Hybrid Intrusion Detection Research Articles

Models and Methods of Intrusion Detection in Wireless Sensor Networks of the Tactical Command and Control of Troops

Wireless sensor networks are an important element of modern military operations, providing real-time monitoring and data transmission. However, these networks are vulnerable to both physical and cyber attacks due to limited resources, lack of physical control over the sensors, and challenges associated with using wireless communication channels. The aim of the article is to conduct a comparative analysis of models and methods for intrusion detection in tactical command-level wireless sensor networks. The analysis covers centralized and decentralized security management approaches with a focus on detection models based on signatures, anomalies, and specifications. The article also explores the potential of using hybrid methods that combine the advantages of the aforementioned approaches. Publicly available datasets (KDD, NSL-KDD, WSN-DS) and synthetic datasets generated using network simulators were used to compare the effectiveness of the models. The results show that centralized models are more effective for small networks but create a load on the base station, which can cause delays in attack detection. Decentralized models reduce the load and improve the speed of response to attacks, but they also have their drawbacks. The article notes that none of the existing methods provide complete protection, so a combination of approaches is the most effective solution. Anomaly-based intrusion detection models and methods are classified according to their functional capabilities: statistics-based, data mining-based, machine learning-based, and artificial intelligence-based. The use of artificial neural networks and machine learning significantly improves the accuracy of anomaly detection, but such systems require large computational resources and are complex to configure. The main analytical conclusion of the article is the need to create a hybrid intrusion detection system using artificial neural networks and machine learning, which combines centralized and decentralized methods while considering specific threats to tactical command-level wireless sensor networks. Future research should focus on developing a functional model of an intrusion detection system for the security subsystem in tactical command-level wireless sensor networks.

LH-IDS: Lightweight Hybrid Intrusion Detection System Based on Differential Privacy in VANETs

LH-IDS: Lightweight Hybrid Intrusion Detection System Based on Differential Privacy in VANETs

Federated Learning-Assisted Coati Deep Learning-Based Model for Intrusion Detection in MANET

MANET is a set of self-arranged, wirelessly connected nodes. Each mobile ad hoc network node acts as a router to send the packet from the source node to the destination node. MANET nodes’ random movements and decentralized architecture pose security challenges, making them vulnerable to various attacks like node selfishness, network partition, black hole, and DoS due to limited hardware resources. In this paper, a novel Hybrid Intrusion DEtection for MANet (HIDE-MAN) technique has been proposed to detect intrusion like DDoS and MitM attacks in MANET. The proposed HIDE-MAN framework initiates by preprocessing malicious data packets through data cleaning and data transformation resulting in the creation of high-dimensional vectors. The intrusion detection system then makes use of the CO-BiLSTM model, which is based on the actions of Coati and BiLSTM. It categorizes outputs into DDoS attacks, MitM attacks, or the absence of any attacks. Federated learning with GAN networks allows for the aggregation of updates from multiple local models distributed across MANET. Assessment metrics such as accuracy, precision, F1 score, detection rate, recall, and security rate have been utilized to assess the efficacy of the proposed HIDE-MAN method. The comparative analysis shows that the detection rate of the proposed HIDE-MAN is greater by 18.9%, 18.07%, and 4.03% than that of the current KBIDS, WOA-DNN, and MSA-GCNN techniques, respectively.

Hybrid intrusion detection models based on GWO optimized deep learning

In the rapidly evolving landscape of network communication systems, the need for robust security measures has become paramount due to increased vulnerability to cyber threats. Traditional Intrusion Detection Systems (IDSs) face challenges in efficiently handling redundant features, leading to increased computational complexity. This research addresses these challenges by proposing two optimized IDSs leveraging Grey Wolf Optimization (GWO) combined with deep learning (DL) models. The first system integrates Gated Recurrent Unit (GRU) with GWO (GRU-GWO), while the second utilizes Long Short-Term Memory (LSTM) with GWO (LSTM-GWO). These systems aim to enhance feature selection, reducing dimensionality and improving detection accuracy. The NSL-KDD and UNSW-NB15 datasets, representative of contemporary network environments, were employed to evaluate the proposed systems. Experimental results demonstrate significant improvements in intrusion detection accuracy and computational efficiency, underscoring the efficacy of the DL-GWO approach in enhancing network security. The first approach (GRU-GWO-FS) increased accuracy to 90% and 79% for anomaly and signature-based detection on the UNSW-NB15 dataset, compared to 80% and 77% with all features. The second approach (LSTM-GWO-FS) achieved 93% and 79%, compared to 82% and 77%. On the NSL-KDD dataset, GRU-GWO-FS improved accuracy to 94% and 92%, and LSTM-GWO-FS to 94% and 92% for anomaly and signature-based detection, respectively.

An Enhanced Hybrid Intrusion Detection Using Mapreduce-Optimized Black Widow Convolutional LSTM Neural Networks

An Enhanced Hybrid Intrusion Detection Using Mapreduce-Optimized Black Widow Convolutional LSTM Neural Networks

A Novel Hybrid Intrusion Detection Framework Leveraging Machine Learning and Flower Pollination Optimization

The exponential growth in technologies such as cloud computing, smart devices, virtualization, and the Internet of Things (IoT) has generated over four hundred zettabytes of network traffic data annually. This surge necessitates robust cybersecurity strategies to protect information from intrusions, which can result in significant financial losses. Reducing security risks requires the use of data analytics and machine learning to derive insights and make informed decisions based on network data. This study introduces the Flower Pollination Optimization (FPO) algorithm for feature selection to enhance the performance of several classifiers on the UNSW-NB15 dataset. We evaluated four classifiers: Linear Discriminant Analysis (LDA), Multi-Layer Perceptron (MLP), Quadratic Discriminant Analysis (QDA), and K-Nearest Neighbors (KNN) in two scenarios: without feature selection and with FPO-based feature selection. The results demonstrate significant improvements in classifier performance with FPO, with QDA achieving the highest accuracy of 99.16%. Comparative analysis with recent studies highlights the superior performance of our approach, setting a new benchmark in intrusion detection. This research underscores the essential role of effective feature selection in improving the accuracy and reliability of Intrusion Detection Systems (IDS), particularly in IoT environments.

A cloud‐based hybrid intrusion detection framework using XGBoost and ADASYN‐Augmented random forest for IoMT

AbstractInternet of Medical Things have vastly increased the potential for remote patient monitoring, data‐driven care, and networked healthcare delivery. However, the connectedness lays sensitive patient data and fragile medical devices open to security threats that need robust intrusion detection solutions within cloud‐edge services. Current approaches need modification to be able to handle the practical challenges that result from problems with data quality. This paper presents a hybrid intrusion detection framework that enhances the security of IoMT networks. There are three modules in the design. First, an XGBoost‐based noise detection model is used to identify data anomalies. Second, adaptive resampling with ADASYN is done to fine‐tune the class distribution to address class imbalance. Third, ensemble learning performs intrusion detection through a Random Forest classifier. This stacked model coordinates techniques that filter noise and preprocess imbalanced data, identifying threats with high accuracy and reliability. These results are then experimentally validated on the UNSW‐NB15 benchmark to demonstrate effective detection under realistically noisy conditions. The novel contributions of the work are a new hybrid structural paradigm coupled with integrated noise filtering, and ensemble learning. The proposed advanced oversampling with ADASYN gives a performance that surpasses all others with a reported 92.23% accuracy.

Artificial Intelligence Based Multi-Layer Approach for Finding Unknown Attacks in Cloud Network by Using Hybrid Intrusion Detection

Objectives : The objective of this study is to explore Intrusion Detection Systems and their various types by gathering research from previously published articles in refereed journals. The focus is on developing a proposed model capable of identifying unknown attacks in cloud networks using Signature and Anomaly-based Intrusion Detection Systems. Subsequently, the efficiency of the proposed model will be assessed, and a comparison with existing models will be conducted. The paper's main objective is to identify unknown attacks in a cloud network using a combination of signature and anomaly-based intrusion detection systems in an artificial intelligence-based multi-layered approach. Methods: Leveraging insights from existing literature, the proposed model combines signature-based IDS for known threat detection and anomaly-based IDS for detecting unusual behavioral patterns indicative of new or unseen attacks. Experimental evaluations using NSL-KDD and ADFA datasets demonstrate competitive accuracy and detection rates, with the proposed artificial intelligence-based Hybrid IDS achieving high performance in detecting both normal and malicious activities. Findings: This model produces above 90%, 96%, and 98% efficiency in the wired, Wireless, and Cloud networks respectively, and this model finds known attacks effectively while using parameters like event logs, file transferring time, TCP and UDP addresses, CPU Usage, Weak and synthetic data, IP and MAC address. Existing literature said that the existing model using the Hybrid Intrusion detection model can identify unknown attacks with a maximum of 80%, 92%, and 96% accuracy respectively. The findings suggest that the artificial intelligence-based multi-layered approach offers a promising solution for enhancing cloud network security, with the potential for further optimization and integration of advanced technologies in future research endeavors. Novelty: This study presents an artificial intelligence-based multi-layered approach for detecting unknown attacks in cloud networks by integrating signature-based and anomaly-based intrusion detection systems (IDS). The authors developed the model to detect the intrusion by using the Behaviour Profiling algorithm and dynamically prevent the data from intrusion by using the Statistical approach model. The authors trying to find unknown attacks, therefore the authors defined the objective of this paper as to find the unknown attacks in cloud networks by using the combination of signature and anomaly-based intrusion detection systems. The objective is to develop a model capable of effectively identifying cyber threats in cloud environments. The existing models do not concentrate on identifying unknown attacks by using Signature-based Intrusion Detection. Very few of the literature said that known attacks can be identified easily by using Signature-based Intrusion Detection but the unknown attacks identifying process is hard. Some of the Literature said that using the Hybrid Intrusion detection model can identify unknown attacks with a maximum of 80%, 92%, and 96% accuracy respectively. The current paper identifies unknown attacks in the cloud network using a combination of signature and anomaly-based intrusion detection systems in an artificial intelligence-based multi-layered approach and it produced above 97% accuracy. The unique feature of the model is artificial intelligence-based multi-layered approach and dynamic key have been utilized to avoid malicious activities in the network. Keywords: Anomaly based IDS, Cloud Network Security, Hybrid IDS, Multi-Layer Approach, Signature based IDS

A hybrid intrusion detection approach based on message queuing telemetry transport (MQTT) protocol in industrial internet of things

AbstractThe number of attacks against Industrial Internet of Things (IIoT) devices has increased over the past years, particularly on widely used communication protocols like Message Queuing Telemetry Transfer (MQTT). The fast increase in IIoT applications brings both critical challenges and technical gaps in cybersecurity. On the other hand, traditional cyber‐attack detection approaches scrap to address and support the run‐time responsibilities of IIoT environments. This study presents a hybrid Genetic Algorithm and Random Forest (GA_RF) method for detecting cyber‐attacks in Industrial Control Machines (ICS) that use MQTT protocol in the IIoT environment. This architecture integrates ICS with edge devices and cloud servers, using a GA_RF algorithm to detect anomalies in data collected by sensors. Normal data is processed locally and then sent to the cloud for storage and return, ensuring continuous monitoring and security. Also, the MQTT‐IOT‐IDS2020 dataset as a real test case was applied for prediction of the proposed GA_RF method with compare to some other powerful machine and deep learning models. The experimental results show that the proposed GA_RF method has an optimum accuracy of 99.87%–100% for detecting cyber‐attacks. This hybrid algorithm also achieved 0–0.0015 in Mean Absolute Error (MAE) and 100% in Precision, Recall, and F‐score factors. This result led to the proposed architecture, which connects the ICS to a server while running GA_RF on the IIoT environment. In conclusion, this study indicates the effectiveness of GA_RF and aims to improve security by using the MQTT protocol in IIoT.

A novel reinforcement learning-based hybrid intrusion detection system on fog-to-cloud computing

A novel reinforcement learning-based hybrid intrusion detection system on fog-to-cloud computing

Design of network security monitoring system based on K-means clustering algorithm

The Network Security Monitoring System (NSMS) can use Big Data (BD) and K-means DT (K-means with distance threshold) algorithms to automatically learn and identify abnormal patterns in the network, improving the accuracy of network threat detection. In this article, KDD Cup 1999 and NSL KDD were selected as NSMS for dataset analysis. Preprocess the data; Extract statistical information, time series information, and traffic distribution characteristics. Value device DT further classifies regular attacks, remote location (R2L) attacks, and user to root (U2R) permission attacks. The experimental results show that the hybrid intrusion detection algorithm based on K-means DT achieves a network attack detection accuracy of 99.2% and a network attack detection accuracy of 98.9% on the NSL-KDD dataset. Hybrid intrusion detection algorithms can effectively improve the accuracy of network intrusion detection (NID). The hybrid intrusion detection system proposed in this article performs well on different datasets and can effectively detect various types of network intrusion attacks, with better performance than other algorithms. The NSMS designed in this article can cope with constantly changing network threats.

A Deep Learning Approach for Intrusion Detection Systems –A Review

Throughout the past decade, the researchers have developed many a number of intrusion detection systems. Some of these were developed to work on host based and some were network-based intrusion detection systems. The presented systems are combination of HIDS/NIDS and signature/anomaly based, or hybrid systems. The intrusion detection system is an intelligence system known as computational intelligence. The main goal of computational intelligence is to provide solutions to complex real-world problems. An effective IDS must use more than standard mathematical techniques and conventional analysis methods combined with soft computing techniques to synergistically create a more robust IDS. In this paper, we review three important areas of research that have significant implication for proposed framework. First, we review existing shallow learning intrusion detection systems both in machine and deep learning. In the second section, we review existing hybrid intrusion detection systems. Finally, we provide some findings and analysis of the literature studies.

A hybrid intrusion detection system with K-means and CNN+LSTM

Intrusion detection system (IDS) plays an important role as it provides an efficient mechanism to prevent or mitigate cyberattacks. With the recent advancement of artificial intelligence (AI), there have been many deep learning methods for intrusion anomaly detection to improve network security. In this research, we present a novel hybrid framework called KCLSTM, combining the K-means clustering algorithm with convolutional neural network (CNN) and long short-term memory (LSTM) architecture for the binary classification of intrusion detection systems. Extensive experiments are conducted to evaluate the performance of the proposed model on the well-known NSL-KDD dataset in terms of accuracy, precision, recall, F1-score, detection rate (DR), and false alarm rate (FAR). The results are compared with traditional machine learning approaches and deep learning methods. The proposed model demonstrates superior performance in terms of accuracy, DR, and F1-score, showcasing its effectiveness in identifying network intrusions accurately while minimizing false positives.

A Deep Intelligent Hybrid Intrusion Detection Framework with LIME

Network security has grown to be a major issue as a result of the development of Internet of Things (IoT) devices. Attacks known as Distributed Denial of Service (DDoS) can overwhelm and impair networks. In order to identify DDoS and other network intrusion threats in real-time, accurately, and with justification, this study suggests a unique deep learning-driven fog computing architecture named as Deep Intelligent Hybrid Intrusion Detection Framework with LIME (DIHIF-LIME). The main advancement is the creation of a hybrid intrusion detection system that integrates randomness measurements taken from network traffic with a K-Nearest Neighbor (KNN) machine learning classifier. The justification for predictions is explained using Local Interpretable Model-Agnostic Explanations (LIME), which promotes explainability. Using datasets including network assaults, Long-Short-Term Memory (LSTM) neural networks are created and compared. Utilizing 5-fold cross-validation, LSTM outperformed benchmarks with the maximum accuracy of 99.97%. In conclusion, the proposed fog computing intrusion detection framework with LIME explainability offers a rapid, precise, scalable, and interpretable end-to-end solution from IoT devices to the cloud. A thorough test shows that the method is effective in protecting IoT networks from DDoS and other assaults. The two main advances th­­at are presented are hybrid detection and LIME explainability.

Machine learning-enabled hybrid intrusion detection system with host data transformation and an advanced two-stage classifier

Network Intrusion Detection Systems (NIDS) have been extensively investigated by monitoring real network traffic and analyzing suspicious activities. However, there are limitations in detecting specific types of attacks with NIDS, such as Advanced Persistent Threats (APT). Additionally, NIDS is restricted in observing complete traffic information due to encrypted traffic or a lack of authority. To address these limitations, a Host-based Intrusion Detection system (HIDS) evaluates resources in the host, including logs, files, and folders, to identify APT attacks that routinely inject malicious files into victimized nodes. In this study, a hybrid network intrusion detection system that combines NIDS and HIDS is proposed to improve intrusion detection performance. The host data undergoes a Language Processing (NLP)-based Bidirectional Encoder Representations from Transformers (BERT) model from textual representation to a numerical one in order to process host data in a similar way to the network flow data through machine learning models. The feature flattening technique is applied to flatten two-dimensional host-based features that is provided by BERT into one-dimensional vectors so that host-based and network flow-based features can be processed by advanced Machine Learning (ML) models. In order to enhance HIDS effectiveness, a two-stage collaborative classifier is utilized, which applies two tiers of machine learning algorithms, binary and multi-class classifiers, to detect network intrusions. Once a binary classifier is used to detect benign samples to reduce the complexity of the original problem, the attack data are classified by a multi-class supervised learner to identify attack types. Hence, the overall performance of the two-stage collaborative model outperforms the baseline classifier, XGBoost. The proposed method is shown to generalize across two well-known datasets, CICIDS 2018 and NDSec-1. The performance of XGBoost, which represents conventional ML, is evaluated. Combining host and network features enhances attack detection performance (macro average F1 score) by 8.1% under the CICIDS 2018 dataset and 3.7% under the NDSec-1 dataset. Meanwhile, the two-stage collaborative classifier improves detection performance for most single classes, especially for DoS-LOIC-UDP and DoS-SlowHTTPTest, with improvements of 30.7% and 84.3%, respectively, when compared with the traditional ML models.

Secure Your Network: Building a Hybrid Intrusion Detection System in Java

Abstract: To protect the system from different types of intrusions, an intrusion detection system ID is required. It is essential to analyse the communication in order to classify the material as malicious or helpful. The usage of intrusion detection systems for cyber security shouldn't add to the processing time required for classification. These days, classification algorithms are utilized in conjunction with machine learning approaches to identify harmful data or intrusions. KDD cup 99 is the data set that was used in the experiment. Hybrid classification models can be used to adjust the performance of individual classification methods. This model blends rule-based algorithms with categorization techniques. An additional degree of security is provided by the combination of machine and human intelligence in classification. Precision, recall, F-Measure, and Mean Age Precision are used to validate an algorithm. The algorithm has a 92.35 percent accuracy rate. Even after merging our human-written criteria with traditional machine learning classification techniques, the model's accuracy is still considered satisfactory. However, there is still room for improvement and a more specific classification of the attack

Combating Evolving Threats: A Signature-Anomaly Based Hybrid Intrusion Detection System for Smart Homes with False Positive Mitigation

Abstract: As people are looking for a more comfortable life, IoT applications are coming to play. Smart home system is one of the most popular IoT applications in the last decade. A smart home network is crucial to function smart home system properly. Cyber attacks on a smart home network can damage a lot. Network intrusion detection and prevention system (NIDPS) is a good solution to protect against Cyber threat in smart home network. This research will implement hybrid NIDPS in smart home network by combining signature based and anomaly-detection based NIDPS. This hybrid NIDPS will prevent known known attack from public internet, local internet and zero-day attack. Also, this system will be able to reduce false positive result and improve signature based NIDPS rules accurately by manual inspection.

Enhanced Hybrid Intrusion Detection System with Attention Mechanism using Deep Learning

Enhanced Hybrid Intrusion Detection System with Attention Mechanism using Deep Learning

A novel intrusion detection system based on a hybrid quantum support vector machine and improved Grey Wolf optimizer

The Internet of Things (IoT) has grown significantly in recent years, allowing devices with sensors to share data via the internet. Despite the growing popularity of IoT devices, they remain vulnerable to cyber-attacks. To address this issue, researchers have proposed the Hybrid Intrusion Detection System (HIDS) as a way to enhance the security of IoT. This paper presents a novel intrusion detection model, namely QSVM-IGWO, for improving the detection capabilities and reducing false positive alarms of HIDS. This model aims to improve the performance of the Quantum Support Vector Machine (QSVM) by incorporating parameters from the Improved Grey Wolf Optimizer (IGWO) algorithm. IGWO is introduced under the hypothesis that the social hierarchy observed in grey wolves enhances the searching procedure and overcomes the limitations of GWO. In addition, the QSVM model is employed for binary classification by selecting the kernel function to obtain an optimal solution. Experimental results show promising performance of QSVM-IGWO in terms of accuracy, Recall, Precision, F1 score, and ROC curve, when compared with recent detection models.

Multi-task learning for IoT traffic classification: A comparative analysis of deep autoencoders

As a system allowing intra-network devices to automatically communicate over the Internet, the Internet of Things (IoT) faces increasing popularity in modern applications and security threats — particularly network intrusions that target both networks and devices. A major threat is network attacks that attempt to obtain unauthorised access and damage the networks or systems. To effectively safeguard against these attacks, it is essential to use efficient hybrid intrusion detection systems with advanced techniques. Deep learning-based algorithms, such as Autoencoders (AEs), have been recognised as efficient methods for intrusion detection. However, it is crucial to further analyse the impact of different structures on detection performance. This paper proposes a method combining AE for data reconstruction and anomaly detection and multi-task learning (MTL)-structured models for IoT traffic classification. Additionally, we suggest a hybrid resampling technique with the Synthetic Minority Over-Sampling Technique and Generative Adversarial Network (SMOTE-GAN) for enhanced training and conduct a comparative analysis of different neural networks with AEs. The experimental results on two publicly available datasets demonstrate the effectiveness and practicality of the proposed AE-MTL approach compared with single-task learning. Additionally, while the performance varies on different datasets, Long Short-Term Memory (LSTM), Gated Recurrent Units (GRU), and Convolutional Neural Network (CNN) have improved the detection of minor classes.