Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

Dr.D.S. John Deva Prasanna,Dr.K. Punitha,Dr.M. Naga Raju,Dr.F. Rahman,Kamlesh Kumar Yadav

DOI: https://doi.org/10.58346/jisis.2024.i3.024

2024-08-30

Abstract:One crucial thing that hackers always do is gather information about the state of networks by breaking into files and systems that are used in defense models. Threats can get into these platforms. Much information is constantly coming into and going out of systems and people. To find potentially harmful security trends, the Intrusion Detection System (IDS) has to look through this growing amount of data. Our surroundings and choices now make it very hard to quickly and correctly find intrusions. To find people who try to get into a communication system without permission, creating an intrusion detection system (IDS) that uses big data techniques to handle large amounts of complex data is essential. This work uses artificial intelligence (AI), which is aware of a vast amount of data, to make an IDS that is very good at dealing with these problems. The study created a unique structure for the Long Short-Term Memory (LSTM) method, which can find complex links and long-lasting patterns in arriving at network traffic data. By using this method, the system can successfully lower the number of false warnings and improve the accuracy of the IDS that was created. Big Data Analysis (BDA) could make the AI methods discussed in this study more useful. These methods are currently slow because they are very complicated. Using these techniques makes running the complicated model go more quickly. The researchers used the tool on the Spark platform for in-depth studies. The NSL-KDD database was used to train for the tests. The results show that the algorithm is better than other IDS systems regarding how often it finds problems, how usually it sets off fake alarms, how accurate it is, how efficiently it works, and how long it takes to train.

Fazal Wahab,Yuhai Zhao,Danish Javeed,Mosleh Hmoud Al-Adhaileh,Shahab Ahmad Almaaytah,Wasiat Khan,Muhammad Shahid Saeed,Rajeev Kumar Shah

DOI: https://doi.org/10.1155/2022/6096289

IF: 3.12

2022-01-01

Computational Intelligence and Neuroscience

Abstract:E-health has grown into a billion-dollar industry in the last decade. Its device's high throughput makes it an obvious target for cyberattacks, and these environments desperately need protection. In this scientific study, we presented an artificial intelligence (AI)-driven software-defined networking (SDN)-enabled intrusion detection system (IDS) to address increasing cyber threats in the E-health and internet of medical things (IoMT) environments. AI's success in various fields, including big data and intrusion detection systems, has prompted us to develop a flexible and cost-effective approach to protect such critical environments from cyberattacks. We present a hybrid model consisting of long short-term memory (LSTM) and gated recurrent unit (GRU). The proposed model was thoroughly evaluated using the publicly available CICDDoS2019 dataset and conventional evaluation measures. Furthermore, for proper validation, the proposed framework is compared with relevant classifiers, such as cu-GRU+ DNN and cu-BLSTM. We have further compared the proposed model with existing literature to prove its efficacy. Lastly, 10-fold cross-validation is also used to verify that our results are unbiased. The proposed approach has bypassed the current literature with extraordinary performance ramifications such as 99.01% accuracy, 99.04% precision, 98.80 percent recall, and 99.12% F1-score.

Ali Alzahrani,Theyazn H. H. Aldhyani

DOI: https://doi.org/10.3390/su15108076

IF: 3.9

2023-05-17

Sustainability

Abstract:Online food security and industrial environments and sustainability-related industries are highly confidential and in urgent need for network traffic analysis to attain proper security information to avoid attacks from anywhere in the world. The integration of cutting-edge technology such as the Internet of things (IoT) has resulted in a gradual increase in the number of vulnerabilities that may be exploited in supervisory control and data acquisition (SCADA) systems. In this research, we present a network intrusion detection system for SCADA networks that is based on deep learning. The goal of this system is to defend ICSs against network-based assaults that are both conventional and SCADA-specific. An empirical evaluation of a number of classification techniques including k-nearest neighbors (KNN), linear discriminant analysis (LDA), random forest (RF), convolution neural network (CNN), and integrated gated recurrent unit (GRU) is reported in this paper. The suggested algorithms were tested on a genuine industrial control system (SCADA), which was known as the WUSTL-IIoT-2018 and WUSTL-IIoT-20121 datasets. SCADA system operators are now able to augment proposed machine learning and deep learning models with site-specific network attack traces as a result of our invention of a re-training method to handle previously unforeseen instances of network attacks. The empirical results, using realistic SCADA traffic datasets, show that the proposed machine learning and deep-learning-based approach is well-suited for network intrusion detection in SCADA systems, achieving high detection accuracy and providing the capability to handle newly emerging threats. The accuracy performance attained by the KNN and RF algorithms was superior and achieved a near-perfect score of 99.99%, whereas the CNN-GRU model scored an accuracy of 99.98% using WUSTL-IIoT-2018. The Rf and GRU algorithms achieved >99.75% using the WUSTL-IIoT-20121 dataset. In addition, a statistical analysis method was developed in order to anticipate the error that exists between the target values and the prediction values. According to the findings of the statistical analysis, the KNN, RF, and CNN-GRU approaches were successful in achieving an R2 > 99%. This was demonstrated by the fact that the approach was able to handle previously unknown threats in the industrial control systems (ICSs) environment.

environmental sciences,environmental studies,green & sustainable science & technology

Ilhan Firat Kilincer,Fatih Ertam,Abdulkadir Sengur

DOI: https://doi.org/10.1016/j.comnet.2021.107840

IF: 5.493

2021-04-01

Computer Networks

Abstract:The increase in internet usage brings security problems with it. Malicious software can affect the operation of the systems and disrupt data confidentiality due to the security gaps in the systems. Intrusion Detection Systems (IDS) have been developed to detect and report attacks. In order to develop IDS systems, artificial intelligence-based approaches have been used more frequently. In this study, literature studies using CSE-CIC IDS-2018, UNSW-NB15, ISCX-2012, NSL-KDD and CIDDS-001 data sets, which are widely used to develop IDS systems, are reviewed in detail. In addition, max-min normalization was performed on these data sets and classification was made with support vector machine (SVM), K-Nearest neighbor (KNN), Decision Tree (DT) algorithms, which are among the classical machine learning approaches. As a result, more successful results have been obtained in some of the studies given in the literature. The study is thought to be useful for developing IDS systems on the basis of artificial intelligence with approaches such as machine learning.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

V. Kanimozhi,T. Prem Jacob

DOI: https://doi.org/10.1016/j.icte.2019.03.003

IF: 4.754

2019-09-01

ICT Express

Abstract:One of the latest emerging technologies is artificial intelligence, which makes the machine mimic human behaviour. The most important component used to detect cyber attacks or malicious activities is the intrusion detection system (IDS). Artificial intelligence plays a vital role in detecting intrusions and widely considered as the better way in adapting and building IDS. In modern days, neural network algorithms are emerging as a new artificial intelligence technique that can be applied to real-time problems. The proposed system is to detect a classification of botnet attack which poses a serious threat to financial sectors and banking services. The proposed system is created by applying artificial intelligence on a realistic cyber defence dataset (CSE-CIC-IDS2018), the latest IDS Dataset in 2018 by Canadian Institute for Cybersecurity (CIC) on AWS (Amazon Web Services).The proposed system of Artificial Neural Networks provides an outstanding performance of Accuracy score is 99.97% and an average area under ROC(Receiver Operator Characteristic) curve is 0.999 and an average False Positive rate is a mere value of 0.03. The proposed system of Artificial Intelligence-based Intrusion detection of botnet attack classification is powerful, more accurate and precise. The novel proposed system can be applied to conventional network traffic analysis, cyber-physical system traffic analysis and also can be applied to the real-time network traffic data analysis.

computer science, information systems,telecommunications

Andrea Pinto,Luis-Carlos Herrera,Yezid Donoso,Jairo A Gutierrez

DOI: https://doi.org/10.3390/s23052415

2023-02-22

Abstract:Industrial control systems (ICSs), supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCSs) are fundamental components of critical infrastructure (CI). CI supports the operation of transportation and health systems, electric and thermal plants, and water treatment facilities, among others. These infrastructures are not insulated anymore, and their connection to fourth industrial revolution technologies has expanded the attack surface. Thus, their protection has become a priority for national security. Cyber-attacks have become more sophisticated and criminals are able to surpass conventional security systems; therefore, attack detection has become a challenging area. Defensive technologies such as intrusion detection systems (IDSs) are a fundamental part of security systems to protect CI. IDSs have incorporated machine learning (ML) techniques that can deal with broader kinds of threats. Nevertheless, the detection of zero-day attacks and having technological resources to implement purposed solutions in the real world are concerns for CI operators. This survey aims to provide a compilation of the state of the art of IDSs that have used ML algorithms to protect CI. It also analyzes the security dataset used to train ML models. Finally, it presents some of the most relevant pieces of research on these topics that have been developed in the last five years.

Aboul Ella Hassanien,Tai-Hoon Kim,Janusz Kacprzyk,Ali Ismail Awad

DOI: https://doi.org/10.1007/978-3-662-43616-5_9

2014-01-01

Abstract:Almost daily we hear news about a security breach somewhere, as hackers are constantly finding new ways to get around even the most complex firewalls and security systems. This turned the security into one of the top research areas. Artificial Immune Systems are techniques inspired by biological immune system-specifically the human immune system-which basic function is to protect the body (system) and defend against attacks of different types. For this reason, many have applied the artificial immune system in the field of network security and intrusion detection. In this chapter, a basic model of a multi-layer system is discussed, along with the basics of artificial immune systems and network intrusion detection. An actual experiment is included, which involved a layer for data preprocessing and feature selection (using Principal Component Analysis), a layer for detectors generation and anomaly detection (Using Genetic Algorithm with Negative Selection Approach), and finally a layer for detected anomalies classification (using decision tree classifiers). The principle interest of this work is to benchmark the performance of the proposed multi-layer IDS system by using NSL-KDD benchmark data set used by IDS researchers. The obtained results of the anomaly detection layer shows that up to 81% of the attacks were successfully detected as attacks. The results of the classification layer demonstrated that naive bayes classifier has better classification accuracy in the case of lower presented attacks such as U2R and R2L, while the J48 decision tree classifier gives high accuracy up to 82% for DoS attacks and 65.4% for probe attacks in the anomaly traffic.

Rafika Saadouni,Amina Khacha,Z. Aliouat,Yasmine Harbi

DOI: https://doi.org/10.1109/ISIA55826.2022.9993487

2022-11-29

Abstract:The internet of things (IoT) is expected to offer a significant impact on the industry domain leading to the concept of industrial IoT (IIoT). The IIoT comprises machine-to-machine (M2M) and communication technologies with data automation and exchange to improve product quality and decrease pro-duction costs. As a consequence, a large amount of data is collected and smartly processed to provide optimal industrial operations. This growing deployment enables adversaries to con-duct potential and destructive cyber-attacks to accomplish their malicious goals. Therefore, intelligent decision-making actions for cyber-attack detection in IIoT are sorely required. To address this challenge, we propose an intrusion detection system (IDS) using deep learning models. Specifically, the proposed system is based on the combination of convolutional neural network (CNN) and long short-term memory (LSTM) that are excellent techniques for intrusion detection and classification due to their ability in classifying main characteristics and their effectiveness in performing faster computations. We adopt the most recent dataset named Edge-IIoTset that contains a real traffic network of IoT and IIoT applications. The proposed model is evaluated in terms of accuracy, precision, false positive rate, and detection cost within binary and multi-class classifications. The obtained results show that our CNN-LSTM model provides better performance and robustness in cyber security intrusion detection for IIoT applications compared to LSTM and traditional machine learning models. Moreover, it outperforms two recent related models in terms of accuracy rate.

Engineering,Computer Science

Cynthia Anthony,Walid Elgenaidi,Muzaffar Rao

DOI: https://doi.org/10.3390/electronics13050809

IF: 2.9

2024-02-20

Electronics

Abstract:This research work highlights significant achievements in the domain of intrusion detection systems (IDSs) for autonomous vehicles, which are crucial in enhancing their safety, reliability, and cybersecurity. This study introduces an approach that leverages non-tree-based machine learning algorithms, such as K-nearest neighbors and ensemble learning, to develop an IDS tailored for autonomous vehicles. These algorithms were employed because of their ability to process complex and large datasets with less likeliness for overfitting, their scalability, and their ability to adapt to changing conditions in real time. These algorithms effectively handle imbalanced data, enhancing the detection accuracy of both normal and intrusive instances. The IDS's performance was validated through the utilization of three real-world datasets, CAN intrusion, CICIDS2017, and NSL-KDD, where the proposed non-tree-based IDS (NTB-MTH-IDS) was measured with the standard measurement metrics: accuracy, precision, F1-score, and recall, including specificity and sensitivity. Notably, the results indicate that K-nearest neighbors and stacking, as part of NTB-MTH-IDS, has an accuracy of 99.00%, 98.57%, and 97.57%, and F1-scores of 99.00%, 98.79%, and 97.54% in the CICIDS2017, NSL-KDD, and CAN datasets, respectively. The results of this research can lead to establishing a robust intrusion detection framework, thereby ensuring the safety and reliability of autonomous vehicles. Through this achievement, road users, passengers, and pedestrians are safeguarded against the consequences of potential cyber threats.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mohammed Saeed Alzahrani,Fawaz Waselallah Alsaade

DOI: https://doi.org/10.1155/2022/4705325

2022-03-18

Abstract:The Internet plays a fundamental part in relentless correspondence, so its applicability can decrease the impact of intrusions. Intrusions are defined as movements that unfavorably influence the focus of a computer. Intrusions may sacrifice the reputability, integrity, privacy, and accessibility of the assets attacked. A computer security system will be traded off when an intrusion happens. The novelty of the proposed intelligent cybersecurity system is its ability to protect Internet of Things (IoT) devices and any networks from incoming attacks. In this research, various machine learning and deep learning algorithms, namely, the quantum support vector machine (QSVM), k-nearest neighbor (KNN), linear discriminant and quadratic discriminant long short-term memory (LSTM), and autoencoder algorithms, were applied to detect attacks from signature databases. The correlation method was used to select important network features by finding the features with a high-percentage relationship between the dataset features and classes. As a result, nine features were selected. A one-hot encoding method was applied to convert the categorical features into numerical features. The validation of the system was verified by employing the benchmark KDD Cup database. Statistical analysis methods were applied to evaluate the results of the proposed study. Binary and multiple classifications were conducted to classify the normal and attack packets. Experimental results demonstrated that KNN and LSTM algorithms achieved better classification performance for developing intrusion detection systems; the accuracy of KNN and LSTM algorithms for binary classification was 98.55% and 97.28%, whereas the KNN and LSTM attained a high accuracy for multiple classification (98.28% and 970.7%). Finally, the KNN and LSTM algorithms are fitting-based intrusion detection systems.

Bakht Sher Ali,Inam Ullah,Tamara Al Shloul,Izhar Ahmed Khan,Ijaz Khan,Yazeed Yasin Ghadi,Akmalbek Abdusalomov,Rashid Nasimov,Khmaies Ouahada,Habib Hamam

DOI: https://doi.org/10.1007/s11227-023-05764-5

2024-01-01

Abstract:The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant destructive impact of viruses such as Slammer, worms, Stuxnet, Duqu, Seismic Net, and Flame on critical infrastructures in various countries. The key challenge is constructing the intrusion detection system (IDS) framework to deal with imbalanced datasets. Many researchers work especially on binary classification, but multi-classification is a more challenging and still active research area. To deal with the multi-class imbalanced classification problem, we outline an instance-based intrusion detection technique named ICS-IDS, for intrusion detection in ICS systems specific to SCADA networks. The developed technique consists of two core components, the data preparation component, and the detection component. The data preparation component uses the normalization, Fisher Discriminant Analysis, and k-neighbor’s method to scale the data, reduce the dimensionality, and resample the dataset, respectively. To learn the latent representations and discern harmful vectors from attacked data, the detection/recognition component leverages an efficient instance-based learner. The proposed ICS-IDS model outperforms existing attractive methods in detecting sophisticated attack vectors in ICS data, achieving 99% accuracy and 99% detection rates (DR) on an industrial network dataset. This proves the methodology's practicality for implementing security in real-world ICS networks.

Haiyan Xuan,Mohith Manohar

2023-12-04

Abstract:As Artificial Intelligence (AI) technologies continue to gain traction in the modern-day world, they ultimately pose an immediate threat to current cybersecurity systems via exploitative methods. Prompt engineering is a relatively new field that explores various prompt designs that can hijack large language models (LLMs). If used by an unethical attacker, it can enable an AI system to offer malicious insights and code to them. In this paper, an enhanced intrusion detection system (IDS) that utilizes machine learning (ML) and hyperparameter tuning is explored, which can improve a model's performance in terms of accuracy and efficacy. Ultimately, this improved system can be used to combat the attacks made by unethical hackers. A standard IDS is solely configured with pre-configured rules and patterns; however, with the utilization of machine learning, implicit and different patterns can be generated through the models' hyperparameter settings and parameters. In addition, the IDS will be equipped with multiple datasets so that the accuracy of the models improves. We evaluate the performance of multiple ML models and their respective hyperparameter settings through various metrics to compare their results to other models and past research work. The results of the proposed multi-dataset integration method yielded an accuracy score of 99.9% when equipped with the XGBoost and random forest classifiers and RandomizedSearchCV hyperparameter technique.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Afrah Gueriani,Hamza Kheddar,Ahmed Cherif Mazari

DOI: https://doi.org/10.1109/IC2EM59347.2023.10419560

2024-05-30

Abstract:The rise of new complex attacks scenarios in Internet of things (IoT) environments necessitate more advanced and intelligent cyber defense techniques such as various Intrusion Detection Systems (IDSs) which are responsible for detecting and mitigating malicious activities in IoT networks without human intervention. To address this issue, deep reinforcement learning (DRL) has been proposed in recent years, to automatically tackle intrusions/attacks. In this paper, a comprehensive survey of DRL-based IDS on IoT is presented. Furthermore, in this survey, the state-of-the-art DRL-based IDS methods have been classified into five categories including wireless sensor network (WSN), deep Q-network (DQN), healthcare, hybrid, and other techniques. In addition, the most crucial performance metrics, namely accuracy, recall, precision, false negative rate (FNR), false positive rate (FPR), and F-measure, are detailed, in order to evaluate the performance of each proposed method. The paper provides a summary of datasets utilized in the studies as well.

Cryptography and Security

Hind Ali abdul Hassan

DOI: https://doi.org/10.52783/jes.2292

2024-04-01

Abstract:The proliferation of Internet users has coincided with a commensurate increase in the amount of very important, sensitive, and private information being transferred across the Internet. Malicious actors are increasingly targeting networks to breach them and obtain illegal access to critical information since this trend has revealed holes in security systems. In addition to endangering the privacy of the data concerned, these breaches disrupt the smooth functioning of systems. Therefore, in light of these dangers, intrusion detection systems (IDSs) are now an essential part of any cybersecurity program. The goal of these systems is to detect and report any suspicious activity by constantly monitoring and analyzing network traffic. Numerous review articles have investigated various methods for network intrusion detection. To improve detection accuracy while keeping computing efficiency high, this survey study investigates lightweight deep learning techniques for intrusion detection systems. These techniques include pruning, quantization, clustering, and collaborative optimization. This study analyzes five different types of new real-world traffic datasets (i.e., CSE-CIC- IDS2018, NSL-KDD, Bot-IoT, ToN IoT Network, and UNSW-NB15) and evaluates the performance of several machine learning and deep learning techniques. This survey provides metrics for measuring the accuracy of intrusion detection across various systems, which may be used to assess performance.

Esra Altulaihan,Mohammed Amin Almaiah,Ahmed Aljughaiman

DOI: https://doi.org/10.3390/s24020713

IF: 3.9

2024-01-23

Sensors

Abstract:Widespread and ever-increasing cybersecurity attacks against Internet of Things (IoT) systems are causing a wide range of problems for individuals and organizations. The IoT is self-configuring and open, making it vulnerable to insider and outsider attacks. In the IoT, devices are designed to self-configure, enabling them to connect to networks autonomously without extensive manual configuration. By using various protocols, technologies, and automated processes, self-configuring IoT devices are able to seamlessly connect to networks, discover services, and adapt their configurations without requiring manual intervention or setup. Users' security and privacy may be compromised by attackers seeking to obtain access to their personal information, create monetary losses, and spy on them. A Denial of Service (DoS) attack is one of the most devastating attacks against IoT systems because it prevents legitimate users from accessing services. A cyberattack of this type can significantly damage IoT services and smart environment applications in an IoT network. As a result, securing IoT systems has become an increasingly significant concern. Therefore, in this study, we propose an IDS defense mechanism to improve the security of IoT networks against DoS attacks using anomaly detection and machine learning (ML). Anomaly detection is used in the proposed IDS to continuously monitor network traffic for deviations from normal profiles. For that purpose, we used four types of supervised classifier algorithms, namely, Decision Tree (DT), Random Forest (RF), K Nearest Neighbor (kNN), and Support Vector Machine (SVM). In addition, we utilized two types of feature selection algorithms, the Correlation-based Feature Selection (CFS) algorithm and the Genetic Algorithm (GA) and compared their performances. We also utilized the IoTID20 dataset, one of the most recent for detecting anomalous activity in IoT networks, to train our model. The best performances were obtained with DT and RF classifiers when they were trained with features selected by GA. However, other metrics, such as training and testing times, showed that DT was superior.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Saqib Hussain,Jingsha He,Nafei Zhu,Fahad Razaque Mughal,Muhammad Iftikhar Hussain,Abeer D. Algarni,Sadique Ahmad,Mira M. Zarie,Abdelhamied A. Ateya

DOI: https://doi.org/10.1007/s13369-024-09769-x

IF: 2.807

2024-12-04

Arabian Journal for Science and Engineering

Abstract:In the digital transformation era, the Internet of Things (IoT) has become integral, propelling innovation yet exposing cybersecurity vulnerabilities and compromising system integrity. The complexity and diversity of IoT environments render traditional security measures inadequate against the evolving nature of cyber threats, especially those targeting wireless sensor networks (WSNs). This gap underscores the need for solutions that adapt alongside emerging threats to enhance IoT ecosystem resilience. Our research introduces a pioneering intrusion detection system (IDS) combining reinforcement learning (RL) and artificial neural networks (ANNs). Using a Q -learning agent, this system interacts with various IoT datasets to iteratively select and refine attack features for classification, enabling the identification of key representations that increase detection accuracy. The model can effectively identify known and emerging threats through an automated feature selection process and continuous adaptation. Extensive testing demonstrated robust performance under dynamic network conditions, positioning this approach as a scalable and resilient defense for large-scale IoT infrastructures. When tested on real-world IoT datasets across multiple contexts and threats, the proposed model achieved over 99% accuracy while maintaining a false-positive rate of less than 5 %, surpassing existing solutions and establishing a new standard for adaptive cybersecurity.

multidisciplinary sciences

Mujaheed Abdullahi,Yahia Baashar,Hitham Alhussian,Ayed Alwadain,Norshakirah Aziz,Luiz Fernando Capretz,Said Jadid Abdulkadir

DOI: https://doi.org/10.3390/electronics11020198

IF: 2.9

2022-01-10

Electronics

Abstract:In recent years, technology has advanced to the fourth industrial revolution (Industry 4.0), where the Internet of things (IoTs), fog computing, computer security, and cyberattacks have evolved exponentially on a large scale. The rapid development of IoT devices and networks in various forms generate enormous amounts of data which in turn demand careful authentication and security. Artificial intelligence (AI) is considered one of the most promising methods for addressing cybersecurity threats and providing security. In this study, we present a systematic literature review (SLR) that categorize, map and survey the existing literature on AI methods used to detect cybersecurity attacks in the IoT environment. The scope of this SLR includes an in-depth investigation on most AI trending techniques in cybersecurity and state-of-art solutions. A systematic search was performed on various electronic databases (SCOPUS, Science Direct, IEEE Xplore, Web of Science, ACM, and MDPI). Out of the identified records, 80 studies published between 2016 and 2021 were selected, surveyed and carefully assessed. This review has explored deep learning (DL) and machine learning (ML) techniques used in IoT security, and their effectiveness in detecting attacks. However, several studies have proposed smart intrusion detection systems (IDS) with intelligent architectural frameworks using AI to overcome the existing security and privacy challenges. It is found that support vector machines (SVM) and random forest (RF) are among the most used methods, due to high accuracy detection another reason may be efficient memory. In addition, other methods also provide better performance such as extreme gradient boosting (XGBoost), neural networks (NN) and recurrent neural networks (RNN). This analysis also provides an insight into the AI roadmap to detect threats based on attack categories. Finally, we present recommendations for potential future investigations.

engineering, electrical & electronic,computer science, information systems,physics, applied

Moutaz Alazab,Albara Awajan,Hadeel Alazzam,Mohammad Wedyan,Bandar Alshawi,Ryan Alturki

DOI: https://doi.org/10.3390/s24072188

IF: 3.9

2024-03-30

Sensors

Abstract:The Internet of Things (IoT) is the underlying technology that has enabled connecting daily apparatus to the Internet and enjoying the facilities of smart services. IoT marketing is experiencing an impressive 16.7% growth rate and is a nearly USD 300.3 billion market. These eye-catching figures have made it an attractive playground for cybercriminals. IoT devices are built using resource-constrained architecture to offer compact sizes and competitive prices. As a result, integrating sophisticated cybersecurity features is beyond the scope of the computational capabilities of IoT. All of these have contributed to a surge in IoT intrusion. This paper presents an LSTM-based Intrusion Detection System (IDS) with a Dynamic Access Control (DAC) algorithm that not only detects but also defends against intrusion. This novel approach has achieved an impressive 97.16% validation accuracy. Unlike most of the IDSs, the model of the proposed IDS has been selected and optimized through mathematical analysis. Additionally, it boasts the ability to identify a wider range of threats (14 to be exact) compared to other IDS solutions, translating to enhanced security. Furthermore, it has been fine-tuned to strike a balance between accurately flagging threats and minimizing false alarms. Its impressive performance metrics (precision, recall, and F1 score all hovering around 97%) showcase the potential of this innovative IDS to elevate IoT security. The proposed IDS boasts an impressive detection rate, exceeding 98%. This high accuracy instills confidence in its reliability. Furthermore, its lightning-fast response time, averaging under 1.2 s, positions it among the fastest intrusion detection systems available.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Muhammad Zawad Mahmud,Samiha Islam,Shahran Rahman Alve,Al Jubayer Pial

2024-12-04

Abstract:An application of software known as an Intrusion Detection System (IDS) employs machine algorithms to identify network intrusions. Selective logging, safeguarding privacy, reputation-based defense against numerous attacks, and dynamic response to threats are a few of the problems that intrusion identification is used to solve. The biological system known as IoT has seen a rapid increase in high dimensionality and information traffic. Self-protective mechanisms like intrusion detection systems (IDSs) are essential for defending against a variety of attacks. On the other hand, the functional and physical diversity of IoT IDS systems causes significant issues. These attributes make it troublesome and unrealistic to completely use all IoT elements and properties for IDS self-security. For peculiarity-based IDS, this study proposes and implements a novel component selection and extraction strategy (our strategy). A five-ML algorithm model-based IDS for machine learning-based networks with proper hyperparamater tuning is presented in this paper by examining how the most popular feature selection methods and classifiers are combined, such as K-Nearest Neighbors (KNN) Classifier, Decision Tree (DT) Classifier, Random Forest (RF) Classifier, Gradient Boosting Classifier, and Ada Boost Classifier. The Random Forest (RF) classifier had the highest accuracy of 99.39%. The K-Nearest Neighbor (KNN) classifier exhibited the lowest performance among the evaluated models, achieving an accuracy of 94.84%. This study's models have a significantly higher performance rate than those used in previous studies, indicating that they are more reliable.

Cryptography and Security,Machine Learning