Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.3
2.5
Journals
Applied Sciences
Special Issues
Network Intrusion Detection and Attack Identification
applsci-logo
Submit to Special Issue Submit Abstract to Special Issue Review for Applied Sciences Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

Network Intrusion Detection and Attack Identification

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: 31 May 2025 | Viewed by 19734

Special Issue Editors

Dr. Sin Gee Teo

E-Mail Website
Guest Editor
Cybersecurity Department, Institute for Infocomm Research, A*STAR Singapore, Singapore 138632, Singapore
Interests: network anomaly; malware classification; deep learning; machine learning; privacy-preserving technologies; applied cryptography
Prof. Dr. Rongxing Lu

grade E-Mail Website
Guest Editor
Faculty of Computer Science, University of New Brunswick, Fredericton, NB E3A 0A1, Canada
Interests: blockchain; distributed concensus; distributed ledger; smart contract; security; privacy, trust, applications
Special Issues, Collections and Topics in MDPI journals
Dr. Ruitao Feng

E-Mail Website
Guest Editor
Faculty of Science and Engineering, Southern Cross University, Bilinga 4225, Australia
Interests: mobile security; AI for software security; AI security and reliability; human-computer interaction security; IoT security

Special Issue Information

Dear Colleagues,

Network security is becoming more and more complicated and challenging than ever with the emergence of the IoT, 5G and beyond networks. For example, effectively handling massive network traffic data and detecting new attacks are still challenging problems. As artificial intelligence has been tremendously successfully in computer vision, robotics, natural language processing, etc., many propose network intrusion detection and attack identification based on artificial intelligence to solve the problems. Furthermore, many of these solutions can outperform traditional methods, e.g., rule-based, signature-based, etc. However, AI-based network intrusion and attack identification solutions still encounter issues such as robustness, reliability, explainability, trustworthiness, adaptability, etc. Attackers may use adversarial techniques (e.g., data poisoning and backdoor attacks) to fool AI-based models. Many AI-based solutions are black-box ones, which means how the solutions make the decisions are not evident to the user. Therefore, reliable network intrusion detection and attack identification need to be able to explain the result to the user. Many AI-based solutions are still not robust enough to detect sophisticated network attacks exploiting zero-day vulnerabilities due to the overfitting problem. In other words, the models cannot perform well using traffic data with slightly different characteristics. One way to solve the problem may be to use transfer learning and domain adaption to make AI-based models more adaptable to varying network data characteristics. Lastly, effective AI-based network intrusion detection and attack identification methods can also detect evasive attacks (e.g., using obfuscation/encryption techniques in payload data, traffic fragmentation, etc.) using attack types.

This Special Issue encourages artificial intelligence and security researchers and practitioners to submit their novelty solutions for the robustness, reliability, explainability, trustworthiness, and adaptability of AI-based Network Intrusion Detection and Attack Identification models with corresponding network traffic datasets.

Topics of interest include, but are not limited to:

  • AI-based Network Attack Detection, Classification and Mitigation;
  • Threat Detection and Mitigation using MITRE ATT&CK;
  • Robust and Reliable Attack Detection and Identification;
  • AI-based Network Attack Generation and Defense;
  • Adversarial Learning for Network Intrusion Detection;
  • Interpretable Network Intrusion Detection;
  • Next-generation of Network Intrusion Detection and Attack Identification Systems;
  • Unsupervised Network Anomaly Detection;
  • Network Anomaly Detection with Domain Adaption;
  • Network Anomaly Detection based on Transfer Learning;
  • Network Anomaly Detection using Federated Learning and Transfer Learning.

Dr. Sin Gee Teo
Dr. Rongxing Lu
Dr. Ruitao Feng
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • network attack
  • attack type
  • AI-based model
  • adversarial technique
  • evasive attack

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (6 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

17 pages, 6915 KiB  
Article
Adaptive Semi-Supervised Algorithm for Intrusion Detection and Unknown Attack Identification
by Meng Li, Lei Luo, Kun Xiao, Geng Wang and Yintao Wang
Appl. Sci. 2025, 15(4), 1709; https://doi.org/10.3390/app15041709 - 7 Feb 2025
Viewed by 614
Abstract
Intrusion detection systems face significant challenges, including the inability to detect unknown threats and imbalances between normal and anomalous traffic. To address these limitations, we propose a semi-supervised intrusion detection algorithm based on GAN with a Transformer backbone for network security in IoT [...] Read more.
Intrusion detection systems face significant challenges, including the inability to detect unknown threats and imbalances between normal and anomalous traffic. To address these limitations, we propose a semi-supervised intrusion detection algorithm based on GAN with a Transformer backbone for network security in IoT devices. To address the issue of imbalanced normal and anomalous traffic due to the diversity of network behavior and the difficulty that supervised algorithms experience in detecting unknown intrusions, we use only normal traffic as training data. By integrating the self-attention mechanism of Transformers, we leverage their ability to capture long-range dependencies in sequential data, enhancing the core capability of the GAN. The experimental results show that our algorithm achieves an F1-score of 95.2% and a false omission rate (FOR) of 10.7% on the CIC-IDS2017 dataset. On the Kitsune dataset, it attains an F1-score of 83.2% and a FOR of 15.8%. In real-world applications, when the algorithm was deployed on actual vehicle devices, it maintained strong performance with a FOR of 13%, further validating the practical applicability and value of the algorithm. Full article
(This article belongs to the Special Issue Network Intrusion Detection and Attack Identification)
Show Figures

Figure 1

16 pages, 2754 KiB  
Article
Comparative Analysis of Deep Convolutional Neural Network—Bidirectional Long Short-Term Memory and Machine Learning Methods in Intrusion Detection Systems
by Miracle Udurume, Vladimir Shakhov and Insoo Koo
Appl. Sci. 2024, 14(16), 6967; https://doi.org/10.3390/app14166967 - 8 Aug 2024
Cited by 6 | Viewed by 2698
Abstract
Particularly in Internet of Things (IoT) scenarios, the rapid growth and diversity of network traffic pose a growing challenge to network intrusion detection systems (NIDs). In this work, we perform a comparative analysis of lightweight machine learning models, such as logistic regression (LR) [...] Read more.
Particularly in Internet of Things (IoT) scenarios, the rapid growth and diversity of network traffic pose a growing challenge to network intrusion detection systems (NIDs). In this work, we perform a comparative analysis of lightweight machine learning models, such as logistic regression (LR) and k-nearest neighbors (KNNs), alongside other machine learning models, such as decision trees (DTs), support vector machines (SVMs), multilayer perceptron (MLP), and random forests (RFs) with deep learning architectures, specifically a convolutional neural network (CNN) coupled with bidirectional long short-term memory (BiLSTM), for intrusion detection. We assess these models’ scalability, performance, and robustness using the NSL-KDD and UNSW-NB15 benchmark datasets. We evaluate important metrics, such as accuracy, precision, recall, F1-score, and false alarm rate, to offer insights into the effectiveness of each model in securing network systems within IoT deployments. Notably, the study emphasizes the utilization of lightweight machine learning models, highlighting their efficiency in achieving high detection accuracy while maintaining lower computational costs. Furthermore, standard deviation metrics have been incorporated into the accuracy evaluations, enhancing the reliability and comprehensiveness of our results. Using the CNN-BiLSTM model, we achieved noteworthy accuracies of 99.89% and 98.95% on the NSL-KDD and UNSW-NB15 datasets, respectively. However, the CNN-BiLSTM model outperforms lightweight traditional machine learning methods by a margin ranging from 1.5% to 3.5%. This study contributes to the ongoing efforts to enhance network security in IoT scenarios by exploring a trade-off between traditional machine learning and deep learning techniques. Full article
(This article belongs to the Special Issue Network Intrusion Detection and Attack Identification)
Show Figures

Figure 1

19 pages, 884 KiB  
Article
A Deep Learning Approach for Intrusion Detection Systems in Cloud Computing Environments
by Wa’ad H. Aljuaid and Sultan S. Alshamrani
Appl. Sci. 2024, 14(13), 5381; https://doi.org/10.3390/app14135381 - 21 Jun 2024
Cited by 7 | Viewed by 4838
Abstract
Cloud computing services have become indispensable to people’s lives. Many of their activities are performed through cloud services, from small companies to large enterprises and individuals to government agencies. It has enabled clients to use companies’ services on demand at the lowest cost [...] Read more.
Cloud computing services have become indispensable to people’s lives. Many of their activities are performed through cloud services, from small companies to large enterprises and individuals to government agencies. It has enabled clients to use companies’ services on demand at the lowest cost anywhere, anytime, over the Internet. Despite these advantages, cloud networks are vulnerable to many types of attacks. However, as the adoption of cloud services accelerates, the risks associated with these services have also increased. For this reason, solutions have been implemented to improve cloud security, such as monitoring networks, the backbone of the cloud infrastructure, and detecting and classifying cyberattacks. Therefore, an intrusion detection system (IDS) is one of the essential defenses for detecting attacks in the cloud computing network. Current IDSs encounter some challenges in handling and simultaneously analyzing the large scale of traffic found in the cloud environment, and this affects the accuracy of cyberattack detection. Therefore, this research proposes a deep learning-based model by leveraging advanced convolutional neural networks (CNNs)-based model architecture to detect cyberattacks in the cloud environment efficiently. The proposed CNN-based model for intrusion detection consists of multiple significant stages: dataset collection, preprocessing, the SMOTE balance data strategy, feature selection, model training, testing, and performance evaluation. Experiments have demonstrated that the proposed model is highly effective in protecting cloud networks against various potential attacks. With over 98.67% accuracy, precision, and recall, the model has proven its ability to detect and classify network intrusions. Detailed analyses show that the model is proficient in securing cloud security measures and mitigating the risks associated with evolving security threats. Full article
(This article belongs to the Special Issue Network Intrusion Detection and Attack Identification)
Show Figures

Figure 1

42 pages, 4932 KiB  
Article
XAI-IDS: Toward Proposing an Explainable Artificial Intelligence Framework for Enhancing Network Intrusion Detection Systems
by Osvaldo Arreche, Tanish Guntur and Mustafa Abdallah
Appl. Sci. 2024, 14(10), 4170; https://doi.org/10.3390/app14104170 - 14 May 2024
Cited by 20 | Viewed by 5891
Abstract
The exponential growth of network intrusions necessitates the development of advanced artificial intelligence (AI) techniques for intrusion detection systems (IDSs). However, the reliance on AI for IDSs presents several challenges, including the performance variability of different AI models and the opacity of their [...] Read more.
The exponential growth of network intrusions necessitates the development of advanced artificial intelligence (AI) techniques for intrusion detection systems (IDSs). However, the reliance on AI for IDSs presents several challenges, including the performance variability of different AI models and the opacity of their decision-making processes, hindering comprehension by human security analysts. In response, we propose an end-to-end explainable AI (XAI) framework tailored to enhance the interpretability of AI models in network intrusion detection tasks. Our framework commences with benchmarking seven black-box AI models across three real-world network intrusion datasets, each characterized by distinct features and challenges. Subsequently, we leverage various XAI models to generate both local and global explanations, shedding light on the underlying rationale behind the AI models’ decisions. Furthermore, we employ feature extraction techniques to discern crucial model-specific and intrusion-specific features, aiding in understanding the discriminative factors influencing the detection outcomes. Additionally, our framework identifies overlapping and significant features that impact multiple AI models, providing insights into common patterns across different detection approaches. Notably, we demonstrate that the computational overhead incurred by generating XAI explanations is minimal for most AI models, ensuring practical applicability in real-time scenarios. By offering multi-faceted explanations, our framework equips security analysts with actionable insights to make informed decisions for threat detection and mitigation. To facilitate widespread adoption and further research, we have made our source code publicly available, serving as a foundational XAI framework for IDSs within the research community. Full article
(This article belongs to the Special Issue Network Intrusion Detection and Attack Identification)
Show Figures

Figure 1

28 pages, 548 KiB  
Article
Enhancing Network Attack Detection Accuracy through the Integration of Large Language Models and Synchronized Attention Mechanism
by Yuzhe Bai, Min Sun, Liman Zhang, Yinong Wang, Sihan Liu, Yanqiu Liu, Jingling Tan, Yingqiu Yang and Chunli Lv
Appl. Sci. 2024, 14(9), 3829; https://doi.org/10.3390/app14093829 - 30 Apr 2024
Viewed by 2468
Abstract
In this study, we propose a novel method for detecting cyberattack behaviors by leveraging the combined strengths of large language models and a synchronized attention mechanism. Extensive experiments conducted on diverse datasets, including server logs, financial behaviors, and comment data, demonstrate the significant [...] Read more.
In this study, we propose a novel method for detecting cyberattack behaviors by leveraging the combined strengths of large language models and a synchronized attention mechanism. Extensive experiments conducted on diverse datasets, including server logs, financial behaviors, and comment data, demonstrate the significant advantages of this method over existing models such as Transformer, BERT, OPT-175B, LLaMa, and ChatGLM3-6B in key performance metrics such as precision, recall, and accuracy. For instance, on the server log dataset, the method achieved a precision of 93%, a recall of 91%, and an accuracy of 92%; on the financial behavior dataset, it reached a precision of 90%, a recall of 87%, and an accuracy of 89%; and on the comment data dataset, it excelled with a precision of 95%, a recall of 93%, and an accuracy of 94%. The introduction of a synchronized attention mechanism and a newly designed synchronized loss function proved especially effective, enhancing the method’s ability to process multi-source data and providing superior performance in identifying complex cyberattack patterns. Ablation experiments further validated the crucial roles of these innovations in boosting model performance: the synchronous attention mechanism substantially improved the model’s precision, recall, and accuracy to 93%, 89%, and 91% respectively, far exceeding other attention mechanisms. Similarly, the synchronized loss showcased a significant advantage, achieving the best performance across all tested metrics compared to traditional cross-entropy loss, focal loss, and MSE. These results underscore the method’s ability to deeply mine and analyze semantic information and contextual relationships within text data as well as to effectively integrate and process multimodal data, thereby offering strong technical support for the accurate and efficient detection of cyberattack behaviors. Full article
(This article belongs to the Special Issue Network Intrusion Detection and Attack Identification)
Show Figures

Figure 1

21 pages, 1225 KiB  
Article
An Effective Method for Detecting Unknown Types of Attacks Based on Log-Cosh Variational Autoencoder
by Li Yu, Liuquan Xu and Xuefeng Jiang
Appl. Sci. 2023, 13(22), 12492; https://doi.org/10.3390/app132212492 - 19 Nov 2023
Cited by 5 | Viewed by 1933
Abstract
The increasing prevalence of unknown-type attacks on the Internet highlights the importance of developing efficient intrusion detection systems. While machine learning-based techniques can detect unknown types of attacks, the need for innovative approaches becomes evident, as traditional methods may not be sufficient. In [...] Read more.
The increasing prevalence of unknown-type attacks on the Internet highlights the importance of developing efficient intrusion detection systems. While machine learning-based techniques can detect unknown types of attacks, the need for innovative approaches becomes evident, as traditional methods may not be sufficient. In this research, we propose a deep learning-based solution called the log-cosh variational autoencoder (LVAE) to address this challenge. The LVAE inherits the strong modeling abilities of the variational autoencoder (VAE), enabling it to understand complex data distributions and generate reconstructed data. To better simulate discrete features of real attacks and generate unknown types of attacks, we introduce an effective reconstruction loss term utilizing the logarithmic hyperbolic cosine (log-cosh) function in the LVAE. Compared to conventional VAEs, the LVAE shows promising potential in generating data that closely resemble unknown attacks, which is a critical capability for improving the detection rate of unknown attacks. In order to classify the generated unknown data, we employed eight feature extraction and classification techniques. Numerous experiments were conducted using the latest CICIDS2017 dataset, training with varying amounts of real and unknown-type attacks. Our optimal experimental results surpassed several state-of-the-art techniques, achieving accuracy and average F1 scores of 99.89% and 99.83%, respectively. The suggested LVAE strategy also demonstrated outstanding performance in generating unknown attack data. Overall, our work establishes a solid foundation for accurately and efficiently identifying unknown types of attacks, contributing to the advancement of intrusion detection techniques. Full article
(This article belongs to the Special Issue Network Intrusion Detection and Attack Identification)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-6
Back to TopTop