Special Issue "Design of Intelligent Intrusion Detection Systems"

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: 30 June 2022.

Special Issue Editors

Prof. Dr. Constantinos Kolias
E-Mail Website
Guest Editor
Department of Computer Science, University of Idaho, Idaho Falls, ID 83402, USA
Interests: IoT security; critical infrastructure security; intrusion detection systems; side-channel analysis for security
Special Issues, Collections and Topics in MDPI journals
Dr. Georgios Kambourakis
E-Mail Website
Guest Editor
Department of Information and Communication Systems Engineering, University of the Aegean, 83100 Samos, Greece
Interests: mobile and wireless networks security and privacy; VoIP security; IoT security and privacy; DNS security; security education
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Commerce, healthcare, manufacturing, and energy are just some of the sectors of modern society that have been revolutionized by the adoption of computer systems and the penetration of digital communications. With this digitization trend expanding with increasing rates, cyber-attacks and threats have also become an omnipresent, all-pervasive phenomenon. It is because of this penetration that today more than ever, attackers have high motivation to perform well-orchestrated attacks. To make matters worse, attackers can rely on publicly available offensive tools or acquire exploits from the dark web. It does not come as a surprise that attacks and malware become increasingly intelligent, stealthy, and robust against traditional defense practices. Recent incidents like Stuxnet or Wannacry signify the urgency for developing intelligent detection methodologies and tools able to identify never-seen-before threats. Artificial Intelligence (AI), Machine Learning (ML), and data analysis methods, while applied successfully to other domains, have only seen partial practical application in intrusion detection. The primary reasons that have been identified in the literature are: (a) high false-positive rates, (b) lack of rich data to train effective models due to the sensitive nature of the security domain, (c) requirement for an elaborate feature engineering phase conducted by human domain-experts, and (d) the inability of existing methods to create explainable models. The objective of this Special Issue is to provide the state-of-the-art in the field of anomaly and intrusion detection giving particular emphasis to intelligent techniques that are able to overcome one or all of the well-documented inefficiencies of the existing approaches. Researchers are invited to contribute novel methods, algorithms, datasets, tools, and studies in the field.

Prof. Dr. Constantinos Kolias
Dr. Georgios Kambourakis
Dr. Weizhi Meng
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Scallable Anomaly Detection Methods
  • Distributed Intrusion Detection
  • Collaborative Intrusion Detection
  • Privacy Preserving IDS
  • Federated Anomaly Detection
  • Application of Deep Learning for Intrusion Detection
  • Reinforcement Learning for Intrusion Detection
  • Intrusion Detection in IoT Networks
  • Intrusion Detection for Industrial Control Systems
  • Intrusion Detection in Vehicular Networks

Published Papers (4 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Article
An Anomaly-Based Intrusion Detection System for Internet of Medical Things Networks
Electronics 2021, 10(21), 2562; https://doi.org/10.3390/electronics10212562 - 20 Oct 2021
Viewed by 408
Abstract
Over the past few years, the healthcare sector is being transformed due to the rise of the Internet of Things (IoT) and the introduction of the Internet of Medical Things (IoMT) technology, whose purpose is the improvement of the patient’s quality of life. [...] Read more.
Over the past few years, the healthcare sector is being transformed due to the rise of the Internet of Things (IoT) and the introduction of the Internet of Medical Things (IoMT) technology, whose purpose is the improvement of the patient’s quality of life. Nevertheless, the heterogenous and resource-constrained characteristics of IoMT networks make them vulnerable to a wide range of threats. Thus, novel security mechanisms, such as accurate and efficient anomaly-based intrusion detection systems (AIDSs), considering the inherent limitations of the IoMT networks, need to be developed before IoMT networks reach their full potential in the market. Towards this direction, in this paper, we propose an efficient and effective anomaly-based intrusion detection system (AIDS) for IoMT networks. The proposed AIDS aims to leverage host-based and network-based techniques to reliably collect log files from the IoMT devices and the gateway, as well as traffic from the IoMT edge network, while taking into consideration the computational cost. The proposed AIDS is to rely on machine learning (ML) techniques, considering the computation overhead, in order to detect abnormalities in the collected data and thus identify malicious incidents in the IoMT network. A set of six popular ML algorithms was tested and evaluated for anomaly detection in the proposed AIDS, and the evaluation results showed which of them are the most suitable. Full article
(This article belongs to the Special Issue Design of Intelligent Intrusion Detection Systems)
Show Figures

Figure 1

Article
A Novel Approach for Network Intrusion Detection Using Multistage Deep Learning Image Recognition
Electronics 2021, 10(15), 1854; https://doi.org/10.3390/electronics10151854 - 01 Aug 2021
Cited by 1 | Viewed by 737
Abstract
The current rise in hacking and computer network attacks throughout the world has heightened the demand for improved intrusion detection and prevention solutions. The intrusion detection system (IDS) is critical in identifying abnormalities and assaults on the network, which have grown in size [...] Read more.
The current rise in hacking and computer network attacks throughout the world has heightened the demand for improved intrusion detection and prevention solutions. The intrusion detection system (IDS) is critical in identifying abnormalities and assaults on the network, which have grown in size and pervasiveness. The paper proposes a novel approach for network intrusion detection using multistage deep learning image recognition. The network features are transformed into four-channel (Red, Green, Blue, and Alpha) images. The images then are used for classification to train and test the pre-trained deep learning model ResNet50. The proposed approach is evaluated using two publicly available benchmark datasets, UNSW-NB15 and BOUN Ddos. On the UNSW-NB15 dataset, the proposed approach achieves 99.8% accuracy in the detection of the generic attack. On the BOUN DDos dataset, the suggested approach achieves 99.7% accuracy in the detection of the DDos attack and 99.7% accuracy in the detection of the normal traffic. Full article
(This article belongs to the Special Issue Design of Intelligent Intrusion Detection Systems)
Show Figures

Figure 1

Article
On the Improvement of the Isolation Forest Algorithm for Outlier Detection with Streaming Data
Electronics 2021, 10(13), 1534; https://doi.org/10.3390/electronics10131534 - 24 Jun 2021
Cited by 1 | Viewed by 659
Abstract
In recent years, detecting anomalies in real-world computer networks has become a more and more challenging task due to the steady increase of high-volume, high-speed and high-dimensional streaming data, for which ground truth information is not available. Efficient detection schemes applied on networked [...] Read more.
In recent years, detecting anomalies in real-world computer networks has become a more and more challenging task due to the steady increase of high-volume, high-speed and high-dimensional streaming data, for which ground truth information is not available. Efficient detection schemes applied on networked embedded devices need to be fast and memory-constrained, and must be capable of dealing with concept drifts when they occur. Different approaches for unsupervised online outlier detection have been designed to deal with these circumstances in order to reliably detect malicious activity. In this paper, we introduce a novel framework called PCB-iForest, which generalized, is able to incorporate any ensemble-based online OD method to function on streaming data. Carefully engineered requirements are compared to the most popular state-of-the-art online methods with an in-depth focus on variants based on the widely accepted isolation forest algorithm, thereby highlighting the lack of a flexible and efficient solution which is satisfied by PCB-iForest. Therefore, we integrate two variants into PCB-iForest—an isolation forest improvement called extended isolation forest and a classic isolation forest variant equipped with the functionality to score features according to their contributions to a sample’s anomalousness. Extensive experiments were performed on 23 different multi-disciplinary and security-related real-world datasets in order to comprehensively evaluate the performance of our implementation compared with off-the-shelf methods. The discussion of results, including AUC, F1 score and averaged execution time metric, shows that PCB-iForest clearly outperformed the state-of-the-art competitors in 61% of cases and even achieved more promising results in terms of the tradeoff between classification and computational costs. Full article
(This article belongs to the Special Issue Design of Intelligent Intrusion Detection Systems)
Show Figures

Figure 1

Article
Botnet Attack Detection Using Local Global Best Bat Algorithm for Industrial Internet of Things
Electronics 2021, 10(11), 1341; https://doi.org/10.3390/electronics10111341 - 03 Jun 2021
Cited by 6 | Viewed by 853
Abstract
The need for timely identification of Distributed Denial-of-Service (DDoS) attacks in the Internet of Things (IoT) has become critical in minimizing security risks as the number of IoT devices deployed rapidly grows globally and the volume of such attacks rises to unprecedented levels. [...] Read more.
The need for timely identification of Distributed Denial-of-Service (DDoS) attacks in the Internet of Things (IoT) has become critical in minimizing security risks as the number of IoT devices deployed rapidly grows globally and the volume of such attacks rises to unprecedented levels. Instant detection facilitates network security by speeding up warning and disconnection from the network of infected IoT devices, thereby preventing the botnet from propagating and thereby stopping additional attacks. Several methods have been developed for detecting botnet attacks, such as Swarm Intelligence (SI) and Evolutionary Computing (EC)-based algorithms. In this study, we propose a Local-Global best Bat Algorithm for Neural Networks (LGBA-NN) to select both feature subsets and hyperparameters for efficient detection of botnet attacks, inferred from 9 commercial IoT devices infected by two botnets: Gafgyt and Mirai. The proposed Bat Algorithm (BA) adopted the local-global best-based inertia weight to update the bat’s velocity in the swarm. To tackle with swarm diversity of BA, we proposed Gaussian distribution used in the population initialization. Furthermore, the local search mechanism was followed by the Gaussian density function and local-global best function to achieve better exploration during each generation. Enhanced BA was further employed for neural network hyperparameter tuning and weight optimization to classify ten different botnet attacks with an additional one benign target class. The proposed LGBA-NN algorithm was tested on an N-BaIoT data set with extensive real traffic data with benign and malicious target classes. The performance of LGBA-NN was compared with several recent advanced approaches such as weight optimization using Particle Swarm Optimization (PSO-NN) and BA-NN. The experimental results revealed the superiority of LGBA-NN with 90% accuracy over other variants, i.e., BA-NN (85.5% accuracy) and PSO-NN (85.2% accuracy) in multi-class botnet attack detection. Full article
(This article belongs to the Special Issue Design of Intelligent Intrusion Detection Systems)
Show Figures

Figure 1

Back to TopTop