Modified Intrusion Detection Tree with Hybrid Deep Learning Framework based Cyber Security Intrusion Detection Model

Nowadays, network attacks are the most crucial problem of modern society. All networks, from small to large, are vulnerable to network threats. An intrusion detection (ID) system is critical for mitigating and identifying malicious threats in networks. Currently, deep learning (DL) and machine learning (ML) are being applied in different domains, especially information security, for developing effective ID systems. These ID systems are capable of detecting malicious threats automatically and on time. However, malicious threats are occurring and changing continuously, so the network requires a very advanced security solution. Thus, creating an effective and smart ID system is a massive research problem. Various ID datasets are publicly available for ID research. Due to the complex nature of malicious attacks with a constantly changing attack detection mechanism, publicly existing ID datasets must be modified systematically on a regular basis. So, in this paper, a convolutional recurrent neural network (CRNN) is used to create a DL-based hybrid ID framework that predicts and classifies malicious cyberattacks in the network. In the HCRNNIDS, the convolutional neural network (CNN) performs convolution to capture local features, and the recurrent neural network (RNN) captures temporal features to improve the ID system’s performance and prediction. To assess the efficacy of the hybrid convolutional recurrent neural network intrusion detection system (HCRNNIDS), experiments were done on publicly available ID data, specifically the modern and realistic CSE-CIC-DS2018 data. The simulation outcomes prove that the proposed HCRNNIDS substantially outperforms current ID methodologies, attaining a high malicious attack detection rate accuracy of up to 97.75% for CSE-CIC-IDS2018 data with 10-fold cross-validation.

Cybersecurity is important today because of the increasing growth of the Internet of Things (IoT), which has resulted in a variety of attacks on computer systems and networks. As the number of various IoT devices and services grows, cyber security will become an increasingly difficult issue to manage. Malicious traffic identification using deep learning techniques has emerged as a key component of network-based intrusion detection systems (IDS). Deep learning methods have been a research focus in network intrusion detection. A recurrent neural network is useful in a wide range of applications. This paper proposes a novel deep learning model for detecting anomalies in IoT networks using recurrent neural networks. The proposed model is implemented in IoT networks utilizing LSTM, BiLSTM, and GRU-based approaches for anomaly detection. A convolutional neural network can analyze input features without losing important information, making them particularly well suited for feature learning. In addition, we propose a hybrid deep learning model based on convolutional and recurrent neural networks. Finally, employing LSTM, BiLSTM, and GRU-based techniques, we propose a lightweight deep learning model for binary classification. The proposed deep learning models are validated using NSLKDD, BoT-IoT, IoT-NI, MQTT, MQTTset, IoT-23, and IoT-DS2 datasets. Our proposed binary and multiclass classification model achieved high accuracy, precision, recall, and F1 score compared to current deep learning implementations.

Malicious attacks and data loss in cloud computing are becoming more and more serious, which has brought serious economic losses to users. Based on the characteristics and security requirements of cloud computing, this paper studies the distributed IDS (intrusion detection system) model in cloud computing environment. This article employs an enhanced CNN (Convolutional Neural Network) algorithm in the Intrusion Detection (ID) module, introducing a cloud computing network security ID model based on CNN. The data undergoes sequential processing in each layer using the CNN module, resulting in classified data through the excitation process. By comparing the classified data with the characteristics of network attack behavior or patterns, the presence of network attacks or abnormalities can be determined, leading to the retrieval of IDS detection results for the data. The simulation results show that CNN has higher precision and recall rates of 97.988% and 94.99%, respectively, compared to BPNN (BP neural network) and RNN (Recurrent Neural Network). Moreover, compared with BPNN(8.809%) and RNN(5.124%), the false negative rate of IDS using CNN is smaller, which will greatly reduce the number of undetected attacks. It is verified that the algorithm has high ID performance.

Intrusion detection systems (IDS) are becoming essential for protecting network infrastructures due to the quick growth of cyber threats. Class imbalance makes it difficult for conventional machine learning-based IDS models to detect uncommon attack types, which results in a significant number of false negatives. Recent developments in Deep Learning (DL), particularly hybrid architectures and adaptive sampling techniques, offer promising solutions to improve intrusion detection accuracy. This article aims to enhance network intrusion detection by integrating DL models with advanced resampling techniques to address class imbalance and improve feature extraction. Two hybrid models are explored: Hybrid of Autoencoder-CNN and Transformer-DNN (HACTD-Net), and 1D-TCN-ResNet-BiGRU-Multi-Head Attention (TRBM-Net), each leveraging different approaches for feature learning and class balancing. The HACTD-Net models employ ADASYN-SMOTE and ENN to improve minority-class representation. The TRBM-Net model integrates Borderline SMOTE-OSS hybrid sampling to generate synthetic attack samples while filtering noise. We evaluate these representations using the CICIDS2017 and NF-BoT-IoT-v2 datasets, assessing their performance in terms of accuracy, precision, recall, and F1-score. The HACTD-Net models attained 99.88% accuracy in classification, demonstrating robust performance against various network attacks. The TRBM-Net model, incorporating a multi-head self-attention mechanism, achieved 99.72% accuracy, effectively enhancing minority-class detection while reducing false alarms. This study demonstrates that hybrid deep learning models combined with optimized resampling techniques significantly improve IDS performance. The integration of contextual and spatial feature extraction with balanced training data enhances detection rates, particularly for rare attack types. These results provide a basis for developing real-time, adaptive IDS solutions for modern network security challenges.

The rapid digitalization of the world has led to various attacks on computer systems and networks, so network security is an extremely important and relevant component of information security today. Creating effective cybersecurity tools and mechanisms is becoming increasingly difficult as the number of different devices and services grows. Identification of malicious traffic using deep learning methods has become a key component of intrusion detection systems (IDS). This article compares two deep learning models (recurrent neural network and convolutional neural network) for detecting anomalies in networks. Both neural networks were found to be useful in a wide range of applications. It has been shown that convolutional neural networks are best at detecting network anomalies in synergy with layers of long short-term memory. The development of deep learning technologies, including the considered neural network algorithms, is a promising direction in promoting the development of cybersecurity of information systems. These technologies are unique because they are at the initial stage of creation. The aforementioned technologies are currently not widespread in intrusion detection and network anomaly detection systems due to their novelty, so they require more thorough research. Conventional machine learning algorithms will eventually become insufficient, as they do not have such a good learning capability as deep learning neural networks do. The article provides a detailed analysis of the capabilities of recurrent and convolutional neural networks along with long short-term memory layers, which may be useful for use in further research.

Purpose of Study: The increasing focus on Artificial Intelligence (AI) worldwide has brought about potential benefits, but it also poses significant risks, especially in network security. Methodology: This study adopts a detailed comparative approach to evaluate the effectiveness of various Neural Network (NN) techniques in the context of Intrusion Detection Systems (IDS). The research focuses on four specific NN architectures: Artificial Neural Networks (ANN), Deep Neural Networks (DNN), Convolutional Neural Networks (CNN), and Recurrent Neural Networks (RNN). Each of these techniques is applied to different intrusion detection scenarios, using real-time network data. Result: The results indicate that different Neural Network techniques have varying levels of effectiveness in intrusion detection. Deep Neural Networks (DNN) demonstrated the highest accuracy in detecting complex threats, while Convolutional Neural Networks (CNN) were highly effective in pattern recognition within network traffic. Recurrent Neural Networks (RNN) performed well in temporal analysis of data, making them suitable for detecting persistent threats over time. Application of Study: The findings of this study are significant for the development of more sophisticated Intrusion Detection Systems (IDS) that can be applied in real-time network security environments. Novelty: The novelty of this study lies in its comprehensive analysis of multiple Neural Network techniques within the context of Intrusion Detection Systems (IDS). By comparing ANN, DNN, CNN, and RNN techniques, the study provides valuable insights into how AI can be leveraged to improve real-time network security.

In the past few decades, machine learning has revolutionized data processing for large-scale applications. Simultaneously, increasing privacy threats in trending applications led to the redesign of classical data training models. In particular, classical machine learning involves centralized data training, where the data is gathered, and the entire training process executes at the central server. Industry 4.0 allows the appearance of Internet of Things-based transactive energy system (IoTES) that involves new services with a number of independent distributed systems. These systems produce bulk data that is heterogeneous and they are prone to cyber-attacks, especially stealthy false data injection attacks (FDIAs). Lossy networks (RPL) security, intrusion detection (ID) is crucial in this area, considering that it is highly vulnerable to attacks, especially those executed by an insider. Although a lot of literature suggests the use of ID systems (IDSs) by applying a variety of techniques, there is relatively little literature offering insight into where the IDSs fall within the RPL topology. The gap in this study will be bridged by aggressively comparing three ID architectures in terms of central and distributed location and on several dimensions, including effectiveness, cost, privacy, and security. The results are supported by the overwhelming contribution of attacker position and IDS-to-attacker distance towards the detection. Therefore, in addition to ascertaining the effectiveness of the old ID systems, the research also probes how federated learning (FL) can enhance ID in the RPL networks. The aspect of the decentralized model training approach in FL can overcome the effect of attacker-position on the performance of an IDS system by making sure that information that is considered to be pertinent in the context of an attack is gathered at the node along with the IDS system, irrespective of its proximity to the potential attackers. In addition, the approach not only eliminates security issues, but it also reduces communication overhead between the ID nodes. This will mean that FL will lower the rate of large-scale data transfer and thereby eliminate the consequences of packet loss and latency that any lossy network will cause. Also, the gap filled by the research is the impact of local data sharing on FL performance and how it is possible to balance the effectiveness with security. The proposed computing method can be computed in parallel and allows detecting the stealthy FDIA on all the nodes without any failure. The simulation experiments support the suggestion that the scheme under consideration is superior to the state-of-the-art approaches in terms of detection accuracy and the complexity of computation when using a distributed environment and ensuring the data privacy of the messages. Keywords: Quantum Computing, Federated Learning, Machine Learning, Learning Process, Machine Learning Models, Internet Of Things, Transfer Learning

In the digital age, the need for robust Intrusion Detection Systems (IDS) is critical to safeguarding essential infrastructures due to the increasing sophistication of cyber security threats. While traditional IDS methods, such as signature-based and anomaly-based detection, have their merits, they often struggle to address emerging cyber threats like zero-day attacks, polymorphic malware, and advanced persistent threats (APTs). Recent advancements in machine learning (ML) and deep learning (DL) have significantly enhanced IDS capabilities, enabling them to detect threats in a more intelligent and adaptive manner. This review paper provides a comprehensive analysis of various intrusion detection approaches, including traditional, hybrid, and next-generation methods. It explores how deep neural networks (DNNs), convolutional neural networks (CNNs), recurrent neural networks (RNNs), and transformers can be used to identify complex attack patterns. Furthermore, we examine the role of feature selection techniques, data preprocessing methods, and publicly available datasets, such as UNSW-NB15, TCP/IP, and KDD99, in boosting the performance of IDS. The paper also discusses the challenges involved in implementing real-time IDS, including computational overhead, false positives, adversarial attacks, and scalability issues in cloud and IoT environments. Special attention is given to the potential of federated learning and blockchain-based IDS solutions for decentralized and privacy-preserving threat detection. Overall, this study provides researchers and cybersecurity professionals with a thorough understanding of the current state of intrusion detection, highlighting its limitations and potential advancements. The goal is to guide the development of more efficient and intelligent IDS solutions in the future.

In today's digital landscape, network security is of paramount importance, with intrusion detection systems (IDS) playing a crucial role in protecting sensitive data from malicious attacks. Traditional IDS, often reliant on signature-based methods, struggle with high false positive rates, difficulty in adapting to novel threats, and significant computational demands. This paper explores the development of an efficient network intrusion detection and classification system utilizing machine learning techniques to address these challenges. By leveraging datasets such as NSL-KDD and UNSW-NB15, our study employs a combination of supervised learning algorithms, including Support Vector Machines (SVM), Random Forests, and Neural Networks, alongside comprehensive data preprocessing and feature engineering strategies. The evaluation of our models through metrics like accuracy, precision, recall, and ROC-AUC demonstrates a marked improvement in detection capabilities and computational efficiency. Our findings suggest that machine learning-based IDS can significantly enhance network security by reducing false positives and adapting to emerging threats more effectively than traditional systems. This research not only underscores the potential of advanced machine learning techniques in IDS but also provides a robust framework for future developments in the field. In the rapidly evolving landscape of cybersecurity, effective network intrusion detection and classification systems are critical for safeguarding sensitive data and maintaining operational integrity. This paper presents a novel approach utilizing machine learning techniques to enhance the efficiency and accuracy of intrusion detection systems (IDS). By employing a combination of supervised and unsupervised learning algorithms, our system can identify and classify both known and unknown threats in real-time. We leverage advanced feature selection methods to optimize the performance of our models, ensuring high detection rates with minimal false positives. Our experimental results, validated on benchmark datasets, demonstrate significant improvements in detection accuracy and processing speed compared to traditional IDS solutions. The proposed system not only strengthens network defenses but also provides a scalable and adaptive framework for future cybersecurity challenges..

Traffic classification is an automated technique that divides computer network traffic into several categories depending on different factors like protocol or port number. In a complicated context, traffic categorization is an important tool for network and system security. A monitoring system called intrusion detection looks for abnormal activity and sends out notifications. In order to safeguard a system from network-based attacks, Network Intrusion Detection Systems (NIDS) play a crucial role in monitoring and analyzing network traffic. Active and passive intrusion detection systems (IDS), network intrusion detection systems (NIDS), host intrusion detection systems (HIDS), knowledge-based (signature-based) IDS, and behaviorbased (anomaly-based) IDS are some of the numerous types of intrusion detection systems (IDS). Passive IDS is just designed to monitor and analyze network traffic behaviour and notify an operator of potential vulnerabilities and attacks, whereas Active IDS is also known as Intrusion Detection and Prevention System. A network's malicious traffic is identified using a network-based intrusion detection system (NIDS). A host-based IDS monitors system activity and seeks for indications of abnormal behaviour. For networks with unidentified traffic, the intrusion detection system designed using flow and payload statistical characteristics and clustering approach needs additional clusters. The present intrusion detection system however is affected by false alarm rate, poor detection rate, imbalanced datasets and response time which lead to misclassification of intrusions in various scenarios. Hence, there is a requirement for developing an automated intrusion detection system that works well in different scenarios. The proposed system uses supervised and unsupervised intrusion detection and classification methods to increase the classification accuracy. To categorize the intrusions, dimensionality reduction strategies are used in conjunction with the classification procedure of logistic regression. Performance of intrusion detection system using PCA as dimensionality reduction algorithm has been evaluated with different classifiers such as Logistic Regression (LR), K-Nearest Neighbors (K-NN), Random Forest (RF), Support Vector Machine (Kernel SVM), Decision Tree (DT) using CIC IDS 2022 dataset. An automated way to detect intrusions has been proposed with cluster formation using adaptive weight butterfly optimization algorithm.

In the past few decades, machine learning has revolutionized data processing for large-scale applications. Simultaneously, increasing privacy threats in trending applications led to the redesign of classical data training models. In particular, classical machine learning involves centralized data training, where the data is gathered, and the entire training process executes at the central server. Industry 4.0 allows the appearance of Internet of Things-based transactive energy system (IoTES) that involves new services with a number of independent distributed systems. These systems produce bulk data that is heterogeneous and they are prone to cyber-attacks, especially stealthy false data injection attacks (FDIAs). Lossy networks (RPL) security, intrusion detection (ID) is crucial in this area, considering that it is highly vulnerable to attacks, especially those executed by an insider. Although a lot of literature suggests the use of ID systems (IDSs) by applying a variety of techniques, there is relatively little literature offering insight into where the IDSs fall within the RPL topology. The gap in this study will be bridged by aggressively comparing three ID architectures in terms of central and distributed location and on several dimensions, including effectiveness, cost, privacy, and security. The results are supported by the overwhelming contribution of attacker position and IDS-to-attacker distance towards the detection. Therefore, in addition to ascertaining the effectiveness of the old ID systems, the research also probes how federated learning (FL) can enhance ID in the RPL networks. The aspect of the decentralized model training approach in FL can overcome the effect of attacker-position on the performance of an IDS system by making sure that information that is considered to be pertinent in the context of an attack is gathered at the node along with the IDS system, irrespective of its proximity to the potential attackers. In addition, the approach not only eliminates security issues, but it also reduces communication overhead between the ID nodes. This will mean that FL will lower the rate of large-scale data transfer and thereby eliminate the consequences of packet loss and latency that any lossy network will cause. Also, the gap filled by the research is the impact of local data sharing on FL performance and how it is possible to balance the effectiveness with security. The proposed computing method can be computed in parallel and allows detecting the stealthy FDIA on all the nodes without any failure. The simulation experiments support the suggestion that the scheme under consideration is superior to the state-of-the-art approaches in terms of detection accuracy and the complexity of computation when using a distributed environment and ensuring the data privacy of the messages. Keywords: Quantum Computing, Federated Learning, Machine Learning, Learning Process, Machine Learning Models, Internet Of Things, Transfer Learning

Because of the popularity of the Internet of Things (IoT), the rapid expansion of computer networks, and the vast number of important applications, cyber security has lately garnered a lot of attention in today's security issues. As a result, identifying different cyber-attacks or abnormalities in a network, as well as constructing an efficient intrusion detection system that plays a key part in today's security, is becoming increasingly critical. Such a data-driven intelligent intrusion detection system may be built using artificial intelligence, particularly machine learning techniques. This survey provides a thorough review of Machine Learning (ML) techniques for cybersecurity intrusion detection systems, with an emphasis on new Deep Learning-based approaches (DL). The study examines current techniques in terms of intrusion detection processes, performance outcomes, and limits, as well as whether or not they use benchmark datasets to provide a fair assessment. In addition, a thorough examination of cybersecurity benchmark datasets is provided. This article aims to offer a roadmap for readers interested in learning more about the potential of deep learning techniques for cybersecurity and intrusion detection systems, as well as a thorough examination of the benchmark datasets used to train DL models in the literature.

Nowadays, the information systems security is a crucial issue for the survival of any company, so this justifies the use of intrusion detection systems (IDS) or the intrusion prevention systems (IPS). These systems are essentially based on the analysis of the network data content (frames), in search of traces of known attacks. Currently, IDS/IPS become the main element of security networks and hosts, they can both detect and respond to an attack in real time or off-line. Even this, having a completely secure network is practically impossible. In this article, we try to propose an improvement of intrusion detection systems based on Machine Learning techniques. These rapidly expanding techniques have shown that predictions and machine learning could be improved, which could significantly improve the reliability of detection against polymorphic and unknown threats. Simulation results showed that security intrusion detection is improved with the use of Machine Learning techniques.

The rapid growth of cyberattacks, especially Distributed Denial of Service (DDoS), has exposed the limitations of conventional Intrusion Detection System (IDS). These systems often struggle to cope with evolving attack strategies. In recent years, deep learning has provided new opportunities for improving IDS, as it can automatically discover hidden structures in complex data without extensive manual feature engineering. This study develops and evaluates three models, Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and a Hybrid CNN-LSTM for intrusion detection using the CIC-DDoS2019 dataset. Preprocessing involved normalization, label encoding, and class balancing using Synthetic Minority Oversampling Technique (SMOTE). Feature selection was carried out using the information gain algorithm performance, the models were trained and evaluated using key metrics such as accuracy, precision, recall, f1-score and Area Under the Curve (AUC) to improve model performance. Experimental results shows that CNN achieved an accuracy of 99.94%, while LSTM performed slightly better with 99.96%, the hybrid CNN-LSTM outperformed both with 99.97% accuracy, precision, and recall, confirming that combining CNN’s spatial learning with LSTM’s temporal sequence modeling leads to superior detection. This study highlights the advantage of hybrid deep learning in network security, reducing both false positives and false negatives. It also provides a practical framework for building IDS capable of adapting to modern attack patterns. Future extensions could focus on real-time implementation, multi-class detection of different attack categories, and explainable AI for improved transparency.

Transient simulation is the key to ensure the safe and stable operation of power systems. After large disturbances, power systems may experience transient rotor angle instability and short-term voltage instability, which share similar electrical characteristics but require different control strategies. Therefore, distinguishing the dominant instability mode (DIM) is crucial. In this paper, a novel hybrid deep learning (DL) framework is proposed to achieve accurate DIM identification by fully extracting local-global features from electricity data. In the proposed framework, an advanced graph neural network (GNN) optimized by random sampling and aggregation is constructed. It can better capture local features than traditional GNN and help to improve model generalization ability. Further, important global features are mined by employing transformer network with self-attention mechanism to improve DIM identification accuracy. In addition, the vital discrete fault features are also embedded into the neural networks to improve the performance. The proposed method improves upon existing DL models by providing a solution for integrating multi-level features extracted by different schemes and addressing the limitation of focusing on a single instability mode. Case studies conducted on an 8-machine 36- bus system and Northeast China Power Grid verify the superiority of the proposed method over other state-of-the-art DL methods.