SU\G(𝔸)/K·U
Sign Up for free Log In
Computer Science Computer Networks and Communications

Network Security and Intrusion Detection

Works Count: 111512

Description

This cluster of papers focuses on the development and application of techniques, models, and systems for network intrusion detection and defense mechanisms. It covers topics such as machine learning, DDoS attacks, anomaly detection, IoT security, and data mining in the context of cybersecurity. The papers explore various approaches to identifying and mitigating security threats in network environments.

Keywords

Intrusion Detection; Network Security; Machine Learning; DDoS Attacks; Anomaly Detection; IoT Security; Cybersecurity; Data Mining; Deep Learning; Botnet Detection

How to Own the Internet in Your Spare Time

2002-08-05
Stuart Staniford , Vern Paxson , Nicholas Weaver
The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can … The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can not only be used to launch massive denial of service floods, but also to steal or corrupt great quantities of sensitive information, and confuse and disrupt use of the network in more subtle ways. We present an analysis of the magnitude of the threat. We begin with a mathematical model derived from empirical data of the spread of Code Red I in July, 2001. We discuss techniques subsequently employed for achieving greater virulence by Code Red II and Nimda. In this context, we develop and evaluate several new, highly virulent possible techniques: hit-list scanning (which creates a Warhol worm), permutation scanning (which enables self-coordinating scanning), and use of Internet-sized hit-lists (which creates a flash worm).

Bro: a system for detecting network intruders in real-time

1999-12-01
Vern Paxson

Data Mining Approaches for Intrusion Detection

2000-10-12
Wenke Lee , Salvatore J. Stolfo
In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful … In this paper we discuss our research in developing general and systematic methods for intrusion detection. The key ideas are to use data mining techniques to discover consistent and useful patterns of system features that describe program and user behavior, and use the set of relevant system features to compute (inductively learned) classifiers that can recognize anomalies and known intrusions. Using experiments on the sendmail system call data and the network tcpdump data, we demonstrate that we can construct concise and accurate classifiers to detect anomalies. We provide an overview on two general data mining algorithms that we have implemented: the association rules algorithm and the frequent episodes algorithm. These algorithms can be used to compute the intra-and inter-audit record patterns, which are essential in describing program or user behavior. The discovered patterns can guide the audit data gathering process and facilitate feature selection. To meet the challenges of both efficient learning (mining) and real-time detection, we propose an agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents.
View PDF Chat

A Virtual Machine Introspection Based Architecture for Intrusion Detection.

2003-01-01
Tal Garfinkel , Mendel Rosenblum
Today’s architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening … Today’s architectures for intrusion detection force the IDS designer to make a difficult choice. If the IDS resides on the host, it has an excellent view of what is happening in that host’s software, but is highly susceptible to attack. On the other hand, if the IDS resides in the network, it is more resistant to attack, but has a poor view of what is happening inside the host, making it more susceptible to evasion. In this paper we present an architecture that retains the visibility of a host-based IDS, but pulls the IDS outside of the host for greater attack resistance. We achieve this through the use of a virtual machine monitor. Using this approach allows us to isolate the IDS from the monitored host but still retain excellent visibility into the host’s state. The VMM also offers us the unique ability to completely mediate interactions between the host software and the underlying hardware. We present a detailed study of our architecture, including Livewire, a prototype implementation. We demonstrate Livewire by implementing a suite of simple intrusion detection policies and using them to detect real attacks.

Snort - Lightweight Intrusion Detection for Networks

1999-11-12
Martin Roesch
Network intrusion detection systems (NIDS) are an important part of any network security architecture. They provide a layer of defense which monitors network traffic for predefined suspicious activity or patterns, … Network intrusion detection systems (NIDS) are an important part of any network security architecture. They provide a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected. Commercial NIDS have many differences, but Information Systems departments must face the commonalities that they share such as significant system footprint, complex deployment and high monetary cost. Snort was designed to address these issues.

BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

2008-07-28
Guofei Gu , Roberto Perdisci , Junjie Zhang +1 more
Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on … Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques. In this paper, we present a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). We start from the definition and essential properties of botnets. We define a botnet as a coordinated group of malware instances that are controlled via C&C communication channels. The essential properties of a botnet are that the bots communicate with some C&C servers/peers, perform malicious activities, and do so in a similar or correlated way. Accordingly, our detection framework clusters similar communication traffic and similar malicious traffic, and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts are thus bots in the monitored network. We have implemented our BotMiner prototype system and evaluated it using many real network traces. The results show that it can detect real-world botnets (IRC-based, HTTP-based, and P2P botnets including Nugache and Storm worm), and has a very low false positive rate.

A data mining framework for building intrusion detection models

2003-01-20
Wenke Lee , Salvatore J. Stolfo , Kui W. Mok
There is often the need to update an installed intrusion detection system (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual … There is often the need to update an installed intrusion detection system (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert knowledge, changes to IDSs are expensive and slow. We describe a data mining framework for adaptively building Intrusion Detection (ID) models. The central idea is to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities. These rules can then be used for misuse detection and anomaly detection. New detection models are incorporated into an existing IDS through a meta-learning (or co-operative learning) process, which produces a meta detection model that combines evidence from multiple models. We discuss the strengths of our data mining programs, namely, classification, meta-learning, association rules, and frequent episodes. We report on the results of applying these programs to the extensively gathered network audit data for the 1998 DARPA Intrusion Detection Evaluation Program.
View PDF Chat

Intrusion detection using sequences of system calls

1998-07-01
Steven Hofmeyr , Stephanie Forrest , Anil Somayaji
A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator … A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running processes are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case several types of intrusive behavior were studied; in the latter case, results were analyzed for false positives.

Network Anomaly Detection: Methods, Systems and Tools

2013-06-06
Monowar Bhuyan , Dhruba K. Bhattacharyya , Jugal Kalita
Network anomaly detection is an important and dynamic research area. Many network intrusion detection methods and systems (NIDS) have been proposed in the literature. In this paper, we provide a … Network anomaly detection is an important and dynamic research area. Many network intrusion detection methods and systems (NIDS) have been proposed in the literature. In this paper, we provide a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomaly detection. We present attacks normally encountered by network intrusion detection systems. We categorize existing network anomaly detection methods and systems based on the underlying computational techniques used. Within this framework, we briefly describe and compare a large number of network anomaly detection methods and systems. In addition, we also discuss tools that can be used by network defenders and datasets that researchers in network anomaly detection can use. We also highlight research directions in network anomaly detection.

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

2010-01-01
Robin Sommer , Vern Paxson
In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified … In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.
View PDF Chat

Testing Intrusion detection systems

2000-11-01
John McHugh
In 1998 and again in 1999, the Lincoln Laboratory of MIT conducted a comparative evaluation of intrusion detection systems (IDSs) developed under DARPA funding. While this evaluation represents a significant … In 1998 and again in 1999, the Lincoln Laboratory of MIT conducted a comparative evaluation of intrusion detection systems (IDSs) developed under DARPA funding. While this evaluation represents a significant and monumental undertaking, there are a number of issues associated with its design and execution that remain unsettled. Some methodologies used in the evaluation are questionable and may have biased its results. One problem is that the evaluators have published relatively little concerning some of the more critical aspects of their work, such as validation of their test data. The appropriateness of the evaluation techniques used needs further investigation. The purpose of this article is to attempt to identify the shortcomings of the Lincoln Lab effort in the hope that future efforts of this kind will be placed on a sounder footing. Some of the problems that the article points out might well be resolved if the evaluators were to publish a detailed description of their procedures and the rationale that led to their adoption, but other problems would clearly remain./par>
View PDF Chat

An overview of anomaly detection techniques: Existing solutions and latest technological trends

2007-02-17
Animesh Patcha , Jung‐Min Park

Inside the Slammer worm

2003-07-01
David Moore , Vern Paxson , Stefan Savage +3 more
The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective … The Slammer worm spread so quickly that human response was ineffective. In January 2003, it packed a benign payload, but its disruptive capacity was surprising. Why was it so effective and what new challenges do this new breed of worm pose?.

Toward developing a systematic approach to generate benchmark datasets for intrusion detection

2012-01-05
Ali Shiravi , Hadi Shiravi , Mahbod Tavallaee +1 more

A framework for constructing features and models for intrusion detection systems

2000-11-01
Wenke Lee , Salvatore J. Stolfo
Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's … Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, and extensible. Given these requirements and the complexities of today's network environments, we need a more systematic and automated IDS development process rather that the pure knowledge encoding and engineering approaches. This article describes a novel framework, MADAM ID, for Mining Audit Data for Automated Models for Instrusion Detection. This framework uses data mining algorithms to compute activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records taht are processed according to the feature definitions to generate intrusion detection rules. Results from the 1998 DARPA Intrusion Detection Evaluation showed that our ID model was one of the best performing of all the participating systems. We also briefly discuss our experience in converting the detection models produced by off-line data mining programs to real-time modules of existing IDSs.
View PDF Chat

A detailed analysis of the KDD CUP 99 data set

2009-07-01
Mahbod Tavallaee , Ebrahim Bagheri , Wei Lu +1 more
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP'99 is the mostly widely … During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP'99 is the mostly widely used data set for the evaluation of these systems. Having conducted a statistical analysis on this data set, we found two important issues which highly affects the performance of evaluated systems, and results in a very poor evaluation of anomaly detection approaches. To solve these issues, we have proposed a new data set, NSL-KDD, which consists of selected records of the complete KDD data set and does not suffer from any of mentioned shortcomings.
View PDF Chat

Intrusion detection by machine learning: A review

2009-05-21
Chih‐Fong Tsai , Yu‐Feng Hsu , Chia-Ying Lin +1 more

A taxonomy of DDoS attack and DDoS defense mechanisms

2004-04-01
Jelena Mirković , Peter Reiher
Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks … Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

Detecting intrusions using system calls: alternative data models

2003-01-20
C. Warrender , Stephanie Forrest , Barak A. Pearlmutter
Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. We study one such observable-sequences of system calls into the kernel of … Intrusion detection systems rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. We study one such observable-sequences of system calls into the kernel of an operating system. Using system-call data sets generated by several different programs, we compare the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions. We compare the following methods: simple enumeration of observed sequences; comparison of relative frequencies of different sequences; a rule induction technique; and hidden Markov models (HMMs). We discuss the factors affecting the performance of each method and conclude that for this particular problem, weaker methods than HMMs are likely sufficient.
View PDF Chat

Anomaly-based network intrusion detection: Techniques, systems and challenges

2008-08-28
Pedro García‐Teodoro , Jesús E. Dı́az-Verdejo , Gabriel Macía-Fernández +1 more

An Intrusion-Detection Model

1987-02-01
Dorothy E. Denning
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security … A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects in terms of metrics and statistical models, and rules for acquiring knowledge about this behavior from audit records and for detecting anomalous behavior. The model is independent of any particular system, application environment, system vulnerability, or type of intrusion, thereby providing a framework for a general-purpose intrusion-detection expert system.

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

2013-01-01
Saman Taghavi Zargar , James Joshi , David Tipper
Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals.DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services.Attackers usually … Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals.DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services.Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets).Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets.Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community.However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks.In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it.We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks.Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach.Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
View PDF Chat

A survey of network anomaly detection techniques

2015-12-16
Mohiuddin Ahmed , Abdun Naser Mahmood , Jiankun Hu

A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection

2015-10-26
Anna L. Buczak , Erhan Guven
This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection. Short tutorial descriptions of each … This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection. Short tutorial descriptions of each ML/DM method are provided. Based on the number of citations or the relevance of an emerging method, papers representing each method were identified, read, and summarized. Because data are so important in ML/DM approaches, some well-known cyber data sets used in ML/DM are described. The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/DM for cyber security is presented, and some recommendations on when to use a given method are provided.

A Deep Learning Approach for Network Intrusion Detection System

2016-01-01
Ahmad Y. Javaid , Quamar Niyaz , Weiqing Sun +1 more
A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen … A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for
View PDF Chat

Guide to Intrusion Detection and Prevention Systems (IDPS)

2007-01-01
Karen Scarfone , Peter Mell
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and … The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's measurement and standards infrastructure.ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology.ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems.This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations.Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.Such identification is not
View PDF Chat

DDoS in the IoT: Mirai and Other Botnets

2017-01-01
Constantinos Kolias , Georgios Kambourakis , Angelos Stavrou +1 more
The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly … The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service attacks.

Understanding the mirai botnet

2017-08-16
Manos Antonakakis , Tim April , Michael Bailey +7 more
The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. … The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. In this paper, we provide a seven-month retrospective analysis of Mirai's growth to a peak of 600k infections and a history of its DDoS victims. By combining a variety of measurement perspectives, we analyze how the botnet emerged, what classes of devices were affected, and how Mirai variants evolved and competed for vulnerable hosts. Our measurements serve as a lens into the fragile ecosystem of IoT devices. We argue that Mirai may represent a sea change in the evolutionary development of botnets--the simplicity through which devices were infected and its precipitous growth, demonstrate that novice malicious techniques can compromise enough low-end devices to threaten even some of the best-defended targets. To address this risk, we recommend technical and nontechnical interventions, as well as propose future research directions.

A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks

2017-01-01
Chuanlong Yin , Yuefei Zhu , Jinlong Fei +1 more
Intrusion detection plays an important role in ensuring information security, and the key technology is to accurately identify various attacks in the network. In this paper, we explore how to … Intrusion detection plays an important role in ensuring information security, and the key technology is to accurately identify various attacks in the network. In this paper, we explore how to model an intrusion detection system based on deep learning, and we propose a deep learning approach for intrusion detection using recurrent neural networks (RNN-IDS). Moreover, we study the performance of the model in binary classification and multiclass classification, and the number of neurons and different learning rate impacts on the performance of the proposed model. We compare it with those of J48, artificial neural network, random forest, support vector machine, and other machine learning methods proposed by previous researchers on the benchmark data set. The experimental results show that RNN-IDS is very suitable for modeling a classification model with high accuracy and that its performance is superior to that of traditional machine learning classification methods in both binary and multiclass classification. The RNN-IDS model improves the accuracy of the intrusion detection and provides a new research method for intrusion detection.

A Deep Learning Approach to Network Intrusion Detection

2018-01-19
Nathan Shone , Ngọc Trần Nguyên , Phai Vu Dinh +1 more
Network Intrusion Detection Systems (NIDSs) play a crucial role in defending computer networks.However, there are concerns regarding the feasibility and sustainability of current approaches when faced with the demands of … Network Intrusion Detection Systems (NIDSs) play a crucial role in defending computer networks.However, there are concerns regarding the feasibility and sustainability of current approaches when faced with the demands of modern networks.More specifically, these concerns relate to the increasing levels of required human interaction and the decreasing levels of detection accuracy.This paper presents a novel deep learning technique for intrusion detection, which addresses these concerns.We detail our proposed non-symmetric deep auto-encoder (NDAE) for unsupervised feature learning.Furthermore, we also propose our novel deep learning classification model constructed using stacked NDAEs.Our proposed classifier has been implemented in GPU-enabled TensorFlow and evaluated using the benchmark KDD Cup '99 and NSL-KDD datasets.Promising results have been obtained from our model thus far, demonstrating improvements over existing approaches and the strong potential for use in modern NIDSs.
View PDF Chat

Machine Learning and Deep Learning Methods for Cybersecurity

2018-01-01
Yang Xin , Lingshuang Kong , Zhi Liu +6 more
With the development of the Internet, cyber-attacks are changing rapidly and the cyber security situation is not optimistic. This survey report describes key literature surveys on machine learning (ML) and … With the development of the Internet, cyber-attacks are changing rapidly and the cyber security situation is not optimistic. This survey report describes key literature surveys on machine learning (ML) and deep learning (DL) methods for network analysis of intrusion detection and provides a brief tutorial description of each ML/DL method. Papers representing each method were indexed, read, and summarized based on their temporal or thermal correlations. Because data are so important in ML/DL methods, we describe some of the commonly used network datasets used in ML/DL, discuss the challenges of using ML/DL for cybersecurity and provide suggestions for research directions.

Deep Learning Approach for Intelligent Intrusion Detection System

2019-01-01
R. Vinayakumar , Mamoun Alazab , K. P. Soman +3 more
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyberattacks at the network-level and the host-level in a timely and automatic … Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyberattacks at the network-level and the host-level in a timely and automatic manner. However, many challenges arise since malicious attacks are continually changing and are occurring in very large volumes requiring a scalable solution. There are different malware datasets available publicly for further research by cyber security community. However, no existing study has shown the detailed analysis of the performance of various machine learning algorithms on various publicly available datasets. Due to the dynamic nature of malware with continuously changing attacking methods, the malware datasets available publicly are to be updated systematically and benchmarked. In this paper, a deep neural network (DNN), a type of deep learning model, is explored to develop a flexible and effective IDS to detect and classify unforeseen and unpredictable cyberattacks. The continuous change in network behavior and rapid evolution of attacks makes it necessary to evaluate various datasets which are generated over the years through static and dynamic approaches. This type of study facilitates to identify the best algorithm which can effectively work in detecting future cyberattacks. A comprehensive evaluation of experiments of DNNs and other classical machine learning classifiers are shown on various publicly available benchmark malware datasets. The optimal network parameters and network topologies for DNNs are chosen through the following hyperparameter selection methods with KDDCup 99 dataset. All the experiments of DNNs are run till 1,000 epochs with the learning rate varying in the range [0.01-0.5]. The DNN model which performed well on KDDCup 99 is applied on other datasets, such as NSL-KDD, UNSW-NB15, Kyoto, WSN-DS, and CICIDS 2017, to conduct the benchmark. Our DNN model learns the abstract and high-dimensional feature representation of the IDS data by passing them into many hidden layers. Through a rigorous experimental testing, it is confirmed that DNNs perform well in comparison with the classical machine learning classifiers. Finally, we propose a highly scalable and hybrid DNNs framework called scale-hybrid-IDS-AlertNet which can be used in real-time to effectively monitor the network traffic and host-level events to proactively alert possible cyberattacks.
View PDF Chat

Survey of intrusion detection systems: techniques, datasets and challenges

2019-07-17
Ansam Khraisat , Iqbal Gondal , Peter Vamplew +1 more
Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, … Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.
View PDF Chat

Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset

2019-05-22
Nickolaos Koroniotis , Nour Moustafa , Elena Sitnikova +1 more
View PDF Chat

A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security

2020-01-01
Mohammed Ali Al-Garadi , Amr Mohamed , Abdulla Al‐Ali +3 more
The Internet of Things (IoT) integrates billions of smart devices that can communicate with one another with minimal human intervention. IoT is one of the fastest developing fields in the … The Internet of Things (IoT) integrates billions of smart devices that can communicate with one another with minimal human intervention. IoT is one of the fastest developing fields in the history of computing, with an estimated 50 billion devices by the end of 2020. However, the crosscutting nature of IoT systems and the multidisciplinary components involved in the deployment of such systems have introduced new security challenges. Implementing security measures, such as encryption, authentication, access control, network and application security for IoT devices and their inherent vulnerabilities is ineffective. Therefore, existing security methods should be enhanced to effectively secure the IoT ecosystem. Machine learning and deep learning (ML/DL) have advanced considerably over the last few years, and machine intelligence has transitioned from laboratory novelty to practical machinery in several important applications. Consequently, ML/DL methods are important in transforming the security of IoT systems from merely facilitating secure communication between devices to security-based intelligence systems. The goal of this work is to provide a comprehensive survey of ML methods and recent advances in DL methods that can be used to develop enhanced security methods for IoT systems. IoT security threats that are related to inherent or newly introduced threats are presented, and various potential IoT system attack surfaces and the possible threats related to each surface are discussed. We then thoroughly review ML/DL methods for IoT security and present the opportunities, advantages and shortcomings of each method. We discuss the opportunities and challenges involved in applying ML/DL to IoT security. These opportunities and challenges can serve as potential future research directions.
View PDF Chat

Network intrusion detection

1994-05-01
Biswanath Mukherjee , L.T. Heberlein , Karl Levitt
Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The … Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The goal of intrusion detection is to identify unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators. The intrusion detection problem is becoming a challenging task due to the proliferation of heterogeneous computer networks since the increased connectivity of computer systems gives greater access to outsiders and makes it easier for intruders to avoid identification. Intrusion detection systems (IDSs) are based on the beliefs that an intruder's behavior will be noticeably different from that of a legitimate user and that many unauthorized actions are detectable. Typically, IDSs employ statistical anomaly and rulebased misuse models in order to detect intrusions. A number of prototype IDSs have been developed at several institutions, and some of them have also been deployed on an experimental basis in operational systems. In the present paper, several host-based and network-based IDSs are surveyed, and the characteristics of the corresponding systems are identified. The host-based systems employ the host operating system's audit trails as the main source of input to detect intrusive activity, while most of the network-based IDSs build their detection mechanism on monitored network traffic, and some employ host audit trails as well. An outline of a statistical anomaly detection algorithm employed in a typical IDS is also included.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>

N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

2018-07-01
Yair Meidan , Michael Bohadana , Yael Mathov +4 more
The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a … The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for new methods that detect attacks launched from compromised IoT devices and that differentiate between hours- and milliseconds-long IoT-based attacks. In this article, we propose a novel network-based anomaly detection method for the IoT called N-BaIoT that extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two widely known IoT-based botnets, Mirai and BASHLITE. The evaluation results demonstrated our proposed methods ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices that were part of a botnet.
View PDF Chat

Inference in Hidden Markov Models

2005-01-01
Olivier Cappé , Éric Moulines , Tobias Rydén

Intrusion detection system: A comprehensive review

2012-09-23
Hung-Jen Liao , Chun‐Hung Richard Lin , Ying-Chih Lin +1 more

Non-Fragile Set-Membership Filtering for Networked Systems under Protocol Scheduling and Hybrid Attacks

2025-06-25
Chaoqun Zhu , Xiaolan Zhu , Bin Yang +2 more | Journal of Control Engineering and Applied Informatics

A Dynamic Network Intrusion Detection Model for Infrastructure as Code Deployed Environments

2025-06-25
A. G. Souza Filho , Eduardo K. Viegas , Altair O. Santin +1 more | Journal of Network and Systems Management

Intelligent intrusion detection for IoT and cyber-physical systems using machine learning

2025-06-25
Maha M. Althobaiti | International Journal of ADVANCED AND APPLIED SCIENCES
Machine learning (ML) plays a key role in intrusion detection systems (IDS) and Internet of Things (IoT) security by improving the ability of cyber-physical systems (CPSs) to resist attacks from … Machine learning (ML) plays a key role in intrusion detection systems (IDS) and Internet of Things (IoT) security by improving the ability of cyber-physical systems (CPSs) to resist attacks from malicious users. CPSs combine physical components with networking and communication technologies to ensure safe and efficient operations. However, attackers often try to disrupt or disable the computing resources of these systems. This paper presents a new ML-based IDS framework designed for CPSs. To develop this framework, an open-source dataset containing different types of cyberattacks and related detection features was used. The dataset was labeled and preprocessed to make it clean, balanced, and suitable for training ML models. Preprocessing steps included handling missing values, normalizing features, and balancing the class distribution. Two ML algorithms—Random Forest (RF) and Stochastic Gradient Descent (SGD)—were applied to build and train classification models for intrusion detection. The experimental results showed that the RF model achieved a high accuracy of 99.5%, outperforming the SGD model, which reached 93.6% accuracy. In addition to accuracy, model performance was also measured using precision, recall, and F1 score. The results demonstrate that the proposed IDS is effective in detecting cyberattacks and improving IoT security. It offers a scalable and reliable solution for protecting CPS environments. This research contributes to the development of more secure CPSs by enhancing the trustworthiness, robustness, and flexibility of IoT systems.

An Optimization of Multimodal Deep Crime Detection Network Using Osprey Optimization Algorithm

2025-06-25
Palanisamy Shanmugam , Manasha Arunachalam | International Journal of Science and Research (IJSR)

IoT Network Security based on Intrusion Detection System using Stacked Ensemble

2025-06-25
Hassan Khazane , Mohammed Ridouani , Fatima Salahdine +1 more | WSEAS TRANSACTIONS ON INFORMATION SCIENCE AND APPLICATIONS
The rapid evolution of IoT networks has led to an increasing number of devices connecting to the internet, exposing them to various cyber threats. Detecting intrusions in IoT environments is … The rapid evolution of IoT networks has led to an increasing number of devices connecting to the internet, exposing them to various cyber threats. Detecting intrusions in IoT environments is essential but challenging. Network Intrusion Detection Systems are vital in analyzing network traffic to differentiate normal and malicious activities without compromising security. However, the abundance of benign traffic complicates accurate detection. To overcome this challenge, we propose an Ensemble-based Network Intrusion Detection Systems framework, where five Machine Learning classifiers are combined through a Stacking approach and with nature-inspired feature selection techniques to enhance the detection effectiveness. The performance of the proposed model was compared to four base models - Random Forest, Extra Trees, AdaBoost, and Gradient Boosting - in terms of several metrics. The experimental results on the CICIoT2023 dataset reveal that the proposed stacking model consistently outperforms the base classifiers across all evaluation metrics.

Cybersentinel AI: An Intelligent Cybersecurity Framework Using Artificial Intelligence

2025-06-25
Amandeep Amandeep | International Journal for Research in Applied Science and Engineering Technology
"CyberSentinel AI: An Intelligent Cybersecurity Framework Using Artificial Intelligence," we proposed a scalable AI based solution for detecting and preventing cyberattacks which has been implemented and evaluated using machine learning … "CyberSentinel AI: An Intelligent Cybersecurity Framework Using Artificial Intelligence," we proposed a scalable AI based solution for detecting and preventing cyberattacks which has been implemented and evaluated using machine learning methods and NSL-KDD dataset which is one of the most popular benchmark dataset in this domain.The introduced approach can be applied to detect malicious behavior in network traffic through preprocessing data, feature extraction, and probabilistic model training used for binary classification of normal and attack data. The pipeline involves processes such as standardization, encoding and model fitting with supervised machine learning algorithms to achieve high recognition accuracy and low false positives.. Its design guarantees the modularity and scalability of the system to be used in a real-time fashion in networked scenarios. Relevant visualizations, performance graphs, and model artifacts are provided to show the efficacy of the proposed solution. These experiments and results suggest that it is possible for AI-based cybersecurity methodologies to improve the accuracy of threat detection over existing systems. With the help of automation and data-driven intelligence, CyberSentinel AI adds to the emerging field of proactive cybersecurity defense, delivering scale-adaptive solution to current digital infrastructures. Such innovative functionalities as deep learning, real-time intrusion detection and cloud-native deployment will be developed in the near future based on this research.

Detecting DGA-managed Thingbots Using DNS Traffic

2025-06-25
Viet Hung Nguyen , Nathan Shone | Journal of Control Engineering and Applied Informatics

An Optimized Transformer–GAN–AE for Intrusion Detection in Edge and IIoT Systems: Experimental Insights from WUSTL-IIoT-2021, EdgeIIoTset, and TON_IoT Datasets

2025-06-24
Ahmad Salehiyan , Pardis Sadatian Moghaddam , Masoud Kaveh | Future Internet
The rapid expansion of Edge and Industrial Internet of Things (IIoT) systems has intensified the risk and complexity of cyberattacks. Detecting advanced intrusions in these heterogeneous and high-dimensional environments remains … The rapid expansion of Edge and Industrial Internet of Things (IIoT) systems has intensified the risk and complexity of cyberattacks. Detecting advanced intrusions in these heterogeneous and high-dimensional environments remains challenging. As the IIoT becomes integral to critical infrastructure, ensuring security is crucial to prevent disruptions and data breaches. Traditional IDS approaches often fall short against evolving threats, highlighting the need for intelligent and adaptive solutions. While deep learning (DL) offers strong capabilities for pattern recognition, single-model architectures often lack robustness. Thus, hybrid and optimized DL models are increasingly necessary to improve detection performance and address data imbalance and noise. In this study, we propose an optimized hybrid DL framework that combines a transformer, generative adversarial network (GAN), and autoencoder (AE) components, referred to as Transformer–GAN–AE, for robust intrusion detection in Edge and IIoT environments. To enhance the training and convergence of the GAN component, we integrate an improved chimp optimization algorithm (IChOA) for hyperparameter tuning and feature refinement. The proposed method is evaluated using three recent and comprehensive benchmark datasets, WUSTL-IIoT-2021, EdgeIIoTset, and TON_IoT, widely recognized as standard testbeds for IIoT intrusion detection research. Extensive experiments are conducted to assess the model’s performance compared to several state-of-the-art techniques, including standard GAN, convolutional neural network (CNN), deep belief network (DBN), time-series transformer (TST), bidirectional encoder representations from transformers (BERT), and extreme gradient boosting (XGBoost). Evaluation metrics include accuracy, recall, AUC, and run time. Results demonstrate that the proposed Transformer–GAN–AE framework outperforms all baseline methods, achieving a best accuracy of 98.92%, along with superior recall and AUC values. The integration of IChOA enhances GAN stability and accelerates training by optimizing hyperparameters. Together with the transformer for temporal feature extraction and the AE for denoising, the hybrid architecture effectively addresses complex, imbalanced intrusion data. The proposed optimized Transformer–GAN–AE model demonstrates high accuracy and robustness, offering a scalable solution for real-world Edge and IIoT intrusion detection.

Adaptive Sampling Framework for Imbalanced DDoS Traffic Classification

2025-06-24
Hongjoong Kim , Deokhyeon Ham , Kyoung-Sook Moon | Sensors
Imbalanced data is a major challenge in network security applications, particularly in DDoS (Distributed Denial of Service) traffic classification, where detecting minority classes is critical for timely and cost-effective defense. … Imbalanced data is a major challenge in network security applications, particularly in DDoS (Distributed Denial of Service) traffic classification, where detecting minority classes is critical for timely and cost-effective defense. Existing machine learning and deep learning models often fail to accurately classify such underrepresented attack types, leading to significant degradation in performance. In this study, we propose an adaptive sampling strategy that combines oversampling and undersampling techniques to address the class imbalance problem at the data level. We evaluated our approach using benchmark DDoS traffic datasets, where it demonstrated improved classification performance across key metrics, including accuracy, recall, and F1-score, compared to baseline models and conventional sampling methods. The results indicate that the proposed adaptive sampling approach improved minority class detection performance under the tested conditions, thereby improving the reliability of sensor-driven security systems. This work contributes a robust and adaptable method for imbalanced data classification, with potential applications across simulated sensor environments where anomaly detection is essential.

Enhancing cybersecurity in Agriculture 4.0: A high-performance hybrid deep learning-based framework for DDoS attack detection

2025-06-24
K. Prabu , Tamilarasi Karuppiah , P Rajakumar +3 more | Computers & Electrical Engineering

Industrial Internet of Things Intrusion Detection System Based on Graph Neural Network

2025-06-24
S. Yang , Wenqiang Pan , Min� Li +6 more | Symmetry
Deep learning greatly improves the detection efficiency of abnormal traffic through autonomous learning and effective extraction of data feature information. Among them, Graph Neural Networks (GNN) effectively fit the data … Deep learning greatly improves the detection efficiency of abnormal traffic through autonomous learning and effective extraction of data feature information. Among them, Graph Neural Networks (GNN) effectively fit the data features of abnormal traffic by aggregating the features and structural information of network nodes. However, the performance of GNN in the field of industrial Internet of Things(IIoT) is still insufficient. Since the asymmetry of GNN traffic data is greater than that of the traditional Internet, it is necessary to propose a detection method with high detection rate. At present, many algorithms overly emphasize the optimization of graph neural network models, while ignoring the heterogeneity of resources caused by the diversity of devices in IIoT networks, and the different traffic characteristics caused by multi type protocols. Therefore, universal GNN may not be fully applicable. Therefore, a novel intrusion detection framework incorporating graph neural networks is developed for Industrial Internet of Things systems. Design mini-batch sampling to support data parallelism and accelerate the training process in response to the distributed characteristics of the IIoT. Due to the strong real-time characteristics of the industrial IIoT, data packets in concentrated time periods contain a large number of feature attributes, and the high redundancy of features due to the correlation between features. This paper establishes a model temporal correlation and designs a new model. The performance of the proposed GIDS model is evaluated on several benchmark datasets such as BoT-IoT, ACI-IoT-2023 and OPCUA. The results marked that the method performs well on both binary classification task and multiclass classification task. The accuracy on binary classification task is 93.63% , 97.34% and 100% with F1 values of 94.34%, 97.68% and 100.00% respectively. The accuracy on multiclass classification task is 92.34%, 93.68% and 99.99% with F1 values of 94.55%, 94.12% and 99.99% respectively. Through experimental measurements, the model effectively utilizes the natural distribution characteristics of network traffic in both temporal and spatial dimensions, achieving better detection results.

A Hybrid Security Framework for Web Applications Using Blockchain and Adaptive Adversarial Learning

2025-06-24
Han Wu , Shugong Zhou | Journal of Web Engineering
Web applications are increasingly vulnerable to sophisticated cyberattacks, and traditional security methods often fail to address the dynamic nature of modern threats. To tackle these challenges, we propose a novel … Web applications are increasingly vulnerable to sophisticated cyberattacks, and traditional security methods often fail to address the dynamic nature of modern threats. To tackle these challenges, we propose a novel security model that integrates blockchain technology, deep learning, and adaptive adversarial learning (ARL). This model aims to enhance web application security by ensuring data integrity, enabling intelligent attack detection, and optimizing defense strategies in real time. By combining these advanced technologies, our model offers a scalable and adaptive solution capable of defending against both known and unknown attacks. Experimental results demonstrate that our approach outperforms existing methods, providing superior protection and resilience against a wide range of cyber threats. Our model not only improves detection accuracy but also significantly enhances response times and overall defense efficiency. These results highlight the effectiveness of the proposed model in providing robust and efficient protection for web applications, offering significant improvements over traditional methods in handling dynamic and evolving cyber threats.

Golden eagle optimization approach for feature selection and XGBoost algorithm-based intrusion detection system in wireless mesh networks of smart grid

2025-06-24
N. Rajkumar , J. Preetha Roselyn | Journal of the Chinese Institute of Engineers

Serverless Deployment of a Next.js Application Using AWS

2025-06-24
Sirish Sekhar | International Journal for Research in Applied Science and Engineering Technology
This paper presents a practical and scalable approach to deploying a modern web application built with Next.js using Amazon Web Services (AWS) in a serverless environment. The deployment architecture incorporates … This paper presents a practical and scalable approach to deploying a modern web application built with Next.js using Amazon Web Services (AWS) in a serverless environment. The deployment architecture incorporates AWS Amplify for frontend hosting and continuous integration/continuous deployment (CI/CD), Amazon Simple Notification Service (SNS) for programmatically sending emails from a contact form, and Route 53 for robust Domain Name System (DNS) management. We detail the configuration of each component, design rationale, and encountered challenges. The solution significantly reduces infrastructure overhead while preserving high availability, performance, and maintainability. Performance evaluation and architectural insights demonstrate that the proposed serverless approach is an efficient alternative to traditional deployment methods, especially for startups, research prototypes, and scale-ready applications.

Surveying Technology Fusion in IoT Networks for IDS: Exploring Datasets, Tools, Challenges, and Research Prospects

2025-06-24
Mamta Rawat , Gaurav Singal | ACM Transactions on Intelligent Systems and Technology
The Internet of Things is quickly taking over the world. Nevertheless, security for the IoT is becoming a more important academic topic and commercial concern because of several factors including … The Internet of Things is quickly taking over the world. Nevertheless, security for the IoT is becoming a more important academic topic and commercial concern because of several factors including the diverse nature of devices, protocols in use, the sensitivity of the data they carry, and security and privacy concerns. Admitting this, there appears to be a compelling need for a comprehensive survey that encompasses the entire spectrum of intrusion detection in the IoT paradigm, from foundational concepts like types of IDS, resources, and techniques for implementing IDS, to the latest technologies that can be used to enhance the performance of IDS. This study will be helpful for academic and industrial research in different ways: first, in identifying type of IDS to be used; second, in choosing various tools such as datasets and sniffing tools, and learning techniques for implementing IDS; and finally, it suggests the use of latest enabling technologies in the IoT setting to make the process of intrusion detection more secure, efficient, trustworthy and privacy aware. We have also discussed critical challenges and research directions to help young researchers advance in their research projects.

A comprehensive analysis of data science techniques for enhancing cybersecurity in the era of evolving threats

2025-06-24
Abdullah Alshammari | The Journal of Defense Modeling and Simulation Applications Methodology Technology
The presented paper delves into the realm of cybersecurity in the face of escalating and dynamic cyber threats, aiming to fortify the digital landscape through the utilization of data science … The presented paper delves into the realm of cybersecurity in the face of escalating and dynamic cyber threats, aiming to fortify the digital landscape through the utilization of data science techniques. In this pursuit, a comprehensive exploration of diverse data science methodologies tailored for bolstering cybersecurity is undertaken. The core objective is to establish robust models with the capability to discern and categorize a spectrum of cyber assaults. Encompassing an array of cyber threats such as malware, phishing, denial-of-service (DoS), distributed denial-of-service (DDoS), and structured query language (SQL) injection, a consolidated dataset is curated for meticulous analysis. This dataset encompasses multifaceted attributes including protocols, flags, packets, sender and receiver identifiers, IP addresses, ports, packet dimensions, and a pivotal target variable signifying the specific cyber-attack category. A meticulous feature-description table expounds upon these attributes. The data are rigorously prepared for model training, involving label encoding to translate categorical data into numerical formats. A discerning selection of pertinent attributes are then orchestrated to optimize the model’s performance. Standardizing the attributes onto a uniform scale is achieved through scaling and normalization techniques, leveling the playing field for subsequent model training. Diverse machine-learning models, comprising support vector machines (SVM), K-Nearest Neighbors (KNN), Random forest (RF), Decision tree (DT), Gradient Boosting Classifier (GBC), Naive Bayes (NB), and logistic regression (LR), are employed to the refined data, accompanied by an evaluation based on crucial metrics like accuracy, precision, recall, and F1-score. This evaluation illuminates the efficacy of these models in aptly categorizing cyber-attacks. Employing GridSearchCV, model parameters are meticulously fine-tuned, unveiling optimization avenues. Upon parameter optimization, a comparative analysis of the models is executed, culminating in the deployment of a voting classifier as an ensemble approach, amalgamating predictions from multiple models. Impressively, the ensemble model attains a 97.33% accuracy rate, underscoring its prowess. The confluence of models with high precision underscores the value of amalgamating distinct model attributes. Visual insights into decision boundaries shed light on the models’ capacity to discriminate between diverse cyber-attack types. Furthermore, holistic classification results and avenues for enhancement are illuminated through intricate confusion matrices. Ultimately, the study underscores the indispensability of integrating data science methodologies into cybersecurity endeavors.

Cloud-native simulation framework for gossip protocol: Modeling and analyzing network dynamics

2025-06-23
Samsuddin Samsuddin Wira , Chee Keong Tan , Wai Peng Wong +1 more | PLoS ONE
This research paper explores the implementation of gossip protocols in cloud native framework through network modeling and simulation analysis. Gossip protocol is known for their decentralized and fault-tolerant nature. Simulating … This research paper explores the implementation of gossip protocols in cloud native framework through network modeling and simulation analysis. Gossip protocol is known for their decentralized and fault-tolerant nature. Simulating gossip protocols with conventional tools may face limitations in flexibility and scalability, complicating analysis, especially for larger or more diverse networks. In this paper, gossip protocols are tested within the context of cloud native computing, which leverages its scalability, flexibility, and observability. The study aims to assess the performance and feasibility of gossip protocols within cloud-native settings through a simulated environment. The paper delves into the theoretical foundation of gossip protocol, highlights the core components of cloud native computing, and explains the methodology employed in the simulation. A detailed guide has been provided on utilizing cloud-native frameworks to simulate gossip protocols across varied network environments. The simulation analysis provides insights into gossip protocols' behavior in distributed cloud-native systems, evaluating aspects of scalability, reliability, and observability. This investigation contributes to understanding the practical implications and potential applications of gossip protocol within modern cloud-native architectures, which can also apply to conventional network infrastructure.

BotMHG: a hybrid deep learning-based graphical approach to detect botnets using graph neural networks and graph attention networks on topological and temporal features

2025-06-23
H G Mohan , Jalesh Kumar | Neural Computing and Applications

Safeguarding Networks From Malicious Intrusions Using Quantum Machine Intelligence

2025-06-23
Alok Kumar Shukla | Software Practice and Experience
ABSTRACT In recent centuries, the fast growth of Internet of Things (IoT) networks has posed serious security vulnerabilities due to heterogeneous devices, evolving attack patterns, and privacy concerns. To encounter … ABSTRACT In recent centuries, the fast growth of Internet of Things (IoT) networks has posed serious security vulnerabilities due to heterogeneous devices, evolving attack patterns, and privacy concerns. To encounter security measures, several intrusion detection solutions have been explored based on machine learning, which are reasonably effective in static environments to protect against malicious attacks. In order to defend against modern attacks, unfortunately, fundamental machine learning techniques have not considered accumulation, reuse of knowledge, and sensitivity of the detection model in dynamic environments. Keeping in attention to encounter the aforementioned limitations, in this study, we developed a security model using the grasshopper optimization algorithm (GOA), adding quantum effect to enhance the power of IoT security networks, called QMGOA. Additionally, by integration of quantum effects, the GOA approach improves exploitation capabilities, search efficiency in the feature space, and bridges the gap between exploration and exploitation processes. Furthermore, a multi‐population strategy is employed to strengthen QGOA for making more diverse solutions. Moreover, differential evolution (DE) is used in QMGOA to refine further solution quality. The proposed approach is evaluated on three datasets, such as NSL‐KDD, BoT‐IoT, and UNSW‐NB15, to determine noteworthy features and its efficacy in IoT environments. The experimental analysis further reveals that the proposed method generates better balance solutions with less execution time and outperforms state‐of‐the‐art approaches.

Exploring the Role of Artificial Intelligence in Detecting Advanced Persistent Threats

2025-06-23
Pedro Ramos Brandão | Computers
The rapid evolution of cyber threats, particularly Advanced Persistent Threats (APTs), poses significant challenges to the security of information systems. This paper explores the pivotal role of Artificial Intelligence (AI) … The rapid evolution of cyber threats, particularly Advanced Persistent Threats (APTs), poses significant challenges to the security of information systems. This paper explores the pivotal role of Artificial Intelligence (AI) in enhancing the detection and mitigation of APTs. By leveraging machine learning algorithms and data analytics, AI systems can identify patterns and anomalies that are indicative of sophisticated cyber-attacks. This study examines various AI-driven methodologies, including anomaly detection, predictive analytics, and automated response systems, highlighting their effectiveness in real-time threat detection and response. Furthermore, we discuss the integration of AI into existing cybersecurity frameworks, emphasizing the importance of collaboration between human analysts and AI systems in combating APTs. The findings suggest that the adoption of AI technologies not only improves the accuracy and speed of threat detection but also enables organizations to proactively defend against evolving cyber threats, probably achieving a 75% reduction in alert volume.

Dynamic memory event-triggered interval type-2 fuzzy RBFNN control for multi-agent systems under false data injection attacks

2025-06-23
Xin Li , Dakuo He , Qiang Zhang +1 more | Applied Mathematics and Computation

A Combined Supervised and Unsupervised Deep Learning Approach for Intrusion Detection in IoT Traffic in an Edge Computing Environment

2025-06-23
Sangeeta Sharma , Priyanka Verma , Nitesh Bharot +3 more | SN Computer Science

Sistema Unificado de Detecção e Mitigação de Ataques de Evil Twin em Redes Wi-Fi Industriais com IOT/IIOT

2025-06-23
Walter Claudino da Silva Júnior , Manoel Henrique Reis Nascimento | Revista de Gestão e Secretariado (Management and Administrative Professional Review)
A segurança de redes Wi-Fi em ambientes industriais tornou-se um desafio crítico na era da transformação digital, especialmente com a massiva adoção de dispositivos IoT e IIoT. O ataque Evil … A segurança de redes Wi-Fi em ambientes industriais tornou-se um desafio crítico na era da transformação digital, especialmente com a massiva adoção de dispositivos IoT e IIoT. O ataque Evil Twin, que cria pontos de acesso fraudulentos idênticos aos legítimos, representa uma ameaça grave à confidencialidade e disponibilidade dos sistemas industriais. Apesar dos protocolos de segurança tradicionais, como WPA2-PSK, sua eficácia é limitada em ambientes complexos, deixando as redes vulneráveis a interceptações de dados e paradas não planejadas na produção. Este trabalho propõe um Sistema Unificado de Detecção e Mitigação que integra três pilares fundamentais: autenticação robusta baseada em RADIUS, monitoramento contínuo com o sistema de detecção de intrusão Snort e gestão centralizada de acessos via Active Directory. A metodologia incluiu a implementação progressiva em cinco cenários de teste, desde uma configuração básica até a solução completa, com simulações de ataques em ambiente controlado. Os resultados demonstraram que, enquanto o cenário apenas com WPA2-PSK apresentou uma taxa alarmante de 87% de sucesso em ataques simulados, o SUDM reduziu essa vulnerabilidade para menos de 10%. Além disso, o sistema manteve a latência abaixo de 400ms, adequada para operações industriais, e alcançou alta precisão, com apenas 6% de falsos positivos e 3% de falsos negativos. Esses resultados comprovam que a abordagem integrada proposta supera as limitações das soluções convencionais, oferecendo proteção eficaz contra ameaças avançadas em redes Wi-Fi industriais. A pesquisa contribui com um framework prático de implementação, parâmetros otimizados e diretrizes para adaptação em diferentes contextos industriais, demonstrando que a combinação estratégica de tecnologias existentes pode garantir segurança robusta sem comprometer o desempenho operacional.

PAPEA: A modular pipeline for the automation of protest event analysis

2025-06-23
Sebastian Haunss , Priska Daphi , Jan Matti Dollbaum +3 more | Political Science Research and Methods
Abstract Protest event analysis (PEA) is the core method to understand spatial patterns and temporal dynamics of protest. We show how Large Language Models (LLM) can be used to automate … Abstract Protest event analysis (PEA) is the core method to understand spatial patterns and temporal dynamics of protest. We show how Large Language Models (LLM) can be used to automate the classification of protest events and of political event data more broadly with levels of accuracy comparable to humans, while reducing necessary annotation time by several orders of magnitude. We propose a modular pipeline for the automation of PEA (PAPEA) based on fine-tuned LLMs and provide publicly available models and tools which can be easily adapted and extended. PAPEA enables getting from newspaper articles to PEA datasets with high levels of precision without human intervention. A use case based on a large German news-corpus illustrates the potential of PAPEA.

Adaptive anomaly detection for identifying attacks in cyber-physical systems: A systematic literature review

2025-06-23
Pablo Moriano , Steven C. Hespeler , Mingyan Li +1 more | Artificial Intelligence Review
View PDF Chat

An Improved Binary Slime Mold Algorithm for Intrusion Detection Systems

2025-06-23
Mahdieh Khorashadizade , Soodeh Hosseini , Morteza Jouyban | Concurrency and Computation Practice and Experience
ABSTRACT This paper proposes an enhanced intrusion detection system (IDS) that integrates an improved feature selection (FS) mechanism with optimized artificial neural network (ANN) training. The FS process is guided … ABSTRACT This paper proposes an enhanced intrusion detection system (IDS) that integrates an improved feature selection (FS) mechanism with optimized artificial neural network (ANN) training. The FS process is guided by a novel hybrid variant of the slime mold algorithm (SMA), called LBSMA, which incorporates both Lévy flight and Brownian motion to balance exploration and exploitation capabilities. Furthermore, an Equivalent SMA called ESMA is developed for training ANN by adopting the velocity update concept from the particle swarm optimization (PSO) algorithm. The proposed LBSMA‐ESMA framework is evaluated on several benchmark IDS data sets and compared with well‐known optimization techniques such as grasshopper optimization algorithm (GOA), PSO, genetic algorithm (GA), teaching‐learning optimization algorithm (TLBO), and Salp Swarm optimization algorithm (SSA). Experimental results show that the proposed method outperforms existing algorithms in terms of classification accuracy, convergence speed, and robustness, making it a promising solution for FS in security‐related applications.

Real-Time Anomaly Detection for Zero-Day Exploits

2025-06-22
John Komarthi | International Journal For Multidisciplinary Research
Zero-day exploits are cyber attacks that take advantage of vulnerabilities that are previously unknown. Lack of prior signatures or patches makes them a critical security threat. This paper is going … Zero-day exploits are cyber attacks that take advantage of vulnerabilities that are previously unknown. Lack of prior signatures or patches makes them a critical security threat. This paper is going to explore the approach based on anomalies for real-time detection of such zero-day exploits. The approach tries to flag any deviations from normal behavior to recognise potential attacks. This paper will try to explore the challenges and limitations (including model poisoning, regulatory constraints, adversarial evasion, and operational issues) and observe some zero-day exploit detection in real-world scenarios. The paper will also outline the future directions, federated learning for collaborative defense, adaptive threat modeling, integration with cyber threat intelligence (CTI), and self-healing systems.

Learning to Detect: An Enhanced DNN Model with Adaptive Attention for Classifying DDoS Traffic

2025-06-21
Ahmed Saleh Khaled Abdullah Alhurdi , Mohammed Abdullah | Engineering and Technology Journal
This research proposes an enhanced Deep Neural Network (DNN) model for detecting Distributed Denial of Service (DDoS) attacks using the CIC-IDS2017 dataset. The model incorporates a Adaptive Attention Layer (AAL) … This research proposes an enhanced Deep Neural Network (DNN) model for detecting Distributed Denial of Service (DDoS) attacks using the CIC-IDS2017 dataset. The model incorporates a Adaptive Attention Layer (AAL) and data normalization to improve feature relevance and classification accuracy. Experiments were conducted across three feature sets (78, 39, and 25), multiple dataset sizes (4K, 40K, 225K), and a range of classification thresholds (0.1 to 1.0). Results demonstrate that optimal accuracy is consistently achieved at thresholds between 0.2 and 0.4. The study confirms a positive correlation between increased feature and dataset sizes and improved detection accuracy—especially when combined with AAL and normalization. The adaptive layer significantly enhances model performance by focusing on the most informative features and reducing both false positives and false negatives. The proposed model achieved a maximum accuracy of 99.93%, outperforming several benchmark methods. These findings underscore the value of attention-based deep learning approaches in developing robust, scalable, and real-time intrusion detection systems for cybersecurity applications.

A Comprehensive Review of Advances and Challenges in Cybersecurity: Strengths, Weaknesses, and Future Directions

2025-06-21
Shradhha Karale | INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT
At present, most of the economic ,commercial, cultural, social and governmental activities and interactions of countries ,at all levels, including individuals, non-governmental organizations and government And governmental institutions, are carried … At present, most of the economic ,commercial, cultural, social and governmental activities and interactions of countries ,at all levels, including individuals, non-governmental organizations and government And governmental institutions, are carried out in cyber space. Recently, many private companies and Government organizations around the world are facing the problem of cyber-attacks and the danger of wireless communication technologies. Today’s world is highly dependent on electronic technology, and protecting this data from cyber-attacks is a challenging issue. The purpose of cyber-attacks is to harm companies financially. In some other cases, cyber-attacks can have military or political purposes. Some of these damages are: PC viruses, knowledge breaks, data distribution service(DDS)and other assault vectors. To this end, various organization is use various solutions to prevent damage caused by cyber- attacks. Cyber security follows realtime information on the latest IT data. Sofar, various methods had been proposed by researchers around the world to prevent cyber-attacks or reduce the damage caused by them. Some of the methods are in the operational phase and others are in the study phase. The aim of th is study is to survey and comprehensively review the standard advances presented in the filed of cyber security and to investigate the challenges, weaknesses and strengths of the proposed methods. Different types of new descendant attacks are considered in details. Standard security frameworks are discussed with the history and early-generation cyber-security methods .In addition ,emerging trends and recent developments of cyber security and security threats and challenges are presented. It is expected that the comprehensive review study presented for IT and cybersecurity researchers will be useful.

A novel intrusion detection framework for industrial IoT: GCN-GRU architecture optimized with ant colony optimization

2025-06-21
Mahdi Mir , Mohammad Trik | Computers & Electrical Engineering

SDN Attack Identification Model Using Hybrid CNN – LSTM with Attention Mechanism

2025-06-21
P. Loganayagi | INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT
SDN provides centralised control and programmability, but because of its open and centralised architecture, it is extremely susceptible to cyberattacks like Distributed Denial of Service (DDoS), infiltration, and botnets. In … SDN provides centralised control and programmability, but because of its open and centralised architecture, it is extremely susceptible to cyberattacks like Distributed Denial of Service (DDoS), infiltration, and botnets. In terms of accuracy and flexibility, traditional intrusion detection systems frequently fall short of the changing requirements of SDN settings. In order to solve this, we suggest a hybrid deep learning model that incorporates Long Short-Term Memory (LSTM) networks and Convolutional Neural Networks (CNN), augmented with an Attention mechanism. In order to increase accuracy and interpretability, CNN layers take out spatial information from traffic data, LSTM layers record temporal dependencies, and the Attention mechanism highlights important elements. The CICIDS 2017 dataset is used to train and assess the model, utilising pre - processing methods such as class balancing, label encoding, and normalisation. According to experimental results, our model outperforms conventional models such standalone CNNs and statistical techniques, achieving an accuracy of 93.43%. It performs admirably in a variety of attack scenarios, such as DDoS, probe, and penetration. This study establishes the foundation for real-time, scalable deployment and demonstrates the potential of hybrid deep learning models in SDN cybersecurity. Future research will concentrate on improving the detection of zero-day attacks and tailoring the model for edge computing settings with TensorFlow Lite. Key Words: SDN Security, Intrusion Detection, CNN-LSTM Hybrid, Attention Mechanism, Cyberattack Detection.

A few-shot detection method for new types of network traffic attacks based on meta-learning with cross-attention

2025-06-21
Qiang Cai , P. F. Ding , Jinsong Wang | The Journal of Supercomputing

Security Risks in 5G

2025-06-21
Ruchita P. Belosay | INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT
This paper presents a comprehensive review of security vulnerabilities in fifth-generation (5G) wireless networks. It investigates emerging threats across the core network, protocol layers, and software-defined infrastructures, emphasizing risks introduced … This paper presents a comprehensive review of security vulnerabilities in fifth-generation (5G) wireless networks. It investigates emerging threats across the core network, protocol layers, and software-defined infrastructures, emphasizing risks introduced by network slicing, open APIs, and virtualization. The methodology involves comparative analysis of recent technical literature and classification of threats such as denial-of-service attacks, weak authentication mechanisms, and endpoint vulnerabilities. The study evaluates current mitigation strategies including encryption, slice isolation, and secure device authentication, identifying their limitations in real-world deployment. Key findings highlight persistent gaps in standard implementation, especially in maintaining confidentiality, integrity, and availability in hyperconnected environments. The paper concludes with recommendations for future research, including AI-based threat detection, post-quantum cryptographic solutions, and adoption of zero-trust security frameworks. The insights aim to assist researchers, network operators, and policymakers in strengthening the resilience of 5G infrastructures against evolving cyber threats. Key Words: 5G,DDos Attacks,IOT Vulnerabilities,Network Security,Network Slicing

Offensive and Defensive Artificial Intelligence in Cyberspace

2025-06-20
A. Parkavi , Sini Anna Alex , V. Sangeetha +1 more | Apple Academic Press eBooks

Unified hybrid quantum classical neural network framework for detecting distributed denial of service and Android mobile malware attacks

2025-06-20
S. Sridevi , Indira Bharathi , S. Geetha +3 more | EPJ Quantum Technology

Enhanced DDoS Detection Using Feature Selection and Multi-Model Machine Learning Frameworks

2025-06-20
K. Muthamil Sudar , P. Nagaraj , V. Vaissnave | Advances in computational intelligence and robotics book series
Distributed Denial of Service (DDoS) attacks are among the most pervasive and disruptive threats in today's interconnected digital landscape, capable of overwhelming systems and rendering services unavailable. The effective and … Distributed Denial of Service (DDoS) attacks are among the most pervasive and disruptive threats in today's interconnected digital landscape, capable of overwhelming systems and rendering services unavailable. The effective and timely detection of DDoS attacks has therefore become critical for maintaining the security and availability of networked systems. This chapter presents a holistic approach to DDoS detection based on machine learning techniques, improved by feature selection and the use of multiple predictive models The system uses a diverse ensemble of machine learning models: Random Forest, Support Vector Machine, Gradient Boosting, and Neural Networks to effectively learn the complex patterns typical of DDoS traffic This chapter highlights the potential of integrating feature selection with multi-model machine learning frameworks for efficient and scalable DDoS detection.The proposed framework will be able to counter the evolving nature of DDoS attacks, hence offering resilience and reliability in ever-increasingly complex network environments.

An optimal attack detection model based on optimized capsule networks with stacked auto encoder in IoT

2025-06-20
Silambarasan Tamil Selvan , A. Ranjith Kumar , N. V. Sanjay Kumar +1 more | International Journal of Information Technology

AI-driven security architecture: Innovations in autonomous threat response

2025-06-20
Gowtham Kukkadapu | World Journal of Advanced Engineering Technology and Sciences
This article presents a comprehensive overview of AI-driven security architectures and innovations in autonomous threat response. As cybersecurity landscapes evolve with increasingly sophisticated threats, traditional security approaches relying on signature-based … This article presents a comprehensive overview of AI-driven security architectures and innovations in autonomous threat response. As cybersecurity landscapes evolve with increasingly sophisticated threats, traditional security approaches relying on signature-based detection and human intervention prove inadequate against modern attack methodologies. The paradigm shift toward autonomous security systems leverages machine learning and artificial intelligence to enable continuous adaptation and proactive defense mechanisms. The article examines foundational components of AI-driven security architectures, key innovations including reinforcement learning, generative adversarial networks, security orchestration platforms, and implementation strategies and best practices. While highlighting transformative potential, the article also addresses significant challenges, including model interpretability, adversarial vulnerabilities, computational constraints, and ethical considerations that security practitioners must navigate when deploying these advanced systems.

Attack detection in internet of things networks with deep learning using deep transfer learning method

2025-06-20
Riki Abdillah Hasanuddin , Muhammad Subali | Computer Science and Information Technologies
Cybersecurity becomes a crucial part within the information management framework of internet of things (IoT) device networks. The large-scale distribution of IoT networks and the complexity of communication protocols used … Cybersecurity becomes a crucial part within the information management framework of internet of things (IoT) device networks. The large-scale distribution of IoT networks and the complexity of communication protocols used are contributing factors to the widespread vulnerabilities of IoT devices. The implementation of transfer learning models in deep learning can achieve optimal performance faster than traditional machine learning models, as they leverage knowledge from previous models that already understand these features. Base model was built using the 1-dimension convolutional neural network (1D-CNN) method, using training and test data from the source domain dataset. Model 1 was constructed using the same method as base model. The test and training data used for model 1 were from the target domain dataset. This model successfully detected known attacks at a rate of 99.352%, but did not perform well in detecting unknown attacks, with an accuracy of 84.645%. Model 2 is an enhancement of model 1, incorporating transfer learning from the base model. Its results significantly improved compared to model 1 testing. Model 2 has an accuracy and precision rate of 98.86% and 99.17 %, respectively, allowing it to detect previously unknown attacks. Even with a slight decrease in normal detection, most attacks can still be detected.

The Deep Learning-Based Security Assessment and Optimization Model for Enterprise Information Systems Under Digital Economy

2025-06-20
Jin Fa Qiu , Lan Shu , Yinshun Zhang | Journal of Organizational and End User Computing
With the increasing complexity of enterprise systems and the rise in cyber threats, managing security risks while optimizing resources has become a significant challenge. Traditional models often address security and … With the increasing complexity of enterprise systems and the rise in cyber threats, managing security risks while optimizing resources has become a significant challenge. Traditional models often address security and resource management in isolation, making it difficult to adapt to evolving threats and dynamic workloads. This paper proposes the deep learning-based dynamic security assessment and optimization model, which integrates dynamic security assessment, anomaly detection, multi-modal data fusion, security investment optimization, and cloud resource optimization into a unified framework. By leveraging deep learning techniques such as convolutional neural networks for feature extraction and recurrent neural networks for temporal anomaly detection, alongside reinforcement learning for resource optimization, the deep learning-based dynamic security assessment and optimization model provides real-time risk evaluation and adapts resource allocation based on system needs.

Correction: A Real Network Environment Dataset for Traffic Analysis

2025-06-20
Wei Jiang , Bin Zhang , Qixun Zhu +2 more | Scientific Data

Security Viewpoint In Artificial Intelligence-Based Systems

2025-06-20
Kukatlapalli Pradeep Kumar , Marta Zurek‐Mortka , Vinay Jha Pillai | Apple Academic Press eBooks