Existing feature selection methods for intrusion detection systems in the Industrial Internet of Things often suffer from local optimality and high computational complexity.These challenges hinder traditional IDS from...Existing feature selection methods for intrusion detection systems in the Industrial Internet of Things often suffer from local optimality and high computational complexity.These challenges hinder traditional IDS from effectively extracting features while maintaining detection accuracy.This paper proposes an industrial Internet ofThings intrusion detection feature selection algorithm based on an improved whale optimization algorithm(GSLDWOA).The aim is to address the problems that feature selection algorithms under high-dimensional data are prone to,such as local optimality,long detection time,and reduced accuracy.First,the initial population’s diversity is increased using the Gaussian Mutation mechanism.Then,Non-linear Shrinking Factor balances global exploration and local development,avoiding premature convergence.Lastly,Variable-step Levy Flight operator and Dynamic Differential Evolution strategy are introduced to improve the algorithm’s search efficiency and convergence accuracy in highdimensional feature space.Experiments on the NSL-KDD and WUSTL-IIoT-2021 datasets demonstrate that the feature subset selected by GSLDWOA significantly improves detection performance.Compared to the traditional WOA algorithm,the detection rate and F1-score increased by 3.68%and 4.12%.On the WUSTL-IIoT-2021 dataset,accuracy,recall,and F1-score all exceed 99.9%.展开更多
The increasing adoption of Industrial Internet of Things(IIoT)systems in smart manufacturing is leading to raise cyberattack numbers and pressing the requirement for intrusion detection systems(IDS)to be effective.How...The increasing adoption of Industrial Internet of Things(IIoT)systems in smart manufacturing is leading to raise cyberattack numbers and pressing the requirement for intrusion detection systems(IDS)to be effective.However,existing datasets for IDS training often lack relevance to modern IIoT environments,limiting their applicability for research and development.To address the latter gap,this paper introduces the HiTar-2024 dataset specifically designed for IIoT systems.As a consequence,that can be used by an IDS to detect imminent threats.Likewise,HiTar-2024 was generated using the AREZZO simulator,which replicates realistic smart manufacturing scenarios.The generated dataset includes five distinct classes:Normal,Probing,Remote to Local(R2L),User to Root(U2R),and Denial of Service(DoS).Furthermore,comprehensive experiments with popular Machine Learning(ML)models using various classifiers,including BayesNet,Logistic,IBK,Multiclass,PART,and J48 demonstrate high accuracy,precision,recall,and F1-scores,exceeding 0.99 across all ML metrics.The latter result is reached thanks to the rigorous applied process to achieve this quite good result,including data pre-processing,features extraction,fixing the class imbalance problem,and using a test option for model robustness.This comprehensive approach emphasizes meticulous dataset construction through a complete dataset generation process,a careful labelling algorithm,and a sophisticated evaluation method,providing valuable insights to reinforce IIoT system security.Finally,the HiTar-2024 dataset is compared with other similar datasets in the literature,considering several factors such as data format,feature extraction tools,number of features,attack categories,number of instances,and ML metrics.展开更多
Intrusion detection systems play a vital role in cyberspace security.In this study,a network intrusion detection method based on the feature selection algorithm(FSA)and a deep learning model is developed using a fusio...Intrusion detection systems play a vital role in cyberspace security.In this study,a network intrusion detection method based on the feature selection algorithm(FSA)and a deep learning model is developed using a fusion of a recursive feature elimination(RFE)algorithm and a bidirectional gated recurrent unit(BGRU).Particularly,the RFE algorithm is employed to select features from high-dimensional data to reduce weak correlations between features and remove redundant features in the numerical feature space.Then,a neural network that combines the BGRU and multilayer perceptron(MLP)is adopted to extract deep intrusion behavior features.Finally,a support vector machine(SVM)classifier is used to classify intrusion behaviors.The proposed model is verified by experiments on the NSL-KDD dataset.The results indicate that the proposed model achieves a 90.25%accuracy and a 97.51%detection rate in binary classification and outperforms other machine learning and deep learning models in intrusion classification.The proposed method can provide new insight into network intrusion detection.展开更多
Roaming in 5G networks enables seamless global mobility but also introduces significant security risks due to legacy protocol dependencies,uneven Security Edge Protection Proxy(SEPP)deployment,and the dynamic nature o...Roaming in 5G networks enables seamless global mobility but also introduces significant security risks due to legacy protocol dependencies,uneven Security Edge Protection Proxy(SEPP)deployment,and the dynamic nature of inter-Public Land Mobile Network(inter-PLMN)signaling.Traditional rule-based defenses are inadequate for protecting cloud-native 5G core networks,particularly as roaming expands into enterprise and Internet of Things(IoT)domains.This work addresses these challenges by designing a scalable 5G Standalone testbed,generating the first intrusion detection dataset specifically tailored to roaming threats,and proposing a deep learning based intrusion detection framework for cloud-native environments.Six deep learning models including Multilayer Perceptron(MLP),one-dimensional Convolutional Neural Network(1D CNN),Autoencoder(AE),Recurrent Neural Network(RNN),Gated Recurrent Unit(GRU),and Long Short-Term Memory(LSTM)were evaluated on the dataset using both weighted and balanced metrics to account for strong class imbalance.While all models achieved over 99%accuracy,recurrent architectures such as GRU and LSTM outperformed others in balanced accuracy and macro-level evaluation,demonstrating superior effectiveness in detecting rare but high-impact attacks.These results confirm the importance of sequence-aware Artificial Intelligence(AI)models for securing roaming scenarios,where transient and contextdependent threats are common.The proposed framework provides a foundation for intelligent,adaptive intrusion detection in 5G and offers a path toward resilient security in Beyond 5G and 6G networks.展开更多
The era of big data brings new challenges for information network systems(INS),simultaneously offering unprecedented opportunities for advancing intelligent intrusion detection systems.In this work,we propose a data-d...The era of big data brings new challenges for information network systems(INS),simultaneously offering unprecedented opportunities for advancing intelligent intrusion detection systems.In this work,we propose a data-driven intrusion detection system for Distributed Denial of Service(DDoS)attack detection.The system focuses on intrusion detection from a big data perceptive.As intelligent information processing methods,big data and artificial intelligence have been widely used in information systems.The INS system is an important information system in cyberspace.In advanced INS systems,the network architectures have become more complex.And the smart devices in INS systems collect a large scale of network data.How to improve the performance of a complex intrusion detection system with big data and artificial intelligence is a big challenge.To address the problem,we design a novel intrusion detection system(IDS)from a big data perspective.The IDS system uses tensors to represent large-scale and complex multi-source network data in a unified tensor.Then,a novel tensor decomposition(TD)method is developed to complete big data mining.The TD method seamlessly collaborates with the XGBoost(eXtreme Gradient Boosting)method to complete the intrusion detection.To verify the proposed IDS system,a series of experiments is conducted on two real network datasets.The results revealed that the proposed IDS system attained an impressive accuracy rate over 98%.Additionally,by altering the scale of the datasets,the proposed IDS system still maintains excellent detection performance,which demonstrates the proposed IDS system’s robustness.展开更多
Network intrusion detection systems(IDS)are a prevalent method for safeguarding network traffic against attacks.However,existing IDS primarily depend on machine learning(ML)models,which are vulnerable to evasion throu...Network intrusion detection systems(IDS)are a prevalent method for safeguarding network traffic against attacks.However,existing IDS primarily depend on machine learning(ML)models,which are vulnerable to evasion through adversarial examples.In recent years,the Wasserstein Generative Adversarial Network(WGAN),based on Wasserstein distance,has been extensively utilized to generate adversarial examples.Nevertheless,several challenges persist:(1)WGAN experiences the mode collapse problem when generating multi-category network traffic data,leading to subpar quality and insufficient diversity in the generated data;(2)Due to unstable training processes,the authenticity of the data produced by WGAN is often low.This study improves WGAN to address these issues and proposes a new adversarial sample generation algorithm called Distortion Enhanced Multi-Generator Generative Adversarial Network(DEMGAN).DEMGAN effectively evades ML-based IDS by proficiently obfuscating network traffic data samples.We assess the efficacy of our attack method against five ML-based IDS using two public datasets.The results demonstrate that our method can successfully bypass IDS,achieving average evasion rates of 97.42%and 87.51%,respectively.Furthermore,empirical findings indicate that retraining the IDS with the generated adversarial samples significantly bolsters the system’s capability to detect adversarial samples,resulting in an average recognition rate increase of 86.78%.This approach not only enhances the performance of the IDS but also strengthens the network’s resilience against potential threats,thereby optimizing network security measures.展开更多
With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have a...With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have also significantly increased the complexity of network threats.Traditional static defense mechanisms are inadequate for addressing the dynamic and heterogeneous nature of modern attack vectors.To overcome these challenges,this paper presents a novel algorithmic framework,SD-5G,designed for high-precision intrusion detection in 5G environments.SD-5G adopts a three-stage architecture comprising traffic feature extraction,elastic representation,and adaptive classification.Specifically,an enhanced Concrete Autoencoder(CAE)is employed to reconstruct and compress high-dimensional network traffic features,producing compact and expressive representations suitable for large-scale 5G deployments.To further improve accuracy in ambiguous traffic classification,a Residual Convolutional Long Short-Term Memory model with an attention mechanism(ResCLA)is introduced,enabling multi-level modeling of spatial–temporal dependencies and effective detection of subtle anomalies.Extensive experiments on benchmark datasets—including 5G-NIDD,CIC-IDS2017,ToN-IoT,and BoT-IoT—demonstrate that SD-5G consistently achieves F1 scores exceeding 99.19%across diverse network environments,indicating strong generalization and real-time deployment capabilities.Overall,SD-5G achieves a balance between detection accuracy and deployment efficiency,offering a scalable,flexible,and effective solution for intrusion detection in 5G and next-generation networks.展开更多
Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weight...Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.展开更多
Machine learning(ML)algorithms are often used to design effective intrusion detection(ID)systems for appropriate mitigation and effective detection of malicious cyber threats at the host and network levels.However,cyb...Machine learning(ML)algorithms are often used to design effective intrusion detection(ID)systems for appropriate mitigation and effective detection of malicious cyber threats at the host and network levels.However,cybersecurity attacks are still increasing.An ID system can play a vital role in detecting such threats.Existing ID systems are unable to detect malicious threats,primarily because they adopt approaches that are based on traditional ML techniques,which are less concerned with the accurate classication and feature selection.Thus,developing an accurate and intelligent ID system is a priority.The main objective of this study was to develop a hybrid intelligent intrusion detection system(HIIDS)to learn crucial features representation efciently and automatically from massive unlabeled raw network trafc data.Many ID datasets are publicly available to the cybersecurity research community.As such,we used a spark MLlib(machine learning library)-based robust classier,such as logistic regression(LR),extreme gradient boosting(XGB)was used for anomaly detection,and a state-of-the-art DL,such as a long short-term memory autoencoder(LSTMAE)for misuse attack was used to develop an efcient and HIIDS to detect and classify unpredictable attacks.Our approach utilized LSTM to detect temporal features and an AE to more efciently detect global features.Therefore,to evaluate the efcacy of our proposed approach,experiments were conducted on a publicly existing dataset,the contemporary real-life ISCX-UNB dataset.The simulation results demonstrate that our proposed spark MLlib and LSTMAE-based HIIDS signicantly outperformed existing ID approaches,achieving a high accuracy rate of up to 97.52%for the ISCX-UNB dataset respectively 10-fold crossvalidation test.It is quite promising to use our proposed HIIDS in real-world circumstances on a large-scale.展开更多
Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to prese...Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame(s) buffered by the access point(AP), if any during its sleep period. An attacker can launch a power save denial of service(PS-DoS) attack on the sleeping STA(s) by transmitting a spoofed null data or PS-Poll frame(s) to retrieve the buffered frame(s) of the sleeping STA(s) from the AP causing frame losses for the targeted STA(s). Current approaches to prevent or detect the PS-DoS attack require encryption,change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances.So signature and anomaly based intrusion detection system(IDS) are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system(RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.展开更多
In recent years,cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things(IoT)and the widespread development of computer infrastructure and systems.It is thus becoming particul...In recent years,cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things(IoT)and the widespread development of computer infrastructure and systems.It is thus becoming particularly necessary to identify cyber-attacks or irregularities in the system and develop an efficient intrusion detection framework that is integral to security.Researchers have worked on developing intrusion detection models that depend on machine learning(ML)methods to address these security problems.An intelligent intrusion detection device powered by data can exploit artificial intelligence(AI),and especially ML,techniques.Accordingly,we propose in this article an intrusion detection model based on a Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System(RTS-DELM-CSIDS)security model.The proposed model initially determines the rating of security aspects contributing to their significance and then develops a comprehensive intrusion detection framework focused on the essential characteristics.Furthermore,we investigated the feasibility of our proposed RTS-DELM-CSIDS framework by performing dataset evaluations and calculating accuracy parameters to validate.The experimental findings demonstrate that the RTS-DELM-CSIDS framework outperforms conventional algorithms.Furthermore,the proposed approach has not only research significance but also practical significance.展开更多
The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(I...The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(IoMT),also referred as the healthcare Internet of Things,is the most widely deployed application against COVID-19 and offering extensive healthcare services that are connected to the healthcare information technologies systems.Indeed,with the impact of the COVID-19 pandemic,a large number of interconnected devices designed to create smart networks.These networks monitor patients from remote locations as well as tracking medication orders.However,IoT may be jeopardized by attacks such as TCP SYN flooding and sinkhole attacks.In this paper,we address the issue of detecting Denial of Service attacks performed by TCP SYN flooding attacker nodes.For this purpose,we develop a new algorithm for Intrusion Detection System(IDS)to detect malicious activities in the Internet of Medical Things.The proposed scheme minimizes as possible the number of attacks to ensure data security,and preserve confidentiality of gathered data.In order to check the viability of our approach,we evaluate analytically and via simulations the performance of our proposed solution under different probability of attacks.展开更多
Cyber physical systems(CPSs)are a networked system of cyber(computation,communication)and physical(sensors,actuators)elements that interact in a feedback loop with the assistance of human interference.Generally,CPSs a...Cyber physical systems(CPSs)are a networked system of cyber(computation,communication)and physical(sensors,actuators)elements that interact in a feedback loop with the assistance of human interference.Generally,CPSs authorize critical infrastructures and are considered to be important in the daily lives of humans because they form the basis of future smart devices.Increased utilization of CPSs,however,poses many threats,which may be of major significance for users.Such security issues in CPSs represent a global issue;therefore,developing a robust,secure,and effective CPS is currently a hot research topic.To resolve this issue,an intrusion detection system(IDS)can be designed to protect CPSs.When the IDS detects an anomaly,it instantly takes the necessary actions to avoid harming the system.In this study,we introduce a new parameter-tuned deep-stacked autoencoder based on deep learning(DL),called PT-DSAE,for the IDS in CPSs.The proposed model involves preprocessing,feature extraction,parameter tuning,and classification.First,data preprocessing takes place to eliminate the noise present in the data.Next,a DL-based DSAE model is applied to detect anomalies in the CPS.In addition,hyperparameter tuning of the DSAE takes place using a search-and-rescue optimization algorithm to tune the parameters of the DSAE,such as the number of hidden layers,batch size,epoch count,and learning rate.To assess the experimental outcomes of the PT-DSAE model,a series of experiments were performed using data from a sensor-based CPS.Moreover,a detailed comparative analysis was performed to ensure the effective detection outcome of the PT-DSAE technique.The experimental results obtained verified the superior performance on the applied data over the compared methods.展开更多
Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 ...Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.展开更多
The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during the...The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during these situations.Also,the security issues in the Internet of Medical Things(IoMT)used in these service,make the situation even more critical because cyberattacks on the medical devices might cause treatment delays or clinical failures.Hence,services in the healthcare ecosystem need rapid,uninterrupted,and secure facilities.The solution provided in this research addresses security concerns and services availability for patients with critical health in remote areas.This research aims to develop an intelligent Software Defined Networks(SDNs)enabled secure framework for IoT healthcare ecosystem.We propose a hybrid of machine learning and deep learning techniques(DNN+SVM)to identify network intrusions in the sensor-based healthcare data.In addition,this system can efficiently monitor connected devices and suspicious behaviours.Finally,we evaluate the performance of our proposed framework using various performance metrics based on the healthcare application scenarios.the experimental results show that the proposed approach effectively detects and mitigates attacks in the SDN-enabled IoT networks and performs better that other state-of-art-approaches.展开更多
Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traff...Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks.This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods,IDS techniques,IDS placement strategies,and traffic data analysis techniques.This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions.Specifically,the Knowledge Discovery in Databases(KDD)Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network(WN).The paper starts with a review of various intrusion detection techniques,data collection methods and placement methods.The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment.Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities.So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment.The main wireless environments to look into would be Wireless Sensor Networks(WSN),Mobile Ad Hoc Networks(MANET)and IoT as this are the future trends and a lot of attacks have been targeted into these networks.So it is very crucial to design an IDS specifically to target on the wireless networks.展开更多
Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)...Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.展开更多
In this paper,we propose a novel Intrusion Detection System (IDS) architecture utilizing both the evidence theory and Rough Set Theory (RST). Evidence theory is an effective tool in dealing with uncertainty question. ...In this paper,we propose a novel Intrusion Detection System (IDS) architecture utilizing both the evidence theory and Rough Set Theory (RST). Evidence theory is an effective tool in dealing with uncertainty question. It relies on the expert knowledge to provide evidences,needing the evidences to be independent,and this make it difficult in application. To solve this problem,a hybrid system of rough sets and evidence theory is proposed. Firstly,simplification are made based on Variable Precision Rough Set (VPRS) conditional entropy. Thus,the Basic Belief Assignment (BBA) for all evidences can be calculated. Secondly,Dempster’s rule of combination is used,and a decision-making is given. In the proposed approach,the difficulties in acquiring the BBAs are solved,the correlativity among the evidences is reduced and the subjectivity of evidences is weakened. An illustrative example in an intrusion detection shows that the two theories combination is feasible and effective.展开更多
Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,hi...Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.展开更多
Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,f...Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.展开更多
基金supported by the Major Science and Technology Programs in Henan Province(No.241100210100)Henan Provincial Science and Technology Research Project(No.252102211085,No.252102211105)+3 种基金Endogenous Security Cloud Network Convergence R&D Center(No.602431011PQ1)The Special Project for Research and Development in Key Areas of Guangdong Province(No.2021ZDZX1098)The Stabilization Support Program of Science,Technology and Innovation Commission of Shenzhen Municipality(No.20231128083944001)The Key scientific research projects of Henan higher education institutions(No.24A520042).
文摘Existing feature selection methods for intrusion detection systems in the Industrial Internet of Things often suffer from local optimality and high computational complexity.These challenges hinder traditional IDS from effectively extracting features while maintaining detection accuracy.This paper proposes an industrial Internet ofThings intrusion detection feature selection algorithm based on an improved whale optimization algorithm(GSLDWOA).The aim is to address the problems that feature selection algorithms under high-dimensional data are prone to,such as local optimality,long detection time,and reduced accuracy.First,the initial population’s diversity is increased using the Gaussian Mutation mechanism.Then,Non-linear Shrinking Factor balances global exploration and local development,avoiding premature convergence.Lastly,Variable-step Levy Flight operator and Dynamic Differential Evolution strategy are introduced to improve the algorithm’s search efficiency and convergence accuracy in highdimensional feature space.Experiments on the NSL-KDD and WUSTL-IIoT-2021 datasets demonstrate that the feature subset selected by GSLDWOA significantly improves detection performance.Compared to the traditional WOA algorithm,the detection rate and F1-score increased by 3.68%and 4.12%.On the WUSTL-IIoT-2021 dataset,accuracy,recall,and F1-score all exceed 99.9%.
文摘The increasing adoption of Industrial Internet of Things(IIoT)systems in smart manufacturing is leading to raise cyberattack numbers and pressing the requirement for intrusion detection systems(IDS)to be effective.However,existing datasets for IDS training often lack relevance to modern IIoT environments,limiting their applicability for research and development.To address the latter gap,this paper introduces the HiTar-2024 dataset specifically designed for IIoT systems.As a consequence,that can be used by an IDS to detect imminent threats.Likewise,HiTar-2024 was generated using the AREZZO simulator,which replicates realistic smart manufacturing scenarios.The generated dataset includes five distinct classes:Normal,Probing,Remote to Local(R2L),User to Root(U2R),and Denial of Service(DoS).Furthermore,comprehensive experiments with popular Machine Learning(ML)models using various classifiers,including BayesNet,Logistic,IBK,Multiclass,PART,and J48 demonstrate high accuracy,precision,recall,and F1-scores,exceeding 0.99 across all ML metrics.The latter result is reached thanks to the rigorous applied process to achieve this quite good result,including data pre-processing,features extraction,fixing the class imbalance problem,and using a test option for model robustness.This comprehensive approach emphasizes meticulous dataset construction through a complete dataset generation process,a careful labelling algorithm,and a sophisticated evaluation method,providing valuable insights to reinforce IIoT system security.Finally,the HiTar-2024 dataset is compared with other similar datasets in the literature,considering several factors such as data format,feature extraction tools,number of features,attack categories,number of instances,and ML metrics.
基金supported in part by the National Natural Science Foundation of China(No.62001333)the Scientific Research Project of Education Department of Hubei Province(No.D20221702).
文摘Intrusion detection systems play a vital role in cyberspace security.In this study,a network intrusion detection method based on the feature selection algorithm(FSA)and a deep learning model is developed using a fusion of a recursive feature elimination(RFE)algorithm and a bidirectional gated recurrent unit(BGRU).Particularly,the RFE algorithm is employed to select features from high-dimensional data to reduce weak correlations between features and remove redundant features in the numerical feature space.Then,a neural network that combines the BGRU and multilayer perceptron(MLP)is adopted to extract deep intrusion behavior features.Finally,a support vector machine(SVM)classifier is used to classify intrusion behaviors.The proposed model is verified by experiments on the NSL-KDD dataset.The results indicate that the proposed model achieves a 90.25%accuracy and a 97.51%detection rate in binary classification and outperforms other machine learning and deep learning models in intrusion classification.The proposed method can provide new insight into network intrusion detection.
基金supported by Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(RS-2024-00441484,Development of Open Roaming Technology for Private 5G Network)。
文摘Roaming in 5G networks enables seamless global mobility but also introduces significant security risks due to legacy protocol dependencies,uneven Security Edge Protection Proxy(SEPP)deployment,and the dynamic nature of inter-Public Land Mobile Network(inter-PLMN)signaling.Traditional rule-based defenses are inadequate for protecting cloud-native 5G core networks,particularly as roaming expands into enterprise and Internet of Things(IoT)domains.This work addresses these challenges by designing a scalable 5G Standalone testbed,generating the first intrusion detection dataset specifically tailored to roaming threats,and proposing a deep learning based intrusion detection framework for cloud-native environments.Six deep learning models including Multilayer Perceptron(MLP),one-dimensional Convolutional Neural Network(1D CNN),Autoencoder(AE),Recurrent Neural Network(RNN),Gated Recurrent Unit(GRU),and Long Short-Term Memory(LSTM)were evaluated on the dataset using both weighted and balanced metrics to account for strong class imbalance.While all models achieved over 99%accuracy,recurrent architectures such as GRU and LSTM outperformed others in balanced accuracy and macro-level evaluation,demonstrating superior effectiveness in detecting rare but high-impact attacks.These results confirm the importance of sequence-aware Artificial Intelligence(AI)models for securing roaming scenarios,where transient and contextdependent threats are common.The proposed framework provides a foundation for intelligent,adaptive intrusion detection in 5G and offers a path toward resilient security in Beyond 5G and 6G networks.
基金supported in part by the National Nature Science Foundation of China under Project 62166047in part by the Yunnan International Joint Laboratory of Natural Rubber Intelligent Monitor and Digital Applications under Grant 202403AP140001in part by the Xingdian Talent Support Program under Grant YNWR-QNBJ-2019-270.
文摘The era of big data brings new challenges for information network systems(INS),simultaneously offering unprecedented opportunities for advancing intelligent intrusion detection systems.In this work,we propose a data-driven intrusion detection system for Distributed Denial of Service(DDoS)attack detection.The system focuses on intrusion detection from a big data perceptive.As intelligent information processing methods,big data and artificial intelligence have been widely used in information systems.The INS system is an important information system in cyberspace.In advanced INS systems,the network architectures have become more complex.And the smart devices in INS systems collect a large scale of network data.How to improve the performance of a complex intrusion detection system with big data and artificial intelligence is a big challenge.To address the problem,we design a novel intrusion detection system(IDS)from a big data perspective.The IDS system uses tensors to represent large-scale and complex multi-source network data in a unified tensor.Then,a novel tensor decomposition(TD)method is developed to complete big data mining.The TD method seamlessly collaborates with the XGBoost(eXtreme Gradient Boosting)method to complete the intrusion detection.To verify the proposed IDS system,a series of experiments is conducted on two real network datasets.The results revealed that the proposed IDS system attained an impressive accuracy rate over 98%.Additionally,by altering the scale of the datasets,the proposed IDS system still maintains excellent detection performance,which demonstrates the proposed IDS system’s robustness.
基金supported by the National Defense Basic Scientific Research Programof China under grant No.JCKY2023602C026.
文摘Network intrusion detection systems(IDS)are a prevalent method for safeguarding network traffic against attacks.However,existing IDS primarily depend on machine learning(ML)models,which are vulnerable to evasion through adversarial examples.In recent years,the Wasserstein Generative Adversarial Network(WGAN),based on Wasserstein distance,has been extensively utilized to generate adversarial examples.Nevertheless,several challenges persist:(1)WGAN experiences the mode collapse problem when generating multi-category network traffic data,leading to subpar quality and insufficient diversity in the generated data;(2)Due to unstable training processes,the authenticity of the data produced by WGAN is often low.This study improves WGAN to address these issues and proposes a new adversarial sample generation algorithm called Distortion Enhanced Multi-Generator Generative Adversarial Network(DEMGAN).DEMGAN effectively evades ML-based IDS by proficiently obfuscating network traffic data samples.We assess the efficacy of our attack method against five ML-based IDS using two public datasets.The results demonstrate that our method can successfully bypass IDS,achieving average evasion rates of 97.42%and 87.51%,respectively.Furthermore,empirical findings indicate that retraining the IDS with the generated adversarial samples significantly bolsters the system’s capability to detect adversarial samples,resulting in an average recognition rate increase of 86.78%.This approach not only enhances the performance of the IDS but also strengthens the network’s resilience against potential threats,thereby optimizing network security measures.
文摘With the rapid advancement of mobile communication networks,key technologies such as Multi-access Edge Computing(MEC)and Network Function Virtualization(NFV)have enhanced the quality of service for 5G users but have also significantly increased the complexity of network threats.Traditional static defense mechanisms are inadequate for addressing the dynamic and heterogeneous nature of modern attack vectors.To overcome these challenges,this paper presents a novel algorithmic framework,SD-5G,designed for high-precision intrusion detection in 5G environments.SD-5G adopts a three-stage architecture comprising traffic feature extraction,elastic representation,and adaptive classification.Specifically,an enhanced Concrete Autoencoder(CAE)is employed to reconstruct and compress high-dimensional network traffic features,producing compact and expressive representations suitable for large-scale 5G deployments.To further improve accuracy in ambiguous traffic classification,a Residual Convolutional Long Short-Term Memory model with an attention mechanism(ResCLA)is introduced,enabling multi-level modeling of spatial–temporal dependencies and effective detection of subtle anomalies.Extensive experiments on benchmark datasets—including 5G-NIDD,CIC-IDS2017,ToN-IoT,and BoT-IoT—demonstrate that SD-5G consistently achieves F1 scores exceeding 99.19%across diverse network environments,indicating strong generalization and real-time deployment capabilities.Overall,SD-5G achieves a balance between detection accuracy and deployment efficiency,offering a scalable,flexible,and effective solution for intrusion detection in 5G and next-generation networks.
文摘Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.
基金supported by the MSIT(Ministry of Science,ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2020-2016-0-00465)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation)。
文摘Machine learning(ML)algorithms are often used to design effective intrusion detection(ID)systems for appropriate mitigation and effective detection of malicious cyber threats at the host and network levels.However,cybersecurity attacks are still increasing.An ID system can play a vital role in detecting such threats.Existing ID systems are unable to detect malicious threats,primarily because they adopt approaches that are based on traditional ML techniques,which are less concerned with the accurate classication and feature selection.Thus,developing an accurate and intelligent ID system is a priority.The main objective of this study was to develop a hybrid intelligent intrusion detection system(HIIDS)to learn crucial features representation efciently and automatically from massive unlabeled raw network trafc data.Many ID datasets are publicly available to the cybersecurity research community.As such,we used a spark MLlib(machine learning library)-based robust classier,such as logistic regression(LR),extreme gradient boosting(XGB)was used for anomaly detection,and a state-of-the-art DL,such as a long short-term memory autoencoder(LSTMAE)for misuse attack was used to develop an efcient and HIIDS to detect and classify unpredictable attacks.Our approach utilized LSTM to detect temporal features and an AE to more efciently detect global features.Therefore,to evaluate the efcacy of our proposed approach,experiments were conducted on a publicly existing dataset,the contemporary real-life ISCX-UNB dataset.The simulation results demonstrate that our proposed spark MLlib and LSTMAE-based HIIDS signicantly outperformed existing ID approaches,achieving a high accuracy rate of up to 97.52%for the ISCX-UNB dataset respectively 10-fold crossvalidation test.It is quite promising to use our proposed HIIDS in real-world circumstances on a large-scale.
基金supported by TATA Consultancy Servies(TCS)Research Fellowship Program,India
文摘Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame(s) buffered by the access point(AP), if any during its sleep period. An attacker can launch a power save denial of service(PS-DoS) attack on the sleeping STA(s) by transmitting a spoofed null data or PS-Poll frame(s) to retrieve the buffered frame(s) of the sleeping STA(s) from the AP causing frame losses for the targeted STA(s). Current approaches to prevent or detect the PS-DoS attack require encryption,change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances.So signature and anomaly based intrusion detection system(IDS) are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system(RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.
基金the National Research Foundation of Korea(NRF)grant funded by the Korean government(MSIT)(Nos.2019R1A4A1023746,2019R1F1A1060799)and Strengthening R&D Capability Program of Sejong University.
文摘In recent years,cybersecurity has attracted significant interest due to the rapid growth of the Internet of Things(IoT)and the widespread development of computer infrastructure and systems.It is thus becoming particularly necessary to identify cyber-attacks or irregularities in the system and develop an efficient intrusion detection framework that is integral to security.Researchers have worked on developing intrusion detection models that depend on machine learning(ML)methods to address these security problems.An intelligent intrusion detection device powered by data can exploit artificial intelligence(AI),and especially ML,techniques.Accordingly,we propose in this article an intrusion detection model based on a Real-Time Sequential Deep Extreme Learning Machine Cybersecurity Intrusion Detection System(RTS-DELM-CSIDS)security model.The proposed model initially determines the rating of security aspects contributing to their significance and then develops a comprehensive intrusion detection framework focused on the essential characteristics.Furthermore,we investigated the feasibility of our proposed RTS-DELM-CSIDS framework by performing dataset evaluations and calculating accuracy parameters to validate.The experimental findings demonstrate that the RTS-DELM-CSIDS framework outperforms conventional algorithms.Furthermore,the proposed approach has not only research significance but also practical significance.
基金Funding for this study was received from the Deanship of Scientific Research(DSR)at Jouf University,Sakakah,Kingdom of Saudi Arabia under the Grant No:DSR-2021-02-0103.
文摘The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(IoMT),also referred as the healthcare Internet of Things,is the most widely deployed application against COVID-19 and offering extensive healthcare services that are connected to the healthcare information technologies systems.Indeed,with the impact of the COVID-19 pandemic,a large number of interconnected devices designed to create smart networks.These networks monitor patients from remote locations as well as tracking medication orders.However,IoT may be jeopardized by attacks such as TCP SYN flooding and sinkhole attacks.In this paper,we address the issue of detecting Denial of Service attacks performed by TCP SYN flooding attacker nodes.For this purpose,we develop a new algorithm for Intrusion Detection System(IDS)to detect malicious activities in the Internet of Medical Things.The proposed scheme minimizes as possible the number of attacks to ensure data security,and preserve confidentiality of gathered data.In order to check the viability of our approach,we evaluate analytically and via simulations the performance of our proposed solution under different probability of attacks.
文摘Cyber physical systems(CPSs)are a networked system of cyber(computation,communication)and physical(sensors,actuators)elements that interact in a feedback loop with the assistance of human interference.Generally,CPSs authorize critical infrastructures and are considered to be important in the daily lives of humans because they form the basis of future smart devices.Increased utilization of CPSs,however,poses many threats,which may be of major significance for users.Such security issues in CPSs represent a global issue;therefore,developing a robust,secure,and effective CPS is currently a hot research topic.To resolve this issue,an intrusion detection system(IDS)can be designed to protect CPSs.When the IDS detects an anomaly,it instantly takes the necessary actions to avoid harming the system.In this study,we introduce a new parameter-tuned deep-stacked autoencoder based on deep learning(DL),called PT-DSAE,for the IDS in CPSs.The proposed model involves preprocessing,feature extraction,parameter tuning,and classification.First,data preprocessing takes place to eliminate the noise present in the data.Next,a DL-based DSAE model is applied to detect anomalies in the CPS.In addition,hyperparameter tuning of the DSAE takes place using a search-and-rescue optimization algorithm to tune the parameters of the DSAE,such as the number of hidden layers,batch size,epoch count,and learning rate.To assess the experimental outcomes of the PT-DSAE model,a series of experiments were performed using data from a sensor-based CPS.Moreover,a detailed comparative analysis was performed to ensure the effective detection outcome of the PT-DSAE technique.The experimental results obtained verified the superior performance on the applied data over the compared methods.
基金supported by National Natural Science Foundation of China (No. 60873208)
文摘Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits [1] . However, they have not proved to be a panacea [1 3] , and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.
文摘The advent of pandemics such as COVID-19 significantly impacts human behaviour and lives every day.Therefore,it is essential to make medical services connected to internet,available in every remote location during these situations.Also,the security issues in the Internet of Medical Things(IoMT)used in these service,make the situation even more critical because cyberattacks on the medical devices might cause treatment delays or clinical failures.Hence,services in the healthcare ecosystem need rapid,uninterrupted,and secure facilities.The solution provided in this research addresses security concerns and services availability for patients with critical health in remote areas.This research aims to develop an intelligent Software Defined Networks(SDNs)enabled secure framework for IoT healthcare ecosystem.We propose a hybrid of machine learning and deep learning techniques(DNN+SVM)to identify network intrusions in the sensor-based healthcare data.In addition,this system can efficiently monitor connected devices and suspicious behaviours.Finally,we evaluate the performance of our proposed framework using various performance metrics based on the healthcare application scenarios.the experimental results show that the proposed approach effectively detects and mitigates attacks in the SDN-enabled IoT networks and performs better that other state-of-art-approaches.
基金The authors acknowledge Jouf University,Saudi Arabia for his funding support.
文摘Internet of Things(IoT)devices work mainly in wireless mediums;requiring different Intrusion Detection System(IDS)kind of solutions to leverage 802.11 header information for intrusion detection.Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks.This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods,IDS techniques,IDS placement strategies,and traffic data analysis techniques.This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions.Specifically,the Knowledge Discovery in Databases(KDD)Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network(WN).The paper starts with a review of various intrusion detection techniques,data collection methods and placement methods.The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment.Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities.So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment.The main wireless environments to look into would be Wireless Sensor Networks(WSN),Mobile Ad Hoc Networks(MANET)and IoT as this are the future trends and a lot of attacks have been targeted into these networks.So it is very crucial to design an IDS specifically to target on the wireless networks.
基金supported by King Khalid University,Saudi Arabia underGrant No.RGP.2/61/43.
文摘Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.
基金Supported by the National Natural Science Foundation of China (No. 60774029)
文摘In this paper,we propose a novel Intrusion Detection System (IDS) architecture utilizing both the evidence theory and Rough Set Theory (RST). Evidence theory is an effective tool in dealing with uncertainty question. It relies on the expert knowledge to provide evidences,needing the evidences to be independent,and this make it difficult in application. To solve this problem,a hybrid system of rough sets and evidence theory is proposed. Firstly,simplification are made based on Variable Precision Rough Set (VPRS) conditional entropy. Thus,the Basic Belief Assignment (BBA) for all evidences can be calculated. Secondly,Dempster’s rule of combination is used,and a decision-making is given. In the proposed approach,the difficulties in acquiring the BBAs are solved,the correlativity among the evidences is reduced and the subjectivity of evidences is weakened. An illustrative example in an intrusion detection shows that the two theories combination is feasible and effective.
基金The authors would like to thank Princess Nourah bint Abdulrahman University for funding this project through the Researchers Supporting Project(PNURSP2023R319)this research was funded by the Prince Sultan University,Riyadh,Saudi Arabia.
文摘Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.
文摘Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.
