Anselme R. Affane M.,Hassan Satori,Youssef Boutazart,Abderahim Ezzine,Khalid Satori

DOI: https://doi.org/10.1007/s11277-024-10999-3

IF: 2.017

2024-05-18

Wireless Personal Communications

Abstract:The progress of Wireless Sensor Networks (WSNs) technologies has introduced a greater susceptibility of sensors and networks to being victims of distributed attacks. These attacks include various malicious activities such as intrusions during routing processes, data intercepting and other disruptive actions. In response to this increasing security challenge, numerous models for attack identification have been proposed. These models typically involve the deployment of detection systems that collect sensor data and employ machine learning and artificial intelligence techniques to categorize them. This research introduces a novel method for the analysis and classification of WSN datasets. The primary objective is to develop an anomaly identification approach that enhances sensor network security and operational efficiency with a good degree of accuracy. To achieve this goal, artificial intelligence method based-on stochastic models are used to create a detection system that learns from existing routing data to identify potential malicious network entries. The proposed approach relies on the principles of the Hidden Markov Model (HMM) and the Gaussian Mixture Model (GMM), a part of artificial intelligence stochastic functions, which incorporate predictive assumptions. In addition, dimensionality reduction is used to select the most pertinent routing features for the training of the system. To assess the effectiveness of our proposed approach, we performed experiments using a custom dataset that represents various network scenarios, including both normal and attacked states. The results demonstrate the performance of the model, achieving a classification score of 92. 18% when using a combination of two HMM and three GMM in the classifier. The proposed method attains a 98% precision value and 95% accuracy, better than performances of SVM, NB, DT and RF methods. This highlights the efficacy of our proposed approach compared to existing research.

telecommunications

DOI: https://doi.org/10.1007/s13042-024-02147-x

2024-05-14

International Journal of Machine Learning and Cybernetics

Abstract:The Internet of Things (IoT) connects billions of devices. However, because of its heterogeneous system and broad connectivity, it is vulnerable to various intrusion challenges, resulting in data and financial loss. The IoT environment must be secured from such threats. This research proposes an SDN-enabled Deep-Learning-Driven System for IoT intrusion detection. Intrusion detection can detect unknown threats from network traffic and is a good network security measure. Most current network anomaly detection approaches use standard machine learning models like KNN and SVM. These approaches have some significant advantages, but they are not very accurate and rely on manual traffic design, which is outmoded in the age of big data. Our proposed Hybrid Deep Learning-based Intrusion Detection System (HDLIDS) addresses low accuracy and feature engineering issues. HDLIDS uses a novel Modified Hybrid Deep Belief Network with Weights (MHDBN-W) algorithm to detect existing and new cyberattacks. The MHDBN-W method consists of an MCL, a layer combining the MGBRBM and DNN-W algorithms, and an aggregator layer. The MHDBN-W technique has two phases: UL and SL of traffic features into normal and abnormal classes. The HDLIDS model is evaluated on the CICIDS2018 dataset compared to other conventional learning methods. It outperforms all other models in all performance criteria.

computer science, artificial intelligence

Suguna Marappan,Bhavadharini Murugeshan,C. U. Om Kumar,V. Mercy Rajaselvi Beaulah

DOI: https://doi.org/10.1007/s11277-022-10155-9

IF: 2.017

2022-12-25

Wireless Personal Communications

Abstract:In communication and information technology, the Internet of Things (IoT) creates an enormous amount of data traffic that permits data analysis to expose and detect unusual network load and hidden trends. There are different existing DL (Deep Learning) classification methods applied for IDM (Intrusion Detection Model) detection, but it has some limitations, such as being difficult for security and more complex. In order to overcome these problems, the proposed work used the DL based RK.CNN-MMBO (Recurrent Kernel Convolution Neural Network-Modified Monarch Butterfly Optimization) model to identify the attacks in the network. In the pre-processing stage, the data are pre-processed by min_max normalization. After pre-processing, the optimal features are selected by the IBRO (Improved Battle Royale Optimization) algorithm. Then the selected features are classified using the DL classifier RKCNN (Recurrent kernel convolutional neural network). Moreover, MMBO (Modified Monarch Butterfly Optimization) improves the classifier's performance in attack detection. The proposed work used two different types of datasets for experimental validation, N-BaIoT and CICIDS-2017. The proposed IDM classification using the N-BaIoT dataset with the RKCNN-MMBO model attains the accuracy of (99.96%), and the CICIDS-2017 dataset with the RKCNN-MMBO model obtains the accuracy value of (99.95%). The proposed RKCNN-MMBO classifier model obtained higher accuracy in the detection of IDM than other methods.

telecommunications

Vijay Prakash Sharma,Narendra Singh Yadav,Sundar Suhrith Adavi,D. Sikha Datta Reddy,Brij B. Gupta

DOI: https://doi.org/10.47974/jdmsc-1737

2023-01-01

Abstract:Today, almost 90% of the technology in usage is linked with IoT (Internet of Things). which brings the question, what is IoT? Internet of things is a system of co-related computers, electronic devices, and objects. IoT essentially controls almost every online service which we avail without human -to-human interaction. An IDS is a hardware or software system that automatically monitors, identifies, and alerts a computer or network against attacks and intrusions. The proposed hybrid model makes use of genetic algorithm with UNSW NB-15 dataset which contains multiple classes of attack to provide a huge variety of attacks which will help to simulate different kinds of attack which will help train the model better. We have used CNN and LSTM model for extracting features. By detecting the attacks quickly, we can identify potential intruders and limit the damage. Feature selection and classification have been performed using Generic algorithm. This hybrid model helps to check whether the alert is an attack or not, if yes what kind of attack is it. the proposed Hybrid model works better than a conventional intrusion detection system, we got 99.38% accuracy from this model.

S. Balaji,S. Sankara Narayanan

DOI: https://doi.org/10.1007/s11276-022-03182-8

IF: 2.701

2022-11-25

Wireless Networks

Abstract:The Internet of Things (IoT) intelligently facilitates individuals interacting with the real-world applications which forms smart environment through internet connectivity at anywhere anytime (dynamic in nature), the devices in an IoT environment encounters several security threats. To overcome these security challenges numerous state of art approaches have been implemented to ensure the security of IoT appliances, but still innovative methods are desirable. The traditional Machine learning (ML) integrates with deep learning algorithm exhibits a potential of detecting abnormal intrusion patterns by formulating a seamless option for anomaly-based detection. This work proposed a Dynamic Distributed—Generative Adversarial Network (DD-GAN) with Improved Firefly Optimization- Hybrid Deep Learning based Convolutional Neural Network -Adaptive Neuro-Fuzzy Inference System (IFFO-HDLCNN + ANFIS) that takes gain of IoT's power, offers enhanced behavior for efficiently examining the entire traffic which traverses in the IoT. Initially, Synthetic Minority Over-sampling Technique (SMOTE) is engaged for pre-processing of data and then Modified Principal Component Analysis (MPCA) is being applied for feature reduction. The optimal features are selected through the Improve Firefly Optimization (IFFO) for optimum fitness value to enhance the classification accuracy of HDLCNN. Finally the intrusion detection is carried out by HDLCNN + ANFIS model, which is competent in detecting threats. The experimental results have proven that model demonstrates ability to perceive any kind of probable intrusion and anomalous behavior. In comparison to existing methods, the suggested IFFO-HDLCNN + ANFIS algorithm delivers improved intrusion detection performance regarding higher accuracy, precision, recall, f-measure, reduced False Positive Rate (FPR).

computer science, information systems,telecommunications,engineering, electrical & electronic

Dr. S. Smys,Dr. Haoxiang Wang,Dr. Abul Basar

DOI: https://doi.org/10.36548/JISMAC.2020.4.002

2020-09-30

DECEMBER

Abstract:Internet of things (IoT) is a promising solution to connect and access every device through internet. Every day the device count increases with large diversity in shape, size, usage and complexity. Since IoT drive the world and changes people lives with its wide range of services and applications. However, IoT provides numerous services through applications, it faces severe security issues and vulnerable to attacks such as sinkhole attack, eaves dropping, denial of service attacks, etc., Intrusion detection system is used to detect such attacks when the network security is breached. This research work proposed an intrusion detection system for IoT network and detect different types of attacks based on hybrid convolutional neural network model. Proposed model is suitable for wide range of IoT applications. Proposed research work is validated and compared with conventional machine learning and deep learning model. Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network.

Computer Science,Engineering

Adel Binbusayyis,Haya Alaskar,Thavavel Vaiyapuri,M Dinesh

DOI: https://doi.org/10.1007/s11227-022-04568-3

Abstract:Internet of Medical Things (IoMT) is network of interconnected medical devices (smart watches, pace makers, prosthetics, glucometer, etc.), software applications, and health systems and services. IoMT has successfully addressed many old healthcare problems. But it comes with its drawbacks essentially with patient's information privacy and security related issues that comes from IoMT architecture. Using obsolete systems can bring security vulnerabilities and draw attacker's attention emphasizing the need for effective solution to secure and protect the data traffic in IoMT network. Recently, intrusion detection system (IDS) is regarded as an essential security solution for protecting IoMT network. In the past decades, machines learning (ML) algorithms have demonstrated breakthrough results in the field of intrusion detection. Notwithstanding, to our knowledge, there is no work that investigates the power of machines learning algorithms for intrusion detection in IoMT network. This paper aims to fill this gap of knowledge investigating the application of different ML algorithms for intrusion detection in IoMT network. The investigation analysis includes ML algorithms such as K-nearest neighbor, Naïve Bayes, support vector machine, artificial neural network and decision tree. The benchmark dataset, Bot-IoT which is publicly available with comprehensive set of attacks was used to train and test the effectiveness of all ML models considered for investigation. Also, we used comprehensive set of evaluation metrics to compare the power of ML algorithms with regard to their detection accuracy for intrusion in IoMT networks. The outcome of the analysis provides a promising path to identify the best the machine learning approach can be used for building effective IDS that can safeguard IoMT network against malicious activities.

Roy, Kaushik,Kelly, John,Olusola, Odeyomi

DOI: https://doi.org/10.1007/s43926-023-00034-5

2023-05-31

Discover Internet of Things

Abstract:Internet-of-Things (IoT) connects various physical objects through the Internet and it has a wide application, such as in transportation, military, healthcare, agriculture, and many more. Those applications are increasingly popular because they address real-time problems. In contrast, the use of transmission and communication protocols has raised serious security concerns for IoT devices, and traditional methods such as signature and rule-based methods are inefficient for securing these devices. Hence, identifying network traffic behavior and mitigating cyber attacks are important in IoT to provide guaranteed network security. Therefore, we develop an Intrusion Detection System (IDS) based on a deep learning model called Pearson-Correlation Coefficient - Convolutional Neural Networks (PCC-CNN) to detect network anomalies. The PCC-CNN model combines the important features obtained from the linear-based extractions followed by the Convolutional Neural Network. It performs a binary classification for anomaly detection and also a multiclass classification for various types of attacks. The model is evaluated on three publicly available datasets: NSL-KDD, CICIDS-2017, and IOTID20. We first train and test five different (Logistic Regression, Linear Discriminant Analysis, K Nearest Neighbour, Classification and Regression Tree,& Support Vector Machine) PCC-based Machine Learning models to evaluate the model performance. We achieve the best similar accuracy from the KNN and CART model of 98%, 99%, and 98%, respectively, on the three datasets. On the other hand, we achieve a promising performance with a better detection accuracy of 99.89% and with a low misclassification rate of 0.001 with our proposed PCC-CNN model. The integrated model is promising, with a misclassification rate (or False alarm rate) of 0.02, 0.02, and 0.00 with Binary and Multiclass intrusion detection classifiers. Finally, we compare and discuss our PCC-CNN model in comparison to five traditional PCC-ML models. Our proposed Deep Learning (DL)-based IDS outperforms traditional methods.

Sushil Shakya,Robert Abbas

2024-11-08

Abstract:This paper presents the detection of DDoS attacks in IoT networks using machine learning models. Their rapid growth has made them highly susceptible to various forms of cyberattacks, many of whose security procedures are implemented in an irregular manner. It evaluates the efficacy of different machine learning models, such as XGBoost, K-Nearest Neighbours, Stochastic Gradient Descent, and Naïve Bayes, in detecting DDoS attacks from normal network traffic. Each model has been explained on several performance metrics, such as accuracy, precision, recall, and F1-score to understand the suitability of each model in real-time detection and response against DDoS threats. This comparative analysis will, therefore, enumerate the unique strengths and weaknesses of each model with respect to the IoT environments that are dynamic and hence moving in nature. The effectiveness of these models is analyzed, showing how machine learning can greatly enhance IoT security frameworks, offering adaptive, efficient, and reliable DDoS detection capabilities. These findings have shown the potential of machine learning in addressing the pressing need for robust IoT security solutions that can mitigate modern cyber threats and assure network integrity.

Cryptography and Security,Machine Learning

Sidra Abbas,Shtwai Alsubai,Stephen Ojo,Gabriel Avelino Sampedro,Ahmad Almadhor,Abdullah Al Hejaili,Imen Bouazzi,Abbas, Sidra,Ojo, Stephen,Sampedro, Gabriel Avelino

DOI: https://doi.org/10.1007/s11227-024-05993-2

IF: 3.3

2024-03-10

The Journal of Supercomputing

Abstract:The rapid growth of Internet of Things (IoT) devices has changed human interactions with the environment. IoT networks require specialized defense strategies distinct from traditional corporate contexts. Security measures such as anti-malware software, firewalls, authentication protocols, and encryption techniques are established but face limitations against evolving attack strategies. Therefore, this study proposes an intrusion detection approach for a realistic IoT environment, employing various variants of deep learning models such as deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs). The research tested three variants for each model: DNN1, DNN2, DNN3, CNN1, CNN2, CNN3, RNN1, RNN2, RNN3 . All these variants are customized and tuned differently to analyze the efficacy of the suggested methodology. Likewise, notable observation highlights the significance of aligning training and validation accuracy curves that indicate controlled overfitting, validating the model's reliability in accurately predicting intrusion and benign network traffic in IoT settings. Results reveal that RNN1 achieves the best results: accuracy of 98.61%, precision of 98.55%, recall of 98.61%, and F1-score of 98.57% compared with other DNN and CNN architectures and benchmark papers. This study advances intrusion detection within IoT networks through a comprehensive evaluation of deep learning models and inspires ongoing research to enhance intrusion detection systems' resilience in dynamic IoT environments.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Ankita Sharma,Shalli Rani,Maha Driss

DOI: https://doi.org/10.1371/journal.pone.0308206

IF: 3.7

2024-09-12

PLoS ONE

Abstract:In response to the rapidly evolving threat landscape in network security, this paper proposes an Evolutionary Machine Learning Algorithm designed for robust intrusion detection. We specifically address challenges such as adaptability to new threats and scalability across diverse network environments. Our approach is validated using two distinct datasets: BoT-IoT, reflecting a range of IoT-specific attacks, and UNSW-NB15, offering a broader context of network intrusion scenarios using GA based hybrid DT-SVM. This selection facilitates a comprehensive evaluation of the algorithm's effectiveness across varying attack vectors. Performance metrics including accuracy, recall, and false positive rates are meticulously chosen to demonstrate the algorithm's capability to accurately identify and adapt to both known and novel threats, thereby substantiating the algorithm's potential as a scalable and adaptable security solution. This study aims to advance the development of intrusion detection systems that are not only reactive but also preemptively adaptive to emerging cyber threats." During the feature selection step, a GA is used to discover and preserve the most relevant characteristics from the dataset by using evolutionary principles. Through the use of this technology based on genetic algorithms, the subset of features is optimised, enabling the subsequent classification model to focus on the most relevant components of network data. In order to accomplish this, DT-SVM classification and GA-driven feature selection are integrated in an effort to strike a balance between efficiency and accuracy. The system has been purposefully designed to efficiently handle data streams in real-time, ensuring that intrusions are promptly and precisely detected. The empirical results corroborate the study's assertion that the IDS outperforms traditional methodologies.

Sulaiman Alhaidari,Mohamed Zohdy

DOI: https://doi.org/10.1145/3325917.3325939

2019-01-01

Abstract:Internet of Things (IoT) is a global network that connects various types of objects "things" via internet. It becomes a core technology for various applications and more and more embedded within our daily lives and businesses. As the technology grows and evolves a number of issues will arise and be focused on in IoT, Security is one of the central issues in IoT in the last decade. However, most of today's IoT intrusion detection systems suffer from high false alarms rate with moderate accuracy and detection rates when it's not able to detect all types of IoT intrusions correctly. To overcome this problem, hybrid techniques are used. In this paper, hybrid learning approach combining partitioning clustering techniques with Hidden Markov Model (HMM) is proposed. Experimental results show that the proposed approach using K-Medoids has improved the detection rate as well as decreased the false positive rate.

Sagar Pande,Aditya Khamparia,Deepak Gupta

DOI: https://doi.org/10.1108/wje-04-2021-0204

2021-06-25

World Journal of Engineering

Abstract:Purpose One of the important key components of health care–based system is a reliable intrusion detection system. Traditional techniques are not adequate to handle complex data. Also, the diversified intrusion techniques cannot meet current network requirements. Not only the data is getting increased but also the attacks are increasing very rapidly. Deep learning and machine learning techniques are very trending in the area of research in the area of network security. A lot of work has been done in this area by still evolutionary algorithms along with machine learning is very rarely explored. The purpose of this study is to provide novel deep learning framework for the detection of attacks. Design/methodology/approach In this paper, novel deep learning is the framework is proposed for the detection of attacks. Also, a comparison of machine learning and deep learning algorithms is provided. Findings The obtained results are more than 99% for both the data sets. Research limitations/implications The diversified intrusion techniques cannot meet current network requirements. Practical implications The data is getting increased but also the attacks are increasing very rapidly. Social implications Deep learning and machine learning techniques are very trending in the area of research in the area of network security. Originality/value Novel deep learning is the framework is proposed for the detection of attacks.

Shanmuganathan V.,Suresh A.

DOI: https://doi.org/10.1016/j.asoc.2023.110054

IF: 8.7

2023-03-01

Applied Soft Computing

Abstract:The seamless integration of wireless and IoT device in normal day to day life and for smart homes has enabled more security and privacy needs. The attack or unauthorized access to these devices may result in issues in decision making inside the smart environment. Attacks and anomalies in open IoT system could provide false alarms and cause delay in processing the information’s. The problem statement considered is, Anomaly detection systems, on the other hand, can be targets of attacks, h/w s/w failures, and thus fall short of their objectives. Because these are power-hungry devices carrying highly sensitive data, an effective attack and anomaly alert system is critical in an IoT-based environment. The present algorithms require high training and additional memory to identify the anomalies in the network, which is not practically feasible to simple edge-based computing devices. The anomalies and false information inside the network are handled with effective anomaly detection algorithm designed in this paper. An efficient anomaly detection method in real-time sensor is identified through markov and LSTM based network and the outliers in the data is clearly removed through the proposed approach. The proposed approach is tested with the real-time DHT sensor monitoring room temperature and room humidity. The proposed methodology provides 96.03% effective anomalies detection with 92.48% high training accuracy. The methodology showcase improved with 6.54% of effective anomaly rejection and 5.13% of training accuracy when compared with KNN algorithm.

computer science, artificial intelligence, interdisciplinary applications

Md Rashed Buiya,A K M Nuruzzaman Laskar,Md Rafiqul Islam,Sanjib Kumar Shil Sawalmeh,Muhammad Shoyaibur Rahman Chowdhury Roy,Reza E Rabbi Shawon Roy,Md Sumsuzoha

DOI: https://doi.org/10.32996/jcsts.2024.6.4.16

2024-10-18

Journal of Computer Science and Technology Studies

Abstract:The IoT is one of the most revolutionary technological advancements of the contemporary era, embedding networked devices into nearly every aspect of human life, from smart homes and wearables to industrial systems and healthcare applications in the U.S.A. The immediate need for better cybersecurity in the U.S.A. arises from the increasing sophistication and frequency of cyberattacks on IoT systems. Machine learning and AI have emerged as promising technologies to deal with the security challenges IoT systems pose. Unlike traditional rule-based systems, ML models learn from large datasets to identify deviations from the normal behavior pattern that signifies malicious activity. The prime objective of this research is to design, curate, evaluate, and deploy state-of-the-art machine learning models that improve the detection of cyberattacks over IoT network traffic. This research used a well-established dataset that emulates IoT network traffic consisting of benign and malicious activities. Benchmarks like the UNSW-NB15, CICIDS2017, and TON_IoT have been in extensive use by researchers in this domain because they contain a rich variety of network traffic created by various IoT devices and systems along with corresponding labels that classify normal and associated with specific types of cyberattacks: DDOS, MITM, and botnet attacks. Data preprocessing and cleaning ensured that the dataset was consistent, complete, and in a format that helps machine learning algorithms learn from it. Imputation techniques used the feature's mean/median/mode to handle missing values. In this research project, two machine learning algorithms were used in the experiment, notably, Logistic Regression and Random Forest. In this study, the machine learning algorithms used in the experiment undertaken for the current research project are Logistic Regression and Random Forest. The performance of Random Forest was superior to Logistic Regression in almost all metrics. While Logistic Regression provided a strong baseline, it struggled with detecting attacks, as evidenced by its lower recall and higher number of false negatives. This implied that Logistic Regression was less reliable in detecting cyberattacks, which could be critical in real-world cybersecurity settings. By contrast, Random Forest attained impressive accuracy and significantly diminished the number of false negatives. Its higher precision and recall demonstrate that it is better suited for detecting attacks in this dataset, offering a more reliable solution for cyberattack detection.

Udaya Sampath K. Perera Miriya Thanthrige,Jagath Samarabandu,Xianbin Wang

DOI: https://doi.org/10.48550/arXiv.1610.07276

2016-10-24

Abstract:Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming attacks. Current intrusion prediction methods focus mainly on prediction of either intrusion type or intrusion category and do not use or provide contextual information such as source and target IP address. In addition most of them are dependant on domain knowledge and specific scenario knowledge. The proposed algorithm employs a bag-of-words model together with a hidden Markov model which not depend on specific domain knowledge. Since this algorithm depends on a training process it is adaptable to different conditions. A key advantage of the proposed algorithm is the inclusion of contextual data such as source IP address, destination IP range, alert type and alert category in its prediction, which is crucial for an eventual response. Experiments conducted using a public data set generated over 2500 alert predictions and achieved accuracy of 81% and 77% for single step and five step predictions respectively for prediction of the next alert cluster. It also achieved an accuracy of prediction of 95% and 92% for single step and five step predictions respectively for prediction of the next alert category. The proposed methods achieved a prediction accuracy improvement of 5% for alert category over existing variable length Markov chain intrusion prediction methods, while providing more information for a possible defense.

Cryptography and Security

Muhammad Zawad Mahmud,Samiha Islam,Shahran Rahman Alve,Al Jubayer Pial

2024-12-04

Abstract:An application of software known as an Intrusion Detection System (IDS) employs machine algorithms to identify network intrusions. Selective logging, safeguarding privacy, reputation-based defense against numerous attacks, and dynamic response to threats are a few of the problems that intrusion identification is used to solve. The biological system known as IoT has seen a rapid increase in high dimensionality and information traffic. Self-protective mechanisms like intrusion detection systems (IDSs) are essential for defending against a variety of attacks. On the other hand, the functional and physical diversity of IoT IDS systems causes significant issues. These attributes make it troublesome and unrealistic to completely use all IoT elements and properties for IDS self-security. For peculiarity-based IDS, this study proposes and implements a novel component selection and extraction strategy (our strategy). A five-ML algorithm model-based IDS for machine learning-based networks with proper hyperparamater tuning is presented in this paper by examining how the most popular feature selection methods and classifiers are combined, such as K-Nearest Neighbors (KNN) Classifier, Decision Tree (DT) Classifier, Random Forest (RF) Classifier, Gradient Boosting Classifier, and Ada Boost Classifier. The Random Forest (RF) classifier had the highest accuracy of 99.39%. The K-Nearest Neighbor (KNN) classifier exhibited the lowest performance among the evaluated models, achieving an accuracy of 94.84%. This study's models have a significantly higher performance rate than those used in previous studies, indicating that they are more reliable.

Cryptography and Security,Machine Learning

Jay Sinha,M. Manollas

DOI: https://doi.org/10.1145/3430199.3430224

2020-06-26

Abstract:The need for Network Intrusion Detection systems has risen since usage of cloud technologies has become mainstream. With the ever growing network traffic, Network Intrusion Detection is a critical part of network security and a very efficient NIDS is a must, given new variety of attack arises frequently. These Intrusion Detection systems are built on either a pattern matching system or AI/ML based anomaly detection system. Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack. The most common of these is KNN, SVM etc., operate on a limited set of features and have less accuracy and still suffer from higher False Positive Rates. In this paper, we propose a deep learning model combining the distinct strengths of a Convolutional Neural Network and a Bi-directional LSTM to incorporate learning of spatial and temporal features of the data. For this paper, we use publicly available datasets NSL-KDD and UNSW-NB15 to train and test the model. The proposed model offers a high detection rate and comparatively lower False Positive Rate. The proposed model performs better than many state-of-the-art Network Intrusion Detection systems leveraging Machine Learning/Deep Learning models.

Subhash Mondal,Subinoy Mukherjee,Suharta Banerjee

DOI: https://doi.org/10.1007/978-981-16-4435-1_30

2021-08-03

Abstract:Internet of Things is the most promising technology that is trying to transform the way in which we live and is expected to seamlessly get integrated into our environment. However, securing the IoT devices from attacks is the prime concern for researchers today. Securing IoT systems from malicious attacks is the most challenging task as attacks like DoS or DDoS are distributed in nature. In this paper we have proposed an architecture based on ML that will identify the malicious nodes which in turn will provide pre-authentication and access control, thus preventing unauthorized access of IoT resources. We have mainly emphasized on the trade-off between time, memory, and accuracy of ML algorithms for achieving better performance.

Ramkumar Devendiran,Anil V Turukmane

DOI: https://doi.org/10.1016/j.eswa.2023.123027

IF: 8.5

2024-01-13

Expert Systems with Applications

Abstract:Network intrusion is a huge harmful activity to the privacy of the data sharing network. The activity will result in a cyber-attack, which causes damage to the system as well as the user's data. Unauthorized activities such as data tampering, illegal access to data and theft of credentials are increasing on the internet world every day. The detection of intrusion may be done by multiple methodologies; still, it is the biggest issue in the networks. Hence, an automated attack classification model is required to promote classification accuracy with fewer error possibilities based on the input parameters. To get relief from the insecurity of data, this paper presents an innovative model using deep networks. The proposed model is a deep learning based network intrusion detection system using a chaotic optimization strategy . The method is pre-processed using data cleansing and M-squared normalization. After pre-processing, the unbalanced datasets are balanced using the Extended Synthetic Sampling approach. After balancing, the features of the dataset are taken out using kernel-assisted principal component analysis. The optimal features are selected by the Chaotic Honey Badger optimization algorithm . After all required features have been extracted, the attacks are classified by the Gated Attention Dual Long Short Term Memory (Dugat-LSTM). The above process is performed using the TON-IOT and NSL-KDD datasets. The prototype is evaluated using the following metrics: accuracy, precision, recall, and F1 score. The accuracy value of the proposed model is 98.76% in the TON-IOT dataset and 99.65% in the NSL-KDD dataset. Thus, the accuracy and robustness of the model show that it outperforms other existing models.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science