have used decision tree (DT) and support vector machine (SVM), achieving a detection and prevention rate of 81% accuracy with only 72% precision. Furthermore, this research project breaks new ground by incorporating combined machine learning and deep learning models with IDPS capability, known as ML and DLMIDPSMs. We train, validate, or test the ML and DLMIDPSMs on the CICIoT2023 dataset, which helps to achieve higher accuracy and precision than the other deep learning models discussed above. Thus, our proposed combined ML and DLMIDPSMs achieved higher intrusion detection and prevention based on the confusion matrix’s high-rate attack detection and prevention values.

Several sectors have embraced Cloud Computing (CC) due to its inherent characteristics, such as scalability and flexibility. However, despite these advantages, security concerns remain a significant challenge for cloud providers. CC introduces new vulnerabilities, including unauthorized access, data breaches, and insider threats. The shared infrastructure of cloud systems makes them attractive targets for attackers. The integration of robust security mechanisms becomes crucial to address these security challenges. One such mechanism is an Intrusion Detection System (IDS), which is fundamental in safeguarding networks and cloud environments. An IDS monitors network traffic and system activities. In recent years, researchers have explored the use of Machine Learning (ML) and Deep Learning (DL) approaches to enhance the performance of IDS. ML and DL algorithms have demonstrated their ability to analyze large volumes of data and make accurate predictions. By leveraging these techniques, IDSs can adapt to evolving threats, detect previous attacks, and reduce false positives. This article proposes a novel IDS model based on DL algorithms like the Radial Basis Function Neural Network (RBFNN) and Random Forest (RF). The RF classifier is used for feature selection, and the RBFNN algorithm is used to detect intrusion in CC environments. Moreover, the datasets Bot-IoT and NSL-KDD have been utilized to validate our suggested approach. To evaluate the impact of our approach on an imbalanced dataset, we relied on Matthew’s Correlation Coefficient (MCC) as a normalized measure. Our method achieves accuracy (ACC) higher than 92% using the minimum features, and we managed to increase the MCC from 28% to 93%. The contributions of this study are twofold. Firstly, it presents a novel IDS model that leverages DL algorithms, demonstrating an improved ACC higher than 92% using minimal features and a substantial increase in MCC from 28% to 93%. Secondly, it addresses the security challenges specific to CC environments, offering a promising solution to enhance security in cloud systems. By integrating the proposed IDS model into cloud environments, cloud providers can benefit from enhanced security measures, effectively mitigating unauthorized access and potential data breaches. The utilization of DL algorithms, RBFNN, and RF has shown remarkable potential in detecting intrusions and strengthening the overall security posture of CC.

An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture

ABSTRACTAs the Internet of Things (IoT) continues expanding its footprint across various sectors, robust security systems to mitigate associated risks are more critical than ever. Intrusion Detection Systems (IDS) are fundamental in safeguarding IoT infrastructures against malicious activities. This systematic review aims to guide future research by addressing six pivotal research questions that underscore the development of advanced IDS tailored for IoT environments. Specifically, the review concentrates on applying machine learning (ML) and deep learning (DL) technologies to enhance IDS capabilities. It explores various feature selection methodologies aimed at developing lightweight IDS solutions that are both effective and efficient for IoT scenarios. Additionally, the review assesses different datasets and balancing techniques, which are crucial for training IDS models to perform accurately and reliably. Through a comprehensive analysis of existing literature, this review highlights significant trends, identifies current research gaps, and suggests future studies to optimize IDS frameworks for the ever‐evolving IoT landscape.

With the application of Internet of Things technology to every aspect of life, the potential damage caused by Internet of things attacks is more serious than for traditional network attacks. Traditional intrusion detection systems do not serve the network environment of the IoT very well, so it is important to study intrusion detection systems suitable for the network environment of the Internet of Things. Researchers have found that the combination of machine learning technologies with an intrusion detection system is an effective way to resolve the drawbacks traditional IDSs have when they are used for IoT. This research involves the design of a novel intrusion detection system and the implementation and evaluation of its analysis model. This new intrusion detection system uses a hybrid placement strategy based on a multi-agent system. The new system consists of a data collection module, a data management module, an analysis module and a response module. For the implementation of the analysis module, this research applies a deep neural network algorithm for intrusion detection. The results demonstrate the efficiency of deep learning algorithms for detecting attacks from the transport layer. Compared with traditional detection methods used in IDSs, the analysis indicates that deep learning algorithms are more suitable for intrusion detection in an IoT network environment.

В статье представлено развитие сигнатурного подхода обнаружения вторжений на основе кластеризации и дерева решений. Также предложен оригинальный способ разработки аномального подхода к обнаружению вторжений, разработана модель функционирования гибридной системы обнаружения вторжений, отличающаяся от известных большей точностью обнаружения, меньшим процентом ложных тревог, приоритезацией сетевых пакетов для анализа, а также решающей основные недостатки аномального и сигнатурного подхода. Introduction: Alongside the development of the Internet, network security has become a crucial requirement. Bugs in software and operating systems result in an increasing number of previously unknown intrusions discovered every day. The harm caused by these intrusions is becoming more and more dangerous. Firewalls can't ensure a complete protection of the network, because they prevent external threats and don't maintain internal attacks. Intrusion detection systems (IDS) solve this problem. The aim of the research is to develop a model of a hybrid intrusion detection system that will use a combination of improved detection methods based on anomalous and signature approach to increase detection accuracy and reduce the level of false alarms. Tasks: development of an improvement for the signature detection method, development of a unique anomaly detection method, development of a unique hybrid model of the intrusion detection system. Methods. To improve the signature detection method, we used machine learning, in particular the C5 algorithm, as well as decision trees. In addition to this, there are presented: storing signature rules with their partial structure in the MongoDB database, the process of clustering rules, building and detecting with the use of a decision tree. There are presented a unique method for detecting anomalies in network traffic with the use of machine learning methods and the theory of finite automata. Besides, there are shown: the detection process with the use of the sliding window technique, machine learning and time automaton; storage of trained models in the MongoDB database, the process of loading anomalies into the signature database with the use of RabbitMQ. Findings. The hybrid IDS with increased detection accuracy and reduced false alarm rate was developed. The developed system was compared with the well-known open-source solutions Snort and Suricata. The signature detection method was improved with machine learning and decision trees, and a unique anomaly detection method that uses machine learning and a time automaton was presented. It allows to detect previously unknown attacks. The practical significance of the work is the partial implementation of the developed system for the Infologistik24 LLC company.

Intrusion Detection and Prevention Systems (IDPS) play a key role in protecting networks by keeping an eye out for suspicious activity, spotting threats, and taking action to stop them. These systems were originally designed for traditional, fixed networks, but they struggle to keep up with the fast-paced and constantly changing nature of cloud computing environments. Cloud computing has revolutionized technology, bringing many innovations in how organizations operate. Organizations rely heavily on the use of cloud storage to store and retrieve their sensitive data. Security issues in the cloud computing environment are a big challenge as, despite various protection measures, the cloud environment is vulnerable to security threats. Intrusion Detection and Prevention System (IDPS) is a significant component in securing the cloud environment against emerging threats in cyber-attacks. This paper takes a close look at intrusion detection systems (IDS) that are specifically built for cloud computing. The cloud brings its own set of challenges like constantly changing resources, sharing space between many users, and limited visibility into all the network traffic. Unlike traditional IDS that work in fixed, local networks, cloud-based IDS have to handle traffic that moves between virtual machines and scale up or down quickly. Cloud computing has transformed over time, improving access to scalability while offering vulnerabilities that increase the probability of intrusion or attacks. This review addresses these research gaps by comprehensively surveying state-of-the-art IDPS techniques tailored for cloud computing environments. IDPS is further classified into different categories, such as signature-based, anomaly-based, and hybrid-based. Recently, combining Machine Learning (ML) and Deep Learning (DL) with Intrusion Detection Systems (IDS) has shown to be very effective, as it allows for more precise detection and large-scale use. However, notable challenges include small dataset sizes, imbalanced datasets, and high expenses. These challenges mainly focus on creating adaptive systems that identify intrusions in real time. To tackle this, attention is directed towards ensemble learning and edge computing. The outcomes of these initiatives are being used to create a strong and efficient IDS that fits well with the changing nature of cloud environments. This survey provides a comprehensive analysis of current IDPS methodologies and future perspectives, aiming to contribute to developing robust and efficient cloud security solutions.

The security of Internet of Things (IoT) networks has become a integral problem in view of the exponential growth of IoT devices. Intrusion detection and prevention is an approach ,used to identify, analyze, and block cyber threats to protect IoT from unauthorized access or attacks. This paper introduces an adaptive and incremental intrusion detection and prevention system based on RNNs, to the ever changing field of IoT security. IoT networks require advanced intrusion detection systems that can identify emerging threats because of their various and dynamic data sources. The complexity of IoT network data makes it difficult for traditional intrusion detection techniques to detect potential threats. Using the capabilities of RNNs, a model for creating and deploying an intrusion detection and prevention system (IDPS) is proposed in this paper. RNNs work particularly well for sequential data processing, which makes them an appropriate choice for IoT network traffic monitoring. NSL-KDD dataset is taken, pre-processed, features are extracted, and RNN-based model is built as a part of the proposed work. The experimental findings illustrate how effective the suggested approach is at identifying and blocking intrusions in Internet of Things networks. This paper not only demonstrates the effectiveness of RNNs in enhancing IoT network security but also opens avenues for further exploration in this burgeoning field. It presents a scalable, adaptive intrusion detection and prevention solution, responding to the evolving landscape of IoT security. As IoT networks continue to expand, the research enriches the discourse on developing resilient security strategies to combat emerging threats in scalable computing environments.

The volume of data transferred across communication infrastructures has recently increased due to technological advancements in cloud computing, the Internet of Things (IoT), and automobile networks. The network systems transmit diverse and heterogeneous data in dispersed environments as communication technology develops. The communications using these networks and daily interactions depend on network security systems to provide secure and reliable information. On the other hand, attackers have increased their efforts to render systems on networks susceptible. An efficient intrusion detection system is essential since technological advancements embark on new kinds of attacks and security limitations. This paper implements a hybrid model for Intrusion Detection (ID) with Machine Learning (ML) and Deep Learning (DL) techniques to tackle these limitations. The proposed model makes use of Extreme Gradient Boosting (XGBoost) and convolutional neural networks (CNN) for feature extraction and then combines each of these with long short-term memory networks (LSTM) for classification. Four benchmark datasets CIC IDS 2017, UNSW NB15, NSL KDD, and WSN DS were used to train the model for binary and multi-class classification. With the increase in feature dimensions, current intrusion detection systems have trouble identifying new threats due to low test accuracy scores. To narrow down each dataset’s feature space, XGBoost, and CNN feature selection algorithms are used in this work for each separate model. The experimental findings demonstrate a high detection rate and good accuracy with a relatively low False Acceptance Rate (FAR) to prove the usefulness of the proposed hybrid model.

With the increasing rate and types of cyber attacks against information systems and communication infrastructures, many tools are needed to detect and mitigate against such attacks, for example, Intrusion Detection Systems (IDSs). Unfortunately, traditional Signature‐based IDSs (SIDSs) perform poorly against previously unseen adversarial attacks. Anomaly‐based IDSs (AIDSs) use Machine Learning (ML) and Deep Learning (DL) approaches to overcome these limitations. However, AIDS performance can be poor when trained on imbalanced datasets. To address the challenge of AIDS performance caused by these unbalanced training datasets, generative adversarial models are proposed to obtain adversarial attacks from one side and analyse their quality from another. According to extensive usage and reliability criteria for generative adversarial models in different disciplines, Generative Adversarial Networks (GANs) , Bidirectional GAN (BiGAN) , and Wasserstein GAN (WGAN) are employed to serve AIDS. The authors have extensively assessed their abilities and robustness to deliver high‐quality attacks for AIDS. AIDSs are constructed, trained, and tuned based on these models to measure their impacts. The authors have employed two datasets: NSL‐KDD and CICIDS‐2017 for generalisation purposes, where ML and DL approaches are utilised to implement AIDSs. Their results show that the WGAN model outperformed GANs and BiGAN models in binary and multiclass classifications for both datasets.

The virtual and physical worlds are bridged using the largest digital mega-trend called the Internet of Things (IoT). Between mankind, new interactions and new business models are emerging due to the incremental growth in the Internet, machines, objects, and people connectivity. Secured communication is a typical challenge that is raised due to IoT high diversity, restricted computational resources, and protocols and standards. Because of the huge attack surface in IoT networks, they are highly vulnerable to various attacks, even with some security measures. So, for detecting attacks, it is necessary to design defense mechanisms. In IoT environments, it is highly crucial to have security defense measures like Intrusion Detection Systems (IDS). Hence, authentication and encryption traditional security countermeasures are not sufficient. At network level, to solve those issues and to protect Internet-connected frameworks, major solutions are provided by IDS. Highly unique challenges are faced by IoT specific characteristics like malware detection, ransomware, processor architecture heterogeneity, and the gap in security design. However, as in literature, various problems are raised in traditional IDS, like the high false alarm rate. In IoT, for intrusion detection, a detailed study of traditional Deep Learning (DL) and Machine Learning (ML) techniques and recent technologies is presented in this review. For presenting every selected work objective and methodology, they are analysed and this review work discusses their results. IoT systems cannot be secured by applying traditional security techniques directly due to their computational constraints and intrinsic resources. In real time, on IoT devices, unknown and known attacks are detected using ML techniques in IDS. An IDS is presented in this review and its working is independent of network structure and IoT protocols. This IDS do not require any prior knowledge of security threats. Therefore, for providing security as a service to IoT networks, an artificially intelligent IDS is developed. This review paper provides a clear discussion of various attack detection techniques, along with their benefits and drawbacks.

Internet of Things (IoT) aims to make improvement is quality of human life. The use of IoT technology in healthcare services is to make the service more personalized and efficient. Sadly, this has drawn the attention of cyber attackers, who have turned IoT into a target of illicit activity, leaving the terminal nodes vulnerable to attacks. A successful secure framework is provided by an intrusion detection system (IDS), which plays a crucial role in identifying and resisting various intrusion attempts. IoT IDS has recently benefited from advancements in artificial intelligence (AI), including machine learning (ML) and deep learning (DL) approaches. This book chapter offers a current taxonomy, a summary, and analysis of significant IoT IDS research papers published to date, including a taxonomy-based categorization of the proposed solutions. In order for a researcher to quickly become familiar with the essential components of IoT IDS, it offers a structured and thorough overview of the existing IoT IDSs. A critical analysis of the machine learning and deep learning methods used to create IoT IDS is also provided in this book chapter. We review the various approaches used in each method, along with the detection strategies, validation strategies, and deployment strategies. Following a discussion of the complexity of various detection methods, intrusion deployment strategies, and their evaluation methods.

Objectives: Intrusion Detection System (IDS) models and methods are integrated for better detection of intruders and mitigation of false alarms. Integrated IDS is proposed to provide security in a cloud environment. Methods: The distributed and dynamic nature of cloud environment leads to critical issues like huge log analysis, heterogeneous traffic aggregation and scalability, etc. Intrusion specific data classification and false alarms degrades performance. This integrated model integrates both IDS models and IDS methodologies. Host-based IDS (H-IDS) model integrates with network-based IDS (N-IDS) model, as well as signature and anomaly based IDS methods are integrated to get the best of each. Findings: Whenever a Virtual Machine (VM) is created, H-IDS is in-built into its operating system to monitor the activities within that VM. N-IDS is deployed at strategic locations within the cloud network to monitor the traffic between the virtual machines and from the outside environment. Any malicious activity initiated by a cloud user using their virtual machine is detected by H-IDS. The packets flowing through the cloud network are captured and analyzed by N-IDS to detect infected packets send by hackers. The weakness of one methodology is compromised by the other during integration, but if the methods are used separately they are ineffective. Known attacks can be detected by signature based IDS and the new/unknown attack patterns are identified by anomaly based IDS. The major drawback of anomaly based IDS is high false alarm rate. It can be overcome by signature based IDS. This proposed work is implemented using Opennebula, for constructing a cloud environment and tested with IDS tools. Improvements: This integration leads to improve cloud security and trust among consumers. IDS specific issues are also rectified such as false alarms, heterogeneity etc.