Опубликована: Дек. 3, 2024
Язык: Английский
Algorithms, Год журнала: 2025, Номер 18(2), С. 69 - 69
Опубликована: Янв. 28, 2025
As security threats become more complex, the need for effective intrusion detection systems (IDSs) has grown. Traditional machine learning methods are limited by extensive feature engineering and data preprocessing. To overcome this, we propose two enhanced hybrid deep models, an autoencoder–convolutional neural network (Autoencoder–CNN) a transformer–deep (Transformer–DNN). The Autoencoder reshapes traffic data, addressing class imbalance, CNN performs precise classification. transformer component extracts contextual features, which DNN uses accurate Our approach utilizes adaptive synthetic sampling–synthetic minority oversampling technique (ADASYN-SMOTE) binary classification SMOTE multi-class classification, along with edited nearest neighbors (ENN) further imbalance handling. models were designed to minimize false positives negatives, improve real-time detection, identify zero-day attacks. Evaluations based on CICIDS2017 dataset showed 99.90% accuracy Autoencoder–CNN 99.92% Transformer–DNN in 99.95% 99.96% respectively. On NF-BoT-IoT-v2 dataset, achieved 99.98% 97.95% while reached 97.90%, These results demonstrate superior performance of proposed compared traditional handling diverse
Язык: Английский
Процитировано
3
Scientific Reports, Год журнала: 2025, Номер 15(1)
Опубликована: Янв. 14, 2025
Smart devices are enabled via the Internet of Things (IoT) and connected in an uninterrupted world. These pose a challenge to cybersecurity systems due attacks network communications. Such have continued threaten operation end-users. Therefore, Intrusion Detection Systems (IDS) remain one most used tools for maintaining such flaws against cyber-attacks. The dynamic multi-dimensional threat landscape IoT increases Traditional IDS. focus this paper aims find key features developing IDS that is reliable but also efficient terms computation. Enhanced Grey Wolf Optimization (EGWO) Feature Selection (FS) implemented. function EGWO remove unnecessary from datasets intrusion detection. To test new FS technique decide on optimal set based accuracy achieved feature taking filters, recent approach relies NF-ToN-IoT dataset. selected evaluated by using Random Forest (RF) algorithm combine multiple decision trees create accurate result. experimental outcomes procedures demonstrate capacity recommended classification methods determine Analysis results presents performs more effectively than other techniques with optimized (i.e., 23 out 43 features), high 99.93% improved convergence.
Язык: Английский
Процитировано
2
Discover Internet of Things, Год журнала: 2025, Номер 5(1)
Опубликована: Янв. 22, 2025
Язык: Английский
Процитировано
2
Ain Shams Engineering Journal, Год журнала: 2025, Номер 16(2), С. 103281 - 103281
Опубликована: Янв. 27, 2025
Язык: Английский
Процитировано
2
Cluster Computing, Год журнала: 2025, Номер 28(4)
Опубликована: Фев. 25, 2025
Язык: Английский
Процитировано
2
Future Internet, Год журнала: 2024, Номер 16(7), С. 253 - 253
Опубликована: Июль 18, 2024
The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial service (DoS), distributed (DDoS), botnet, brute force, infiltration, Heartbleed. This study focuses on leveraging unsupervised learning for training models counter these threats effectively. proposed method utilizes basic autoencoders (bAEs) dimensionality reduction encompasses three-stage model: one-class support vector machine (OCSVM) deep autoencoder (dAE) attack detection, complemented by density-based spatial clustering applications with noise (DBSCAN) clustering. Accurately delineated clusters aid mapping tactics. MITRE ATT&CK framework establishes “Cyber Threat Repository”, cataloging attacks tactics, enabling immediate response based priority. Leveraging preprocessed unlabeled normal traffic data, this approach enables the identification novel while mitigating impact imbalanced data model performance. reconstruction error, OCSVM employs kernel function establish hyperplane anomaly DBSCAN clusters, manage noise, accommodate diverse shapes, automatically determining cluster count, ensuring scalability, minimizing false positives negatives. Evaluated standard datasets such as CIC-IDS2017 CSECIC-IDS2018, outperforms existing state art methods. Our achieves accuracies exceeding 98% two datasets, thus confirming its efficacy effectiveness application efficient systems.
Язык: Английский
Процитировано
7
Future Internet, Год журнала: 2024, Номер 16(12), С. 481 - 481
Опубликована: Дек. 23, 2024
Network and cloud environments must be fortified against a dynamic array of threats, intrusion detection systems (IDSs) are critical tools for identifying thwarting hostile activities. IDSs, classified as anomaly-based or signature-based, have increasingly incorporated deep learning models into their framework. Recently, significant advancements been made in particularly those using machine learning, where attack accuracy has notably high. Our proposed method demonstrates that can achieve unprecedented success both known unknown threats within environments. However, existing benchmark datasets typically contain more normal traffic samples than to reflect real-world network traffic. This imbalance the training data makes it challenging IDSs accurately detect specific types attacks. Thus, our challenges arise from two key factors, unbalanced emergence new, unidentified threats. To address these issues, we present hybrid transformer-convolutional neural (Transformer-CNN) model, which leverages resampling techniques such adaptive synthetic (ADASYN), minority oversampling technique (SMOTE), edited nearest neighbors (ENN), class weights overcome imbalance. The transformer component model is employed contextual feature extraction, enabling system analyze relationships patterns effectively. In contrast, CNN responsible final classification, processing extracted features identify types. Transformer-CNN focuses on three primary objectives enhance performance: (1) reducing false positives negatives, (2) real-time high-speed networks, (3) detecting zero-day We evaluate Transformer-CNN, NF-UNSW-NB15-v2 CICIDS2017 datasets, assess its performance with metrics accuracy, precision, recall, F1-score. results demonstrate achieves an impressive 99.71% binary classification 99.02% multi-class dataset, while reaches 99.93% 99.13% significantly outperforming models. proves enhanced capability IDS defending intrusions, including
Язык: Английский
Процитировано
7
Wiley Interdisciplinary Reviews Data Mining and Knowledge Discovery, Год журнала: 2025, Номер 15(2)
Опубликована: Март 28, 2025
ABSTRACT As the Internet of Things (IoT) continues expanding its footprint across various sectors, robust security systems to mitigate associated risks are more critical than ever. Intrusion Detection Systems (IDS) fundamental in safeguarding IoT infrastructures against malicious activities. This systematic review aims guide future research by addressing six pivotal questions that underscore development advanced IDS tailored for environments. Specifically, concentrates on applying machine learning (ML) and deep (DL) technologies enhance capabilities. It explores feature selection methodologies aimed at developing lightweight solutions both effective efficient scenarios. Additionally, assesses different datasets balancing techniques, which crucial training models perform accurately reliably. Through a comprehensive analysis existing literature, this highlights significant trends, identifies current gaps, suggests studies optimize frameworks ever‐evolving landscape.
Язык: Английский
Процитировано
1
Journal of Information and Intelligence, Год журнала: 2024, Номер unknown
Опубликована: Сен. 1, 2024
Язык: Английский
Процитировано
5
Sensors, Год журнала: 2025, Номер 25(3), С. 847 - 847
Опубликована: Янв. 30, 2025
The rise in intrusions on network and IoT systems has led to the development of artificial intelligence (AI) methodologies intrusion detection (IDSs). However, traditional AI or machine learning (ML) methods can compromise accuracy due vast, diverse, dynamic nature data generated. Moreover, many these lack transparency, making it challenging for security professionals make predictions. To address challenges, this paper presents a novel IDS architecture that uses deep (DL)-based methodology along with eXplainable (XAI) techniques create explainable models systems, empowering analysts use effectively. DL are needed train enormous amounts produce promising results. Three different models, i.e., customized 1-D convolutional neural networks (1-D CNNs), (DNNs), pre-trained model TabNet, proposed. experiments performed seven datasets TON_IOT. CNN dataset achieves an impressive 99.24%. Meanwhile, six datasets, most DNN achieve 100% accuracy, further validating effectiveness proposed models. In all least-performing is TabNet. Implementing method real time requires explanation predictions Thus, XAI implemented understand essential features responsible predicting particular class.
Язык: Английский
Процитировано
0