Intrusion Detection System Architecture Research Articles

Enhanced Intrusion Detection in Drone Networks: A Cross-Layer Convolutional Attention Approach for Drone-to-Drone and Drone-to-Base Station Communications

Due to Internet of Drones (IoD) technology, drone networks have proliferated, transforming surveillance, logistics, and disaster management. Distributed Denial of Service (DDoS) attacks, malware infections, and communication abnormalities increase cybersecurity dangers to these networks, threatening operational safety and efficiency. Current Intrusion Detection Systems (IDSs) fail to handle drone transmission data’s dynamic, high-dimensional nature, resulting in inadequate real-time anomaly identification and mitigation. This study presents the Cross-Layer Convolutional Attention Network (CLCAN), a new IDS architecture for IoD networks. CLCAN accurately detects complex cyber threats using multi-scale convolutional processing, hierarchical contextual attention, and dynamic feature fusion. Preprocessing methods like weighted differential scaling and gradient-based adaptive resampling improve data quality and reduce class imbalances. Contextual attribute transformation captures the nuanced network behaviors needed for anomaly identification. The proposed technique is shown to be necessary and effective by real-world drone communication dataset evaluations. CLCAN outperforms CNN, LSTM, and XGBoost with 98.4% accuracy, 98.7% recall, and 98.1% F1-score. The model has a remarkable AUC of 0.991. CLCAN can handle datasets of over 118,000 balanced data records in 85 s, compared to 180 s for comparable frameworks. This study pioneers a unified security solution for Drone-to-Drone (D2D) and Drone-to-Base Station (D2BS) communications, filling a crucial IoD security gap. It protects mission-critical drone operations with a strong, efficient, and scalable IDS from emerging cyber threats.

Securing smart agriculture networks using bio-inspired feature selection and transfer learning for effective image-based intrusion detection

The smart agricultural system integrates advanced technologies to optimize farming practices and increase productivity. It gathers images from sensors, drones, and other sources to create detailed maps of crop yield variability, soil composition, and vegetation indices. In the realm of network security, the rise of smart agricultural systems presents both challenges and opportunities. This study addresses the crucial need for a tailored Intrusion Detection System (IDS) for agricultural networks, focusing on image-based traffic. Employing advanced techniques such as transfer learning and bio-inspired algorithms, we propose a novel IDS architecture adept at handling the unique characteristics of image traffic. Our methodology includes imbalanced data handling, transformation, feature extraction utilizing the pre-trained VGG16 model, feature selection via the bio-inspired Binary Greylag Goose (BGGO) algorithm, and classification employing a Random Forest classifier. Evaluation on the new CICIoT2023 dataset showcases high accuracy, with 99.41% for multiclass and 99.83% for binary classifications with a reduced number of features from 25088 to 6327. These results underscore the significance of efficient IDS solutions for the evolving landscape of agricultural technologies, promising enhanced network security in smart agriculture environments.

A Petri Net and LSTM Hybrid Approach for Intrusion Detection Systems in Enterprise Networks.

Intrusion Detection Systems (IDSs) are a crucial component of modern corporate firewalls. The ability of IDS to identify malicious traffic is a powerful tool to prevent potential attacks and keep a corporate network secure. In this context, Machine Learning (ML)-based methods have proven to be very effective for attack identification. However, traditional approaches are not always applicable in a real-time environment as they do not integrate concrete traffic management after a malicious packet pattern has been identified. In this paper, a novel combined approach to both identify and discard potential malicious traffic in a real-time fashion is proposed. In detail, a Long Short-Term Memory (LSTM) supervised artificial neural network model is provided in which consecutive packet groups are considered as they flow through the corporate network. Moreover, the whole IDS architecture is modeled by a Petri Net (PN) that either blocks or allows packet flow throughout the network based on the LSTM model output. The novel hybrid approach combining LSTM with Petri Nets achieves a 99.71% detection accuracy-a notable improvement over traditional LSTM-only methods, which averaged around 97%. The LSTM-Petri Net approach is an innovative solution combining machine learning with formal network modeling for enhanced threat detection, offering improved accuracy and real-time adaptability to meet the rapid security needs of virtual environments and CPS. Moreover, the approach emphasizes the innovative role of the Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) as a form of "virtual sensing technology" applied to advanced network security. An extensive case study with promising results is provided by training the model with the popular IDS 2018 dataset.

Multi-Agent Locally Trained Progressive Instance Selected Assisted Federated Learning Architecture for Intrusion Detection in Industrial-IoT

In this work the focus is made on designing and developing a robust federated learning model (FLM) and architecture for multi-type network intrusion detection system (MT-NIDS) for IIoT applications. Unlike traditional intrusion detection systems, where the key focus is made on detecting and classifying single type of intrusion or attack condition, this research targets to perform multi-type network intrusion detection. This as a result can contribute a fit-to-all NIDS solution for IIoT environment.

Analysis of Encrypted Network Traffic for Enhancing Cyber-security in Dynamic Environments

ABSTRACT At present, encrypted data is the cornerstone of Internet communication, providing the maximum degree of privacy and security protection for all transmitted data while shielding users against potential cyber threats and attacks. However, since the Deep Packet Inspection (DPI) system is the primary layer of defense against numerous cyberattacks, applying encrypted network data poses severe issues for detection and prevention systems. In dynamic contexts such as the Internet of Things (IoT), detecting intrusion inside encrypted network traffic is vital. Yet, it is equally important to predict and prevent any cyber-attacks that may compromise the integrity and security of the network infrastructure. As a result, there is a fundamental need for methodologies based on intelligent analysis of patterns and attributes of encrypted network traffic. To satisfy security requirements in such a context, we propose an application of deep learning models for enhanced intrusion detection systems (IDS). The Tree-based Spider-Net Multipath (TBSNM) methodology is utilized, while an Advanced Encryption Standard (AES) technique is used to authenticate users. User selection is accomplished through robust Deep Reinforcement Learning with the Tabu Search (DRL-TS) algorithm, while channel selection is optimized through rigorous training employing Proximal Policy Optimization (PPO). Path selection is then determined by analyzing traffic statistics extracted from the Routing Information Protocol (RIP). Finally, an optimized IDS is established based on a Lightweight Deep Neural Network with Hunger Games Search and Remora Optimization Algorithm (LDNN-HGS-ROA). Evaluation results have shown that the proposed system architecture is effective in detecting attacks, achieving an enhanced IDS architecture with higher performance rates.

A micro Reinforcement Learning architecture for Intrusion Detection Systems

This paper proposes an Intrusion Detection System (IDS) that utilizes Deep Reinforcement Learning (DRL) in a fine-grained manner to enhance the performance of binary and multiclass intrusion classification tasks. The proposed system, named Micro Reinforcement Learning Classifier (MRLC), is evaluated using three standard datasets. MRLC architecture utilizes a fine-grained learning approach to enhance IDS accuracy. Simulation studies demonstrate that MRLC has a high efficiency in discriminating different intrusion classes, outperforming state-of-the-art RL-based methods. The average accuracy of MRLC is 99.56%, 99.99%, 99.01% for NSL-KDD, CIC-IDS2018, and UNSW-NB15 datasets respectively. The implementation codes are available at https://github.com/boshradarabi/MICRO-RL-IDS.

A Novel Architecture for an Intrusion Detection System Utilizing Cross-Check Filters for In-Vehicle Networks.

The Controller Area Network (CAN), widely used for vehicular communication, is vulnerable to multiple types of cyber-threats. Attackers can inject malicious messages into the CAN bus through various channels, including wireless methods, entertainment systems, and on-board diagnostic ports. Therefore, it is crucial to develop a reliable intrusion detection system (IDS) capable of effectively distinguishing between legitimate and malicious CAN messages. In this paper, we propose a novel IDS architecture aimed at enhancing the cybersecurity of CAN bus systems in vehicles. Various machine learning (ML) models have been widely used to address similar problems; however, although existing ML-based IDS are computationally efficient, they suffer from suboptimal detection performance. To mitigate this shortcoming, our architecture incorporates specially designed rule-based filters that cross-check outputs from the traditional ML-based IDS. These filters scrutinize message ID and payload data to precisely capture the unique characteristics of three distinct types of cyberattacks: DoS attacks, spoofing attacks, and fuzzy attacks. Experimental evidence demonstrates that the proposed architecture leads to a significant improvement in detection performance across all utilized ML models. Specifically, all ML-based IDS achieved an accuracy exceeding 99% for every type of attack. This achievement highlights the robustness and effectiveness of our proposed solution in detecting potential threats.

Parameterization and Performance Analysis of a Scalable, near Real-Time Packet Capturing Platform

The rapid evolution of technology has fostered an exponential rise in the number of individuals and devices interconnected via the Internet. This interconnectedness has prompted companies to expand their computing and communication infrastructures significantly to accommodate the escalating demands. However, this proliferation of connectivity has also opened new avenues for cyber threats, emphasizing the critical need for Intrusion Detection Systems (IDSs) to adapt and operate efficiently in this evolving landscape. In response, companies are increasingly seeking IDSs characterized by horizontal, modular, and elastic attributes, capable of dynamically scaling with the fluctuating volume of network data flows deemed essential for effective monitoring and threat detection. Yet, the task extends beyond mere data capture and storage; robust IDSs must integrate sophisticated components for data analysis and anomaly detection, ideally functioning in real-time or near real-time. While Machine Learning (ML) techniques present promising avenues for detecting and mitigating malicious activities, their efficacy hinges on the availability of high-quality training datasets, which in turn poses a significant challenge. This paper proposes a comprehensive solution in the form of an architecture and reference implementation for (near) real-time capture, storage, and analysis of network data within a 1 Gbps network environment. Performance benchmarks provided offer valuable insights for prototype optimization, demonstrating the capability of the proposed IDS architecture to meet objectives even under realistic operational scenarios.

Artificial Intelligence-Based Intrusion Detection System for Cloud Computing

Abstract: It is possible to communicate with others and do business across this global network, which is comprised of hundreds of millions of computers running a variety of hardware and software configurations. This makes it simpler for hackers to abuse resources and conduct Internet attacks since computers are linked to one another. There are significant roadblocks to the development of a security-oriented approach that may be flexible and adaptive in light of the expanding number of Internet assaults. Threats from the internet could be identified using an intrusion detection system (IDS). The utilization of an intrusion detection system, or IDS, is necessary to preserve network security. Because the cloud platform is continuously expanding and becoming more prevalent in our everyday lives, it is imperative that we develop an effective IDS for it as well. On the other hand, typical intrusion detection systems may encounter difficulties when used in the cloud. A cloud segment may get overburdened by the pre-determined IDS architecture because of the added detection overhead. In the context of a networked system with an adaptable architecture. Using a neural network-based IDS, we show how to make full utilize available resources while not putting undue strain on any single cloud server. The proposed IDS uses a neural network machine learning to identify new threats even more effectively

Enhancing Intrusion Detection Systems Using a Deep Learning and Data Augmentation Approach

Cybersecurity relies heavily on the effectiveness of intrusion detection systems (IDSs) in securing business communication because they play a pivotal role as the first line of defense against malicious activities. Despite the wide application of machine learning methods for intrusion detection, they have certain limitations that might be effectively addressed by leveraging different deep learning architectures. Furthermore, the evaluation of the proposed models is often hindered by imbalanced datasets, limiting a comprehensive assessment of model efficacy. Hence, this study aims to address these challenges by employing data augmentation methods on four prominent datasets, the UNSW-NB15, 5G-NIDD, FLNET2023, and CIC-IDS-2017, to enhance the performance of several deep learning architectures for intrusion detection systems. The experimental results underscored the capability of a simple CNN-based architecture to achieve highly accurate network attack detection, while more complex architectures showed only marginal improvements in performance. The findings highlight how the proposed methods of deep learning-based intrusion detection can be seamlessly integrated into cybersecurity frameworks, enhancing the ability to detect and mitigate sophisticated network attacks. The outcomes of this study have shown that the intrusion detection models have achieved high accuracy (up to 91% for the augmented CIC-IDS-2017 dataset) and are strongly influenced by the quality and quantity of the dataset used.

A Hierarchical Deep Learning Architecture for Robust Intrusion Detection in Time-Evolving Security Landscapes

Abstract: This paper introduces a novel architecture for Intrusion Detection Systems (IDS), designed to enhance resilience against adversarial attacks by integrating conventional machine learning (ML) models with Deep Learning (DL) models. The proposed system, termed DLL-IDS, comprises three key components: a DL-based IDS, an adversarial example (AE) detector based on local intrinsic dimensionality (LID), and an ML-based IDS. Initially, a novel AE detector is developed using LID to identify potential adversarial examples. This detector serves as a crucial component in identifying suspicious inputs that may be crafted to deceive the IDS. Subsequently, the system leverages the low transferability of attacks between DL and ML models to establish a robust ML model capable of discerning the maliciousness of potential AEs. The DLL-IDS architecture operates as follows: if incoming traffic is flagged as an AE by the detector, the MLbased IDS is employed to evaluate its maliciousness; otherwise, the DL-based IDS handles the prediction. By integrating both DL and ML approaches, the system benefits from the high prediction accuracy of DL models while exploiting the low susceptibility of ML models to adversarial attacks. Experimental results demonstrate significant enhancements in IDS prediction performance under adversarial conditions, achieving high accuracy with minimal resource consumption. This fusion mechanism effectively combines the strengths of DL and ML models, thereby bolstering the overall robustness of the IDS against sophisticated intrusion attempts.

Bi-channel hybrid GAN attention based anomaly detection system for multi-domain SDN environment

Software-Defined Networking (SDN) is a strategy that leads the network via software by separating its control plane from the underlying forwarding plane. In support of a global digital network, multi-domain SDN architecture emerges as a viable solution. However, the complex and ever-evolving nature of network threats in a multi-domain environment presents a significant security challenge for controllers in detecting abnormalities. Moreover, multi-domain anomaly detection poses a daunting problem due to the need to process vast amounts of data from diverse domains. Deep learning models have gained popularity for extracting high-level feature representations from massive datasets. In this work, a novel deep neural network architecture, supervised learning based LD-BiHGA (Low Dimensional Bi-channel Hybrid GAN Attention) system is designed to learn class-specific features for accurate anomaly detection. Two asymmetric GANs are employed for learning the normal and abnormal network flows separately. Then, to extract more relevant features, a bi-channel attention mechanism is added. This is the first study to introduce an innovative hybrid architecture that merges bi-channel hybrid GANs with attention models for the purpose of anomaly detection in a multi-domain SDN environment that effectively handles real-time unbalanced data. The suggested architecture demonstrates its effectiveness on three benchmark datasets, achieving an average accuracy improvement of 7.225% on balanced datasets and 3.335% on imbalanced datasets compared to previous intrusion detection system (IDS) architectures in the literature.

Artificial Intelligence based Intrusion Detection System – A Detailed Survey

The Internet and communications have rapidly expanded, leading to a significant rise in data generation and heterogeneity. Intrusion detection systems play a crucial role in ensuring the security and integrity of computer systems. These systems have been developed by researchers, academicians, and practitioners to effectively detect and mitigate network attacks. Intrusion detection systems are designed to analyze network traffic and compare it with a baseline of normal behavior, allowing them to identify any deviations or inconsistencies that may indicate an intrusion. Furthermore, the cooperative and distributed architecture of intrusion detection systems enables them to effectively detect attacks and protect the network from unauthorized access. Additionally, to enhance the performance of intrusion detection systems, techniques such as resampling the dataset and utilizing classifier ensemble are used to improve the classification accuracy. Moreover, intrusion detection systems have been integrated with intrusion response systems to ensure a timely and effective response to detected attacks. AI-based Intrusion Detection Systems have emerged as a crucial tool in ensuring network security and combating cyber threats. These systems utilize artificial intelligence algorithms to analyze network traffic, identify patterns of malicious activity, and detect potential cyber-attacks. They have proven to be highly effective in improving the detection accuracy, reducing false alarms, and even detecting previously unknown types of attacks. In summary, the development of accurate and efficient intrusion detection systems is crucial for ensuring network security. In today’s rapidly changing world, the significance of accurate intrusion detection systems cannot be overstated.

An adaptive distributed intrusion detection system in local network: Hybrid classification methods

In the realm of cybersecurity, the incessant evolution of network attacks necessitates advanced and robust intrusion detection systems (IDS). The major issues with these systems are numerous: false positivenegative alarms, delayed response and detection time, size of processed data, adaptability to future threats, scalability of the system, difficulty in detecting distributed attacks, and downtime (fault tolerance). We propose a system that introduces a distributed framework aimed at enhancing network security by effectively identifying subtle deviations from normal network behavior. This is achieved through transfer learning based on artificial neural networks, and support vector machine (SVM), capitalizing on their complementary strengths in recognizing complex patterns and addressing high-dimensional datasets. To validate the efficacy of the proposed approach, the NSL-KDD dataset is utilized within a distributed IDS architecture. It consists of several intrusion detection nodes representing subnetworks. A node consists of two agents that work collaboratively. A way is proposed to avoid interference between analysis agents: the network agents manager monitors the functioning of the nodes and displays the results of each vulnerability-detecting node in each subnet separately. Such communication between agents should reduce FPAS (false positive alarms) significantly. The Detection engine extracts relevant features of network attacks to solve the problem of SVM in processing huge sizes of data and detect adaptive future threats to detect famous distributed denial of services (DDOS) attacks in real-time. The system is highly scalable by increasing the number of intrusion detection system nodes if necessary. Central processing is avoided to circumvent a system failure situation, where processing and decision-making take place at the detection node level within each subnet.

A Cryptographic based I2ADO-DNN Security Framework for Intrusion Detection in Cloud Systems

Cloud computing's popularity and success are directly related to improvements in the use of Information and Communication Technologies (ICT). The adoption of cloud implementation and services has become crucial due to security and privacy concerns raised by outsourcing data and business applications to the cloud or a third party. To protect the confidentiality and security of cloud networks, a variety of Intrusion Detection System (IDS) frameworks have been developed in the conventional works. However, the main issues with the current works are their lengthy nature, difficulty in intrusion detection, over-fitting, high error rate, and false alarm rates. As a result, the proposed study attempts to create a compact IDS architecture based on cryptography for cloud security. Here, the balanced and normalized dataset is produced using the z-score preprocessing procedure. The best attributes for enhancing intrusion detection accuracy are then selected using an Intelligent Adorn Dragonfly Optimization (IADO). In addition, the trained features are used to classify the normal and attacking data using an Intermittent Deep Neural Network (IDNN) classification model. Finally, the Searchable Encryption (SE) mechanism is applied to ensure the security of cloud data against intruders. In this study, a thorough analysis has been conducted utilizing various parameters to validate the intrusion detection performance of the proposed I2ADO-DNN model.

Two-Stage Intrusion Detection System in Intelligent Transportation Systems Using Rule Extraction Methods From Deep Neural Networks

In recent years, intrusion detection systems (IDSs) are offering effective solutions to protect various types of cyber-attacks in different networks such as Internet of Vehicles (IoVs) network in Intelligent Transportation Systems (ITS). Deep learning models have largely been leveraged by these intrusion detection systems to achieve better effectiveness results. However, deep learning models are black boxes, which limits their acceptability in decision systems. Also, they require powerful processing capabilities such as GPU, which limit their deployments in resource-constrained devices in IoV environment. To deal with these issues, we propose a two-stage IDS in ITS to discover suspicious network activity of In-Vehicles Networks (IVN) and vehicles to everything (V2X) networks. Our proposed IDS system uses rule extraction methods from deep learning models, i.e., deep neural networks in two stages. In the first stage, we analyze network traffic to distinguish between normal and attack traffic. If the traffic is found malicious, the second stage is invoked to identify the type of attack. To this end, we propose three variants of rule extraction. The first and the second variants are homogeneous, and they apply <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$DeepRed$</tex-math> </inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$HypInv$</tex-math> </inline-formula> rule extraction methods in both stages respectively. The third variant is heterogeneous, and it applies <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$HypInv$</tex-math> </inline-formula> in the first stage to perform binary classification, and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$DeepRed$</tex-math> </inline-formula> in the second stage to perform attack classification. The key idea is to combine the advantages of rule extraction technique and two-stage IDS architecture to resource consumption and improve classification accuracy. The proposed IDS model was tested using four benchmark datasets, i.e. ISCXIDS2012, CIC-IDS2017, and CSE-CIC-IDS2018 datasets are used for external network communications and the car hacking dataset are used for in-vehicle communications. The evaluation results show that the homogeneous <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$DeepRed$</tex-math> </inline-formula> is the optimal one in all cases of IDS system with an accuracy scores ranging between 92.43%-98.32% under CIC-IDS2017 dataset, between 91.32%-99.46% under CSE-CIC-IDS2018 dataset, and between 96.05%-99.21% under Car-hacking dataset.

A Hybrid Modified Deep Learning Architecture for Intrusion Detection System with Optimal Feature Selection

With the exponentially evolving trends in technology, IoT networks are vulnerable to serious security issues, allowing intruders to break into networks without authorization and manipulate the data. Their actions can be recognized and avoided by using a system that can detect intrusions. This paper presents a hybrid intelligent system and inverted hour-glass-based layered network classifier for feature selection and classification processes, respectively. To accomplish this task, three different datasets have been utilized in the proposed model for identifying old and new attacks. Moreover, a hybrid optimization feature selection technique has been implemented for selecting only those features that can enhance the accuracy of the detection rate. Finally, the classification is performed by using the inverted hour-glass-based layered network model in which data are up-sampled with the increase in the number of layers for effective training. Data up-sampling is performed when small subset of datapoints are observed for any class, which in turn helps in improving the accuracy of the proposed model. The proposed model demonstrated an accuracy of 99.967%, 99.567%, and 99.726% for NSL-KDD, KDD-CUP99, and UNSW NB15 datasets, respectively, which is significantly better than the traditional CNID model. These results demonstrate that our model can detect different attacks with high accuracy and is expected to show good results for new datasets as well. Additionally, to reduce the computational cost of the proposed model, we have implemented it on CPU-based core i3 processors, which are much cheaper than GPU processors.

A self-adaptation-based approach to resilience improvement of complex internets of utility systems

Resilience improvement of complex internets of utility systems is still an open issue for the current research. Proposed solutions fail to implement an integrated approach to detection, mitigation, and reaction which is able to face both well-known and new, previously unknown cyber-attacks (in particular distributed ones, which constitute one of the most serious and still unresolved threat scenarios affecting networked systems). In this work, we present the conceptual architecture of a novel multi-layer distributed Intrusion Detection and Reaction System based on the Autonomic Communication paradigm. The architecture relies on a self-organizing cooperative overlay network of complementary components that are dynamically and autonomously adapted to face distributed cyberattacks against Industrial Control Systems. The proposed architecture aims at being a guideline for experts and practitioners to address the well-known problem of distributed nature of new types of cyber-attacks, by implementing mechanisms to orchestrate available resources for effective detection and remediation dynamically. A distributed flow monitoring system provides input data to cooperative intrusion detection agents, which allow correlating information from heterogeneous feeds to improve the identification of attacks originating from both the inside and the outside of the monitored network and to support customizable remediation mechanisms.

A Multi-Layer Intrusion Detection System for SOME/IP-Based In-Vehicle Network.

The automotive Ethernet is gradually replacing the traditional controller area network (CAN) as the backbone network of the vehicle. As an essential protocol to solve service-based communication, Scalable service-Oriented MiddlewarE over IP (SOME/IP) is expected to be applied to an in-vehicle network (IVN). The increasing number of external attack interfaces and the protocol's vulnerability makes SOME/IP in-vehicle networks vulnerable to intrusion. This paper proposes a multi-layer intrusion detection system (IDS) architecture, including rule-based and artificial intelligence (AI)-based modules. The rule-based module is used to detect the SOME/IP header, SOME/IP-SD message, message interval, and communication process. The AI-based module acts on the payload. We propose a SOME/IP dataset establishment method to evaluate the performance of the proposed multi-layer IDS. Experiments are carried out on a Jetson Xavier NX, showing that the accuracy of AI-based detection reached 99.7761% and that of rule-based detection was 100%. The average detection time per packet is 0.3958 ms with graphics processing unit (GPU) acceleration and 0.6669 ms with only a central processing unit (CPU). After vehicle-level real-time analyses, the proposed IDS can be deployed for distributed or select critical advanced driving assistance system (ADAS) traffic for detection in a centralized layout.

Network intrusion detection system for DDoS attacks in ICS using deep autoencoders

Anomaly detection in industrial control and cyber-physical systems has gained much attention over the past years due to the increasing modernisation and exposure of industrial environments. Current dangers to the connected industry include the theft of industrial intellectual property, denial of service, or the compromise of cloud components; all of which might result in a cyber-attack across the operational network. However, most scientific work employs device logs, which necessitate substantial understanding and preprocessing before they can be used in anomaly detection. In this paper, we propose a network intrusion detection system (NIDS) architecture based on a deep autoencoder trained on network flow data, which has the advantage of not requiring prior knowledge of the network topology or its underlying architecture. Experimental results show that the proposed model can detect anomalies, caused by distributed denial of service attacks, providing a high detection rate and low false alarms, outperforming the state-of-the-art and a baseline model in an unsupervised learning environment. Furthermore, the deep autoencoder model can detect abnormal behaviour in legitimate devices after an attack. We also demonstrate the suitability of the proposed NIDS in a real industrial plant from the alimentary sector, analysing the false positive rate and the viability of the data generation, filtering and preprocessing procedure for a near real time scenario. The suggested NIDS architecture is a low-cost solution that uses only fifteen network-based features, requires minimal processing, operates in unsupervised mode, and is straightforward to deploy in real-world scenarios.