Intrusion Detection System Research Articles

Gradient correlation based detection of adversarial attacks on vehicular networks

The controller area network (CAN) bus, which controls real-time communication and data transmission among vehicle electronic control units, lacks security mechanisms and is highly vulnerable to attacks. Existing in-vehicle network intrusion detection systems (IDSs) typically rely on deep learning models for detection, which are susceptible to interference from adversarial attacks owing to the vulnerability of the models themselves, thereby compromising the detection performance. In this study, we propose an adversarial attack detection method based on gradient correlation that achieves a high accuracy rate using a linear approach to detect adversarial samples. The experimental results show that the proposed model does not require retraining of the original detection model and demonstrates better detection performance for multiple adversarial attacks.

Enhancing the security in IoT and IIoT networks: An intrusion detection scheme leveraging deep transfer learning

The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme’s overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

A Survey of AI Methods for Detection of DDoS Attacks on Networks

This survey explores various artificial intelligence (AI) methods for detecting Distributed Denial of Service (DDoS) attacks on networks. It classifies these approaches into machine learning, deep learning, and other AI-based techniques, providing a comprehensive overview of current advancements in the field. Numerous research studies in the field of machine learning have evaluated DDoS attack detection performance using various datasets and techniques. Some noteworthy results are the supremacy of the J48 algorithm in SDN networks and the efficacy of the AdaBoost and Gradient Boost classifiers. In other investigations, Random Forest, Support Vector Machine, and Naive Bayes also showed excellent accuracy rates, up to 99.7%. To improve DDoS detection, deep learning techniques introduced autoencoders, hybrid models, and recurrent neural networks. These models achieved accuracy rates as high as 99.99%, frequently outperforming more conventional machine learning techniques. Enhanced detection rates were achieved by the utilization of a varied dataset in conjunction with deep-stacked autoencoders. Artificial intelligence methods such as Fuzzy Logic, Artificial Bee Colony, Ant Colony Optimization, and Whale Optimization Algorithm were used to identify DDoS assaults. These methods demonstrated high accuracy rates, efficient detection of various attack types, and improvements in reducing false positives; the integration of these techniques into intrusion detection systems offers a strong defense against dynamic DDoS threats. The overall survey highlights the effectiveness of AI techniques in DDoS attack detection across various methodologies.

CyberAIBot: Artificial Intelligence in an Intrusion Detection System for CyberSecurity in the IoT

The cyber ecosystem presents two interesting properties. Attackers and defenders are normally the same entity; a detailed knowledge of defensive strategies optimises an attack whereas a good defence, based on a layered structure also includes attacks. In addition, Artificial Intelligence (AI) provides new techniques and tools to both attackers and defenders such as Generative Adversarial Networks (GANs) based on Generators and Discriminators for impersonation or Deep Learning (DL) for exhaustive scanning. To address this dilemma, this article presents CyberAIBot: Artificial Intelligence in an Intrusion Detection System for CyberSecurity in the Internet of Things (IoT) aimed at Operational Technology (OT) and Information Technology (IT) network traffic. CyberAIBot is based on a Deep Learning management structure in a private or local edge cloud computing approach where AI makes decisions as close as possible to the source of data. CyberAIBot gradually detects, learns, and adapts to different cyber attacks. In detail, CyberAIBot uses Deep Learning (DL) technical clusters trained in specific attacks and a Deep Learning (DL) management cluster specialises in taking management decisions rather than technical evaluations. This management cluster supervises conflicting classifications from the deep learning technical clusters. CyberAIbot is trained against several datasets and its performance is evaluated between two classification algorithms, the Long Short-Term Memory (LSTM) networks and Support Vector Machines (SVMs). The SVM DL clusters learn faster (average 15x) although the LSTM DL clusters perform better (average 30%). The LSTM DL management cluster performs better than the SVM DL management cluster although it recognises fewer traffic types. The total number of data points analysed by CyberAIBot is 5.52E+08, equivalent to the distance between the planet Earth to the Moon in meters.

SIRT: A distinctive and smart invasion recognition tool (SIRT) for defending IoT integrated ICS from cyber-attacks

With the rise of smart industries, Industrial Control Systems (ICS) has to move from isolated settings to networked environments to meet the objectives of Industry 4.0. Because of the inherent interconnection of these services, systems of this type are more vulnerable to cybersecurity breaches. To protect ICSs from cyberattacks, intrusion detection systems equipped with Artificial Intelligence characteristics have been used to spot unusual system behavior. The main research problem focused on this work is to guarantee ICS security, a variety of security strategies and automated technologies have been established in past literary works. However, the main problems they face include a high proportion of incorrect predictions, longer execution times, more complex system designs, and decreased efficiency. Thus, developing and putting in place a Smart Invasion Recognition Tool (SIRT) to defend critical infrastructure systems against new cyberattacks is the main goal of this project. This system cleans and normalizes the supplied ICS data using a unique preprocessing technique called Variational Data Normalization (VDN). Furthermore, a novel hybrid technique called Frog Leap-based Ant Movement Optimization (FLAMO) is applied to choose the most important and necessary features from normalized industrial data. Furthermore, the methodology of Weighted Bi-directional Gated Recurrent Network (WeBi-GRN) is utilized to precisely distinguish between genuine and malicious samples from information collected by ICS. This work validates and evaluates the performance findings using many assessment indicators and a range of open-source ICS data. According to the study's findings, the proposed SIRT model accurately classifies the different types of assaults from the industrial data with 99 % accuracy.

Research on Collaborative Defense Method of Hospital Network Cloud based on End-to-end Edge Computing

This research introduces a groundbreaking collaborative defense mechanism that utilizes end-to-end edge computing to bolster the security of decentralized hospital cloud systems. By integrating intrusion detection systems, firewalls, anomaly detection, and threat intelligence in a unified manner through the efficiency of edge computing, this approach marks a significant advancement in healthcare cybersecurity. Through rigorous testing with a substantial dataset, the system demonstrated exceptional performance metrics, including a remarkable 95% accuracy in threat detection, a low false positive rate, and a swift response time of merely 0.25 seconds. Notably, the system effectively mitigates computational overhead, thereby optimizing resource utilization. Comparative analysis with existing methodologies underscores the superiority of this novel framework, particularly in terms of geolocation accuracy, the minimization of false positives, and expedited reaction capabilities. This study’s collaborative defense strategy, underpinned by end-to-end edge computing, presents a holistic and innovative solution to the escalating cyber threats facing healthcare infrastructures. By redefining the parameters of security in medical settings, it paves the way for a safer and more resilient healthcare information technology ecosystem.

Using a Grey Wolf Optimization and Multilayer Perceptron Algorithms for an Anomaly-Based Intrusion Detection System

Using a Grey Wolf Optimization and Multilayer Perceptron Algorithms for an Anomaly-Based Intrusion Detection System

Collaborative Intrusion Detection System with Snort Machine Learning Plugin

The increasing prevalence of cybercrime and cyber-attacks underscores the imperative need for organizations to implement robust network security measures. Nevertheless, current Intrusion Detection Systems (IDS) often rely on single-sensor or multi-sensor in the same type of IDS, including Host-Based IDS (HIDS) or Network-Based IDS (NIDS), which inherently possess limited detection capabilities. To address this limitation, this research combines NIDS and HIDS components into a collaborative-IDS system, thus expanding the scope of intrusion detection and enhancing the efficacy of the established attack mitigation system. However, the integration of NIDS and HIDS introduces formidable challenges, notably the elevated rates of False Positive and False Negative alerts. To surmount these challenges, the researcher employs machine learning techniques in the form of Snort plugins and comparison methods to heighten the precision of attack detection. The obtained results unequivocally illustrate the effectiveness of this approach. Using a Support Vector Machine for static analysis of the NSL-KDD dataset attains an outstanding 99% detection rate for Denial of Service (DoS) attacks and an impressive 98% detection rate for Probe attacks. Furthermore, in dynamic real-time attack simulations, the machine learning plugins exhibit remarkable proficiency in detecting various types of DoS attacks, concurrently offering more comprehensive identification of SYN Flooding DoS attacks compared to the Snort community rules set. These findings signify a significant advancement in intrusion detection, paving the way for more robust and accurate network security systems in an era of escalating cyber threats.

Enhancing cybersecurity protocols in tax accounting practices: Strategies for protecting taxpayer information

This paper highlights the importance of enhancing cybersecurity measures in tax accounting to protect taxpayer data. It proposes strategies to ensure compliance and enhance data security in the context of evolving cyber threats. This study investigated the cybersecurity landscape within the tax accounting sector, focusing on prevalent threats, the effectiveness of existing security measures, and areas for improvement. Utilizing a mixed-methods approach, the research combined qualitative interviews with cybersecurity experts and tax accounting professionals, quantitative surveys of 200 tax accounting firms, and detailed case studies of firms that experienced significant cyberattacks. The findings reveal that phishing attacks, ransomware, data breaches, malware, and insider threats are the most common cybersecurity challenges faced by tax accounting practices. While measures such as encryption, multi-factor authentication (MFA), firewalls, intrusion detection systems (IDS), regular security audits, and comprehensive employee training prove effective, their inconsistent implementation across the industry highlighted the need for standardized protocols. The study identified significant gaps in resource allocation, particularly for smaller firms and non-profits, and underscores the necessity for formal incident response plans. Recommendations include enhanced training programs, development of standardized security protocols, resource support for smaller firms, regular security audits, comprehensive incident response plans, and adoption of advanced technologies. The study calls for further exploration of emerging threats, cost-effective solutions for smaller firms, the impact of artificial intelligence (AI) and machine learning (ML), longitudinal studies on cybersecurity practices, and analysis of policy and regulatory impacts. These insights aim to enhance the cybersecurity posture of tax accounting practices, ensuring the protection of sensitive taxpayer information and overall industry resilience.

Intrusion Detection System Using Chaotic Walrus Optimization-based Convolutional Echo State Networks for IoT-assisted Wireless Sensor Networks

Wireless Sensor Networks (WSN) based Internet of Things (IoT) networks have achieved greater research interest due to their multi-purpose data collection and transmission over different geographical locations. However, the fabrication of different cyber-attacks in these networks has been a severe concern for applications such as remote healthcare, military communications, etc. These attacks question the integrity and security of WSN-IOT networks for such applications, and the traditional Intrusion Detection Systems (IDS) have shown increased false alarm rates because of their substantial processing overhead, resource constraints, and low detection rates. This paper presents an intelligent IDS model using Chaotic Walrus Optimization-based Convolutional Echo State Networks (CWO-CESN) to solve existing problems. It increases the detection accuracy of different attacks. In this CWO-CESN-based IDS model, the data are gathered from the sensor/IoT nodes and are pre-processed. Then, the proposed CWO-CESN learns the features from these data and classifies them into attacks and standard data classes. This proposed CWO-CESN is a hybrid classifier model that integrates Convolutional Neural Networks (CNN) and Echo State Networks (ESN) as a single model and employs Chaotic map-based population initialized Walrus Optimizer for optimizing the hyperparameters. Validated on benchmark datasets, the proposed CWO-CESN-based IDS model attained accuracies of 99%, 99.5%, and 99.8% for the detection of different attacks for NSL-KDD, WSN-DS and IoT-23 datasets, respectively, and ensured secured and reliable application in significant fields.

Blockchain-based Reputation System for Smart Farm Anomaly Detection and Prevention

While smart farming is becoming increasingly popular as a way to improve the efficiency and sustainability of agroecosystems and global food security, its vulnerability to cyber-attacks is rapidly increasing. A distributed reputation system can help detect and prevent malicious activities by tracking the reputation of IP addresses of devices, products, and entities in a smart farming system, thereby enhancing its security and trust. In this paper, we propose a blockchain-based reputation system for IP addresses in smart farms for real-time intrusion detection and prevention. The study uses the Ethereum blockchain smart contracts, Oracles, Intrusion Detection System (IDS), and a Proof-of-Reputation (PoR) consensus mechanism. The system was evaluated on two datasets, the Spamhaus Blocklist, and the Malware Domain List datasets. It achieved high accuracy, recall, and precision rates, F1 score, as well as low false positive and false negative rates. This shows that the proposed system has high potential to be an effective tool for improving malware detection and prevention in real-time, creating a trusted supply chain for a smart farming ecosystem against a wide range of attack types, including denial-of-service attacks, probe attacks, and user-to-root attacks.

A Novel Hybrid Intrusion Detection Framework Leveraging Machine Learning and Flower Pollination Optimization

The exponential growth in technologies such as cloud computing, smart devices, virtualization, and the Internet of Things (IoT) has generated over four hundred zettabytes of network traffic data annually. This surge necessitates robust cybersecurity strategies to protect information from intrusions, which can result in significant financial losses. Reducing security risks requires the use of data analytics and machine learning to derive insights and make informed decisions based on network data. This study introduces the Flower Pollination Optimization (FPO) algorithm for feature selection to enhance the performance of several classifiers on the UNSW-NB15 dataset. We evaluated four classifiers: Linear Discriminant Analysis (LDA), Multi-Layer Perceptron (MLP), Quadratic Discriminant Analysis (QDA), and K-Nearest Neighbors (KNN) in two scenarios: without feature selection and with FPO-based feature selection. The results demonstrate significant improvements in classifier performance with FPO, with QDA achieving the highest accuracy of 99.16%. Comparative analysis with recent studies highlights the superior performance of our approach, setting a new benchmark in intrusion detection. This research underscores the essential role of effective feature selection in improving the accuracy and reliability of Intrusion Detection Systems (IDS), particularly in IoT environments.

Analyzing Resampling Techniques for Addressing the Class Imbalance in NIDS using SVM with Random Forest Feature Selection

The purpose of Network Intrusion Detection Systems (NIDS) is to ensure and protect computer networks from harmful actions. A major concern in NIDS development is the class imbalance problem, i.e., normal traffic dominates the communication data plane more than intrusion attempts. Such a state of affairs can pose certain hazards to the effectiveness of detection algorithms, including those useful for detecting less frequent but still highly dangerous intrusions. This paper aims to utilize resampling techniques to tackle this problem of class imbalance in NIDS using a Support Vector Machine (SVM) classifier alongside utilizing features selected by Random Forest to improve the feature subset selection process. The analysis highlights the combativeness of each sampling method, offering insights into their efficiency and practicality for real-world applications. Four resampling techniques are analyzed. Such techniques include Synthetic Minority Over-sampling Technique (SMOTE), Random Under-sampling (RUS), Random Over-sampling (ROS) and SMOTE with two different combinations i.e., RUS SMOTE and RUS ROS. Feature selection was done using Random Forest, which was improved by Bayesian methods to create subsets of features with feature rankings determined by Cumulative Feature Importance Score (CFIS). The CIDDS-2017 dataset is used for the performance evaluation, and the metrics used include accuracy, precision, recall, F-measure and CPU time. The algorithm that performs best overall in the CFIS feature subsets is SMOTE, and the features that give the best result are selected at the 90% level with 25 features. This subset accomplishes a relative accuracy enhancement of 0.08% than the other approaches. The RUS+ROS technique is also fine but somehow slower than SMOTE. On the other hand, RUS+SMOTE shows relatively poor results although it consumes less time in terms of computational time compared to other methods, giving about 50% of the performance shown by the other methods. This paper's novelty is adapting the RUS method as a standalone test for screening new and potentially contaminated datasets. The standalone RUS method is more efficient in terms of computations; the algorithm returned the best result of 98.13% accuracy at 85% at the CFIS level of 34 features with a computation time of 137.812 s. It is also noted that SMOTE is considered to be proficient among all resampling techniques used for handling the problem of class imbalance in NIDS, vice 90% CFIS feature subset. Future research directions could include using these techniques in different data sets and other machine learning and deep learning methods together with ROC curve analysis to provide useful pointers to NIDS designers on how to select the right data mining tools and strategies for their projects.

Evolving Adversarial Training (EAT) for AI-Powered Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) are crucial components of network security, yet traditional IDS models often fail to cope with rapidly evolving adversarial attacks that exploit their static nature. This study proposes a novel approach, Evolving Adversarial Training (EAT), to enhance the adaptability and robustness of AI-powered IDS against dynamic threats. The EAT framework integrates continuous model evolution with advanced adversarial training techniques, enabling the IDS to dynamically adjust to new attack patterns. Experimental results demonstrate that the EAT framework significantly enhances IDS performance, leading to increased detection accuracy and reduced false positive rates compared to conventional methods. These findings emphasize the potential of EAT in fortifying network defenses against evolving cyber threats, offering a promising avenue for future research in scalable and adaptive IDS solutions that can effectively combat the complexities of modern cyber adversaries. The research explores three key objectives: dynamic adaptation and adversarial training, continuous learning and enhanced threat detection, and robustness and generalization. By focusing on these objectives, the study aims to develop AI-powered IDS that can effectively navigate the ever-changing cyber threat landscape. The research methodology includes data collection, model architecture design, training and evaluation, continuous learning, simulation, and real-world testing, all aimed at enhancing the resilience of AI-powered IDS against adversarial attacks. By systematically following this framework, the study intends to enhance the security system of IDS through the effective implementation of EAT.

A privacy-preserving Self-Supervised Learning-based intrusion detection system for 5G-V2X networks

In light of the ongoing transformation in the automotive industry, driven by the adoption of 5G and the proliferation of connected vehicles, network security has emerged as a critical concern. This is particularly true for the implementation of cutting-edge 5G services such as Network Slicing (NS), Software Defined Networking (SDN), and Multi-access Edge Computing (MEC). As these advanced services become more prevalent, they introduce new vulnerabilities that can be exploited by cyber attackers. Consequently, Network Intrusion Detection Systems (NIDSs) are pivotal in safeguarding vehicular networks against cyber threats. Still, their efficacy hinges on extensive data, which often contains sensitive and confidential information such as vehicle positions and owner’s behaviors, raising privacy concerns. To address this issue, we propose a Privacy-Preserving Self-Supervised Learning (SSL) based Intrusion Detection System for 5G-V2X networks. The majority of works in the literature relying on Federated Learning (FL) and often overlook data labeling on the end devices. Our methodology leverages SSL to pre-train NIDSs using unlabeled data. Post-training is then performed with a minimal amount of labeled data, which can be carefully crafted by an expert. This novel technique allows the training of NIDSs with huge datasets without compromising privacy, consequently enhancing the efficacy of cyber-attack protection. Our innovative SSL pre-training methodology has yielded remarkable results, demonstrating a substantial improvement of up to 9% in accuracy across a diverse range of training dataset sizes, including scenarios with as few as 200 data samples. Our approach highlights the potential to enhance automotive network security significantly, showcasing groundbreaking achievements that set a new standard in the field of automotive cybersecurity.

Comparative Analysis of Feature Selection Techniques for LSTM Based Network Intrusion Detection Models

Network intrusion systems are inevitable in protecting enterprise assets and improving cybersecurity. The research community is always on the lookout for new approaches to improve network intrusion detection. Network intrusion systems with deep learning models are the major advancement in this field. There are many varieties of network intrusion detection systems with deep learning models that are used nowadays. Even though researchers are investing heavily in their efforts on developing better network intrusion detection systems, rapid advancement in network intrusion attempts warrant further studies in this area. In this study, I am trying to explore the impact of the different most common feature selection methods on the performance of the LSTM-based network intrusion detection system. Benchmark network intrusion dataset UNSW-NB15 was explored for this study. This study explored 8 types of LSTM models in combination with different feature selection methods. The outcome of the study was very interesting as the LSTM model without applying any feature selection method, outperformed other combinations of models.

IDS-FRNN: an intrusion detection system with optimized fuzziness-based sample selection technique

IDS-FRNN: an intrusion detection system with optimized fuzziness-based sample selection technique

Domain knowledge free cloud-IDS with lightweight embedding method

The expansion of the cloud computing market has provided a breakthrough in efficiently storing and managing data for individuals and companies. As personal and corporate data move to the cloud, diverse attacks targeting the cloud have also increased for heist beneficial information. Therefore, cloud service providers offer protective environments through diverse security solutions. However, security solutions are limited in preventing advanced attacks because it is challenging to reflect the environment of each user. This paper proposes a Cloud Intrusion Detection System (C-IDS) that adapts to each user’s cloud environment and performs real-time attack detection using Natural Language Processing (NLP). Notably, the C-IDS learns the deployed client environment logs and detects anomalies using the Seq2Seq model with BI-LSTM and Bahdanau attention. We used multiple domain datasets, Linux, Windows, Hadoop, OpenStack, Apache, OpenSSH, and CICIDS2018 to verify the performance of the C-IDS. C-IDS consists of a ‘recognition’ that identifies logs in the deployed environment and a ‘detection’ that discovers anomalies. The recognition results showed an average accuracy of 98.2% for multiple domain datasets. Moreover, the detection results based on the trained model exhibited an average accuracy of 94.2% for the Hadoop, OpenStack, Apache, and CICIDS2018 datasets.

Computer vision based distributed denial of service attack detection for resource-limited devices

The growing adoption of Internet of Things (IoT) has rendered them a desirable target for cyber-attacks. One of the biggest threats to these systems is the distributed denial of service (DDoS) attack, which is a botnet-based attack. The reason for the increasing usage of machine learning and deep learning-based intrusion detection systems in IoT network security is their ability to recognize DDoS attack. Recent studies, however, shows how susceptible IoT networks are to these kinds of attacks and detection accuracy can be greatly lowered. While a majority of studies has concentrated on DDoS attack detection for deep learning, little attention has been paid to computer vision, especially image-based artificial intelligence technologies like convolutional neural network (CNN). In this study, we use an image-based dataset to evaluate the effectiveness of CNN, an effective computer vision approach, for DDoS attack detection in IoT contexts. Owing to the small size of the selected dataset and in order to improve the CNN model’s detection efficiency, we implement various data augmentation techniques prior to the model’s training, including scaling, rotation, and vertical and horizontal flipping. Next, we introduce an efficient CNN-based method for detection of DDoS attacks in IoT settings. Ultimately, we came to the conclusion that the statistical significance testing showed that there is a significance difference among the five models employed during the study, and the VGG19 which has higher accuracy (99.74%) and less computing cost (6020.80 s), which enables IoT devices to perform DDoS attack detection with cost-effectiveness.

Edge-featured multi-hop attention graph neural network for intrusion detection system

With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an Edge-featured Multi-hop Attention Graph Neural Network for Intrusion Detection System (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.