Intrusion Detection Research Articles

AN ADVANCED APPROACH FOR DETECTING BEHAVIOR BASED INTRANET ATTACKS BY MACHINE LEARNING

In the realm of cybersecurity, the detection of intranet attacks poses a significant challenge due to the evolving nature of malicious behaviors. This paper proposes an advanced approach for detecting behavior-based intranet attacks utilizing machine learning techniques. By leveraging the power of machine learning algorithms, the proposed approach aims to effectively identify and mitigate intranet attacks based on their behavioral patterns. Through the analysis of network traffic and system logs, the model learns to distinguish between normal and anomalous behaviors, thereby enabling proactive threat detection and response mechanisms. The proposed approach offers a promising avenue for enhancing the security posture of intranet environments by providing real-time detection capabilities and adaptive defense mechanisms. KEYWORDS: Machine Learning, Intrusion Detection, Behavior-based Attacks, Cybersecurity, Network Security.

Detecting Cybersecurity Threats in Digital Energy Systems Using Deep learning for Imbalanced Datasets

Energy management systems are experiencing significant transformations due to the adoption of innovative business models and advanced digital technologies. This study aims to investigate the intersection of artificial intelligence and cybersecurity within energy infrastructures, specifically focusing on developing a comprehensive methodology that effectively detects security threats in digitalized systems. The research evaluates existing energy policies and regulations while emphasizing the critical role of deep learning algorithms in enhancing cybersecurity through advanced threat detection, predictive analytics, automated responses, and continuous learning capabilities. A significant aspect of this study is the effective handling of imbalanced datasets, which is essential for optimizing deep learning performance in cybersecurity applications. Furthermore, the paper presents a comparative analysis of network intrusion detection systems and proposes a feature selection methodology by a novel feature reduction methodology designed to enhance deep learning capabilities for addressing specific challenges in imbalanced datasets of critical energy infrastructure. The expected results include insights into how artificial intelligence-driven methodologies can effectively mitigate cybersecurity threats in energy systems through a robust hybrid deep learning framework that addresses imbalanced datasets via advanced feature reduction techniques. Ultimately, this research contributes to enhancing both the immediate security of energy infrastructures and their long-term resilience against evolving cyber threats. By clarifying the contributions of deep learning methods to the literature on supervisory control and data acquisition system security, this study aims to bridge existing gaps and provide actionable insights for practitioners and policymakers in the energy sector and integrates regulatory frameworks (EU AI Act, NIST CSF 2.0, ISO/IEC standards) with a hybrid deep learning model addressing spatial, temporal, and structural intrusion patterns in SCADA systems using imbalanced data and a novel feature selection methodology within artificial intelligence.

Meta-IDS: Meta-Learning Automotive Intrusion Detection Systems with Adaptive and Learnable

Meta-IDS: Meta-Learning Automotive Intrusion Detection Systems with Adaptive and Learnable

A new intrusion detection method using ensemble classification and feature selection

Intrusion Detection Systems (IDS) play a crucial role in ensuring network security by identifying and mitigating cyber threats. This study introduces a hybrid intrusion detection approach that integrates Convolutional Neural Networks (CNNs) for feature extraction and the Random Forest (RF) algorithm for classification. The proposed method enhances detection accuracy by leveraging CNNs to automatically extract relevant network features, reducing data dimensionality and noise. Subsequently, the RF classifier processes these optimized features to achieve robust and precise intrusion classification. To evaluate the effectiveness of the approach, experiments were conducted on the KDD99 and UNSW-NB15 datasets. The results demonstrate that the proposed model achieves an accuracy of 97% and a precision of over 98%, outperforming traditional machine learning-based IDS solutions. These findings highlight the potential of the proposed hybrid framework as a scalable and efficient cybersecurity solution for real-world network environments.

CyberBERT: Network Security Intelligence with Language AI and Real-time Power BI Analytics

We're living in a world where cyber threats are constantly evolving, creating an urgent need for smarter security tools. In this paper, we introduce CyberBERT, a new approach that brings the power of language AI to network security. Here's the cool part: we've figured out how to transform complex network data into something that language models can understand, letting us identify threats with remarkable accuracy. By converting 84 different network measurements into something resembling natural language, we've created a bridge between network security and the recent breakthroughs in AI language understanding. Our system achieves 96% accuracy in identifying six different types of network traffic (normal connections, DoS attacks, port scanning, and more), and it works incredibly fast—just 5 milliseconds on systems with a decent GPU and 40 milliseconds on regular computers. This is significantly better than traditional approaches, with accuracy improvements of over 3%. Throughout this paper, we'll walk you through how CyberBERT works, why transforming network data into text makes such a difference, and how we've optimized everything to run in real-time on standard hardware. What's particularly exciting is that our system can spot sophisticated attack patterns without requiring the extensive expert knowledge that traditional systems demand. Key Words: Network Security, Traffic Classification, Distilbert, Bert, Transformer Models, Intrusion Detection, Deep Learning, Real-time Analysis, Feature Transformation

A Network Anomaly Traffic Detection Method Based on CNN‐LSTM

ABSTRACTAs information technology advances swiftly, the internet has become an indispensable component of modern life. The proliferation of various applications and services has led to a surge in network traffic, posing unprecedented challenges for network security. Traditional machine learning algorithms have faced challenges in accurately detecting abnormal network traffic, prompting the adoption of deep learning technologies. These technologies are recognized as pivotal tools for network traffic anomaly detection due to their robust feature extraction capabilities and their ability to handle complex patterns. However, existing deep learning methods often grapple with high false positive rates and limited generalization ability. To address these issues, this research proposes a combined CNN‐LSTM framework, with the CNN component dedicated to extracting spatial features and the LSTM component responsible for detecting temporal sequences. This hybrid approach leverages the CNN's ability to capture spatial correlations in data and the LSTM's strength in capturing long‐term temporal dependencies, effectively enhancing the accuracy and reliability of network traffic anomaly detection. Experimental results demonstrate that, when applied to the dataset of UNSW‐NB15, the CNN‐LSTM model achieves a binary classification detection accuracy of 96.67%, representing a 4.14% enhancement over the CNN model and a 2.16% improvement compared to the LSTM model. The multi‐class classification detection accuracy is 96.20%, showing improvements of 0.38% and 4.4% over CNN and LSTM, respectively. These findings underscore the superiority of the proposed method in detecting network anomaly traffic, with enhanced accuracy observed on the dataset of UNSW‐NB15. The model of this research is particularly promising for real‐world applications such as intrusion detection systems and network monitoring, and future work could explore its scalability and the integration of additional features.

Detecting malicious nodes using game theory and reinforcement learning in software-defined networks

Mafia, or Werewolf, is a strategic game where two teams compete to eliminate each other’s players through deception and hidden roles. The game dynamics and role interactions share notable similarities with adversarial behaviors in network security, making it a valuable framework for modeling cyber threats, particularly botnet detection. In this paper, we introduce a novel game-theoretic approach to botnet detection, leveraging the strategic deception dynamics of the Mafia game to model adversarial behavior in cybersecurity. We present a mathematical model for Mafia games, formulating winning strategies for different roles using linear relations and reinforcement learning techniques. Furthermore, we establish a direct mapping between Mafia game roles and network security components, illustrating how botnet attack patterns align with hidden-role game mechanics. Our proposed detection strategies are applied to real-world network attack scenarios, demonstrating their effectiveness in mitigating botnet threats. We evaluate the model using applicable security metrics and compare the results with existing detection methodologies to validate the approach. Our findings indicate that the suggested strategies improve detection accuracy by 12% over conventional methods. Additionally, we conduct network emulations using Mininet, simulating Mirai botnet infections. The results show that the true positive and true negative detection rates for a network modeled by the Mafia game framework reach 71% and 91%, respectively. These insights provide a foundation for integrating deception-based modeling into modern intrusion detection systems, enhancing network resilience against adaptive cyber threats.

Comparative Analysis of Machine Learning Techniques for Intrusion Detection in IoT Networks

The rapid increase of Internet of Things (IoT) devices has introduced significant security challenges, requiring the development of effective Intrusion Detection Systems (IDS) to protect networks from malicious attacks. This study presents a comparative analysis of five machine learning (ML) algorithms (Random Forest (RF), K-Nearest Neighbors (KNN), Naïve Bayes (NB), XGBoost, and Support Vector Machine (SVM)) for IoT intrusion detection using the NSL-KDD dataset. Linear Discriminant Analysis (LDA) is used as a feature extraction technique to optimize model performance by reducing data dimensionality while retaining critical information. Three LDA scenarios with 2, 3, and 4 extracted features are used to compare the mentioned ML algorithms using the performance metrics like accuracy, precision, recall, F1-score, and execution time. The results show that RF achieved the highest accuracy (98.76%) with a slightly higher execution times making it ideal for applications prioritizing accuracy. KNN and XGBoost displayed a balance between high accuracy and computational efficiency, with execution times suitable for real-time IoT applications, with KNN achieving the shortest execution time. The results also highlight the importance of selecting ML algorithms based on the trade-offs between accuracy and efficiency for IoT intrusion detection.

A simulation-driven computational framework for adaptive energy-efficient optimization in machine learning-based intrusion detection systems

This paper presents GreenMU, an innovative proposed novel framework designed to address the two main challenges: energy efficiency as one of the main research components and detection performance in intrusion detection systems. In the proposed research paper study, by integrating advanced machine learning techniques such as random forest classifier and support vector machines classifier with knowledge distillation and adaptive energy-aware optimization, GreenMU achieves a balanced trade-off between computational efficiency and cybersecurity accuracy. The proposed MUGuard algorithm is at the framework’s core, which dynamically adjusts computational complexity based on real-time actual energy constraints and the evolving threat landscape. Extensive simulations conducted on the KDD 1999 dataset demonstrate that GreenMU achieves a detection accuracy close to 99%, significantly surpassing standard baseline models while reducing energy consumption by 31%. Furthermore, the framework improves computational efficiency, reducing processing time by 15% and making it highly effective for resource-constrained environments such as IoT and edge computing. This research paper study highlights the potential of green artificial intelligence in advancing cybersecurity, providing a scalable, sustainable, and high-performing solution to modern intrusion detection challenges.

Enhanced Intrusion Detection in IoT Smart Homes: Leveraging Binary and Multi-Class Classification Models

Enhanced Intrusion Detection in IoT Smart Homes: Leveraging Binary and Multi-Class Classification Models

Enhanced anomaly network intrusion detection using an improved snow ablation optimizer with dimensionality reduction and hybrid deep learning model

With the enlarged utilization of computer networks, security has become one of the critical issues. A network intrusion by malicious or unauthorized consumers may cause severe interruption to networks. So, the progress of a strong and dependable network intrusion detection system (IDS) is gradually significant. Intrusion detection relates to a suite of models employed to recognize attacks against network infrastructures and computers. There are dual main intrusion detection models, such as misuse and anomaly detection. Anomaly detection is a central part of intrusion detection in which disruptions of normal behaviour propose the presence of unintentionally or intentionally induced attacks, defects, faults, etc. With the arrival of anomaly-based IDS, many models have progressed in tracking new threats to the systems. Machine learning (ML) and deep learning (DL) models are currently leveraged for anomaly intrusion detection in cybersecurity. This manuscript proposes an Enhanced Anomaly Intrusion Detection using an Optimization Algorithm with Dimensionality Reduction and Hybrid Model (EAID-OADRHM) technique. The proposed EAID-OADRHM technique presents a new approach for perceiving and migrating attacks in cybersecurity. Min–max scaling normalization is primarily employed at the data pre-processing level to clean and transform input data into a consistent range. Furthermore, the proposed EAID-OADRHM technique utilizes the equilibrium optimizer (EO) model for the dimensionality reduction process. Additionally, the classification is performed by employing the long short-term memory and autoencoder (LSTM–AE) model. Finally, the improved Snow Ablation Optimizer (ISAO) model optimally tunes the hyperparameters of the LSTM–AE model, leading to enhanced classification performance. The simulation validation of the EAID-OADRHM approach is examined under the CIC-IDS2017 dataset, and the outcomes are computed using numerous measures. The experimental assessment of the EAID-OADRHM approach portrayed a superior accuracy value of 99.46% over existing methods in the anomaly intrusion detection process.

Enhancing security in electromagnetic radiation therapy using fuzzy graph theory

This research investigates the application of fuzzy graph theory to address critical security challenges in electromagnetic radiation therapy systems. Through comprehensive theoretical analysis and experimental validation, we introduce novel approaches leveraging fuzzy cognitive maps and fuzzy graph-based architectures for access control, intrusion detection, secure communication, and risk assessment. The study demonstrates significant improvements over traditional security measures across multiple performance metrics. The fuzzy graph-based access control model achieved a 2.5% false acceptance rate compared to 7.8% in traditional systems, while intrusion detection accuracy improved to 95% with only 3% false positives. Secure communication protocols demonstrated 98% confidentiality and 96% integrity rates, surpassing conventional methods. Risk assessment coverage increased to 92% with reduced false positives. The system maintained linear scaling in processing time from 180 ms at 1000 to 320 ms at 100,000 records, with CPU utilization remaining between 65 and 72%. These findings underscore the immense potential of fuzzy graph theory in strengthening the safety and privacy of electromagnetic radiation therapy systems, providing a foundation for future research and clinical adoption. The study also identifies key directions for future research, including machine learning integration, blockchain implementation, and scalability optimization.

Real Time Cyber Threat Detection and Response System

As wireless communications evolve, many community protection threats additionally evolve. Intrusion Detection System (IDS) detects assaults and facilitates perceive attackers. In the past, various system mastering (ML) strategies have been used with intrusion detection systems (IDS) in an attempt to improve intrusion detection effects and enhance the accuracy of IDS. Using major issue analysis (PCA), random woodland class, SVM, and naive base algorithms, this work proposes a method to expand an effective IDS. According to the effects of the proposed approach, the execution time (min) is three.24 mins, the accuracy charge (%) is 96.Seventy eight%, and the mistake rate (%) is zero.21%.

Central Tendency Feature Selection (CTFS): a novel approach for efficient and effective feature selection in intrusion detection systems

Central Tendency Feature Selection (CTFS): a novel approach for efficient and effective feature selection in intrusion detection systems

A novel approach to intrusion detection system using hybrid flower pollination and cheetah optimization algorithm

The study aims to address critical challenges in network security, particularly the limitations of traditional intrusion detection systems (IDS) in terms of adaptability, detection precision, and high false positive rates in dynamic network environments. A novel hybrid IDS model integrating the Flower Pollination Algorithm (FPA), Cheetah Optimization Algorithm (COA), and Artificial Neural Networks (ANN) is proposed to enhance detection accuracy, reduce false positives, and optimize feature selection, anomaly detection, and rule adaptation. The hybrid FPA-COA-ANN model combines the optimization capabilities of FPA and COA with the predictive power of ANN. The model was evaluated using five benchmark datasets—CICIDS-2017, TII-SSRC, Lu-flow, NSL-KDD, and WSN-DS. Key performance metrics were analysed to assess the model’s effectiveness in detecting malicious activities in complex network traffic patterns. The hybrid model demonstrated superior performance compared to existing IDS approaches. It achieved accuracy rates of 0.99 on CICIDS-2017, 1.00 on TII-SSRC, 1.00 on Lu-flow, 0.99 on NSL-KDD, and 0.93 on WSN-DS. The results highlight significant improvements in detection precision and adaptability, alongside a reduction in false positive rates, showcasing the model’s robustness and scalability for real-time threat detection. The proposed hybrid FPA-COA-ANN model effectively mitigates the limitations of traditional IDS by offering a robust, scalable, and efficient solution for real-time network threat detection. Its high accuracy and adaptability across diverse benchmark datasets underscore its potential as a critical tool for enhancing cybersecurity defences in dynamic and complex environments.

Infrastructure for collecting data and simulating security threats in the internet of things network

The implementation of the internet of things technologies in the rocket-space industry requires increased security measures for information and communication processes. Existing intrusion detection systems are unable to take into account the heterogeneity of the network structure and the scale of information circulating between devices. To solve this problem, intrusion detection systems use an anomaly method, which requires a large number of representative data sets. The authors have reviewed public datasets that can be used to build an anomaly detection system. They contain information from artificial simulation medium or isolated environments with simulated devices, include examples that are not directly related to the internet of things, and do not take into account the dynamic nature of traffic changes. In this paper, we present a new infrastructure that will avoid these drawbacks. It collects data on the functioning of a real Internet of Things network and allows testing its stability to typical attacks. We use the MQTT (message queuing telemetry transport) application protocol and software platforms that support information interaction based on the publisher-subscriber pattern. The infrastructure contains devices that monitor technological rooms with telecommunications equipment, brokers with various security policy settings, applications for data control and analysis, software agents for collecting network traffic and threat simulators that perform attacks on network nodes from single sources or in a distributed environment. Researchers will be able to use the data collected in the infrastructure for cybersecurity analysis to create reliable IoT-based solutions needed to implement this technology in knowledge-intensive space systems production.

Multi-classification algorithm based on graph convolutional neural network for intrusion detection

Multi-classification algorithm based on graph convolutional neural network for intrusion detection

An Adaptive Framework for Intrusion Detection in IoT Security Using MAML (Model-Agnostic Meta-Learning)

With the rapid emergence of the Internet of Things (IoT) devices, there were new vectors for attacking cyber, so there was a need for approachable intrusion detection systems (IDSs) with more innovative custom tactics. The traditional IDS models tend to find difficulties in generalization in the continuously changing and heterogeneous IoT environments. This paper contributes to an adaptive intrusion detection framework using Model-Agnostic Meta-Learning (MAML) and few-shot learning paradigms to quickly adapt to new tasks with little data. The goal of this research is to improve the security of IoT by developing a strong IDS that will perform well across assorted datasets and attack environments. Finally, we apply our proposed framework to two benchmark datasets, UNSW-NB15 and NSL-KDD99, which provide different attack scenarios and network behaviors. The methodology trains a base model with MAML to allow fast adaptation on specific tasks during fine-tuning. Our approach leads to experimental results with 99.98% accuracy, 99.5% precision, 99.0% recall, and 99.4% F1 score on the UNSW-NB15 dataset. The model achieved 99.1% accuracy, 97.3% precision, 98.2% recall, and 98.5% F1 score on the NSL-KDD99 dataset. That shows that MAML can detect many cyber threats in IoT environments. Based on this study, it is concluded that meta-learning-based intrusion detection could help build resilient IoT systems. Future works will move educated meta-learning to a federated setting and deploy it in real time in response to changing threats.

RTCS: An Improved Real-Time Credibility-Based Intrusion Detection System

RTCS: An Improved Real-Time Credibility-Based Intrusion Detection System

Centralized Infrastructure-Aware Reliable Data Transaction Model in IoT-Enabled MANET and Cloud Using LDMOA and ELRNN

Mobile ad-hoc networks (MANETs) face significant challenges due to the lack of centralized infrastructure and efficient routing techniques, which hinder optimal data transfer. This paper addresses these challenges by proposing a Centralized Infrastructure-Aware, Reliable Data Transaction Model for IoT-enabled MANETs in a cloud environment. The model incorporates novel approaches to enhance network efficiency and security, including the Learning-based Multi-objective Optimization Algorithm (LDMOA) and Extended Long-Short Term Recurrent Neural Network (ELRNN). The proposed framework operates in several stages: node initialization, optimal cluster head selection using LDMOA, and clustering. Multipath generation and path detail extraction follow, after which a hash tree is constructed and stored on a fog server. The trustworthiness of each path is evaluated using the KT-Fuzzy decision-making algorithm. If the trust is high, LDMOA selects the optimal path for data transfer, which is then encrypted using the Extended Particle Collision Chaos (EPCC) algorithm. The path’s hash code is verified in the fog server, and the data undergoes intrusion detection. The data path is re-configured if an attack is detected; otherwise, secure data are forwarded to the cloud server. The intrusion detection process involves data collection, feature extraction, and classification, with ELRNN used to predict potential attacks. The proposed ELRNN model achieves an accuracy of 98.42%, significantly outperforming traditional methods such as RNN, RBM, DBN, and DNN, which have maximum accuracies of around 93.57%. This improvement highlights the effectiveness of the ELRNN in detecting intrusions in Blockchain-based IoT devices, showcasing enhanced performance in precision, recall, and overall reliability compared to existing techniques.