Intrusion Detection System Research Articles

Retraction notice: Makespan of routing and security in Cross Centric Intrusion Detection System (CCIDS) over black hole attacks and rushing attacks in MANET

Retraction notice: Makespan of routing and security in Cross Centric Intrusion Detection System (CCIDS) over black hole attacks and rushing attacks in MANET

An Efficient Optimized Neural Network System for Intrusion Detection in Wireless Sensor Networks

In the realm of wireless network security, the role of intrusion detection cannot be overstated in identifying and thwarting malicious activities within communication channels. Despite the existence of various intrusion detection system (IDS) approaches, challenges persist in terms of accurate classification and specification. Consequently, this article introduces a novel and innovative approach, the African Vulture-based Modular Neural System (AVbMNS), to address these issues. This research aims to detect and categorize malicious events in wireless networks effectively. The methodology begins with preprocessing the dataset and extracting relevant features. These extracted features are then subjected to a novel training technique to enhance the detection and classification of network attacks. The integration of African Vulture optimization significantly enhances the detection rate, leading to more precise attack identification. The research's effectiveness is demonstrated through validation using the NSL-KDD dataset, with impressive results. The performance analysis reveals that the developed model achieves a remarkable 99.87% detection rate and 99.92% accuracy when applied to the NSL-KDD dataset. Furthermore, the outcomes of this novel model are compared with existing approaches to gauge the extent of improvement. The comparative assessment affirms that the developed model outperforms its counterparts, underscoring its effectiveness in addressing the challenges of intrusion detection in wireless networks.

A hybrid machine learning approach for feature selection in designing intrusion detection systems (IDS) model for distributed computing networks

A hybrid machine learning approach for feature selection in designing intrusion detection systems (IDS) model for distributed computing networks

Development of an Intrusion Detection System using ANOVA Feature Selection and Support Vector Machine Algorithms

Development of an Intrusion Detection System using ANOVA Feature Selection and Support Vector Machine Algorithms

Deep Learning-Based Network Intrusion Detection Systems

With the rapid growth of the internet, the security threats to computer networks have escalated significantly, making the reduction and prevention of cybercrime a top priority in the digital age. Traditional Network Intrusion Detection Systems (NIDS) struggle with limitations in detection accuracy and real-time performance as attackers employ increasingly sophisticated techniques. In recent years, deep learning has emerged as a prominent solution in the NIDS field due to its powerful capabilities in feature extraction and classification. This paper reviews the application of deep learning in NIDS, with a focus on Convolutional Neural Networks (CNN), Long Short-Term Memory Networks (LSTM), and their hybrid models. The paper discusses the strengths of these models in capturing spatial and temporal features and examines their performance on key datasets such as KDD Cup 99 and UNSW-NB15. Additionally, the paper addresses challenges related to computational complexity, real-time performance, and model interpretability, while suggesting future research directions, including model optimization, lightweight architectures, and improved interpretability. Finally, the potential of Automated Machine Learning (AutoML) in advancing NIDS design and enhancing response capabilities is explored. This study offers valuable insights for further research and development in NIDS.

Label flipping attacks in hierarchical federated learning for intrusion detection in IoT

ABSTRACT Federated learning (FL) is a promising approach for distributed training of deep neural networks within Internet of Things (IoT) environments, where the data generated by IoT devices stays local, and only model updates are communicated to a central server. This methodology is particularly relevant for intrusion detection systems in IoT networks, where security is paramount. However, the decentralized nature of FL introduces vulnerabilities, such as the risk of data poisoning by malicious participants. In this paper, we propose a hierarchical federated learning to reduce communication overhead and improve privacy by limiting data spread. We further explore the impact of label-flipping attacks on hierarchical FL systems used in IoT-based intrusion detection. We focus on scenarios where a subset of malicious participants attempts to degrade the global model’s performance by submitting corrupted model updates based on intentionally mislabeled data. Our findings reveal significant decreases in classification accuracy by 10.53% and recall rates, even with a minimal number of compromised participants, primarily affecting the specific classes targeted by the attackers. We further examine how the availability of these malicious nodes influences the attack’s success. To counteract these threats, we introduce a defense mechanism that successfully identifies all malicious clients and mitigates their impact. As a result, the global model’s accuracy is maintained at the original 95% level found during training without the presence of malicious clients, thereby enhancing the resilience of federated learning models in IoT security applications.

Hierarchical Federated Learning-Based Intrusion Detection for In-Vehicle Networks

Intrusion detection systems (IDSs) are crucial for identifying cyberattacks on in-vehicle networks. To enhance IDS robustness and preserve user data privacy, researchers are increasingly adopting federated learning (FL). However, traditional FL-based IDSs depend on a single central aggregator, creating performance bottlenecks and introducing a single point of failure, thereby compromising robustness and scalability. To address these limitations, this paper proposes a Hierarchical Federated Learning (H-FL) framework to deploy and evaluate the performance of the IDS. The H-FL framework incorporates multiple edge aggregators alongside the central aggregator, mitigating single-point failure risks, improving scalability, and efficiently distributing computational load. We evaluate the proposed IDS using the H-FL framework on two car hacking datasets under realistic non-independent and identically distributed (non-IID) data scenarios. Experimental results demonstrate that deploying the IDS within an H-FL framework can enhance the F1-score by up to 10.63%, addressing the limitations of edge-FL in dataset diversity and attack coverage. Notably, H-FL improved the F1-score in 16 out of 24 evaluated scenarios. By enabling the IDS to learn from diverse data, driving conditions, and evolving threats, this approach substantially strengthens cybersecurity in modern vehicular systems.

Enhancing Intrusion Detection Systems with Dimensionality Reduction and Multi-Stacking Ensemble Techniques

The deployment of intrusion detection systems (IDSs) is essential for protecting network resources and infrastructure against malicious threats. Despite the wide use of various machine learning methods in IDSs, such systems often struggle to achieve optimal performance. The key challenges include the curse of dimensionality, which significantly impacts IDS efficacy, and the limited effectiveness of singular learning classifiers in handling complex, imbalanced, and multi-categorical traffic datasets. To overcome these limitations, this paper presents an innovative approach that integrates dimensionality reduction and stacking ensemble techniques. We employ the LogitBoost algorithm with XGBRegressor for feature selection, complemented by a Residual Network (ResNet) deep learning model for feature extraction. Furthermore, we introduce multi-stacking ensemble (MSE), a novel ensemble method, to enhance attack prediction capabilities. The evaluation on benchmark datasets such as CICIDS2017 and UNSW-NB15 demonstrates that our IDS surpasses current models across various performance metrics.

Interrelated dynamic biased feature selection and classification model using enhanced gorilla troops optimizer for intrusion detection

An Intrusion Detection System (IDS) is a valuable tool for network security since it can identify attacks, intrusions, and other types of illegal access. Excessive and irrelevant data slows down the classification process and eventually weakens the system's capacity to make informed decisions when IDS is monitoring a huge volume of network traffic. Innovative approaches are utilized to create large amounts of data and a lot of network traffic in order to test its effectiveness. A vital step in machine learning is feature selection. By determining which features are most essential for describing the dataset and its initial attributes, feature selection seeks to improve intrusion prediction performance while simultaneously delving deeper into the stored data. Making a feature selection is similar to fixing an optimization problem without a clear definition when users don't know where to begin. Finding the fewest characteristics required to describe the dataset, the original features, and to conduct classification is the primary purpose of feature selection, which also aims to improve prediction performance and acquire a deeper understanding of the stored data. As a result, researchers have been focusing on feature-selection issues recently, especially in light of the massive growth in available databases. Metaheuristic algorithms using a learning model have been the subject of studies to optimize feature selection difficulties. This research uses Enhanced Gorilla Troops Optimizer (EGTO), for enhancing the feature selection process and then performing classification. This research presents a Interrelated Dynamic Biased Feature Selection Model using Enhanced Gorilla Troops Optimizer (IDBFS-EGTO) for generation of feature vector set for intrusion detection. Despite its apparent success in handling a wide range of practical problems, it risks getting mired in local optima and premature convergence when faced with more difficult optimization challenges that is overcome with EGTO. The EGTO approach, which uses a collection of operators to strike a more steady equilibrium between exploitation and exploration. The proposed model generates relevant feature subset for machine learning model for accurate detection and classification of intrusions in the network. The proposed model achieved 98.4 % accuracy in intrusion detection and 98.6 % accuracy in EGTO optimization classification. The proposed model is improved by 3.8 % in feature weight allocation accuracy and 1.2 % in detection accuracy levels. The proposed model is compared with the traditional models and the results represent that the proposed model performance is high.

AI-Enhanced Cloud Security: Proactive Threat Detection and Response Mechanisms

AI-enhanced cloud security is revolutionizing the way organizations approach cybersecurity by leveraging advanced technologies like machine learning, natural language processing, and deep learning to proactively detect and respond to cyber threats. This paper explores the integration of AI into cloud security systems, highlighting its role in improving threat detection accuracy, reducing response times, and enhancing data protection across cloud environments. The paper also examines various AI-driven tools such as intrusion detection systems, behaviour analytics, and automated threat response mechanisms, which provide real-time defence capabilities. Despite its potential, the adoption of AI in cloud security faces challenges, including data privacy concerns, algorithmic bias, integration with legacy systems, and the high computational costs associated with AI models. Furthermore, ethical, and regulatory challenges complicate the deployment and scalability of AI in cloud security. By addressing these challenges and fostering continuous innovation, organizations can unlock the full potential of AI-enhanced security systems. This paper aims to provide a comprehensive overview of the current state of AI-driven cloud security, identify the key challenges faced by organizations, and offer insights into future developments and opportunities in this rapidly evolving field.

Improvement of intrusion detection system in industrial Internet of Things based on deep learning with fog computing capability

Improvement of intrusion detection system in industrial Internet of Things based on deep learning with fog computing capability

Dynamic Arithmetic Optimization Algorithm with Deep Learning-based Intrusion Detection System in Wireless Sensor Networks

A Wireless Sensor Network (WSN) encompasses interconnected Sensor Nodes (SNs) that interact wirelessly to collect and transfer data. Security in the context of WNS refers to protocols and measures implemented for the overall functionality of the network, along with protecting the availability, confidentiality, and integrity of data against tampering, unauthorized access, and other possible security risks. An Intrusion Detection System (IDS) utilizing Deep Learning (DL) and Feature Selection (FS) leverages advanced methods to enhance effectiveness in the detection of malicious activities in a network by enhancing relevant data features and leveraging the power of Deep Neural Networks (DNNs). This study presents a Dynamic Arithmetic Optimization Algorithm within a DL-based IDS (DAOADL-IDS) in WSNs. The purpose of DAOADL-IDS is to recognize and classify intrusions in a WSN using a metaheuristic algorithm and DL models. To accomplish this, the DAOADL-IDS technique utilizes a Z-score data normalization approach to resize the input dataset in a compatible format. In addition, DAOADL-IDS employs a DAOA-based FS (DAOA-FS) model to select an optimum set of features. A Stacked Deep Belief Network (SDBN) model is employed for the Intrusion Detection (ID) process. The hyperparameter selection of the SDBN model is accomplished using the Bird Swarm Algorithm (BSA). A wide experimental analysis of the proposed DAOADL-IDS method was performed on a benchmark dataset. The performance validation of the DAOADL-IDS technique showed an accuracy of 99.68%, demonstrating superior performance over existing techniques under various measures.

Highway Foreign Body Intrusion Detection System Based on Deep Learning

This paper introduces the expressway intrusion detection system based on deep learning to improve traffic safety. The system adopts deep learning, image recognition, and foreign body detection technology to monitor the road condition in real-time through lidar and binocular camera groups to detect and distance the foreign body on the road. The system visualizes the detection results on the onboard screen to assist the driver to avoid and improve the safety of highway driving. In addition, the system also includes emergency braking, blind spot monitoring, lane departure warning, and other functions. The system has wide application prospects and development potential and is expected to be widely used in the future, providing a strong guarantee for the safe operation of expressways in China.

Enhancing intrusion detection in next-generation networks based on a multi-agent game-theoretic framework

<span lang="EN-US">With cyber threats becoming increasingly sophisticated, existing intrusion detection systems (IDS) in next generation networks (NGNs) are subjected to more false-positives and struggles to offer robust security feature, highlighting a critical need for more adaptive and reliable threat detection mechanisms. This research introduces a novel IDS that leverages a dueling deep Q-network (DQN) a reinforcement learning algorithm within game-theoretic framework simulating a multi-agent adversarial learning scenario to address these challenges. By employing a customized OpenAI Gym environment for realistic threat simulation and advanced dueling DQN mechanisms for reduced overestimation bias, the proposed scheme significantly enhances the adaptability and accuracy of intrusion detection. Comparative analysis against current state-of-the-art methods reveals that the proposed system achieves superior performance, with accuracy and F1-score improvements to 95.02% and 94.68%, respectively. These results highlight the potential scope of the proposed adaptive IDS to provide a robust defense against the dynamic threat landscape in NGNs.</span>

Network intrusion detection in big datasets using Spark environment and incremental learning

<p class="Abstract">Internet of things (IoT) systems have experienced significant growth in data traffic, resulting in security and real-time processing issues. Intrusion detection systems (IDS) are currently an indispensable tool for self-protection against various attacks. However, IoT systems face serious challenges due to the functional diversity of attacks, resulting in detection methods with machine learning (ML) and limited static models generated by the linear discriminant analysis (LDA) algorithm. The process entails adjusting the model parameters in real time as new data arrives. This paper proposes a new method of an IDS based on the LDA algorithm with the incremental model. The model framework is trained and tested on the IoT intrusion dataset (UNSW-NB15) using the streaming linear discriminant analysis (SLDA) ML algorithm. Our approach increased model accuracy after each training, resulting in continuous model improvement. The comparison reveals that our dynamic model becomes more accurate after each batch and can detect new types of attacks.</p>

Intrusion Detection in IoT using Gaussian Fuzzy Mutual Information-based Feature Selection

The proliferation of Internet of Things (IoT) devices has revolutionized various sectors by enabling real-time monitoring, data collection, and intelligent decision-making. However, the massive volume of data generated by these devices presents significant challenges for data processing and analysis. Intrusion Detection Systems (IDS) for IoT require efficient and accurate identification of malicious activities amidst vast amounts of data. Feature selection is a critical step in this process, aiming to identify the most relevant features that contribute to accurate intrusion detection, thus reducing computational complexity and improving model performance. Traditional Mutual Information-based Feature Selection (MIFS) methods face challenges when applied to IoT data due to their inherent noise, uncertainty, and imprecision. This study introduces a novel Fuzzy Mutual Information-based Feature Selection (Fuzzy-MIFS) method that integrates fuzzy logic with Gaussian membership functions to address these challenges. The proposed method enhances the robustness and effectiveness of the feature selection process, resulting in improved accuracy and efficiency of IDSs in IoT environments. Experimental results demonstrate that the Fuzzy-MIFS method consistently outperformed existing feature selection techniques across various neural network models, such as CNN, LSTM, and DBN, showcasing its superior performance in handling the complexities of IoT data. The results show that Fuzzy-MIFS increased the accuracy from 0.962 to 0.986 for CNN, from 0.96 to 0.968 for LSTM, and from 0.96 to 0.97 for DBN.

Exploiting self-evolutionary strategies of components for Dynamic Heterogeneous Redundancy

The network security situation is increasingly serious. Traditional security equipment like firewalls and intrusion detection systems cannot prevent unknown risks due to their passive nature. Dynamic Heterogeneous Redundancy (DHR) actively defends by switching the attack surface and confusing attackers, becoming essential in modern network defense. However, existing DHR approaches based on scheduling algorithms struggle under high-intensity attacks due to resource limitations. To overcome this weakness, we propose a Genetic Algorithm and Particle Swarm Optimization (GAPSO), a novel DHR architecture. GAPSO provides real-time security awareness of host components, maps potential attacker paths, and calculates the risk probability of each component. High-risk components evolve into others in the pool during attacks. Experiments show that GAPSO significantly reduces system risk compared to scheduling-based DHR and effectively delays the hacker’s attack lifecycle. Additionally, we developed a prototype system and evaluated it in a real network environment, obtaining positive results.

A novel deep anomaly detection approach for intrusion detection in futurisitic network

<span lang="EN-US">In an era where networks are increasingly heterogeneous and multi-domain, establishing robust security models to protect data and network infrastructure is becoming ever more complex. Traditional intrusion detection systems (IDS) often struggle with novel or variant attacks that fall outside predefined rule sets, resulting in significant detection challenges. This paper proposes a methodologically refined approach leveraging data-driven insights and statistically robust feature selection to enhance the training dataset. The study presents a long short-term memory-autoencoder (LSTM-AE) based learning model designed for multi-class anomaly detection. The model's novelty lies in its application of distance metrics to define distinct thresholds for varied attack classifications, a strategy that significantly amplifies detection precision. Experimental results validate the superior performance of the proposed system, achieving 94.82% accuracy rate, outperforming similar existing works. The study also proactively addresses common issues of class imbalance and skewed data representation in benchmark datasets by strategically training the model on normal traffic, enhancing its capability to generalize and identify anomalies effectively.</span>

LH-IDS: Lightweight Hybrid Intrusion Detection System Based on Differential Privacy in VANETs

LH-IDS: Lightweight Hybrid Intrusion Detection System Based on Differential Privacy in VANETs

Network Intrusion Detection Using Transformer Models and Natural Language Processing for Enhanced Web Application Attack Detection

The increasing frequency and complexity of web application attacks necessitate more advanced detection methods. This research explores integrating Transformer models and Natural Language Processing (NLP) techniques to enhance network intrusion detection systems (NIDS). Traditional NIDS often rely on predefined signatures and rules, limiting their effectiveness against new attacks. By leveraging the Transformer's ability to capture long-term dependencies and the contextual richness of NLP, this study aims to develop a more adaptive and intelligent intrusion detection framework. Utilizing the CSIC 2010 dataset, comprehensive preprocessing steps such as tokenization, stemming, lemmatization, and normalization were applied. Techniques like Word2Vec, BERT, and TF-IDF were used for text representation, followed by the application of the Transformer architecture. Performance evaluation using accuracy, precision, recall, F1 score, and AUC demonstrated the superiority of the Transformer-NLP model over traditional machine learning methods. Statistical validation through Friedman and T-tests confirmed the model's robustness and practical significance. Despite promising results, limitations include the dataset's scope, computational complexity, and the need for further research to generalize the model to other types of network attacks. This study indicates significant improvements in detecting complex web application attacks, reducing false positives, and enhancing overall security, making it a viable solution for addressing increasingly sophisticated cybersecurity threats