Next Article in Journal
Local and Network Dynamics of a Non-Integer Order Resistor–Capacitor Shunted Josephson Junction Oscillators
Next Article in Special Issue
BTH: Behavior-Based Structured Threat Hunting Framework to Analyze and Detect Advanced Adversaries
Previous Article in Journal
Advanced Cybersecurity Services Design
Previous Article in Special Issue
Intelligent Hybrid Deep Learning Model for Breast Cancer Detection
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:

A Novel Anomaly Detection System on the Internet of Railways Using Extended Neural Networks

Umar Islam
Rami Qays Malik
Amnah S. Al-Johani
Muhammad. Riaz Khan
Yousef Ibrahim Daradkeh
Ijaz Ahmad
Khalid A. Alissa
Zulkiflee Abdul-Samad
8 and
Elsayed M. Tag-Eldin
Department of Computer Science, Iqra National University, Swat Campus 19220, Peshawar 25100, Pakistan
Medical Instrumentation Techniques Engineering Department, Al-Mustaqbal University College, Babylon 51001, Iraq
Mathematics Department, Faculty of Science, University of Tabuk, Tabuk 71491, Saudi Arabia
Department of Mathematics, Quaid-i-Azam University, Islamabad 44000, Pakistan
Department of Computer Engineering and Networks, College of Engineering in Wadi Alddawasir, Prince Sattam Bin Abdulaziz University, Al-Kharj 11942, Saudi Arabia
Shenzhen Institute of Advanced Technology (SIAT), University of Chinese Academy of Sciences, Shenzhen 518055, China
SAUDI ARAMCO Cybersecurity, Networks and Communications Department, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
Department of Quantity Surveying, Faculty of Built Environment, University of Malaya, Lumpur 50603, Malaysia
Electrical Engineering Department, Faculty of Engineering, Technology, Future University in Egypt, New Cairo 11835, Egypt
Authors to whom correspondence should be addressed.
Electronics 2022, 11(18), 2813;
Submission received: 1 July 2022 / Revised: 26 August 2022 / Accepted: 31 August 2022 / Published: 6 September 2022
(This article belongs to the Special Issue Intelligent Data Sensing, Processing, Mining, and Communication)


The Internet of Railways (IoR) network is made up of a variety of sensors, actuators, network layers, and communication systems that work together to build a railway system. The IoR’s success depends on effective communication. A network of railways uses a variety of protocols to share and transmit information amongst each other. Because of the widespread usage of wireless technology on trains, the entire system is susceptible to hacks. These hacks could lead to harmful behavior on the Internet of Railways if they spread sensitive data to an infected network or a fake user. For the previous few years, spotting IoR attacks has been incredibly challenging. To detect malicious intrusions, models based on machine learning and deep learning must still contend with the problem of selecting features. k-means clustering has been used for feature scoring and ranking because of this. To categorize attacks in two datasets, the Internet of Railways and the University of New South Wales, we employed a new neural network model, the extended neural network (ENN). Accuracy and precision were among the model’s strengths. According to our proposed ENN model, the feature-scoring technique performed well. The most accurate models in dataset 1 (UNSW-NB15) were based on deep neural networks (DNNs) (92.2%), long short-term memory LSTM (90.9%), and ENN (99.7%). To categorize attacks, the second dataset (IOR dataset) yielded the highest accuracy (99.3%) for ENN, followed by CNN (87%), LSTM (89%), and DNN (82.3%).

1. Introduction

Railways have played a central role in public transportation since the early 19th century when the first steam locomotive was used [1]. Because of their central role in connecting major metropolitan areas, railroads have long been considered an essential mode of transportation for people traveling in and out of those areas [2]. For the first time in history, a high-speed rail system has been developed to meet the public’s need for long-distance travel [3]. As a result of the railroad’s high capacity and energy efficiency, several countries’ governments have promoted and supported it for the benefit of the public [4]. As a result, when formulating transportation regulations, governments take the railroad into account [5,6]. Things are employed in a variety of applications, including the smart Internet of Rail Things [7]. Because of the wide variety of IoT devices, and their limited computing power, protocols, and standards, there are new security risks to contend with. IoT devices have default passwords before manufacturing, making them vulnerable to brute force attacks [8]. Due to the ever-increasing complexity of the computer system, network security must be improved [9]. Therefore, to sustain security, there must be continuity, integrity, and confidentiality in networked system and integrity, confidentiality, and availability can all be jeopardized by intrusions [10,11].
Internet of Railways (IoR) is an open, convergent network system that supports human, rail, and environmental cooperation [12]. Multiagent systems (MAS) work in concert with VANET and cloud computing to build a cooperative and extended transportation system. An IoR anomaly detection system is essential for data quality and security in today’s uncertain world [13]. The cost of real-time anomaly detection for all data in a data package must be taken into account while conducting crucial safety data analysis. The three layers of the Internet of Railways are experimentation and control, computation, and application. In [14], environmental data are used to run and monitor the railway’s experimental and control layers. Wireless networks such as WLAN, cellular (4G/5G), and short-range wireless networks are used by the railways to communicate at the computer level. Both closed and open service models can be found at this level of the application. The major components of an IoR system are shown in Figure 1.
Unlike the Internet, IoR data security flaws come from both inside and outside [14]. Because they lack the data verification capabilities of the CAN protocol, Internet data transmission techniques are vulnerable to simple security issues. Because of the IoR’s openness and widespread adoption, protecting against a data breach is more challenging as is identifying irregularities in autonomous railways [15]. Cyber railways are so unique and susceptible. System failures and malicious attacks jeopardize human and property safety [16]. Figure 2 shows the potential IoR security risks. An attacker can steal data and damage drivers using a V2V connection. This condition creates a second security issue.
Internet-based rail systems are based on interconnected networks of sensors, actuators, and network layers, all working together to form the Internet of Railways (IoR). The IoR’s success depends on how well it communicates. To exchange and transfer data, a railroad network employs a variety of protocols. The entire system is vulnerable to hacking due to the widespread use of wireless technology on trains. These kinds of attacks on the Internet of Railways can have a negative impact, especially if they spread sensitive information to an infected network or a false user. Detecting IoR attacks has been extremely difficult in the past few years. Feature selection is still a challenge for models based on machine learning and deep learning when trying to detect harmful activity.
Many security and privacy concerns have been raised by using many attack models on intelligent trains. As a result, the VANET is vulnerable to attacks that jam or spoof its signal. Delays in the transmission of the message cause it to be damaged and not accomplish its intended purpose [17]. Internet or physical access to an intelligent rail’s intelligence system is another security problem [18,19,20]. Embedded technologies, hardware and software updates, and networking devices have helped the IoR’s progress. However, despite this, the IoR still poses security, accuracy, performance, and network and personal privacy threat. The usage of intelligent services, remote access, and network alterations has resulted in several security and privacy concerns. Thus, the IoR data transfer security issues are a serious issue. The network and security issues in the Internet of Railways can be addressed using these strategies and ideas. This study defined security requirements for IoR apps to enhance the network and user services. DoS intrusions are detected using a new model called extended neural network. The main research contributions are:
A deep learning model to detect an anomaly in the railway network is proposed in this research.
The goal of this research is to give a thorough methodology for preparing network traffic data for the creation of an IDS.
We employ k-means clustering to present an averaging feature selection approach to increase the efficiency of the proposed intrusion detection system and to perform a network attribute and attack analysis for network monitoring purposes.
There are five sections in this paper. The problem and context for the paper are laid forth in Section 1 of the document. The relevant work is described in Section 2. In Section 3, the present framework and approach are described. The current study’s findings are discussed in detail in Section 4. The conclusions of the current investigation are presented in Section 5.

2. Related Work

The IoT’s enormous variety, limited computational resources, and protocols and standards all combine to create a common challenge: how to ensure secure communication across all connected devices at once. A large attack surface in IoT networks, even with certain security precautions, makes them very vulnerable to numerous attacks. This necessitates the development of security measures. Having security defenses such as intrusion detection systems (IDSs) in place is critical in IoT networks [19]. Traditional security solutions such as authentication and encryption are insufficient [20]. IDSs protect Internet-connected frameworks as a network-level solution. Internet of Things concerns include malware detection, ransomware, processor heterogeneity, and security design gaps. Classical IDSs are not perfect because of false alarms [21]. Traditional approaches such as supervised and unsupervised machine learning [22,23,24,25,26], as well as newer technologies [27,28], have been examined for intrusion detection in the IoT. They have been analyzed and their outcomes discussed, along with every selected work objective and methodology. IoT systems cannot be protected using traditional security techniques because of their computational limitations and inherent resources [26,27,28,29]. ML approaches in IDSs identify unknown and known attacks on IoT devices in real time [30,31]. IoT protocols and network structure are not relevant to an IDS proposed in [32]. “To utilize this IDS, no prior knowledge of security concerns is required.” This necessitates the creation of an artificially intelligent IDS for use in the Internet of Things’ (IoT) networks.
For IoR-ready software systems that require flexible, decentralized feedback control mechanisms, Eiza et al. [32] offered a guaranteed requirements model utilizing situation calculus modeling. Interactive passenger support software that provided passengers with real-time information tailored to their specific needs was demonstrated using an established formal model. The system adapted in real time as it was being used.
At the transport layer, network packets can be classified as “abnormal” or “regular” using machine learning and a knowledge-based system to identify DDoS attacks. To counter DDoS attacks, [33] used deep learning methods and convolutional neural networks (CNNs). TCP SYN-Flood and ICMP flood DDOS attacks were highlighted in that study. During the experimentation phase, the researcher employed the CICIDS2017 and NSL-KDD datasets to train and evaluate the algorithms (models). That accuracy number served as a benchmark for comparing the four algorithms. Results showed that a score of 99.93 was achieved.
According to Zhang et al. [2], using IoT-specific network behavior (such as a restricted number of endpoints and regular time intervals between packets) to influence feature selection, neural networks can achieve high-accuracy DDoS detection in IoT network traffic. Home gateway routers and other network middleboxes can use low-cost machine learning algorithms and flow-based and protocol-agnostic traffic data to automatically detect the local IoT device sources of DDoS attacks.
IoT threats and vulnerabilities were examined from a packet core perspective, and a machine learning DDoS detection and mitigation method was proposed for the mobile core network in [3]. Four supervised machine learning classification methods were used to test the proposed method, and each classifier was evaluated. A KNN, decision tree, naive Bayes, and logistic regression all performed well in the evaluations, with the KNN scoring 99.93 %accuracy, decision tree scoring 99.31 %accuracy, and naive Bayes scoring 74.17 %accuracy.
An IoT device traffic detection model that uses a boosting strategy of logistic model trees was shown in [4]. There was a model version for each device type because network traffic from different devices can change slightly. A typical smart home has four types of devices: Class 1—extremely high traffic predictability; Class 2—high traffic predictability; Class 3—medium traffic predictability; and Class 4—low traffic predictability. Using these four device categories, our proposed method was shown to be 99.92 to 99.99 %accurate in testing.
In another study [33], AI and ML techniques were examined to improve IoV network defenses against DDOS attacks, which could lead to more sophisticated protection architectures. Simulators were used to evaluate the utility of the suggested methodology in comparison to more traditional methods based on fuzzy logic and Q-learning theory. There have been few works on IoR security systems. Table 1 shows the summary of the previous state-of-art studies with the techniques used and accuracy obtained.

3. Methodology

In this section, a detailed description of the datasets and proposed schemes is given. Figure 3 shows the proposed workflow of the current study. In the first step, we gathered two datasets from an online open-source website ( accessed on 28 February 2021) namely UNSW-NB15 (referred to as dataset 1) and IoR dataset (referred as dataset 2). We adopted multiple data preprocessing techniques, i.e., data scaling, normalization, null spaces removal, and outliers removal. In feature scoring, we used the k-means clustering technique to rank the most important features and select these features to detect attacks in both datasets with the help of the extended neural network.

3.1. Dataset Description

UNSW-NB15 Dataset
The UNSW-NB15 dataset keeps track of network attacks. In addition to DDoS, worms, backdoors, and fuzzers, malicious software includes nine other sorts of attacks. In the dataset are packets from the network. Among the training and testing sets, there were a total of 175,341 and 82,332 attacks, respectively. Listed below are the dataset’s characteristics. Table 2 shows UNSW-NB15 Dataset Description.
The figure below shows the repartition of services from different PCs of railway networks. Figure 4 shows the total counts of target class distribution in the dataset. DDoS attacks occurred 50,000 times in the dataset.
IOR Dataset
The IOR dataset was used in this investigation. This dataset contains harmful attacks on railway networks that are linked to real-world anomalies. CICFlowMeter data included a time stamp, source, and destination IPs, source and destination ports, protocols, and assaults. The definition of the extracted feature was supplied as well. The collection took place from 3 July to 7 July. There was less traffic on Mondays. DDoS, botnets, and other forms of distributed denial-of-service assaults are only a few examples of the attacks. Tuesday through Friday were the days of the week when classes were in session. Table 3 shows IOR Dataset Description.
The distribution of the target variable, attacks, is represented in the Figure 5.
The proposed approach was put to the test on these two recent datasets. To use deep learning algorithms, the data must be preprocessed. Classifier performance can be enhanced by selecting relevant features from both datasets using the homogeneity measure in an unsupervised manner (k-means clustering). Deep learning models can be reviewed and improved using fivefold cross-validation. Classifying the attacks was performed using the ENN.

3.2. Data Preprocessing

Data Preprocessing
The dataset was preprocessed to improve its suitability for use by a machine learning classifier.
Removal of Socket Information
Identifying the source and destination must be done without including either of their IP addresses. Instead of relying on a single connection’s data, it can use packet characteristics to rule out hosts with similar packet information.
Removing White Spaces
Labels with several classes can have white spaces. This class has two labels since the other tuples in it have different labels.
Label Encoding
When the labels are encoded into numeric form, they may be read by a computer. Thus, the algorithms that utilize machine learning to understand how to use these labels may do so with more accuracy and efficiency. In supervised learning, preparing the structured dataset is a critical stage in the process.
Data Normalization
We normalized the dataset using the standard scalar function because non-normalized data cause inaccuracies in the prediction of outcomes. After the data set was normalized, feature ranking took place.
Feature Ranking
In the feature ranking of attributes, we employed k-means clustering, which took into account the weight of each feature to determine how important it was to the final result. We first calculated the distance and then created an objective function:
D C e n t r o i d j ,   p o i n t = i = 1 d i s t a n c e C e n t r o i d j i p o i n t i 2
Using Equation (1), we could determine the distance between each cluster’s centroid and the jth cluster to see if the jth feature was similar to the data at point p.

3.3. Extended Neural Networks

Machine learning models should be replaced by neural networks such as ENNs. Thus, the network’s properties and nonlinear alterations it learned to determine its output may be explained concisely and understandably by anyone (predictions). Complex neural networks may be explained and seen using this model, because it incorporates methods to explain the relationship between input features and output and helps researchers visualize the functions that the network has learned. Standard neural networks struggle with data that have sequential properties. In the UNSW-NB15 dataset, system calls are followed by host calls. Odd behavior can have normal call sequences and subsequences. Due to the sequential nature of the system calls, intrusion detection in IoT must consider it. Classifying input data in this manner requires that past and current data, as well as their shifted or scaled features, be considered. To detect intrusions, a function f(x) generated input instances with normal and aberrant sequences. To meet the following criteria, we shifted and scaled k-means-clustered data features. The additive index model used by the ENN is:
f x = x 1 β 1 T x + x 2 β 2 T x + x 3 β 3 T x + + x k β k T x
Adding up the parameters of the shifting, rotating, and scaling of data instances, Equation (2) becomes:
f x = μ + x 1 β 1 T x γ h 1 + x 2 β 2 T x γ h 2 + x 3 β 3 T x γ h 3 + + x k β k T x γ h k
where μ is the shift parameter used for model fitting and γ is the scaling parameter used for fitting as well. The following Figure 6 prsents the ENN system’s architecture:
Having rotating and shifting parameters makes the ENN model more efficient at detecting abnormalities from datasets in this research.
The classification of output variables, such as attacks, was handled by the function f(x). The input characteristic was gamma. The k-means clustering provided a value based on k. Using clustering, we could keep track of all of our traits in one place, while x was the feature’s value per instance. A scalability coefficient (T) could be calculated by multiplying beta by the coefficient of variation. From Equation (2), a scaling parameter was added to the neural network in Equation (3), on the other hand, included the gamma-shifting parameter and the sigma-shifting coefficient, as well as the hyperparameter transfer function for model over- and underfitting.
Each number in the network was given a weight that was multiplied before the data were sent on to the next layer of neurons to be processed. To arrive at the sigmoid activation function, the total of the activation functions of each neuron must be weighted. These values separated the weighted connections between layers two and three. Each subsequent layer was completed in this manner. Neurons were represented as nodes in a weighted directed network, with weighted edges connecting them.
A neural network model receives information stored in vectors from the outside environment. It is common practice to use x(n) to indicate the number of inputs. Each input’s weights are multiplied. Weights aid the neural network solve a problem. The strength of a neural network’s connections between neurons is often represented by the network’s weight. It summarizes the weighted sum of all of the inputs into the compute unit (artificial neuron). A bias is applied if the overall weighting is zero, to boost the system’s responsiveness. Both weight and input have a bias of “1”. The sum can contain any number in the range 0 to infinity. The response can only be as high as the intended value if the threshold is set high enough. An activation function f causes the total to rise as a function of x. The activation function is activated by transferring control from the transfer function. Linear or nonlinear activation functions are possible. In this research, ENN has the significant advantage of having scaling, rotating, and shifting parameters, which extend the model to better detect the anomalies from datasets.

4. Results

The ENN model evaluation and performance are shown in this section. ENN was evaluated on UNSWN-B15 (dataset 1) and IoR (dataset 2) to classify attacks in IoR systems. We also compared the model with a CNN, LSTM, and DNN models to show the better performance of the proposed scheme.

4.1. Performance of ENN on UNSW-NB15

Figure 7 and Figure 8 illustrates that k-means clustering played an important role in the classification process of ENN. With the help of feature scoring, the ENN model showed a good accuracy of 0.997.
Figure 9 shows that the ENN had less accuracy (0.915) on the UNSW-NB15 dataset without k-means clustering, demonstrating that feature ranking played an important role in the classification. Figure 10 shows the comparative results of different deep learning models. We compared the current proposed scheme with a CNN, LSTM, and DNN on the IoR dataset.
The proposed scheme showed the best performance when compared to a CNN, LSTM, and DNN. On dataset 1, the ENN had an accuracy of 0.997, the CNN had an accuracy of 0.87, the LSTM network had an accuracy of 0.90, and the DNN had an accuracy of 0.92. The inclusion of scaling, shifting, and rotating parameters made the ENN the best model among the others.

4.2. Performance of ENN on IOR Dataset

K-means clustering played an important role in the classification process of ENN. With the help of feature scoring, the ENN model had a good accuracy of 0.993.
Figure 11 shows that the ENN had less accuracy (0.873) on the IoR dataset without k-means clustering, demonstrating that feature ranking played an important role in the classification. Figure 12 shows the comparative results of different deep learning models. We compared the current proposed scheme with a CNN, LSTM, and DNN on the IoR dataset:
The proposed scheme showed the best performance when compared to a CNN, LSTM, and DNN. On dataset 2, the ENN had an accuracy of 0.993, the CNN had an accuracy of 0.87, the LSTM network had an accuracy of 0.89, and the DNN had an accuracy of 0.82. The inclusion of scaling, shifting, and rotating parameters made the ENN the best model among the others. In order to balance the distribution, the ENN was primarily used to construct synthetic class samples of the minority class. The Undersampling technique was then applied to remove unnecessary points from the boundary between the two classes in order to increase the distance between the two classes. Due to the nature of the rotating, shifting and scaling, the ENN outperformed the other methods in this study. Previous studies are compared to the current study in the following Table 4.

5. Conclusions

The automotive industry has been transformed by technological breakthroughs. Network speeds have increased, making it easier for vehicles to convert from mechanical control to software control. The self-driving train network is controlled via the Controlled Area Network (CAN) bus protocol. Data and traffic characteristics promote unauthorized CAN bus access and attacks on the autonomous railway network. There is a need for an early attack detection system on CAN bus protocols to avoid the harmful consequences of these attacks. Artificial intelligence is used to protect the rail network against cyberattacks. The self-driving train is protected by advanced artificial intelligence techniques. Using the IOR DATASET and the UNSW-NB15, the proposed security solution was evaluated. Using an ENN, we were able to identify several forms of attacks. Our proposed ENN model outperformed the competition using feature scoring. The introduction of scaling, rotating, and shifting parameters in the hidden layers of the neural network improved the accuracy of the ENN. Using the UNSW-NB15 data, the ENN outperformed the other methods tested in the detection task, with an accuracy of 99.7%, compared to the accuracy of 90% achieved by the CNN, LSTM, and DNN on the first dataset. The ENN surpassed the CNN (87%), LSTM (89%), and DNN (82%) in the second dataset. Its detection and classification accuracy and real-time CAN bus security were superior to those of earlier solutions. The disadvantages of the proposed model are that it requires high computing resources and a powerful system to operate.

Author Contributions

Conceptualization, U.I., R.Q.M., I.A. and A.S.A.-J.; methodology, U.I. and R.Q.M. and I.A.; validation, Y.I.D., I.A., M.R.K. and K.A.A.; formal analysis, U.I., A.S.A.-J. and I.A.; investigation, Z.A.-S. and I.A.; resources, Y.I.D., U.I. and M.R.K., I.A.; writing—original draft preparation, U.I. and R.Q.M., I.A.; writing—review and editing, M.R.K., I.A., K.A.A., Z.A.-S., E.M.T.-E. and A.S.A.-J.; visualization, U.I. and I.A.; final version writing—review and editing, and funding, E.M.T.-E. All authors have read and agreed to the published version of the manuscript.


This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

No conflict of interests between authors with no consent.

Data Availability Statement

Data results and support material can be accessed by sending an email to co-author.


We would like to thank Saudi Aramco cybersecurity chair in IAU for their support in this project.

Conflicts of Interest

Authors have no conflict of interest.


  1. Anushiya, R.; Lavanya, V.S. A Comparative Study on Intrusion Detection Systems for Secured Communication in Internet of Things. ICTACT J. Commun. Technol. 2021, 6948, 2527–2537. [Google Scholar] [CrossRef]
  2. Zhang, D.; Xu, Y.; Peng, Y.; Du, C.; Wang, N.; Tang, M.; Lu, L.; Liu, J. An Interpretable Station Delay Prediction Model Based on Graph Community Neural Network and Time-Series Fuzzy Decision Tree. IEEE Trans. Fuzzy Syst. 2022, 1–13. [Google Scholar] [CrossRef]
  3. Pasquale, C.; Siri, E.; Siri, S. Two-Stage Multi-Class Modeling Approach for Intermodal Rail-Road Transport Networks. IEEE Access 2022, 10, 73583–73600. [Google Scholar] [CrossRef]
  4. Cvitic, I.; Perakovic, D.; Gupta, B.B.; Choo, K.K.R. Boosting-Based DDoS Detection in Internet of Things Systems. IEEE Internet Things J. 2022, 9, 2109–2123. [Google Scholar] [CrossRef]
  5. Quy, V.K.; van Hau, N.; Van Anh, D.; Quy, N.M.; Ban, N.T.; Lanza, S.; Randazzo, G.; Muzirafuti, A. IoT-Enabled Smart Agriculture: Architecture, Applications, and Challenges. Appl. Sci. 2022, 12, 3396. [Google Scholar] [CrossRef]
  6. Khan, M.A.; Khan, M.A.; Jan, S.U.; Ahmad, J.; Jamal, S.S.; Shah, A.A.; Pitropakis, N.; Buchanan, W.J. A deep learning-based intrusion detection system for mqtt enabled iot. Sensors 2021, 21, 7016. [Google Scholar] [CrossRef]
  7. Hartmann, M.; Hashmi, U.S.; Imran, A. Edge computing in smart health care systems: Review, challenges, and research directions. Trans. Emerg. Telecommun. Technol. 2022, 33. [Google Scholar] [CrossRef]
  8. Akhtar, M.S.; Feng, T. EAI Endorsed Transactions IOTA Based Anomaly Detection Machine learning in Mobile Sensing. EAI Endorsed Trans. Creative Technol. 2020, 9, e1. [Google Scholar]
  9. Song, Y.; Yu, F.R.; Zhou, L.; Yang, X.; He, Z. Applications of the Internet of Things (IoT) in Smart Logistics: A Comprehensive Survey. IEEE Internet Things J. 2021, 8, 4250–4274. [Google Scholar] [CrossRef]
  10. Islam, U.; Muhammad, A.; Mansoor, R.; Hossain, M.S.; Ahmad, I.; Eldin, E.T.; Khan, J.A.; Rehman, A.U.; Shafiq, M. Detection of Distributed Denial of Service (DDoS) Attacks in IOT Based Monitoring System of Banking Sector Using Machine Learning Models. Sustainability 2022, 14, 8374. [Google Scholar] [CrossRef]
  11. Vijayakumar, P.; Obaidat, M.S.; Azees, M.; Islam, S.H.; Kumar, N. Efficient and Secure Anonymous Authentication with Location Privacy for IoT-Based WBANs. IEEE Trans. Ind. Inform. 2020, 16, 2603–2611. [Google Scholar] [CrossRef]
  12. Salem, O.; Alsubhi, K.; Shaafi, A.; Gheryani, M.; Mehaoua, A.; Boutaba, R. Man-in-the-Middle Attack Mitigation in Internet of Medical Things. IEEE Trans. Ind. Inform. 2022, 18, 2053–2062. [Google Scholar] [CrossRef]
  13. Parra, J.A.; Gutiérrez, S.A.; Branch, J.W. A Method Based on Deep Learning for the Detection and Characterization of Cybersecurity Incidents in Internet of Things Devices. 2022. Available online: (accessed on 22 March 2022).
  14. Krishnan, S.; Neyaz, A.; Qingzhong, L. IoT Network Attack Detection using Supervised Machine Learning. Int. J. Artif. Intell. Expert Syst. 2021, 10, 32. [Google Scholar]
  15. Hameed, M.; Yang, F.; Ghafoor, M.I.; Jaskani, F.H.; Islam, U.; Fayaz, M.; Mehmood, G. IOTA-Based Mobile Crowd Sensing: Detection of Fake Sensing Using Logit-Boosted Machine Learning Algorithms. Wirel. Commun. Mob. Comput. 2022, 2022, 6274114. [Google Scholar] [CrossRef]
  16. Chehri, A.; Fofana, I.; Yang, X. Security risk modeling in smart grid critical infrastructures in the era of big data and artificial intelligence. Sustainability 2021, 13, 3196. [Google Scholar] [CrossRef]
  17. Farhan, L.; Kharel, R.; Kaiwartya, O.; Quiroz-Castellanos, M.; Alissa, A.; Abdulsalam, M. A Concise Review on Internet of Things (IoT)-Problems, Challenges and Opportunities. In Proceedings of the 2018 11th International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP), Budapest, Hungary, 27 September 2018; pp. 1–6. [Google Scholar] [CrossRef]
  18. Palmqvist, C.W.; Kristoffersson, I. A Methodology for Monitoring Rail Punctuality Improvements. IEEE Open J. Intell. Transp. Syst. 2022, 3, 388–396. [Google Scholar] [CrossRef]
  19. Mishra, N.; Pandya, S. Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review. IEEE Access 2021, 9, 59353–59377. [Google Scholar] [CrossRef]
  20. Liu, G.; Zhao, H.; Fan, F.; Liu, G.; Xu, Q.; Nazir, S. An Enhanced Intrusion Detection Model Based on Improved kNN in WSNs. Sensors 2022, 22, 1407. [Google Scholar] [CrossRef]
  21. Song, X.; Wang, Z.; Liang, J.; Zhang, B.; Du, Y.; Zeng, Z.; Liu, M. Automatic Extraction of the Basal Channel Based on Neural Network. IEEE J. Sel. Top. Appl. Earth Obs. Remote Sens. 2022, 15, 5013–5023. [Google Scholar] [CrossRef]
  22. Ahmad, I.; Wang, X.; Zhu, M.; Wang, C.; Pi, Y.; Khan, J.A.; Khan, S.; Samuel, O.W.; Chen, S.; Li, G. EEG-Based Epileptic Seizure Detection via Machine/Deep Learning Approaches: A Systematic Review. Comput. Intell. Neurosci. 2022, 2022, 6486570. [Google Scholar] [CrossRef]
  23. Du, X.; Cheng, Y.; Gu, Z. Change Detection: The Framework of Visual Inspection System for Railway Plug Defects. IEEE Access 2020, 8, 152161–152172. [Google Scholar] [CrossRef]
  24. Khan, M.A.; Ahmad, I.; Nordin, A.N.; Ahmed, A.E.; Mewada, H.; Daradkeh, Y.I.; Rasheed, S.; Eldin, E.T.; Shafiq, M. Smart Android Based Home Automation System Using Internet of Things (IoT). Sustainability 2022, 14, 10717. [Google Scholar] [CrossRef]
  25. Ahmad, I.; Ullah, I.; Khan, W.U.; Ur Rehman, A.; Adrees, M.S.; Saleem, M.Q.; Cheikhrouhou, O.; Hamam, H.; Shafiq, M. Efficient algorithms for E-healthcare to solve multiobject fuse detection problem. J. Healthc. Eng. 2021, 2021, 9500304. [Google Scholar] [CrossRef]
  26. Ahmad, I.; Liu, Y.; Javeed, D.; Ahmad, S. A decision-making technique for solving order allocation problem using a genetic algorithm. In IOP Conference Series: Materials Science and Engineering; IOP Publishing: Bristol, UK, 2020; Volume 853. [Google Scholar]
  27. Appoh, F.; Yunusa-Kaltungo, A. Risk-Informed Support Vector Machine Regression Model for Component Replacement—A Case Study of Railway Flange Lubricator. IEEE Access 2021, 9, 85418–85430. [Google Scholar] [CrossRef]
  28. Anthi, E.; Williams, L.; Slowinska, M.; Theodorakopoulos, G.; Burnap, P. A Supervised Intrusion Detection System for Smart Home IoT Devices. IEEE Internet Things J. 2019, 6, 9042–9053. [Google Scholar] [CrossRef]
  29. Ali, M.H.; Jaber, M.M.; Abd, S.K.; Rehman, A.; Awan, M.J.; Damaševičius, R.; Bahaj, S.A. Threat Analysis and Distributed Denial of Service (DDoS) Attack Recognition in the Internet of Things (IoT). Electronics 2022, 11, 494. [Google Scholar] [CrossRef]
  30. Eiza, M.H.; Randles, M.; Johnson, P.; Shone, N.; Pang, J.; Bhih, A. Rail Internet of Things: An architectural platform and assured requirements model. In Proceedings of the 15th 2015 IEEE International Conference on Computer and Information Technology, 14th IEEE Conference on Ubiquitous Computing and Communications, 13th IEEE Conference on Dependable, Autonomic and Secure Computing, Liverpool, UK, 26–28 October 2015; pp. 364–370. [Google Scholar] [CrossRef]
  31. Tekleselassie, H. DDoS Detection on Internet of Things using Unsupervised Algorithms. In Proceedings of the E3S Web of Conferences, Online, 22 September 2021; Volume 297, p. 01005. [Google Scholar] [CrossRef]
  32. Sherazi, H.H.R.; Iqbal, R.; Ahmad, F.; Khan, Z.A.; Chaudary, M.H. DDoS attack detection: A key enabler for sustainable communication in internet of vehicles. Sustain. Comput. Inform. Syst. 2019, 23, 13–20. [Google Scholar] [CrossRef]
  33. Jiang, J.R.; Chen, Y.T. Industrial Control System Anomaly Detection and Classification Based on Network Traffic. IEEE Access 2022, 10, 41874–41888. [Google Scholar] [CrossRef]
Figure 1. Key Components of Internet of Railways.
Figure 1. Key Components of Internet of Railways.
Electronics 11 02813 g001
Figure 2. Possible Security Risks in Internet of Railways Scenario.
Figure 2. Possible Security Risks in Internet of Railways Scenario.
Electronics 11 02813 g002
Figure 3. Proposed Workflow.
Figure 3. Proposed Workflow.
Electronics 11 02813 g003
Figure 4. Target Distribution in UNSW-NB15 Dataset.
Figure 4. Target Distribution in UNSW-NB15 Dataset.
Electronics 11 02813 g004
Figure 5. Target Variable Distribution in IoR Dataset.
Figure 5. Target Variable Distribution in IoR Dataset.
Electronics 11 02813 g005
Figure 6. Architecture of the Extended Neural Network.
Figure 6. Architecture of the Extended Neural Network.
Electronics 11 02813 g006
Figure 7. Evaluation of ENN on UNSW-NB15 with k-Means Clustering.
Figure 7. Evaluation of ENN on UNSW-NB15 with k-Means Clustering.
Electronics 11 02813 g007
Figure 8. Evaluation of ENN on UNSW-NB15 without k-Means Clustering.
Figure 8. Evaluation of ENN on UNSW-NB15 without k-Means Clustering.
Electronics 11 02813 g008
Figure 9. Accuracy of Deep Learning Models on Dataset 1.
Figure 9. Accuracy of Deep Learning Models on Dataset 1.
Electronics 11 02813 g009
Figure 10. Evaluation of ENN on IoR with k-Means Clustering.
Figure 10. Evaluation of ENN on IoR with k-Means Clustering.
Electronics 11 02813 g010
Figure 11. Evaluation of ENN on IoR without k-Means Clustering.
Figure 11. Evaluation of ENN on IoR without k-Means Clustering.
Electronics 11 02813 g011
Figure 12. Accuracy of Deep Learning Models on Dataset 2.
Figure 12. Accuracy of Deep Learning Models on Dataset 2.
Electronics 11 02813 g012
Table 1. Comparative Analysis of Existing Techniques.
Table 1. Comparative Analysis of Existing Techniques.
ReferencesTechniquesDatasetsAccuracy (%)
[27]SVM, KNNIoR dataset85.4%
[2]CNNCAN dataset83.5%
[28]GMMUNSW dataset89%
[29]CNNUNSW dataset90%
[33]LSTMUNSW dataset91%
Table 2. UNSW-NB15 Dataset Description.
Table 2. UNSW-NB15 Dataset Description.
FeaturesDescriptionValueVariable Type
StateConnectivity state0 or 2 Input
SPkctsSource packetsPositive integerInput
DPcktsDestination pocketsPositive integerInput
SbytesSource bytesPositive integerInput
DbytesDestination bytesPositive integerInput
AttackCategory of attack0–8, categories of attacksOutput
Table 3. IOR Dataset Description.
Table 3. IOR Dataset Description.
FeaturesDescriptionValueVariable Type
StateConnectivity state0 or 2 Input
SPkctsSource packetsPositive integerInput
DPcktsDestination packetsPositive integerInput
SbytesSource bytesPositive integerInput
DbytesDestination bytesPositive integerInput
AttackCategory of attack0 or 1, normal or attacked.Output
Table 4. Comparative Analysis of Previous and Current Studies.
Table 4. Comparative Analysis of Previous and Current Studies.
ReferencesTechniquesDatasetsAccuracy (%)PrecisionRecallF1 Score
[2]CNNCAN dataset83.5%82.4%82.4%82%
[15]LSTMUNSW dataset91%89%88%89%
[27]SVM, KNNIoR dataset85.4%83%84%84%
[28]GMMUNSW dataset89%89%88%89%
[28]CNNUNSW dataset90%89%88%89%
[13]CNNUNSW dataset90%89%88%89%
[16]LSTMUNSW dataset90%89%88%89%
[17]LSTMKDD 90%89%88%89%
[21]CNNUNSW dataset79%79%78%79%
This studyENNUNSW, IOR dataset99.7%, 99.3%98.5%, 98.3%97%, 97%98%, 98.5%
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Islam, U.; Malik, R.Q.; Al-Johani, A.S.; Khan, M.R.; Daradkeh, Y.I.; Ahmad, I.; Alissa, K.A.; Abdul-Samad, Z.; Tag-Eldin, E.M. A Novel Anomaly Detection System on the Internet of Railways Using Extended Neural Networks. Electronics 2022, 11, 2813.

AMA Style

Islam U, Malik RQ, Al-Johani AS, Khan MR, Daradkeh YI, Ahmad I, Alissa KA, Abdul-Samad Z, Tag-Eldin EM. A Novel Anomaly Detection System on the Internet of Railways Using Extended Neural Networks. Electronics. 2022; 11(18):2813.

Chicago/Turabian Style

Islam, Umar, Rami Qays Malik, Amnah S. Al-Johani, Muhammad. Riaz Khan, Yousef Ibrahim Daradkeh, Ijaz Ahmad, Khalid A. Alissa, Zulkiflee Abdul-Samad, and Elsayed M. Tag-Eldin. 2022. "A Novel Anomaly Detection System on the Internet of Railways Using Extended Neural Networks" Electronics 11, no. 18: 2813.

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop