Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

KG Raghavendra Narayan,Srijanee Mookherji,Vanga Odelu,Rajendra Prasath,Anish Chand Turlapaty,Ashok Kumar Das

2023-08-02

Abstract:With rapid technological growth, security attacks are drastically increasing. In many crucial Internet-of-Things (IoT) applications such as healthcare and defense, the early detection of security attacks plays a significant role in protecting huge resources. An intrusion detection system is used to address this problem. The signature-based approaches fail to detect zero-day attacks. So anomaly-based detection particularly AI tools, are becoming popular. In addition, the imbalanced dataset leads to biased results. In Machine Learning (ML) models, F1 score is an important metric to measure the accuracy of class-level correct predictions. The model may fail to detect the target samples if the F1 is considerably low. It will lead to unrecoverable consequences in sensitive applications such as healthcare and defense. So, any improvement in the F1 score has significant impact on the resource protection. In this paper, we present a framework for ML-based intrusion detection system for an imbalanced dataset. In this study, the most recent dataset, namely CICIoT2023 is considered. The random forest (RF) algorithm is used in the proposed framework. The proposed approach improves 3.72%, 3.75% and 4.69% in precision, recall and F1 score, respectively, with the existing method. Additionally, for unsaturated classes (i.e., classes with F1 score < 0.99), F1 score improved significantly by 7.9%. As a result, the proposed approach is more suitable for IoT security applications for efficient detection of intrusion and is useful in further studies.

Cryptography and Security

Ritika Kumari,Jaspreeti Singh,Anjana Gosain

DOI: https://doi.org/10.3233/jifs-223333

2023-09-23

Journal of Intelligent & Fuzzy Systems

Abstract:Class imbalance problem (CIP) exists when the class distribution is not uniform. Many real-world scenarios face CIP which attracted the researcher's attention to this problem. Training machine learning (ML) models with class imbalanced datasets is a challenging problem. Ensemble methods in ML involve training multiple classifiers, combining or averaging their predictions to come to a final prediction. Specifically designed ensemble-based methods can overcome the difficulty faced by traditional classifiers and can handle the CIP. The performance of 19 ensemble methods for 44 unbalanced datasets is assessed in this paper in order to observe the effects of the class imbalance ratio (CIR). For performance evaluation, we divide these datasets into three categories, i.e., Slightly Imbalance (SI), Moderately Imbalance (MI) and Highly Imbalance (HI) based on CIR. With the proposed perspective, we observe that different ensemble methods perform well in different categories suggesting that the percentage of minority or majority class could be a criterion for the selection of ensemble methods for class imbalance datasets. Moreover, visual representations and different non-parametric statistical tests are also used to have more reliable results.

English Else

Manohar Srinivasan,Narayanan Chidambaram Senthilkumar

DOI: https://doi.org/10.1007/s00500-023-09610-x

IF: 3.732

2024-02-07

Soft Computing

Abstract:The Internet of Things (IoT) has performed a paradigm shift in the method devices and systems interact, allowing seamless connectivity and communication. But, the enhancing interconnectedness and difficulty of IoT platforms also establish novel security problems, making intrusion detection a vital feature of IoT system security. Intrusion detection systems (IDS) role a vital play in detecting and monitoring unauthorized actions or malicious behavior in IoT networks. Typical IDS frequently depends on handcrafted rules or signatures that cannot not efficiently capture the difficult and developing nature of recent cyber threats. Deep learning (DL) methods automatically study and extract high-level representations in raw data, allowing more accurate and adaptive IDs. Most problems in emerging effectual IDSs are the presence of class imbalances in the database, but the count of normal instances far outweighs the count of intrusion samples. This paper focuses on the design of class imbalance data handling with optimal deep learning-based intrusion detection (CIDH-ODLID) techniques in IoT environments. The purpose of this study is to develop a CIDH-ODLID technique for the identification of intrusions in the IoT platform. For the class imbalance data handling process, the SMOTE approach is used in this work. In addition, the CIDH-ODLID technique employs an echo state network (ESN) approach for intrusion detection and classification. Finally, the snake optimization algorithm (SOA) was carried out for an optimum hyperparameter selection of the ESN approach. The performance validation of the CIDH-ODLID approach was performed on the benchmark database. To prove that the previously provided model performed better, a thorough simulation was run. The researchers provided a thorough comparative analysis that showed the proposed approach was better than other current procedures. It had an accuracy of 99.56%, precision of 97.50%, recall of 98.42%, and an F-score of 97.95%. The experimental outcomes exhibit the promising performance of the CIDH-ODLID technique over other models.

computer science, artificial intelligence, interdisciplinary applications

Jesse Atuhurra,Takanori Hara,Yuanyu Zhang,Masahiro Sasabe,Shoji Kasahara

2024-03-28

Abstract:With the rapidly spreading usage of Internet of Things (IoT) devices, a network intrusion detection system (NIDS) plays an important role in detecting and protecting various types of attacks in the IoT network. To evaluate the robustness of the NIDS in the IoT network, the existing work proposed a realistic botnet dataset in the IoT network (Bot-IoT dataset) and applied it to machine learning-based anomaly detection. This dataset contains imbalanced normal and attack packets because the number of normal packets is much smaller than that of attack ones. The nature of imbalanced data may make it difficult to identify the minority class correctly. In this thesis, to address the class imbalance problem in the Bot-IoT dataset, we propose a binary classification method with synthetic minority over-sampling techniques (SMOTE). The proposed classifier aims to detect attack packets and overcome the class imbalance problem using the SMOTE algorithm. Through numerical results, we demonstrate the proposed classifier's fundamental characteristics and the impact of imbalanced data on its performance.

Cryptography and Security,Artificial Intelligence

Asaad Balla,Mohamed Hadi Habaebi,Elfatih A A Elsheikh,Md Rafiqul Islam,F M Suliman

DOI: https://doi.org/10.3390/s23020758

2023-01-09

Abstract:Integrating IoT devices in SCADA systems has provided efficient and improved data collection and transmission technologies. This enhancement comes with significant security challenges, exposing traditionally isolated systems to the public internet. Effective and highly reliable security devices, such as intrusion detection system (IDSs) and intrusion prevention systems (IPS), are critical. Countless studies used deep learning algorithms to design an efficient IDS; however, the fundamental issue of imbalanced datasets was not fully addressed. In our research, we examined the impact of data imbalance on developing an effective SCADA-based IDS. To investigate the impact of various data balancing techniques, we chose two unbalanced datasets, the Morris power dataset, and CICIDS2017 dataset, including random sampling, one-sided selection (OSS), near-miss, SMOTE, and ADASYN. For binary classification, convolutional neural networks were coupled with long short-term memory (CNN-LSTM). The system's effectiveness was determined by the confusion matrix, which includes evaluation metrics, such as accuracy, precision, detection rate, and F1-score. Four experiments on the two datasets demonstrate the impact of the data imbalance. This research aims to help security researchers in understanding imbalanced datasets and their impact on DL SCADA-IDS.

Li Yuan,Xiongjun Tian,Jiacheng Yuan,Jingyu zhang,Xiaojing Dai,Ali Asghar Heidari,Huiling Chen,Sudan Yu

DOI: https://doi.org/10.1007/s10586-024-04544-x

2024-06-16

Cluster Computing

Abstract:Intrusion detection system (IDS) classify network traffic as either threatening or normal based on data features, aiming to identify malicious activities attempting to compromise computer systems. However, the volume of intrusion-related data is increasing daily, and the redundant features within this data hinder the improvement of IDS classification performance and efficiency. This study introduces a wrapper feature selection model, denoted as bICSRUN-KNN, with Runge–kutta optimization for information-guided communication (ICSRUN) to detect system intrusions. Comparative experiments on the IEEE CEC 2014 benchmark functions demonstrate ICSRUN's superiority over other algorithms. Subsequently, comparative experiments are conducted using 12 UCI datasets, NSL-KDD, ISCX-URL-2016, ISCX-Tor-NonTor-2017, and LUFlow Network, against competing algorithms. Experimental results demonstrate that the bICSRUN-KNN model achieved remarkable accuracy rates of 98.705% and 98.341% in the binary and multiclass contexts of NSL-KDD. For ISCX-URL-2016, ISCX-Tor-NonTor-2017, and LUFlow Network, accuracy rates of 96.107%, 99.772%, and 88.748% are respectively attained.

computer science, information systems, theory & methods

R. S.,Kshirasagar Naik,Omar Elghalhoud,Marzia Zaman

DOI: https://doi.org/10.1109/WCNC55385.2023.10118702

2023-03-01

Abstract:Cyber-security experts often require the help of an automated process that filters and classifies network attacks. To apply specific preventive measures for securing networks, the classification of the attack type is the key. Many Machine Learning (ML) models have been proposed as a base for Network Intrusion Detection (NID) systems. However, their performance varies based on multiple factors. For instance, an ML model fitted on a highly imbalanced dataset can be biased toward over-represented attack types. On the other hand, paying attention only to the ML model’s performance in the minority classes can negatively affect its performance in the majority classes. This paper proposes an NID system that addresses the issue of imbalanced datasets and uses Convolutional Neural Networks (CNN) to classify the different attack types. We compare the performance of our proposed system to other systems that use: Random Over-Sampling (ROS), Synthetic Minority Oversampling TEchnique (SMOTE), Adaptive Synthetic Sampling (ADASYN), and Generative Adversarial Networks (GAN). Using the NSL-KDD and the BoT-IoT datasets for benchmarking, we show that our proposed system performs well in the minority classes: recall scores of 70.50% and 72.08% on the User to Root (U2R) and Remote to Local (R2L) attack classes of the NSL-KDD dataset, respectively, while maintaining an overall False Alarm Rate (FAR) of 6.50% and a recall of 90.46% on the binary classification task. Our proposed system scores a weighted average F1-Score of 99.45% on the multi-class classification task using the BoT-IoT dataset.

Engineering,Computer Science

Shuhan Li,Yi Lin,Hao Chen,Kwang-Ting Cheng

DOI: https://doi.org/10.48550/arXiv.2403.08407

2024-03-13

Computer Vision and Pattern Recognition

Abstract:Accurate and robust classification of diseases is important for proper diagnosis and treatment. However, medical datasets often face challenges related to limited sample sizes and inherent imbalanced distributions, due to difficulties in data collection and variations in disease prevalence across different types. In this paper, we introduce an Iterative Online Image Synthesis (IOIS) framework to address the class imbalance problem in medical image classification. Our framework incorporates two key modules, namely Online Image Synthesis (OIS) and Accuracy Adaptive Sampling (AAS), which collectively target the imbalance classification issue at both the instance level and the class level. The OIS module alleviates the data insufficiency problem by generating representative samples tailored for online training of the classifier. On the other hand, the AAS module dynamically balances the synthesized samples among various classes, targeting those with low training accuracy. To evaluate the effectiveness of our proposed method in addressing imbalanced classification, we conduct experiments on the HAM10000 and APTOS datasets. The results obtained demonstrate the superiority of our approach over state-of-the-art methods as well as the effectiveness of each component. The source code will be released upon acceptance.

Bidyapati Thiyam,Shouvik Dey

DOI: https://doi.org/10.1080/1206212X.2023.2223795

2023-06-16

International Journal of Computers and Applications

Abstract:The ever-growing amount of data generated by modern networks poses significant challenges for intrusion detection systems (IDS) in effectively analyzing and classifying security risks. Therefore, it is crucial to identify the most biased characteristics for building efficient and effective IDS algorithms. However, not all features are equally informative or relevant for intrusion detection. In response to these problems, this study proposes a Hybrid approach that uses traditional and advanced statistical techniques. The proposed method effectively validates the features generated from the hybrid model and set-operation theorem to provide the best optimal subset of features for IDS. Various machine learning methods are used to test the proposed model on three popular IDS datasets: NSL-KDD, UNSW NB15, and CIC-DDoS2019. The experimental findings show that the suggested hybrid technique improves IDS performance effectively and efficiently, providing a viable answer to the issues that intrusion detection systems confront.

Fazila Malik,Qazi Waqas Waqas Khan,Atif Rizwan,Rana Alnashwan,Ghada Atteia

DOI: https://doi.org/10.3390/math12121799

IF: 2.4

2024-06-10

Mathematics

Abstract:Intrusion Detection Systems (IDSs) play a crucial role in safeguarding network infrastructures from cyber threats and ensuring the integrity of highly sensitive data. Conventional IDS technologies, although successful in achieving high levels of accuracy, frequently encounter substantial model bias. This bias is primarily caused by imbalances in the data and the lack of relevance of certain features. This study aims to tackle these challenges by proposing an advanced machine learning (ML) based IDS that minimizes misclassification errors and corrects model bias. As a result, the predictive accuracy and generalizability of the IDS are significantly improved. The proposed system employs advanced feature selection techniques, such as Recursive Feature Elimination (RFE), sequential feature selection (SFS), and statistical feature selection, to refine the input feature set and minimize the impact of non-predictive attributes. In addition, this work incorporates data resampling methods such as Synthetic Minority Oversampling Technique and Edited Nearest Neighbor (SMOTE_ENN), Adaptive Synthetic Sampling (ADASYN), and Synthetic Minority Oversampling Technique–Tomek Links (SMOTE_Tomek) to address class imbalance and improve the accuracy of the model. The experimental results indicate that our proposed model, especially when utilizing the random forest (RF) algorithm, surpasses existing models regarding accuracy, precision, recall, and F Score across different data resampling methods. Using the ADASYN resampling method, the RF model achieves an accuracy of 99.9985% for botnet attacks and 99.9777% for Man-in-the-Middle (MITM) attacks, demonstrating the effectiveness of our approach in dealing with imbalanced data distributions. This research not only improves the abilities of IDS to identify botnet and MITM attacks but also provides a scalable and efficient solution that can be used in other areas where data imbalance is a recurring problem. This work has implications beyond IDS, offering valuable insights into using ML techniques in complex real-world scenarios.

mathematics

Yamarthi Narasimha Rao,Kunda Suresh Babu

DOI: https://doi.org/10.3390/s23010550

2023-01-03

Abstract:In modern networks, a Network Intrusion Detection System (NIDS) is a critical security device for detecting unauthorized activity. The categorization effectiveness for minority classes is limited by the imbalanced class issues connected with the dataset. We propose an Imbalanced Generative Adversarial Network (IGAN) to address the problem of class imbalance by increasing the detection rate of minority classes while maintaining efficiency. To limit the effect of the minimum or maximum value on the overall features, the original data was normalized and one-hot encoded using data preprocessing. To address the issue of the low detection rate of minority attacks caused by the imbalance in the training data, we enrich the minority samples with IGAN. The ensemble of Lenet 5 and Long Short Term Memory (LSTM) is used to classify occurrences that are considered abnormal into various attack categories. The investigational findings demonstrate that the proposed approach outperforms the other deep learning approaches, achieving the best accuracy, precision, recall, TPR, FPR, and F1-score. The findings indicate that IGAN oversampling can enhance the detection rate of minority samples, hence improving overall accuracy. According to the data, the recommended technique valued performance measures far more than alternative approaches. The proposed method is found to achieve above 98% accuracy and classifies various attacks significantly well as compared to other classifiers.

Dewant Katare,David Solans Noguero,Souneil Park,Nicolas Kourtellis,Marijn Janssen,Aaron Yi Ding

2024-05-13

Abstract:The accuracy and fairness of perception systems in autonomous driving are essential, especially for vulnerable road users such as cyclists, pedestrians, and motorcyclists who face significant risks in urban driving environments. While mainstream research primarily enhances class performance metrics, the hidden traits of bias inheritance in the AI models, class imbalances and disparities within the datasets are often overlooked. Our research addresses these issues by investigating class imbalances among vulnerable road users, with a focus on analyzing class distribution, evaluating performance, and assessing bias impact. Utilizing popular CNN models and Vision Transformers (ViTs) with the nuScenes dataset, our performance evaluation indicates detection disparities for underrepresented classes. Compared to related work, we focus on metric-specific and Cost-Sensitive learning for model optimization and bias mitigation, which includes data augmentation and resampling. Using the proposed mitigation approaches, we see improvement in IoU(\%) and NDS(\%) metrics from 71.3 to 75.6 and 80.6 to 83.7 for the CNN model. Similarly, for ViT, we observe improvement in IoU and NDS metrics from 74.9 to 79.2 and 83.8 to 87.1. This research contributes to developing reliable models while enhancing inclusiveness for minority classes in datasets.

Computer Vision and Pattern Recognition

Sanket Mishra,Thangellamudi Anithakumari,Rashmi Sahay,Rajesh Kumar Shrivastava,Sachi Nandan Mohanty,Afzal Hussain Shahid

DOI: https://doi.org/10.1007/s10586-024-04792-x

2024-12-04

Cluster Computing

Abstract:The surge in Internet of Things usage has raised security breaches within the IoT ecosystem. Consequently, there is a pressing need to deploy robust Intrusion Detection Systems (IDSs) to safeguard IoT environments. This paper proposes a framework designed to establish stringent decision boundaries for effective attack detection, leveraging two prevalent datasets: CICIDS2017 and EDGE-IIOT. These datasets exhibit imbalanced class distributions and encompass numerous features with distinct characteristics. To address the class imbalance, the framework employs sampling techniques such as the synthetic minority oversampling technique with a genetic algorithm (GA-SMOTE) and with particle swarm optimization (SMOTE-PSO) along with random undersampling (RUS). The proposed framework utilizes tree-based learning algorithms, Decision Tree, Random Forest, and XGBoost, to identify cyberattacks and associated anomalies within the constrained IoT landscape. Feature selection is performed using the Boruta and WOA algorithms, and pruning algorithms are used to optimize the complexity of the model. The efficacy of the framework is evaluated using standard metrics on both workstations and Raspberry Pi boards to demonstrate its effectiveness on constrained IoT devices. The evaluation results demonstrate that the proposed model achieves a remarkable accuracy of 99.99% in identifying cyberattacks and related anomalies, exceeding the performance of existing baseline models in the CICIDS2017 dataset. It also obtains a high accuracy of 99.5% on EDGE-IIOT dataset. Furthermore, the framework shows promising results in terms of memory usage and execution time, achieving the best performance of 3.07 MB of memory usage and 4.26 s of execution time for the CICIDS2017 dataset and 1.93 MB of memory usage and 4.09 s of execution time for the EDGE-IIOT dataset when implemented on Raspberry Pi boards.

computer science, information systems, theory & methods

Arif Yulianto,Parman Sukarno,Novian Anggis Suwastika

DOI: https://doi.org/10.1088/1742-6596/1192/1/012018

2019-03-01

Journal of Physics: Conference Series

Abstract:This paper considers the use of Synthetic Minority Oversampling Technique (SMOTE), Principal Component Analysis (PCA), and Ensemble Feature Selection (EFS) to improve the performance of AdaBoost-based Intrusion Detection System (IDS) on the latest and challenging CIC IDS 2017 Dataset [1]. Previous research [1] has proposed the use of AdaBoost classifier to cope with the new dataset. However, due to several problems such as imbalance of training data and inappropriate selection of classification methods, the performance is still inferior. In this research, we aim at constructing an improvement performance intrusion detection approach to handle the imbalance of training data, SMOTE is selected to tackle the problem. Moreover, Principal Component Analysis (PCA) and Ensemble Feature Selection (EFS) are applied as the feature selection to select important attributes from the new dataset. The evaluation results show that the proposed AdaBoost classifier using PCA and SMOTE yields Area Under the Receiver Operating Characteristic curve (AUROC) of 92% and the AdaBoost classifier using EFS and SMOTE produces an accuracy, precision, recall, and F1 Score of 81.83 %, 81.83%, 100%, and 90.01% respectively.

English Else

Ayesha Siddiqua Dina,A. B. Siddique,D. Manivannan

DOI: https://doi.org/10.1109/access.2022.3205337

IF: 3.9

2022-09-21

IEEE Access

Abstract:Attacks on computer networks have increased significantly in recent days, due in part to the availability of sophisticated tools for launching such attacks as well as the thriving underground cyber-crime economy to support it. Over the past several years, researchers in academia and industry used machine learning (ML) techniques to design and implement Intrusion Detection Systems (IDSes) for computer networks. Many of these researchers used datasets collected by various organizations to train ML classifiers for detecting intrusions. In many of the datasets used in training ML classifiers in such systems, data are imbalanced (i.e., not all classes had equal number of samples). ML classifiers trained with such imbalanced datasets may produce unsatisfactory results. Traditionally, researchers used over-sampling and under-sampling for balancing data in datasets to overcome this problem. In this work, in addition to random over-sampling, we also used a synthetic data generation method, called Conditional Generative Adversarial Network (CTGAN), to balance data and study their effect on the performance of various widely used ML classifiers. To the best of our knowledge, no one else has used CTGAN to generate synthetic samples to balance intrusion detection datasets. Based on extensive experiments using widely used datasets NSL-KDD and UNSW-NB15, we found that training ML classifiers on datasets balanced with synthetic samples generated by CTGAN increased their prediction accuracy by up to 8% and improved their MCC score by up to 13%, compared to training the same ML classifiers over imbalanced datasets. We also show that this approach consistently performs better than some of the recently proposed state-of-the-art IDSes on both datasets. Our experiments also demonstrate that the accuracy of some ML classifiers trained over datasets balanced with random over-sampling decline compared to the same ML classifiers trained over original imb- lanced dataset.

Taher Al-Shehari,Mohammed Kadrie,Mohammed Nasser Al-Mhiqani,Taha Alfakih,Hussain Alsalman,Mueen Uddin,Syed Sajid Ullah,Abdulhalim Dandoush

DOI: https://doi.org/10.1038/s41598-024-73510-9

2024-10-21

Abstract:Insider threats pose a significant challenge in cybersecurity, demanding advanced detection methods for effective risk mitigation. This paper presents a comparative evaluation of data imbalance addressing techniques for CNN-based insider threat detection. Specifically, we integrate Convolutional Neural Networks (CNN) with three popular data imbalance addressing techniques: Synthetic Minority Over-sampling Technique (SMOTE), Borderline-SMOTE, and Adaptive Synthetic Sampling (ADASYN). The objective is to enhance insider threat detection accuracy and robustness in imbalanced datasets common to cybersecurity domains. Our study addresses the lack of consensus in the literature regarding the superiority of data imbalance addressing techniques in this field. We analyze a human behavior-based dataset (i.e., CERT) that reports users' Information Technology (IT) activities with a substantial number of samples to provide a clear conclusion on the effectiveness of these balancing techniques when coupled with CNN. Experimental results demonstrate that ADASYN, in conjunction with CNN, achieves a ROC curve of 96%, surpassing SMOTE and Borderline-SMOTE in enhancing detection accuracy in imbalanced datasets. We compare the results of these three hybrid models (CNN + imbalance addressing techniques) with state-of-the-art selective studies focusing on ROC, recall, and accuracy measures. Our findings contribute to the advancement of insider threat detection methodologies.

Priyanka Verma,John G. Breslin,Donna O’Shea,Nakul Mehta,Nitesh Bharot,Ankit Vidyarthi

DOI: https://doi.org/10.1109/tce.2023.3319439

2023-01-01

IEEE Transactions on Consumer Electronics

Abstract:In recent years Cyber-Physical Systems (CPS) and Industrial Internet of Things (IIoT) have gained significant attraction; however, it remains a vulnerable target for cyberattacks. Machine learning techniques have garnered interest in security applications due to their rapid processing capabilities and real-time predictions. However, imbalanced data distribution is a prevalent issue in IIoT environments, adversely affecting ML-based attack detection systems. In this work, we present a novel gametic heredity-based oversampling technique for addressing imbalanced data challenges in cybersecurity applications, specifically targeting IIoT systems. The proposed model enhances diversity in the minority classes by generating unique synthetic minority samples, creating diverse synthetic data while restricting instances to the minority class region. The proposed model outperforms complex and conventional methods in terms of precision, recall &amp; F-Score while mitigating over-generalization by evenly distributing newly generated samples within minority class boundaries and regions. To validate the proposed model and verify its efficacy in identifying cyber threats, we used the UNSW-NB15 dataset. Simulation results demonstrate that the proposed model efficiently detects attacks with high performance compared to state-of-the-art techniques. Our research contributes to developing robust &amp; efficient machine learning models for enhancing the security of IIoT systems while handling class imbalance issues.

telecommunications,engineering, electrical & electronic

Arshad Hashmi,Omar M Barukab,Ahmad Hamza Osman

DOI: https://doi.org/10.1371/journal.pone.0302294

IF: 3.7

2024-05-23

PLoS ONE

Abstract:Due to the recent advances in the Internet and communication technologies, network systems and data have evolved rapidly. The emergence of new attacks jeopardizes network security and make it really challenging to detect intrusions. Multiple network attacks by an intruder are unavoidable. Our research targets the critical issue of class imbalance in intrusion detection, a reflection of the real-world scenario where legitimate network activities significantly out number malicious ones. This imbalance can adversely affect the learning process of predictive models, often resulting in high false-negative rates, a major concern in Intrusion Detection Systems (IDS). By focusing on datasets with this imbalance, we aim to develop and refine advanced algorithms and techniques, such as anomaly detection, cost-sensitive learning, and oversampling methods, to effectively handle such disparities. The primary goal is to create models that are highly sensitive to intrusions while minimizing false alarms, an essential aspect of effective IDS. This approach is not only practical for real-world applications but also enhances the theoretical understanding of managing class imbalance in machine learning. Our research, by addressing these significant challenges, is positioned to make substantial contributions to cybersecurity, providing valuable insights and applicable solutions in the fight against digital threats and ensuring robustness and relevance in IDS development. An intrusion detection system (IDS) checks network traffic for security, availability, and being non-shared. Despite the efforts of many researchers, contemporary IDSs still need to further improve detection accuracy, reduce false alarms, and detect new intrusions. The mean convolutional layer (MCL), feature-weighted attention (FWA) learning, a bidirectional long short-term memory (BILSTM) network, and the random forest algorithm are all parts of our unique hybrid model called MCL-FWA-BILSTM. The CNN-MCL layer for feature extraction receives data after preprocessing. After convolution, pooling, and flattening phases, feature vectors are obtained. The BI-LSTM and self-attention feature weights are used in the suggested method to mitigate the effects of class imbalance. The attention layer and the BI-LSTM features are concatenated to create mapped features before feeding them to the random forest algorithm for classification. Our methodology and model performance were validated using NSL-KDD and UNSW-NB-15, two widely available IDS datasets. The suggested model's accuracies on binary and multi-class classification tasks using the NSL-KDD dataset are 99.67% and 99.88%, respectively. The model's binary and multi-class classification accuracies on the UNSW-NB15 dataset are 99.56% and 99.45%, respectively. Further, we compared the suggested approach with other previous machine learning and deep learning models and found it to outperform them in detection rate, FPR, and F-score. For both binary and multiclass classifications, the proposed method reduces false positives while increasing the number of true positives. The model proficiently identifies diverse network intrusions on computer networks and accomplishes its intended purpose. The suggested model will be helpful in a variety of network security research fields and applications.

Anwer Mustafa Hilal,Shaha Al-Otaibi,Hany Mahgoub,Fahd N. Al-Wesabi,Ghadah Aldehim,Abdelwahed Motwakel,Mohammed Rizwanullah,Ishfaq Yaseen

DOI: https://doi.org/10.1007/s10586-022-03628-w

2022-08-19

Cluster Computing

Abstract:A cyber physical system (CPS) is a network of cyber (computation, communication) and physical (sensors, actuators) components which interact with one another in a feedback form with human intervention. CPS authorizes the critical infrastructure and is treated as essential in day to day life as they exist in the basis of future smart devices. The increased exploitation of the CPS results in various threats and becomes a global problem. Therefore, it becomes essential to develop a safe, efficient, and robust CPS for real tine environment. For resolving this problem and accomplish security in CPS environment, intrusion detection system (IDS) can be developed. This study introduces an imbalanced generative adversarial network (IGAN) with optimal kernel extreme learning machine (OKELM), called IGAN-OKELM technique for intrusion detection in CPS environment. The proposed IGAN-OKELM technique mainly aims to address the class imbalance problem and intrusion detection. Besides, the IGAN-OKELM technique involves the IGAN model handling the class imbalance problem by the use of imbalanced data filter and convolution layers to the conventional generative adversarial network (GAN), which generates new instances for minority class labels. Moreover, the OKELM model is applied as a classifier and the optimal parameter tuning of the KELM model is performed by the use of sand piper optimization (SPO) algorithm and thereby improvises the intrusion detection performance. A wide ranging simulation analysis is carried out using benchmark dataset and the results are examined under varying aspects. The experimental results reported the better performance of the IGAN-OKELM technique over the recent state of art approaches interms of different measures.