Mayra Macas,Chunming Wu

DOI: https://doi.org/10.1109/latincom50620.2020.9282324

2020-01-01

Abstract:As the number of cyber-attacks is increasing, cybersecurity is evolving to a key concern for any business. Artificial Intelligence (AI) and Machine Learning (ML) (in particular Deep Learning - DL) can be leveraged as key enabling technologies for cyber-defense, since they can contribute in threat detection and can even provide recommended actions to cyber analysts. A partnership of industry, academia, and government on a global scale is necessary in order to advance the adoption of AI/ML to cybersecurity and create efficient cyber defense systems. In this paper, we are concerned with the investigation of the various deep learning techniques employed for network intrusion detection and we introduce a DL framework for cybersecurity applications.

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

Lijun Zhang,Xingyu Lu,Zhaoqiang Chen,Tianwei Liu,Qun Chen,Zhanhuai Li

DOI: https://doi.org/10.1016/j.neucom.2022.04.061

IF: 6

2022-01-01

Neurocomputing

Abstract:With increasing connectedness, network intrusion has become a critical security concern for modern information systems. The state-of-the-art performance of Network Intrusion Detection (NID) has been achieved by deep learning. Unfortunately, NID remains very challenging, and deep models may still mislabel many activities in real networks. Therefore, there is a need for risk analysis, which aims to know which activities may be mislabeled and why.

Xiangyan Tang,Meizhu Chen,Jieren Cheng,Jinying Xu,Hui Li

DOI: https://doi.org/10.1007/978-3-030-37352-8_52

2019-01-01

Abstract:In the big data environment, the scale of attacks of Distributed Denial of Service (DDoS) continues to expand rapidly. The traditional network situation assessment method cannot effectively evaluate the security situation of DDoS. A security situation assessment method based on deep learning and a security situation assessment model based on neural network are proposed. The model uses convolutional neural network (CNN), back propagation algorithm (BP) and Long Short-Term memory neural network (LSTM) to learn various network security indicators to achieve a comprehensive assessment of the network. The experimental results show that the model can more easily and accurately evaluate the network security status, which is more accurate and flexible than the existing evaluation methods.

Khushnaseeb Roshan,Aasim Zafar,Shiekh Burhan Ul Haque

2023-08-01

Abstract:Network Intrusion Detection System (NIDS) is an essential tool in securing cyberspace from a variety of security risks and unknown cyberattacks. A number of solutions have been implemented for Machine Learning (ML), and Deep Learning (DL) based NIDS. However, all these solutions are vulnerable to adversarial attacks, in which the malicious actor tries to evade or fool the model by injecting adversarial perturbed examples into the system. The main aim of this research work is to study powerful adversarial attack algorithms and their defence method on DL-based NIDS. Fast Gradient Sign Method (FGSM), Jacobian Saliency Map Attack (JSMA), Projected Gradient Descent (PGD) and Carlini & Wagner (C&W) are four powerful adversarial attack methods implemented against the NIDS. As a defence method, Adversarial Training is used to increase the robustness of the NIDS model. The results are summarized in three phases, i.e., 1) before the adversarial attack, 2) after the adversarial attack, and 3) after the adversarial defence. The Canadian Institute for Cybersecurity Intrusion Detection System 2017 (CICIDS-2017) dataset is used for evaluation purposes with various performance measurements like f1-score, accuracy etc.

Cryptography and Security,Artificial Intelligence,Machine Learning

Nickolaos Koroniotis,Nour Moustafa

DOI: https://doi.org/10.48550/arXiv.2005.00722

2020-05-02

Abstract:The popularity of IoT smart things is rising, due to the automation they provide and its effects on productivity. However, it has been proven that IoT devices are vulnerable to both well established and new IoT-specific attack vectors. In this paper, we propose the Particle Deep Framework, a new network forensic framework for IoT networks that utilised Particle Swarm Optimisation to tune the hyperparameters of a deep MLP model and improve its performance. The PDF is trained and validated using Bot-IoT dataset, a contemporary network-traffic dataset that combines normal IoT and non-IoT traffic, with well known botnet-related attacks. Through experimentation, we show that the performance of a deep MLP model is vastly improved, achieving an accuracy of 99.9% and false alarm rate of close to 0%.

Cryptography and Security,Neural and Evolutionary Computing

Surasit Songma,Watcharakorn Netharn,Siriluck Lorpunmanee

DOI: https://doi.org/10.5121/ijcnc.2024.16404

2024-08-15

Abstract:The present research investigates how to improve Network Intrusion Detection Systems (NIDS) by combining Machine Learning (ML) and Deep Learning (DL) techniques, addressing the growing challenge of cybersecurity threats. A thorough process for data preparation, comprising activities like cleaning, normalization, and segmentation into training and testing sets, lays the framework for model training and evaluation. The study uses the CSE-CIC-IDS 2018 and LITNET-2020 datasets to compare ML methods (Decision Trees, Random Forest, XGBoost) and DL models (CNNs, RNNs, DNNs, MLP) against key performance metrics (Accuracy, Precision, Recall, and F1-Score). The Decision Tree model performed better across all measures after being fine-tuned with Enhanced Particle Swarm Optimization (EPSO), demonstrating the model's ability to detect network breaches effectively. The findings highlight EPSO's importance in improving ML classifiers for cybersecurity, proposing a strong framework for NIDS with high precision and dependability. This extensive analysis not only contributes to the cybersecurity arena by providing a road to robust intrusion detection solutions, but it also proposes future approaches for improving ML models to combat the changing landscape of network threats.

Cryptography and Security

Qiang Qiang Chen,Jian Ping Li,Amin Ul Haq,Bless Lord Y Agbley,Arif Hussain,Inayat Khan,Riaz Ullah Khan,Jalaluddin Khan,Ijaz Ali

DOI: https://doi.org/10.1155/2023/9041355

2023-02-20

Abstract:As the network is closely related to people's daily life, network security has become an important factor affecting the physical and mental health of human beings. Network flow classification is the foundation of network security. It is the basis for providing various network services such as network security maintenance, network monitoring, and network quality of service (QoS). Therefore, this field has always been a hot spot of academic and industrial research. Existing studies have shown that through appropriate data preprocessing techniques, machine learning methods can be used to classify network flows, most of which, however, are based on manually and expert-originated feature sets; it is a time-consuming and laborious work. Moreover, only features extracted by a single model can be used in classification tasks, which can easily make the model inefficient and prone to overfitting. In order to solve the abovementioned problems, this study proposes a multimodal automatic analysis framework based on spatial and sequential features. The framework is completely based on the deep learning method and realizes automatic extraction of two types of features, which is very suitable for processing large-flow information; this improves the efficiency of network flow classification. There are two types of frameworks based on pretraining and joint-training, respectively, with analyzing the advantages and disadvantages of them in practice. In terms of evaluation, compared with the previous methods, the experimental results show that the framework has good performance in both accuracy and stability.

Weihong Han,Zhihong Tian,Zizhong Huang,Dongqiu Huang,Yan Jia

DOI: https://doi.org/10.1109/ACCESS.2019.2940822

IF: 3.9

2019-01-01

IEEE Access

Abstract:The wirelessly connected intelligent robot swarms are more vulnerable to be attacked due to their unstable network connection and limited resources, and the consequences of being attacked are more serious than other systems. Therefore, the quantitative assessment of wireless connected intelligent robot swarms network security situation is very important. Factors determining the state of wireless connected intelligent robot swarms network security have characteristics such as mass and diversity, which constantly evolve with time. In fact, network security measurement has multi-level, multi-dimensional, and multi-granularity characteristics. Therefore, properly selecting wireless connected intelligent robot swarms network security measurement parameters and reducing and converging them to quantitative values such that they can enable a true and objective reflection of the network security state is a very challenging problem. However, deep learning is a novel solution to the abovementioned problems; its algorithm gets rid of the dependence on feature engineering and automatically builds a quantitative assessment model of a network security situation with dynamic adjustment as well as self-adaptive and self-learning characteristics. In this study, we propose a quantitative assessment method of wireless connected intelligent robot swarms network security situation based on a convolutional neural network (CNN). Generally, the convolutional layer is used to locally detect and deeply extract features, and the pooling layer is used to rapidly shrink the network scale and highlight the summary features. Using the deep network structure of several hidden layers, the results of quantitative assessment of the network security situation are highly consistent with expert experience. Experimental results show that the quantitative assessment of wireless connected intelligent robot swarms network security situation can be realized by combining the characteristics of a network security index system and CNN. Note that the accuracy rate is 95, and the calculation results are better than those of other deep learning models.

Shaodan Lin,Chen Feng,Tao Jiang,Huasong Jing

DOI: https://doi.org/10.1109/access.2023.3333013

IF: 3.9

2023-12-01

IEEE Access

Abstract:Using deep learning models, we predict information system security indicators and obtain corresponding security evaluation scores. The scores of these predicted security evaluation are used as the input data of regression tree model, and the security grade protection evaluation system is constructed. The model training process involves four different models: VGG19, ResNet-50, XceptionNet, and EfficientNet. Based on the training results, we find that the EfficientNet model consumes fewer computational resources in single detection while achieves a detection accuracy of 99.93%. Subsequently, we apply the CART regression tree to assess the network security posture of 14 commercial systems. The test results of the model show that the mean absolute percentage error(MAPE) is 0.029 and the correlation coefficient is 0.9. These empirical results strongly support the performance of the proposed model and show its significant potential in improving security assessments. With these training results, we gain preliminary insights into the performance of each model and select the EfficientNet model with the best performance for the generation of subsequent security posture evaluation data.Ultimately, the developed security grade protection assessment system provides a reliable and efficient evaluation means for the network security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Omar A. Alzubi,Jafar A. Alzubi,Issa Qiqieh,Ala' M. Al‐Zoubi

DOI: https://doi.org/10.1002/nem.2296

2024-08-20

International Journal of Network Management

Abstract:The sequential deep neural network (SDNN) approach is employed to detect malware in imbalanced datasets effectively. The oversampling technique is applied to balance the dataset and exploration of varying SDNN architectures with different layer and neuron configurations. Performance evaluation metrics are visually represented to determine the optimal SDNN architecture for malware detection in diverse attack scenarios. The Internet of Things has emerged as a significant and influential technology in modern times. IoT presents solutions to reduce the need for human intervention and emphasizes task automation. According to a Cisco report, there were over 14.7 billion IoT devices in 2023. However, as the number of devices and users utilizing this technology grows, so does the potential for security breaches and intrusions. For instance, insecure IoT devices, such as smart home appliances or industrial sensors, can be vulnerable to hacking attempts. Hackers might exploit these vulnerabilities to gain unauthorized access to sensitive data or even control the devices remotely. To address and prevent this issue, this work proposes integrating intrusion detection systems (IDSs) with an artificial neural network (ANN) and a salp swarm algorithm (SSA) to enhance intrusion detection in an IoT environment. The SSA functions as an optimization algorithm that selects optimal networks for the multilayer perceptron (MLP). The proposed approach has been evaluated using three novel benchmarks: Edge‐IIoTset, WUSTL‐IIOT‐2021, and IoTID20. Additionally, various experiments have been conducted to assess the effectiveness of the proposed approach. Additionally, a comparison is made between the proposed approach and several approaches from the literature, particularly SVM combined with various metaheuristic algorithms. Then, identify the most crucial features for each dataset to improve detection performance. The SSA‐MLP outperforms the other algorithms with 88.241%, 93.610%, and 97.698% for Edge‐IIoTset, IoTID20, and WUSTL, respectively.

computer science, information systems,telecommunications

Hongyu Yang,Renyun Zeng,Guangquan Xu,Liang Zhang

DOI: https://doi.org/10.1016/j.asoc.2021.107096

IF: 8.7

2021-04-01

Applied Soft Computing

Abstract:Aiming at the poor performance and flexibility of traditional assessment methods of network security in dealing with a large number of network attack data, this paper proposes a network security situation assessment method based on adversarial deep learning. Firstly, establish the Deep Autoencoder-Deep Neural Network (AEDNN) model based on Deep Autoencoder (DAE) and Deep Neural Network (DNN). Conduct feature learning on the DAE network and apply the DNN network as a network attacks classifier. In the training process, for considering the results of feature learning in DAE, this paper builds an adversarial training process by changing the training weights. Besides, to increase the performance of the model on the minority network attacks, the Under-Over Sampling Weighted (UOSW) algorithm is designed; Finally, conduct model testing and calculate the network security situation value. The compared results of other models show the proposed model is more accurate for identifying network attacks and can evaluate the network situation more comprehensively and flexibly.

computer science, artificial intelligence, interdisciplinary applications

Chongzhen Zhang,Yanli Chen,Yang Meng,Fangming Ruan,Runze Chen,Yidan Li,Yaru Yang

DOI: https://doi.org/10.1155/2021/6610675

IF: 1.968

2021-01-25

Security and Communication Networks

Abstract:Traditional machine learning-based intrusion detection often only considers a single algorithm to identify intrusion data, lack of the flexibility method, low detection rate, no handing high-dimensional data, and cannot solve these problems well. In order to improve the performance of intrusion detection system, a novel general intrusion detection framework was proposed in this paper, which consists of five parts: preprocessing module, autoencoder module, database module, classification module, and feedback module. The data processed by the preprocessing module are compressed by the autoencoder module to obtain a lower-dimensional reconstruction feature, and the classification result is obtained through the classification module. Compressed features of each traffic are stored in the database module which can both provide retraining and testing for the classification module and restore these features to the original traffic for postevent analysis and forensics. For evaluation of the framework performance proposed, simulation was conducted with the CICIDS2017 dataset to the real traffic of the network. As the experimental results, the accuracy of binary classification and multiclass classification is better than previous work, and high-level accuracy was reached for the restored traffic. At the last, the possibility was discussed on applying the proposed framework to edge/fog networks.

computer science, information systems,telecommunications

Yinxing Li

DOI: https://doi.org/10.1088/1742-6596/1648/4/042071

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract With the continuous development of human civilization and the continuous progress of computer technology, computer network has been widely used in our life, which has brought great convenience to people’s production and life. As the computer network plays an increasingly important role in daily life, the security of computer network has been paid more and more attention. Therefore, this paper studies the modeling of computer network security analysis based on deep learning algorithm. Starting from the types, levels and main problems of security needs, this paper analyzes the threats faced by the system equipment, access rights, and the main connection relationship, and makes a visual description of the network threats from the perspective of the purpose of the attack is to enhance higher permissions. The security analysis and modeling work is applied to the security fault tree method of computer system and the attack method of network information system. Through research and analysis, starting from the current state of computer network security, this paper deeply studies the analysis and modeling of computer network security, and realizes the evaluation of current computer network security. The accuracy rate of the proposed method for intrusion detection reaches 91.6%.

Nadia Ansar,Mohammad Sadique Ansari,Mohammad Sharique,Aamina Khatoon,Md Abdul Malik,Md Munir Siddiqui

2024-06-18

Abstract:There have been significant issues given the IoT, with heterogeneity of billions of devices and with a large amount of data. This paper proposed an innovative design of the Internet of Things (IoT) Environment Intrusion Detection System (or IDS) using Deep Learning-integrated Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks. Our model, based on the CICIDS2017 dataset, achieved an accuracy of 99.52% in classifying network traffic as either benign or malicious. The real-time processing capability, scalability, and low false alarm rate in our model surpass some traditional IDS approaches and, therefore, prove successful for application in today's IoT networks. The development and the performance of the model, with possible applications that may extend to other related fields of adaptive learning techniques and cross-domain applicability, are discussed. The research involving deep learning for IoT cybersecurity offers a potent solution for significantly improving network security.

Artificial Intelligence,Cryptography and Security

Saqib Hussain,Jingsha He,Nafei Zhu,Fahad Razaque Mughal,Muhammad Iftikhar Hussain,Abeer D. Algarni,Sadique Ahmad,Mira M. Zarie,Abdelhamied A. Ateya

DOI: https://doi.org/10.1007/s13369-024-09769-x

IF: 2.807

2024-12-04

Arabian Journal for Science and Engineering

Abstract:In the digital transformation era, the Internet of Things (IoT) has become integral, propelling innovation yet exposing cybersecurity vulnerabilities and compromising system integrity. The complexity and diversity of IoT environments render traditional security measures inadequate against the evolving nature of cyber threats, especially those targeting wireless sensor networks (WSNs). This gap underscores the need for solutions that adapt alongside emerging threats to enhance IoT ecosystem resilience. Our research introduces a pioneering intrusion detection system (IDS) combining reinforcement learning (RL) and artificial neural networks (ANNs). Using a Q -learning agent, this system interacts with various IoT datasets to iteratively select and refine attack features for classification, enabling the identification of key representations that increase detection accuracy. The model can effectively identify known and emerging threats through an automated feature selection process and continuous adaptation. Extensive testing demonstrated robust performance under dynamic network conditions, positioning this approach as a scalable and resilient defense for large-scale IoT infrastructures. When tested on real-world IoT datasets across multiple contexts and threats, the proposed model achieved over 99% accuracy while maintaining a false-positive rate of less than 5 %, surpassing existing solutions and establishing a new standard for adaptive cybersecurity.

multidisciplinary sciences

Liu Zhiqiang,Ghulam Mohiuddin,Zheng Jiangbin,Muhammad Asim,Wang Sifei

DOI: https://doi.org/10.1016/j.future.2022.04.024

2022-01-01

Abstract:Nowadays, several kinds of attacks exist in cyberspace, and hence comprehensive research has been implemented to overcome these drawbacks. One such method to provide security in WSN (Wireless sensor network) is Intrusion Detection System. However, the determination of unknown attacks remains a major challenge in the intrusion detection system. Hence, the usage of deep learning methodologies remains to be an active area in cyber security. However, prevailing a deep learning algorithm possesses limitations such as comparatively low accuracy and heavily depends on the manual selection of the features. These problems have been analyzed, and corresponding to the problems, the present study proposed an enhanced empirical-based component analysis to select relevant features. This proposed feature selection model integrates the advantages of both empirical mode decomposition and principal component analysis to retain most of the relevant features. The classification of the attack node with the selected features was performed with LSTM (Long Short Term Memory). The proposed framework validated datasets, namely NSL-KDD, CICIDS 2017, UNSW NB 2015, and KDD99 datasets, compared with the state of art methods. The comparative analysis with the prevailing methods proved the effectiveness of the presented system in terms of performance metrics such as accuracy, F1 score, Recall, FPR, FAR, etc. (c) 2022 Elsevier B.V. All rights reserved.

Jin Yang,Tao Li,Gang Liang,Wenbo He,Yue Zhao

DOI: https://doi.org/10.32604/cmes.2019.04727

2019-01-01

Abstract:Deep Learning presents a critical capability to be geared into environments being constantly changed and ongoing learning dynamic, which is especially relevant in Network Intrusion Detection. In this paper, as enlightened by the theory of Deep Learning Neural Networks, Hierarchy Distributed-Agents Model for Network Risk Evaluation, a newly developed model, is proposed. The architecture taken on by the distributed-agents model are given, as well as the approach of analyzing network intrusion detection using Deep Learning, the mechanism of sharing hyper-parameters to improve the efficiency of learning is presented, and the hierarchical evaluative framework for Network Risk Evaluation of the proposed model is built. Furthermore, to examine the proposed model, a series of experiments were conducted in terms of NSL-KDD datasets. The proposed model was able to differentiate between normal and abnormal network activities with an accuracy of 97.60% on NSL-KDD datasets. As the results acquired from the experiment indicate, the model developed in this paper is characterized by high-speed and high-accuracy processing which shall offer a preferable solution with regard to the Risk Evaluation in Network.

Muhammad Sajid,Kaleem Razzaq Malik,Ahmad Almogren,Tauqeer Safdar Malik,Ali Haider Khan,Jawad Tanveer,Ateeq Ur Rehman

DOI: https://doi.org/10.1186/s13677-024-00685-x

2024-07-18

Journal of Cloud Computing

Abstract:The volume of data transferred across communication infrastructures has recently increased due to technological advancements in cloud computing, the Internet of Things (IoT), and automobile networks. The network systems transmit diverse and heterogeneous data in dispersed environments as communication technology develops. The communications using these networks and daily interactions depend on network security systems to provide secure and reliable information. On the other hand, attackers have increased their efforts to render systems on networks susceptible. An efficient intrusion detection system is essential since technological advancements embark on new kinds of attacks and security limitations. This paper implements a hybrid model for Intrusion Detection (ID) with Machine Learning (ML) and Deep Learning (DL) techniques to tackle these limitations. The proposed model makes use of Extreme Gradient Boosting (XGBoost) and convolutional neural networks (CNN) for feature extraction and then combines each of these with long short-term memory networks (LSTM) for classification. Four benchmark datasets CIC IDS 2017, UNSW NB15, NSL KDD, and WSN DS were used to train the model for binary and multi-class classification. With the increase in feature dimensions, current intrusion detection systems have trouble identifying new threats due to low test accuracy scores. To narrow down each dataset's feature space, XGBoost, and CNN feature selection algorithms are used in this work for each separate model. The experimental findings demonstrate a high detection rate and good accuracy with a relatively low False Acceptance Rate (FAR) to prove the usefulness of the proposed hybrid model.

Mohammad A. Alsharaiah,Mosleh Abualhaj,Laith H. Baniata,Adeeb Al-saaidah,Qasem M. Kharma,Mahran M Al-Zyoud

DOI: https://doi.org/10.5267/j.ijdns.2024.1.007

2024-01-01

International Journal of Data and Network Science

Abstract:With the increasing prevalence of network intrusions, the development of effective network intrusion detection systems (NIDS) has become crucial. In this study, we propose a novel NIDS approach that combines the power of long short-term memory (LSTM) and attention mechanisms to analyze the spatial and temporal features of network traffic data. We utilize the benchmark UNSW-NB15 dataset, which exhibits a diverse distribution of patterns, including a significant disparity in the size of the training and testing sets. Unlike traditional machine learning techniques like support vector machines (SVM) and k-nearest neighbors (KNN) that often struggle with limited feature sets and lower accuracy, our proposed model overcomes these limitations. Notably, existing models applied to this dataset typically require manual feature selection and extraction, which can be time-consuming and less precise. In contrast, our model achieves superior results in binary classification by leveraging the advantages of LSTM and attention mechanisms. Through extensive experiments and evaluations with state-of-the-art ML/DL models, we demonstrate the effectiveness and superiority of our proposed approach. Our findings highlight the potential of combining LSTM and attention mechanisms for enhanced network intrusion detection.