Approach For Intrusion Detection System Research Articles

FedKD-IDS: A robust intrusion detection system using knowledge distillation-based semi-supervised federated learning and anti-poisoning attack mechanism

In the realm of the Internet of Things (IoT), there has been a notable increase in the development and efficacy of Intrusion Detection Systems (IDS) that leverage machine learning (ML). Specifically, Federated Learning-based IDSs (FL-based IDS) have witnessed significant growth. These systems aim to mitigate data privacy breaches and minimize the communication overhead associated with dataset collection. Limited hardware resources also pose a significant constraint, preventing numerous IoT devices from actively engaging in FL. However, despite these advancements, certain challenges persist in the research domain. Issues such as elevated communication overhead, the potential for recovering private data, non-independent and identically distributed (Non-IID) data and a scarcity of labeled data remain noteworthy concerns. Additionally, vulnerabilities exist in the server-client communication during the FL process, creating opportunities for attackers to execute poisoning attacks on the client side with relative ease. To address these challenges, our paper introduces a semi-supervised approach for FL-based IDS. Our approach, named FedKD-IDS, employs knowledge distillation with a voting mechanism in place of weighted parameter aggregation and incorporates an anti-poisoning method. We conducted experiments to evaluate the effectiveness of our approach across diverse scenarios, including scenarios with Non-IID and varying data distributions. Additionally, we investigated various rates of malicious collaboration to demonstrate their impact in the federated training process. The results obtained from the real-world N-BaIoT dataset indicate that our approach surpasses the performance of the state-of-the-art (SOTA) SSFL method. Especially, even in the context of a poisoning attack where 50% of all collaborators targeted label flipping attack, FedKD-IDS demonstrated an accuracy of 79%, surpassing SSFL, which achieved only 19.86%. Furthermore, the outcomes also validated that the FedKD-IDS method has the capability to exclude over 85% of malicious collaborators during the aggregation phase of the federated training process.

Explainable AI-based innovative hybrid ensemble model for intrusion detection

AbstractCybersecurity threats have become more worldly, demanding advanced detection mechanisms with the exponential growth in digital data and network services. Intrusion Detection Systems (IDSs) are crucial in identifying illegitimate access or anomalous behaviour within computer network systems, consequently opposing sensitive information. Traditional IDS approaches often struggle with high false positive rates and the ability to adapt embryonic attack patterns. This work asserts a novel Hybrid Adaptive Ensemble for Intrusion Detection (HAEnID), an innovative and powerful method to enhance intrusion detection, different from the conventional techniques. HAEnID is composed of a string of multi-layered ensemble, which consists of a Stacking Ensemble (SEM), a Bayesian Model Averaging (BMA), and a Conditional Ensemble method (CEM). HAEnID combines the best of these three ensemble techniques for ultimate success in detection with a considerable cut in false alarms. A key feature of HAEnID is an adaptive mechanism that allows ensemble components to change over time as network traffic patterns vary and new threats appear. This way, HAEnID would provide adequate protection as attack vectors change. Furthermore, the model would become more interpretable and explainable using Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME). The proposed Ensemble model for intrusion detection on CIC-IDS 2017 achieves excellent accuracy (97-98%), demonstrating effectiveness and consistency across various configurations. Feature selection further enhances performance, with BMA-M (20) reaching 98.79% accuracy. These results highlight the potential of the ensemble model for accurate and reliable intrusion detection and, hence, is a state-of-the-art choice for accuracy and explainability.

Correction: Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

Correction: Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

A Practical Approach to Intrusion Detection in IoV Networks Using LCCDE Ensemble Framework

Abstract: With the rapid development of the Internet of Things (IoT) and the Internet of Vehicles (IoV) technologies, modern vehicles are increasingly adopting network-controlled functionalities, exposing them to a variety of cyber threats. To address these security challenges, this paper implements and evaluates a novel ensemble Intrusion Detection System (IDS) framework, named Leader Class and Confidence Decision Ensemble (LCCDE). The LCCDE framework integrates three advanced Machine Learning (ML) algorithms—XGBoost, LightGBM, and CatBoost—to detect various types of cyber-attacks on both intra-vehicle and external vehicular networks.This study demonstrates the effectiveness of the LCCDE framework using two public IoV security datasets: the Car-Hacking dataset and the CICIDS2017 dataset. By identifying the best-performing ML model for each class of attacks and leveraging prediction confidence values, LCCDE achieves high detection accuracy and robustness against diverse attack types. The experimental results show that the proposed framework outperforms traditional IDS approaches in terms of detection accuracy, computational efficiency, and adaptability to different types of cyber-attacks. This paper provides practical insights into the implementation and deployment of IDS in IoV systems, highlighting the potential of ensemble learning methods to enhance vehicular network security.

A Deep Learning Approach for Intrusion Detection Systems –A Review

Throughout the past decade, the researchers have developed many a number of intrusion detection systems. Some of these were developed to work on host based and some were network-based intrusion detection systems. The presented systems are combination of HIDS/NIDS and signature/anomaly based, or hybrid systems. The intrusion detection system is an intelligence system known as computational intelligence. The main goal of computational intelligence is to provide solutions to complex real-world problems. An effective IDS must use more than standard mathematical techniques and conventional analysis methods combined with soft computing techniques to synergistically create a more robust IDS. In this paper, we review three important areas of research that have significant implication for proposed framework. First, we review existing shallow learning intrusion detection systems both in machine and deep learning. In the second section, we review existing hybrid intrusion detection systems. Finally, we provide some findings and analysis of the literature studies.

Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

Taxonomy of deep learning-based intrusion detection system approaches in fog computing: a systematic review

A Deep Learning Approach for Intrusion Detection Systems in Cloud Computing Environments

Cloud computing services have become indispensable to people’s lives. Many of their activities are performed through cloud services, from small companies to large enterprises and individuals to government agencies. It has enabled clients to use companies’ services on demand at the lowest cost anywhere, anytime, over the Internet. Despite these advantages, cloud networks are vulnerable to many types of attacks. However, as the adoption of cloud services accelerates, the risks associated with these services have also increased. For this reason, solutions have been implemented to improve cloud security, such as monitoring networks, the backbone of the cloud infrastructure, and detecting and classifying cyberattacks. Therefore, an intrusion detection system (IDS) is one of the essential defenses for detecting attacks in the cloud computing network. Current IDSs encounter some challenges in handling and simultaneously analyzing the large scale of traffic found in the cloud environment, and this affects the accuracy of cyberattack detection. Therefore, this research proposes a deep learning-based model by leveraging advanced convolutional neural networks (CNNs)-based model architecture to detect cyberattacks in the cloud environment efficiently. The proposed CNN-based model for intrusion detection consists of multiple significant stages: dataset collection, preprocessing, the SMOTE balance data strategy, feature selection, model training, testing, and performance evaluation. Experiments have demonstrated that the proposed model is highly effective in protecting cloud networks against various potential attacks. With over 98.67% accuracy, precision, and recall, the model has proven its ability to detect and classify network intrusions. Detailed analyses show that the model is proficient in securing cloud security measures and mitigating the risks associated with evolving security threats.

Machine learning approach for intrusion detection system using dimensionality reduction

As cyberspace has emerged, security in all the domains like networks, cloud, and databases has become a greater concern in real-time distributed systems. Existing systems for detecting intrusions (IDS) are having challenges coping with constantly changing threats. The proposed model, DR-DBMS (dimensionality reduction in database management systems), creates a unique strategy that combines supervised machine learning algorithms, dimensionality reduction approaches and advanced rule-based classifiers to improve intrusion detection accuracy in terms of different types of attacks. According to simulation results, the DR-DBMS system detected the intrusion attack in 0.07 seconds and with a smaller number of features using the dimensionality reduction and feature selection techniques efficiently.

A Comprehensive Study on CIC-IDS2017 Dataset for Intrusion Detection Systems

In the present era of digital technology, electronic assaults result in the compromise of confidential information and substantial financial ramifications for individuals, organizations, and nations. Hence, the role of cybersecurity resources is essential in safeguarding data from any Cybersecurity event. Researchers are prioritizing the use of anomaly-based intrusion detection systems for the identification of cybersecurity threats. Machine learning algorithms are crucial in this endeavor since they possess the ability to identify such attacks reliably. It’s a dataset that enhances the efficiency of the machine learning algorithms. The datasets currently employed in intrusion detection systems exhibit a notable deficiency in accurately representing actual network threats and attacks. They also contain a significant number of concealed threats, thereby restricting the precision of detection within existing machine-learning intrusion detection system approaches. Consequently, these systems are unable to effectively cope with the growing number of novel attacks in the real word scenarios, in cloud environments. The objective of this study is to integrate the categorization and analysis of current datasets to enhance the generation of future datasets that accurately replicate actual network data. This will enhance the efficacy of the next generation of intrusion detection systems and correctly mirror network threats.

Effective data transmission through energy-efficient clustering and Fuzzy-Based IDS routing approach in WSNs

Wireless sensor networks (WSN) gather information and sense information samples in a certain region and communicate these readings to a base station (BS). Energy efficiency is considered a major design issue in the WSNs, and can be addressed using clustering and routing techniques. Information is sent from the source to the BS via routing procedures. However, these routing protocols must ensure that packets are delivered securely, guar- anteeing that neither adversaries nor unauthentic individuals have access to the sent information. Secure data transfer is intended to protect the data from illegal access, damage, or disruption. Thus, in the proposed model, secure data transmission is developed in an energy-effective manner. A low-energy adaptive clustering hierarchy (LEACH) is developed to efficiently transfer the data. For the intrusion detection systems (IDS), Fuzzy logic and artificial neural networks (ANNs) are proposed. Initially, the nodes were randomly placed in the network and initialized to gather information. To ensure fair energy dissipation between the nodes, LEACH randomly chooses cluster heads (CHs) and allocates this role to the various nodes based on a round-robin management mechanism. The intrusion-detection procedure was then utilized to determine whether intruders were present in the network. Within the WSN, a Fuzzy interference rule was utilized to distinguish the malicious nodes from legal nodes. Subsequently, an ANN was employed to distinguish the harmful nodes from suspicious nodes. The effectiveness of the proposed approach was validated using metrics that attained 97% accuracy, 97% specificity, and 97% sensitivity of 95%. Thus, it was proved that the LEACH and Fuzzy-based IDS approaches are the best choices for securing data transmission in an energy-efficient manner.

Design and implementation of a deep neural network approach for intrusion detection systems

Due to the increased reliance of many a human system on cyber infrastructures, there is the continuous need for intelligent protection schemes to be developed as the spate of cyber-attacks is on the rise. Such intelligent systems that could easily detect both existing and zero-day attacks are highly sought in the complex and fast evolving cyberspace. In this regard, machine learning as well as deep learning models have been very effective. However, there is the need for better performing models than the existing ones. This work is aimed at the design and implementation of a Deep Neural Network model for detecting intrusions in computer networks. Techniques such as SMOTE and Random Sampling were applied to handle data imbalance in the CICIDS 2017 dataset. The entire experiment was carried out on a single Jupyter notebook in the Google Colaboratory environment where relevant software libraries such as seaborn, pandas, matplotlib, keras, and Tensor Flow were imported and thereafter implemented as required. Performance metrics of accuracy and loss at both training and validation of the model were considered. Results show that the deep learning model was excellent at predicting attacks with the CICIDS 2017 dataset, achieving accuracy score of 99.68 % and loss of 0.0102.

Securing cloud-enabled smart cities by detecting intrusion using spark-based stacking ensemble of machine learning algorithms

<abstract> <p>With the use of cloud computing, which provides the infrastructure necessary for the efficient delivery of smart city services to every citizen over the internet, intelligent systems may be readily integrated into smart cities and communicate with one another. Any smart system at home, in a car, or in the workplace can be remotely controlled and directed by the individual at any time. Continuous cloud service availability is becoming a critical subscriber requirement within smart cities. However, these cost-cutting measures and service improvements will make smart city cloud networks more vulnerable and at risk. The primary function of Intrusion Detection Systems (IDS) has gotten increasingly challenging due to the enormous proliferation of data created in cloud networks of smart cities. To alleviate these concerns, we provide a framework for automatic, reliable, and uninterrupted cloud availability of services for the network data security of intelligent connected devices. This framework enables IDS to defend against security threats and to provide services that meet the users' Quality of Service (QoS) expectations. This study's intrusion detection solution for cloud network data from smart cities employed Spark and Waikato Environment for Knowledge Analysis (WEKA). WEKA and Spark are linked and made scalable and distributed. The Hadoop Distributed File System (HDFS) storage advantages are combined with WEKA's Knowledge flow for processing cloud network data for smart cities. Utilizing HDFS components, WEKA's machine learning algorithms receive cloud network data from smart cities. This research utilizes the wrapper-based Feature Selection (FS) approach for IDS, employing both the Pigeon Inspired Optimizer (PIO) and the Particle Swarm Optimization (PSO). For classifying the cloud network traffic of smart cities, the tree-based Stacking Ensemble Method (SEM) of J48, Random Forest (RF), and eXtreme Gradient Boosting (XGBoost) are applied. Performance evaluations of our system were conducted using the UNSW-NB15 and NSL-KDD datasets. Our technique is superior to previous works in terms of sensitivity, specificity, precision, false positive rate (FPR), accuracy, F1 Score, and Matthews correlation coefficient (MCC).</p> </abstract>

An Incremental Majority Voting Approach for Intrusion Detection System Based on Machine Learning

An Incremental Majority Voting Approach for Intrusion Detection System Based on Machine Learning

MuDeLA: multi-level deep learning approach for intrusion detection systems

In recent years, deep learning techniques have achieved significant results in several fields, like computer vision, speech recognition, bioinformatics, medical image analysis, and natural language processing. On the other hand, deep learning for intrusion detection has been widely used, particularly the implementation of convolutional neural networks (CNN), multilayer perceptron (MLP), and autoencoders (AE) to classify normal and abnormal. In this article, we propose a multi-level deep learning approach (MuDeLA) for intrusion detection systems (IDS). The MuDeLA is based on CNN and MLP to enhance the performance of detecting attacks in the IDS. The MuDeLA is evaluated by using various well-known benchmark datasets like KDDCup'99, NSL-KDD, and UNSW-NB15 in order to expand the comparison with different related work results. The outcomes show that the proposed MuDeLA achieves high efficiency for multiclass classification compared with the other methods, where the accuracy reaches 95.55 for KDDCup'99, 88.12 for NSL-KDD, and 90.52 for UNSW-NB15.

In-vehicle network intrusion detection systems: a systematic survey of deep learning-based approaches

Developments in connected and autonomous vehicle technologies provide drivers with many convenience and safety benefits. Unfortunately, as connectivity and complexity within vehicles increase, more entry points or interfaces that may directly or indirectly access in-vehicle networks (IVNs) have been introduced, causing a massive rise in security risks. An intrusion detection system (IDS) is a practical method for controlling malicious attacks while guaranteeing real-time communication. Regarding the ever-evolving security attacks on IVNs, researchers have paid more attention to employing deep learning-based techniques to deal with privacy concerns and security threats in the IDS domain. Therefore, this article comprehensively reviews all existing deep IDS approaches on in-vehicle networks and conducts fine-grained classification based on applied deep network architecture. It investigates how deep-learning techniques are utilized to implement different IDS models for better performance and describe their possible contributions and limitations. Further compares and discusses the studied schemes concerning different facets, including input data strategy, benchmark datasets, classification technique, and evaluation criteria. Furthermore, the usage preferences of deep learning in IDS, the influence of the dataset, and the selection of feature segments are discussed to illuminate the main potential properties for designing. Finally, possible research directions for follow-up studies are provided.

Personalized federated learning-based intrusion detection system: Poisoning attack and defense

To deal with the increasing number of cyber-attacks, intrusion detection system (IDS) plays an important role in monitoring and ensuring the security of the computer network. With the power of machine learning and deep learning, intelligent IDS systems have gained increasing attention due to their efficiency and high classification accuracy. However, the premise of machine learning/deep learning is that the data must be in one central entity (e.g., server) to train the model. This causes additional concerns, such as data transmission costs and privacy leakage. Federated learning complements this shortcoming with a privacy-preserving decentralized learning technique. In federated learning, the data are not shared with the server, local model training is performed where the data reside and only the model parameters are exchanged with the server. This work investigates the federated learning-based IDS approach in the context of IoT data to study the main challenges imposed by federated learning. Two main issues, such as data heterogeneity and poisoning attacks launched by malicious clients, are the main focus of this study. As real-world IoT datasets are heterogeneous, we propose a personalized federated learning-based IDS approach to handle imbalanced data distributions. Moreover, a curious yet malicious client can poison the local data or model to corrupt the global intrusion detection model due to the distributed nature of federated learning, where the central server has no control over the client’s local training process. This study demonstrates that the existence of a malicious client can degrade the performance of the federated learning-based IDS model. Accordingly, we propose a robust approach called pFL-IDS to combat poisoning attacks against the federated learning-enabled IDS on heterogeneous IoT data. Our approach introduces mini-batch logit adjustment loss to local model training to obtain a personalized model tailored to each local data distribution. Moreover, we design a detection mechanism at the server to identify malicious agents by considering the cosine similarity of local models from the non-poisoned client’s centroid. The non-poisoned centroid is determined from the similarity between the pre-computed global model and the local models. If the poisoning attack is successful, poisoned clients will be closer to the pre-computed global model; any models further from the pre-computed model are taken as the non-poisoned clients. With this two-phase client similarity alignment, we identify poisoned clients and restrict their aggregation on the global intrusion detection model. In comparison with the baseline methods, we demonstrate that our pFL-IDS can detect poisoning attacks without compromising performance.

Detecting and classifying man-in-the-middle attacks in the private area network of smart grids

The sustainable development of smart grids requires the massive deployment of renewable energy, in a highly distributed manner, introducing new challenges for the system operation. Therefore, the integration of information and communication technologies in sites with Distributed Energy Resources (DERs) is needed to monitor and control the DERs operation. In this scheme, a local controller is installed at each DER site to interact with the centralized applications at the grid level and the power equipment at the site level. This local controller uses client–server protocols (e.g., Modbus TCP/IP and IEC 61850 Manufacturing Message Specification) to communicate with different power equipment in the Private Area Network (PAN) of the site. Such protocols often lack information confidentiality and integrity mechanisms. As a result, the smart grids become vulnerable to cyber-attacks. To safeguard smart grid applications, this paper proposes a Hybrid Network Intrusion Detection System approach (HNIDS), where machine learning-based anomaly and signature-based are combined. The proposed methodology detects and classifies Man-In-The-Middle (MITM) attacks in eavesdropping mode in PANs, without violating customer privacy. The ability to detect unknown MITM attack techniques, identify affected packets, and determine the victim device(s) are the major advantages of this approach. An experimental testbed has been used to collect real-life data and validate the effectiveness of the proposed approach in smart grid applications. The proposed HNIDS is evaluated using a simulation as well as real-life laboratory experiments, demonstrating very high accuracy in detection rate, from 97.6% to 100%, with an average of the weighted F1-score over 98%.

Hybrid extreme learning machine-based approach for IDS in smart Ad Hoc networks

In recent years, intrusion detection systems (IDSs) have increasingly come to be regarded as a significant method due to their potential to develop into a key component that is necessary for the safety of computer networks. This work focuses on the usage of extreme learning machines, which are also known as ELMs, with the purpose of spotting prospective intrusions and assaults. The proposed method combines the self-adaptive differential evolution method for optimising network input weights and hidden node biases and multi-node probabilistic approach with the extreme learning machine for deriving network output weights. This body of work presents an innovative method of learning that can be put into practice in order to determine whether or not an incursion has taken place in the system that is the focus of the investigation that is being carried out by this body of work. A hybrid extreme learning machine is used in the execution of this strategy. When there is one thousand times more traffic on a network, the ability of regular IDS systems to detect malicious network intrusions is lowered by a factor of one hundred. This is because there are less opportunities to detect the intrusions. This is due to the fact that there are less probabilities to identify potential dangers. This paper lays the groundwork for a novel methodology for identifying malicious network breaches. The findings of the simulation demonstrated that putting into practice the approach that was proposed resulted in an improvement in the accuracy of the scenario's classification while it was being investigated. The implementation of the method seems to have produced the desired results.

Leveraging Explainable Artificial Intelligence in Real-Time Cyberattack Identification: Intrusion Detection System Approach

Cyberattacks are part of the continuous race, where research in computer science both contributes to discovering new threats and vulnerabilities and also mitigates them. When new vulnerabilities are not reported but sold to attackers, they are called “zero-days,” and are particularly difficult to identify. Modern intrusion detection systems (IDS) that leverage artificial intelligence (AI) and machine learning (ML) are becoming essential in identifying these cyber threats. This study presents the design of an IDS using ML and Explainable AI (XAI) techniques for real-time classification of various detected cyberattacks. By utilizing frameworks such as Apache Kafka and Spark, along with libraries such as Scikit-learn and SHAP, the system identifies and classifies normal or anomalous network traffic in real-time. The XAI offers the IDS the option to explain the rationale behind each classification. The primary aim of this research is to develop a flexible and scalable IDS that can provide clear explanations for its decisions. The second aim is to compare and analyze different ML models to achieve the best results in terms of accuracy, f1, recall, and precision. Random Forest models proposed in this research article obtained the best results in figuring out the key features identified by the XAI model, which includes Ct_state_ttl, Sttl, Dmean, and Dbytes from the UNSW-NB15 dataset. Finally, this research work introduces different machine learning algorithms with superior performance metrics compared to other real-time classification methods.

Distributed deep learning approach for intrusion detection system in industrial control systems based on big data technique and transfer learning

ABSTRACT Industry 4.0 refers to a new generation of connected and intelligent factories that is driven by the emergence of new technologies such as artificial intelligence, Cloud computing, Big Data and industrial control systems (ICS) in order to automate all phases of industrial operations. The presence of connected systems in industrial environments poses a considerable security challenge, moreover with the huge amount of data generated daily, there are complex attacks that occur in seconds and target production lines and their integrity. But, until now, factories do not have all the necessary tools to protect themselves, they mainly use traditional protection. In order to improve industrial control systems in terms of efficiency and response time, the present paper propose a new distributed intrusion detection approach using artificial intelligence methods, Big Data techniques and deployed in a cloud environment. A variety of Machine Learning and Deep Learning algorithms, basically convolutional neural networks (CNN), have been tested to compare performance and choose the most suitable model for the classification. We test the performance of our model by using the industrial dataset SWat.