Deep Learning Based Intrusion Detection Research Articles

Sandpiper optimization with hybrid deep learning model for blockchain-assisted intrusion detection in iot environment

Intrusion detection in the Internet of Things (IoTs) is a vital unit of IoT safety. IoT devices face diverse kinds of attacks, and intrusion detection systems (IDSs) play a significant role in detecting and responding to these threats. A typical IDS solution can be utilized from the IoT networks for monitoring traffic, device behaviour, and system logs for signs of intrusion or abnormal movement. Deep learning (DL) approaches are exposed to promise in enhancing the accuracy and effectiveness of IDS for IoT devices. Blockchain (BC) aided intrusion detection from IoT platforms provides many benefits, including better data integrity, transparency, and resistance to tampering. This paper projects a novel sandpiper optimizer with hybrid deep learning-based intrusion detection (SPOHDL-ID) from the BC-assisted IoT platform. The key contribution of the SPOHDL-ID model is to accomplish security via the intrusion detection and classification process from the IoT platform. In this case, the BC technology can be used for a secure data-sharing process. In the presented SPOHDL-ID technique, the selection of features from the network traffic data takes place using the SPO model. Besides, the SPOHDL-ID technique employs the HDL model for intrusion detection, which involves the design of a convolutional neural network with a stacked autoencoder (CNN-SAE) model. The beetle search optimizer algorithm (BSOA) method is used for the hyperparameter tuning procedure to increase the recognition outcomes of the CNN-SAE technique. An extensive simulation outcome is created to exhibit a better solution to the SPOHDL-ID method. The experimental validation of the SPOHDL-ID method portrayed a superior accuracy value of 99.59 % and 99.54 % over recent techniques under the ToN-IoT and CICIDS-2017 datasets.

Current Status and Challenges and Future Trends of Deep Learning-Based Intrusion Detection Models.

With the advancement of deep learning (DL) technology, DL-based intrusion detection models have emerged as a focal point of research within the domain of cybersecurity. This paper provides an overview of the datasets frequently utilized in the research. This article presents an overview of the widely utilized datasets in the research, establishing a basis for future investigation and analysis. The text subsequently summarizes the prevalent data preprocessing methods and feature engineering techniques utilized in intrusion detection. Following this, it provides a review of seven deep learning-based intrusion detection models, namely, deep autoencoders, deep belief networks, deep neural networks, convolutional neural networks, recurrent neural networks, generative adversarial networks, and transformers. Each model is examined from various dimensions, highlighting their unique architectures and applications within the context of cybersecurity. Furthermore, this paper broadens its scope to include intrusion detection techniques facilitated by the following two large-scale predictive models: the BERT series and the GPT series. These models, leveraging the power of transformers and attention mechanisms, have demonstrated remarkable capabilities in understanding and processing sequential data. In light of these findings, this paper concludes with a prospective outlook on future research directions. Four key areas have been identified for further research. By addressing these issues and advancing research in the aforementioned areas, this paper envisions a future in which DL-based intrusion detection systems are not only more accurate and efficient but also better aligned with the dynamic and evolving landscape of cybersecurity threats.

Correction: Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

Correction: Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

Computer vision based distributed denial of service attack detection for resource-limited devices

The growing adoption of Internet of Things (IoT) has rendered them a desirable target for cyber-attacks. One of the biggest threats to these systems is the distributed denial of service (DDoS) attack, which is a botnet-based attack. The reason for the increasing usage of machine learning and deep learning-based intrusion detection systems in IoT network security is their ability to recognize DDoS attack. Recent studies, however, shows how susceptible IoT networks are to these kinds of attacks and detection accuracy can be greatly lowered. While a majority of studies has concentrated on DDoS attack detection for deep learning, little attention has been paid to computer vision, especially image-based artificial intelligence technologies like convolutional neural network (CNN). In this study, we use an image-based dataset to evaluate the effectiveness of CNN, an effective computer vision approach, for DDoS attack detection in IoT contexts. Owing to the small size of the selected dataset and in order to improve the CNN model’s detection efficiency, we implement various data augmentation techniques prior to the model’s training, including scaling, rotation, and vertical and horizontal flipping. Next, we introduce an efficient CNN-based method for detection of DDoS attacks in IoT settings. Ultimately, we came to the conclusion that the statistical significance testing showed that there is a significance difference among the five models employed during the study, and the VGG19 which has higher accuracy (99.74%) and less computing cost (6020.80 s), which enables IoT devices to perform DDoS attack detection with cost-effectiveness.

Horse Herd optimization with deep learning based intrusion detection in cloud computing environment

Horse Herd optimization with deep learning based intrusion detection in cloud computing environment

A novel deep learning-based intrusion detection system for IoT DDoS security

Intrusion detection systems (IDS) for IoT devices are critical for protecting against a wide range of possible attacks when dealing with Distributed Denial of Service (DDoS) attacks. These attacks have become a primary concern for IoT networks. Intelligent decision-making techniques are required for DDoS attacks, which pose serious threats. The range of devices connected to the IoT ecosystem is growing, and the data traffic they generate is continually changing; the need for models more resistant to new attack types and existing attacks is of research interest. Motivated by this gap, this paper provides an effective IDS powered by deep learning models for IoT networks based on the recently published CICIoT2023 dataset. In this work, we improved the detection and mitigation of potential security threats in IoT networks. To increase performance, we performed preprocessing operations on the dataset, such as random subset selection, feature elimination, duplication removal, and normalization. A two-level IDS using deep-learning models containing binary and multiclass classifiers has been designed to identify DDoS attacks in IoT networks. The effectiveness of several deep-learning models in real-time and detection performance has been evaluated. We trained fully connected, convolutional, and LSTM-based deep learning models for detecting DDoS attacks and sub-classes. According to the results on a partially balanced sub-dataset, two staged models performed better than baseline models such as DNN (Deep Neural Networks), CNN (Convolutional Neural Networks), LSTM (Long Short Term Memory), RNN (Recurrent Neural Network).

Application of deep learning-based Intrusion Detection System (IDS) in network anomaly traffic detection

This study discusses the application of deep learning technology in network intrusion detection systems (IDS) and focuses on a new model named CNN-Focal. First, reviewing traditional IDS technology, it analyzes its limitations in dealing with complex network traffic. Then, the design principle of the CNN-Focal model is described in detail, which uses threshold convolution and SoftMax multi-class classification technology to improve abnormal traffic detections accuracy and efficiency effectively. The experimental results show that CNN-Focal performs well on the open data set, demonstrating the potential and advantages of its application in the natural network environment and providing a new perspective and method for further research of deep learning in the field of network security in the future.

Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

Attenuating majority attack class bias using hybrid deep learning based IDS framework

In real-time application domains, like finance, healthcare and defence, delay in service or stealing information may lead to unrecoverable consequences. So, early detection of intrusion is important to prevent security breaches. In recent days, anomaly-based intrusion detection using Hybrid Deep Learning approaches are becoming more popular. The most used benchmark datasets in the literature are NSL-KDD and UNSW-NB15, and these datasets are imbalanced. The models built on imbalanced datasets may lead to biased results towards majority classes by neglecting the minority class, even though they are equally important. In many cases, high accuracy is achieved for majority classes in the imbalanced datasets. But, the class-level performances are poor with respect to the minority class. The class balancing will also play an important role in attenuating the bias in prediction for imbalanced datasets. In this paper, a Hybrid Deep Learning Based Intrusion Detection (HDLBID) framework is proposed with CNN-BiLSTM combination. The four techniques, namely, Random Oversampling (ROS), ADASYN, SMOTE, and SMOTE-Tomek, are used for class balancing in the proposed HDLBID framework. The proposed HDLBID with SMOTE-Tomek achieves an overall accuracy of 99.6% with NSL-KDD and 89.02% for UNSW-NB15. It results in an improvement of 13.67% for NSL-KDD and 10.62% for UNSW-NB15 over the existing recent related models. In the proposed HDLBID, in addition to overall accuracy, the class-level F1 score is also calculated. A comparative study is presented to show the effectiveness of balancing dataset compared to imbalanced dataset, and observed that the SMOTE-Tomek class balancing comparatively performed well. An improvement of 37.43% is observed in the U2R class of the NSL-KDD dataset and 61.65% improvement is seen in the Worms class of the UNSW-NB15 dataset, both with SMOTE-Tomek class balancing. Therefore, the proposed HDLBID with SMOTE-Tomek class balancing reports the best results in terms of overall accuracy compared to existing recent related approaches. Also, in terms of class-level analysis, HDLBID reports best results with SMOTE-Tomek over imbalanced version of datasets.

Deep Learning-Based Intrusion Detection and Impulsive Event Classification for Distributed Acoustic Sensing Across Telecom Networks

Deep Learning-Based Intrusion Detection and Impulsive Event Classification for Distributed Acoustic Sensing Across Telecom Networks

A novel framework for analyzing internet of things datasets for machine learning and deep learning-based intrusion detection systems

To generate a machine learning (ML) and deep learning (DL) architecture with good performance, we need a decent dataset for the training and testing phases of the development process. Starting with the knowledge discovery and data mining (KDD) Cup 99 dataset, numerous datasets have been produced since 1998 to be utilized in the ML and DL-based intrusion detection systems (IDS) training and testing process. Because there are so many datasets accessible, it might be challenging for researchers to choose which dataset to employ. Therefore, a framework for evaluating dataset appropriateness with the research to be conducted is becoming increasingly crucial as new datasets are regularly created. Additionally, given the growing popularity of internet of things (IoT) devices and an increasing number of specific datasets for IoT in recent years, it is essential to have a specific framework for IoT datasets. Therefore, this research aims to develop a new framework for evaluating IoT datasets for ML and DL-based IDS. The study's findings include, first, a novel framework for assessing IoT datasets, second, a comparison of this novel framework to other existing frameworks, and third, an analysis of five IoT datasets by using the new framework.

Multi-stage deep learning-based intrusion detection system for automotive Ethernet networks

Modern automobiles are increasing the demand for automotive Ethernet as a high-bandwidth and flexible in-vehicle network technology. However, since Ethernet does not have native support for authentication or encryption, intrusion detection systems (IDSs) are becoming an attractive security mechanism to detect malicious activities that may affect Ethernet-based communication in cars. This paper proposes a novel multi-stage deep learning-based intrusion detection system to detect and classify cyberattacks in automotive Ethernet networks. The first stage uses a Random Forest classifier to detect cyberattacks quickly. The second stage, on the other hand, uses a Pruned Convolutional Neural Network that minimizes false positive rates while classifying different types of cyberattacks. We evaluate our proposed IDS using two publicly available automotive Ethernet intrusion datasets. The experimental results show that our proposed solution detects cyberattacks with a similar detection rate and a faster detection time compared to other state-of-the-art baseline automotive Ethernet IDSs.

Spotted hyena optimizer with ensemble deep learning based intrusion detection in internet of things environment

The Internet of Things (IoT) has many potential uses in the day-to-day operations of individuals, companies, and governments. It makes linking all devices to the internet a realistic possibility. Convincing IoT devices to work together to implement several real-world applications is a challenging feat. Security issues impact innovative platform applications due to the current security state in IoT-based operations. As a result, intrusion detection systems (IDSs) tailored to IoT platforms are essential for protecting against security breaches caused by the Internet of Things (IoT) that exploit its vulnerabilities. Issues with data loss, dangers, service interruption, and external hostile assaults are all part of the IoT security landscape. Designing and implementing appropriate security solutions for IoT environments is the main emphasis of this research. Within the Internet of Things (IoT) context, this research creates a Spotted Hyena Optimizer (SHO-EDLID) method for intrusion detection using ensemble deep learning. The main goal of the demonstrated SHO-EDLID method was to detect and categorize intrusions in an Internet of Things setting. It comprises many subprocesses, including feature selection, categorization, and pre-processing. The SHO-EDLID method uses a SHO-based feature selection strategy to identify the best feature subsets. It then used an ensemble of three DL models— a deep belief network (DBN), a stacked autoencoder (SAE), and a bidirectional recurrent neural network (BiRNN)— to detect and name cyberattacks. Finally, the DL models’ parameters are tuned using the Adabelief optimizer. A comprehensive simulation was run to illustrate that the offered model performed better. According to a thorough comparative analysis, the suggested method outperformed other recent approaches. Purpose of the Manuscript: To identify the best feature subsets, the SHO-EDLID method used the SHO-based feature selection method... Afterward, cyberattack identification and tracking were carried out using an ensemble of three DL models: DBN, SAE, and BiRNN. The final step in optimizing the DL models’ parameters is the Adabelief optimizer. The main comparative results: The proposed model present the Comparative analysis of SHO-EDLID algorithm with other existing systems and its outperform the performance in precision 97.50, accuracy 99.56, Recall 98.42, F-Measure.97.95.

Secure deep learning-based energy efficient routing with intrusion detection system for wireless sensor networks

In general, wireless sensor networks are used in various industries, including environmental monitoring, military applications, and queue tracking. To support vital applications, it is crucial to ensure effectiveness and security. To prolong the network lifetime, most current works either introduce energy-preserving and dynamic clustering strategies to maintain the optimal energy level or attempt to address intrusion detection to fix attacks. In addition, some strategies use routing algorithms to secure the network from one or two attacks to meet this requirement, but many fewer solutions can withstand multiple types of attacks. So, this paper proposes a secure deep learning-based energy-efficient routing (SDLEER) mechanism for WSNs that comes with an intrusion detection system for detecting attacks in the network. The proposed system overcomes the existing solutions’ drawbacks by including energy-efficient intrusion detection and prevention mechanisms in a single network. The system transfers the network’s data in an energy-aware manner and detects various kinds of network attacks in WSNs. The proposed system mainly comprises two phases, such as optimal cluster-based energy-aware routing and deep learning-based intrusion detection system. Initially, the cluster of sensor nodes is formed using the density peak k-mean clustering algorithm. After that, the proposed system applies an improved pelican optimization approach to select the cluster heads optimally. The data are transmitted to the base station via the chosen optimal cluster heads. Next, in the attack detection phase, the preprocessing operations, such as missing value imputation and normalization, are done on the gathered dataset. Next, the proposed system applies principal component analysis to reduce the dimensionality of the dataset. Finally, intrusion classification is performed by Smish activation included recurrent neural networks. The proposed system uses the NSL-KDD dataset to train and test it. The proposed one consumes a minimum energy of 49.67 mJ, achieves a better delivery rate of 99.92%, takes less lifetime of 5902 rounds, 0.057 s delay, and achieves a higher throughput of 0.99 Mbps when considering a maximum of 500 nodes in the network. Also, the proposed one achieves 99.76% accuracy for the intrusion detection. Thus, the simulation outcomes prove the superiority of the proposed SDLEER system over the existing schemes for routing and attack detection.

An end-to-end learning approach for enhancing intrusion detection in Industrial-Internet of Things

The Industrial-Internet of Things (I-IoT) stands out as one of the most dynamically evolving subfields within the expansive realm of the Internet of Things (IoT). Its exponential growth is reshaping industrial landscapes, bringing forth transformative innovations and advancements at an unprecedented pace, as the core of Industry 4.0. Among the formidable challenges faced by the Industrial-Internet of Things, cybersecurity stands out as a critical concern. Deep learning-based Intrusion Detection System (IDS) solutions showcase their steadfast ability to secure resource-limited, investigation-demanding, and complex I-IoT environments. However, their effectiveness hinges not only on the model but also on the dataset on which they are trained. While numerous literature studies delve into this field, existing proposed models often grapple with challenges. They are frequently trained on outdated, non-diverse datasets or lack specific features crucial for I-IoT networks. Recent efforts, thankfully, introduce more adequate datasets like Edge-IIoTset. Researchers leverage this extensive dataset to train models, focusing on detecting the 14 sophisticated attacks. These attacks predominantly target real I-IoT networks. Despite these efforts, none of the existing models proves entirely efficient. A review of literature solutions reveals that many models cannot detect all 15 classes in the dataset. Some are multi-staged or overly complex. In response to these challenges, this paper presents an End-to-End learning , non-complex CNN1D model tailored to the specific problem of detecting 14 sophisticated threats targeting I-IoT environments. Our proposed model demonstrated remarkable efficiency with an accuracy of 99.96%, successfully detecting all 15 classes in the Edge-IIoTset dataset with a minimal loss of 0.0011. Not only that, but our model was validated with k-fold cross-validation, demonstrating its efficiency in preserving the same performance on unseen data and its ability to be generalized for real-world I-IoT environments.

Deep Learning Based Security Schemes for IoT Applications: A Review

Due to its widespread perception as a crucial element of the Internet of the future, the Internet of Things (IoT) has garnered a lot of attention in recent years. The Internet of Things (IoT) is made up of billions of sentients, communicative "things" that expand the boundaries of the physical and virtual worlds. Every day, such widely used smart gadgets generate enormous amounts of data, creating an urgent need for rapid data analysis across a range of smart mobile devices. Thankfully, current developments in deep learning have made it possible for us to solve the issue tastefully. Deep models may be built to handle large amounts of sensor data and rapidly and effectively learn underlying properties for a variety of Internet of Things applications on smart devices. We review the research on applying deep learning to several Internet of Things applications in this post. Our goal is to provide insights into the many ways in which deep learning techniques may be used to support Internet of Things applications in four typical domains: smart industrial, smart home, smart healthcare, and smart transportation. One of the main goals is to seamlessly integrate deep learning and IoT, leading to a variety of novel ideas in IoT applications, including autonomous driving, manufacture inspection, intelligent control, indoor localization, health monitoring, disease analysis, and home robotics. We also go over a number of problems, difficulties, and potential avenues for future study that make use of deep learning (DL), which is turning out to be one of the most effective and appropriate methods for dealing with various IoT security concerns. The goal of recent research has been to enhance deep learning algorithms for better Internet of Things security. This study examines deep learning-based intrusion detection techniques, evaluates the effectiveness of several deep learning techniques, and determines the most effective approach for deploying intrusion detection in the Internet of Things. This study uses Deep Learning (DL) approaches to better expand intelligence and application skills by using the large quantity of data generated or acquired. The many IoT domains have drawn the attention of several academics, and both DL and IoT approaches have been explored. Because DL was designed to handle a variety of data in huge volumes and required processing in virtually real-time, it was indicated by several studies as a workable method for handling data generated by IoT.

An Efficient Deep Learningbased Intrusion Detection System for Internet of Things Networks with Hybrid Feature Reduction and Data Balancing Techniques

With the increasing use of Internet of Things (IoT) technologies, cyber-attacks on IoT devices are also increasing day by day. Detecting attacks on IoT networks before they cause any damage is crucial for ensuring the security of the devices on these networks. In this study, a novel Intrusion Detection System (IDS) was developed for IoT networks. The IoTID20 and BoT-IoT datasets were utilized during the training phase and performance testing of the proposed IDS. A hybrid method combining the Principal Component Analysis (PCA) and the Bat Optimization (BAT) algorithm was proposed for dimensionality reduction on the datasets. The Synthetic Minority Over-SamplingTechnique (SMOTE) was used to address the problem of data imbalance in the classes of the datasets. The Convolutional Neural Networks (CNN) model, a deep learning method, was employed for attack classification. The proposed IDS achieved an accuracy rate of 99.97% for the IoTID20 dataset and 99.98% for the BoT-IoT dataset in attack classification. Furthermore, detailed analyses were conducted to determine the effects of the dimensionality reduction and data balancing models on the classification performance of the proposed IDS.

Optimizing deep learning-based intrusion detection in cloud computing environment with chaotic tunicate swarm algorithm

Intrusion Detection (ID) in cloud environments is vital to maintain the safety and integrity of data and resources. However, the presence of class imbalance, where normal samples significantly outweigh intrusive instances, poses a challenge in constructing a potential ID system. Deep Learning (DL) methods, with their capability to automatically study complex patterns and features, present a promising solution in various ID tasks. Such methods can automatically learn intricate features and patterns from the input dataset, making them suitable for detecting anomalies and finding intrusions in cloud environments. Therefore, this study proposes a Class Imbalance Data Handling with an Optimal Deep Learning-Based Intrusion Detection System (CIDH-ODLIDS) in a cloud computing atmosphere. The CIDH-ODLIDS technique leverages optimal DL-based classification and addresses class imbalance. Primarily, the CIDH-ODLIDS technique preprocesses the input data using a Z-score normalization approach to ensure data quality and consistency. To handle class imbalance, the CIDH-ODLIDS technique employs oversampling techniques, particularly focused on synthetic minority oversampling techniques such as Adaptive Synthetic (ADASYN) sampling. ADASYN generates synthetic instances for the minority class depending on the available data instances, effectively balancing the class distribution and mitigating the impact of class imbalance. For the ID process, the CIDH-ODLIDS technique utilizes a Fuzzy Deep Neural Network (FDNN) model, and its tuning procedure is performed using the Chaotic Tunicate Swarm Algorithm (CTSA). CTSA is employed to choose the learning rate of the FDNN methods optimally. The experimental assessment of the CIDH-ODLIDS method is extensively conducted on three IDS datasets. The comprehensive comparison results confirm the superiority of the CIDH-ODLIDS algorithm over existing techniques.

Auto metric graph neural network optimized with woodpecker mating algorithm for detecting network layer attacks in mobile ad hoc networks

ABSTRACT Nowadays, Mobile Ad hoc Network (MANET) gains more attraction due to its seamless and dynamic use. The existing methods in MANET are plagued by some weaknesses, like higher computation time, undermining their real-time responsiveness. Whereas, lower accuracy in intrusion detection compromises the reliability of these systems, potentially leading to missed threats posing a challenge for effective security measures in dynamic MANET environments. To mitigate these weaknesses, an Auto Metric Graph Neural Network optimized with Woodpecker Mating Algorithm is proposed in this paper for detecting Network Layer Attack in MANET (AGNN-WMA-DNLA-MANET). Initially, the data are gathered from CIC-IDS 2019 dataset. The gathered data undergoes pre-processing to eliminate redundancy and missing values replacement using the Local Least Squares method. Afterward, the preprocessing output is fed to AGNN for classification, which classifies the attack as active, passive, or normal. Then, Woodpecker Mating Algorithm (WMA) is proposed to optimize the AGNN weight parameters to ensure the accurate classification. The proposed technique is executed in NS2 tool. The metrics, like accuracy, false positive rate (FPR) and attack detection rate (ADR), computation time, and RoC is analyzed. The proposed AGNN-WMA-DNLA-MANET approach provides 14.68%, 7.142%, and 4.65% higher accuracy for active attack, 15.19%, 2.77%, and 9.85% higher accuracy for passive attack and 38.18%, 12.02%, and 7.59% better accuracy for normal compared with existing methods, such as Dependable intrusion detection scheme under deep convolutional neural network (DCNN-MANET), deep learning-based intrusion detection scheme for MANET (AE-DNN-MANET), and Benchmarking of machine learning for anomaly based intrusion detection scheme (ML-MANET), respectively.

Effective Intrusion Detection System Using Deep Learning for DDoS Attacks

An increasing demand for information technology and cloud computing has led to various security threats over internet. Amongst all types of threats, Distributed Denial of Service (DDoS) attacks are the most common, posing a challenge to a cyber security. It allows unauthorized users to gain access to services, and preventing authorized users. Traditional intrusion detection, antivirus software, and firewalls are not enough to detect these attacks. This paper proposed an efficient deep learning-based intrusion detection system (IDS) for DDoS attacks detection. Proposed model is a hybrid CNN-LSTM model which is combination of best DL algorithms to take advantage of CNN to extract spatial features and LSTM to extract temporal features. The real-time DDoS-specific benchmark-dataset CICDDoS2019 used for training, testing, and validation. An autoencoder has been used for dimensionality reduction, and SMOTE method is used to balance the minority class of dataset. The experimental results proved that the model outperforms than other state-of-the-art models, with an accuracy score of 99.86%.