Search Results (36)

With the rapid advancement of Internet of Things (IoT) technology, intrusion detection systems (IDSs) have become pivotal in ensuring network security. However, the data produced by IoT devices is typically sensitive and tends to display non-independent and identically distributed (Non-IID) properties. These factors impose significant limitations on the application of traditional centralized learning. In response to these issues, this study introduces a novel IDS framework grounded in federated learning and knowledge distillation (KD), termed FD-IDS. The proposed FD-IDS aims to tackle issues related to safeguarding data privacy and distributed heterogeneity. FD-IDS employs mutual information for feature selection to enhance training efficiency. For Non-IID data scenarios, the system combines a proximal term with KD. The proximal term restricts the deviation between local and global models, while KD utilizes the global model to steer the training process of local models. Together, these mechanisms effectively alleviate the problem of model drift. Experiments conducted on both the Edge-IIoT and N-BaIoT datasets demonstrate that FD-IDS achieves promising detection performance across multiple evaluation metrics. Full article

Smart cities necessitate ultra-secure and scalable communication frameworks to manage billions of interconnected IoT devices, particularly in the face of the emerging quantum computing threats. This paper proposes the QESIF, a novel Quantum-Enhanced Secure IoT Framework that integrates Quantum Key Distribution (QKD) with classical IoT infrastructures via a hybrid protocol stack and a quantum-aware intrusion detection system (Q-IDS). The QESIF achieves high resilience against eavesdropping by monitoring quantum bit error rate (QBER) and leveraging entropy-weighted key generation. The simulation results, conducted using datasets TON IoT, Edge-IIoTset, and Bot-IoT, demonstrate the effectiveness of the QESIF. The framework records an average QBER of 0.0103 under clean channels and discards over 95% of the compromised keys in adversarial settings. It achieves Attack Detection Rates (ADRs) of 98.1%, 98.7%, and 98.3% across the three datasets, outperforming the baselines by 4–9%. Moreover, the QESIF delivers the lowest average latency of 20.3 ms and the highest throughput of 868 kbit/s in clean scenarios while maintaining energy efficiency with 13.4 mJ per session. Full article

The rapid expansion of Edge and Industrial Internet of Things (IIoT) systems has intensified the risk and complexity of cyberattacks. Detecting advanced intrusions in these heterogeneous and high-dimensional environments remains challenging. As the IIoT becomes integral to critical infrastructure, ensuring security is crucial to prevent disruptions and data breaches. Traditional IDS approaches often fall short against evolving threats, highlighting the need for intelligent and adaptive solutions. While deep learning (DL) offers strong capabilities for pattern recognition, single-model architectures often lack robustness. Thus, hybrid and optimized DL models are increasingly necessary to improve detection performance and address data imbalance and noise. In this study, we propose an optimized hybrid DL framework that combines a transformer, generative adversarial network (GAN), and autoencoder (AE) components, referred to as Transformer–GAN–AE, for robust intrusion detection in Edge and IIoT environments. To enhance the training and convergence of the GAN component, we integrate an improved chimp optimization algorithm (IChOA) for hyperparameter tuning and feature refinement. The proposed method is evaluated using three recent and comprehensive benchmark datasets, WUSTL-IIoT-2021, EdgeIIoTset, and TON_IoT, widely recognized as standard testbeds for IIoT intrusion detection research. Extensive experiments are conducted to assess the model’s performance compared to several state-of-the-art techniques, including standard GAN, convolutional neural network (CNN), deep belief network (DBN), time-series transformer (TST), bidirectional encoder representations from transformers (BERT), and extreme gradient boosting (XGBoost). Evaluation metrics include accuracy, recall, AUC, and run time. Results demonstrate that the proposed Transformer–GAN–AE framework outperforms all baseline methods, achieving a best accuracy of 98.92%, along with superior recall and AUC values. The integration of IChOA enhances GAN stability and accelerates training by optimizing hyperparameters. Together with the transformer for temporal feature extraction and the AE for denoising, the hybrid architecture effectively addresses complex, imbalanced intrusion data. The proposed optimized Transformer–GAN–AE model demonstrates high accuracy and robustness, offering a scalable solution for real-world Edge and IIoT intrusion detection. Full article

As digital infrastructure continues to expand, networks, web services, and Internet of Things (IoT) devices become increasingly vulnerable to distributed denial of service (DDoS) attacks. Remarkably, IoT devices have become attracted to DDoS attacks due to their common deployment and limited applied security measures. Therefore, attackers take advantage of the growing number of unsecured IoT devices to reflect massive traffic that overwhelms networks and disrupts necessary services, making protection of IoT devices against DDoS attacks a major concern for organizations and administrators. In this paper, the effectiveness of supervised machine learning (ML) classification and deep learning (DL) algorithms in detecting DDoS attacks on IoT networks was investigated by conducting an extensive analysis of network traffic dataset (legitimate and malicious). The performance of the models and data quality improved when emphasizing the impact of feature selection and data pre-processing approaches. Five machine learning models were evaluated by utilizing the Edge-IIoTset dataset: Random Forest (RF), Support Vector Machine (SVM), Long Short-Term Memory (LSTM), and K-Nearest Neighbors (KNN) with multiple K values, and Convolutional Neural Network (CNN). Findings revealed that the RF model outperformed other models by delivering optimal detection speed and remarkable performance across all evaluation metrics, while KNN (K = 7) emerged as the most efficient model in terms of training time. Full article

As cyber–physical systems are applied not only to crucial infrastructure but also to day-to-day technologies, from industrial control systems through to smart grids and medical devices, they have become very significant. Cyber–physical systems are a target for various security attacks, too; their growing complexity and digital networking necessitate robust cybersecurity solutions. Recent research indicates that deep learning can improve CPS security through intelligent threat detection and response. We still foresee limitations to scalability, data privacy, and handling the dynamic nature of CPS environments in existing approaches. We developed the CPS ShieldNet Fusion model as a comprehensive security framework for protecting CPS from ever-evolving cyber threats. We will present a model that integrates state-of-the-art methodologies in both federated learning and optimization paradigms through the combination of the Federated Residual Convolutional Network (FedRCNet) and the EEL-Levy Fusion Optimization (ELFO) methods. This involves the incorporation of the Federated Residual Convolutional Network into an optimization method called EEL-Levy Fusion Optimization. This preserves data privacy through decentralized model training and improves complex security threat detection. We report the results of a rigorous evaluation of CICIoT-2023, Edge-IIoTset-2023, and UNSW-NB datasets containing the CPS ShieldNet Fusion model at the forefront in terms of accuracy and effectiveness against several threats in different CPS environments. Therefore, these results underline the potential of the proposed framework to improve CPS security by providing a robust and scalable solution to current problems and future threats. Full article

The rise of 6G-enabled smart industries necessitates secure, adaptive, and interpretable anomaly detection frameworks capable of operating under dynamic, adversarial, and resource-constrained environments. This study presents SAFEL-IoT, a novel Secure Adaptive Federated Learning framework with integrated explainability, specifically designed for anomaly detection in Industrial Internet-of-Things (IIoT) systems under Industry 5.0 paradigms. SAFEL-IoT introduces a dynamic aggregation mechanism based on temporal model divergence, a hybrid encryption scheme combining partial homomorphic encryption with differential privacy, and an interpretable anomaly scoring pipeline leveraging SHapley Additive exPlanations (SHAP) values and temporal attention mechanisms. Extensive experimentation on the SKAB industrial dataset demonstrates that SAFEL-IoT achieves a superior F1 score of 0.93, reduces training time to 63.7 s, and maintains explanation fidelity with only a 0.15 explanation error. Communication efficiency is improved by 70.3% through 6G network slicing, while detection latency remains below 12 ms across 100 distributed edge clients. Further analysis shows a 41.7% improvement in drift robustness and a 68.9% reduction in false positives compared to traditional federated learning baselines. Theoretical convergence guarantees, scalability under large node deployments, and resilience against adversarial attacks validate SAFEL-IoT as a comprehensive and practical solution for secure, explainable, and scalable anomaly detection in next-generation industrial ecosystems. Full article

The rapid expansion of the Internet of Things (IoT) and industrial Internet of Things (IIoT) ecosystems has introduced new security challenges, particularly the need for robust intrusion detection systems (IDSs) capable of adapting to increasingly sophisticated cyberattacks. In this study, we propose a novel intrusion detection approach based on convolutional neural networks (CNNs), designed to automatically extract spatial patterns from network traffic data. Leveraging the DNN-EdgeIIoT dataset, which includes a wide range of attack types and traffic scenarios, we conduct comprehensive experiments to compare the CNN-based model against traditional machine learning techniques, including decision trees, random forests, support vector machines, and K-nearest neighbors. Our approach consistently outperforms baseline models across multiple performance metrics—such as F1 score, precision, and recall—in both binary (benign vs. attack) and multiclass settings (6-class and 15-class classification). The CNN model achieves F1 scores of 1.00, 0.994, and 0.946, respectively, highlighting its strong generalization ability across diverse attack categories. These results demonstrate the effectiveness of deep-learning-based IDSs in enhancing the security posture of IoT and IIoT infrastructures, paving the way for intelligent, adaptive, and scalable threat detection systems. Full article

This paper presents an advanced framework for real-time monitoring and analysis of network traffic and endpoint security in large-scale enterprises by addressing the increasing complexity and frequency of cyber-attacks. Our Network Security Traffic Analysis Platform employs a comprehensive technology stack including the Elastic Stack, ZEEK, Osquery, Kafka, and GeoLocation data. By integrating supervised machine learning models trained on the UNSW-NB15 dataset, we evaluate Random Forest (RF), Decision Trees (DT), and Support Vector Machines (SVM), with the Random Forest classifier achieving a notable accuracy of 99.32%. Leveraging Artificial Intelligence and Natural Language Processing, we apply the BERT model with a Byte-level Byte-pair tokenizer to enhance network-based attack detection in IoT systems. Experiments on UNSW-NB15, TON-IoT, and Edge-IIoT datasets demonstrate our platform’s superiority over traditional methods in multi-class classification tasks, achieving near-perfect accuracy on the Edge-IIoT dataset. Furthermore, Network Security Traffic Analysis Platform’s ability to produce actionable insights through charts, tables, histograms, and other visualizations underscores its capability in static analysis of traffic data. This dual approach of real-time and static analysis provides a robust foundation for developing scalable, efficient, and automated security solutions, essential for managing the evolving threats in modern networks. Full article

Our modern lives are increasingly shaped by the Internet of Things (IoT), as IoT devices monitor and manage everything from our homes to our workplaces, becoming an essential part of health systems and daily infrastructure. However, this rapid growth in IoT has introduced significant security challenges, leading to increased vulnerability to cyber attacks. To address these challenges, machine learning-based intrusion detection systems (IDSs)—traditionally considered a primary line of defense—have been deployed to monitor and detect malicious activities in IoT networks. Despite this, these IDS solutions often struggle with the inherent resource constraints of IoT devices, including limited computational power and memory. To overcome these limitations, we propose an approach to enhance intrusion detection efficiency. First, we introduce a recursive clustering method for data condensation, integrating compactness and entropy-driven sampling to select a highly representative subset from the larger dataset. Second, we adopt a Monte Carlo Cross-Entropy approach combined with a stability metric of features to consistently select the most stable and relevant features, resulting in a lightweight, efficient, and high-accuracy IoT-based IDS. Evaluation of our proposed approach on three IoT datasets from real devices (N-BaIoT, Edge-IIoTset, CICIoT2023) demonstrates comparable classification accuracy while significantly reducing training and testing times by 45× and 15×, respectively, and lowering memory usage by 18×, compared to competitor approaches. Full article

As Internet of Things (IoT) technology sees extensive adoption in smart agriculture, smart healthcare, and smart cities, emerging systems are increasingly confronted with complex and dynamic security threats. Intrusion Detection Systems (IDS), a key technology in network security, effectively enhance IoT system safety by detecting and monitoring anomalous activities. Nevertheless, IDS relying on traditional Machine Learning (ML) technologies demonstrate limited efficacy in classifying malicious traffic. In recent years, approaches that convert network security data into image sets and leverage Deep Transfer Learning (DTL) for classification have gained rapid popularity. While these methods substantially improve detection accuracy, they also lead to increased time and resource consumption during training. To balance high detection accuracy with reduced time consumption, this study introduces an efficient intrusion detection approach based on the Vision Transformer (ViT), utilizing its powerful feature extraction capabilities to enhance performance. The proposed High-performance ViT Intrusion Detection System (HiViT-IDS) begins by transforming one-dimensional network traffic data into RGB images and leverages the ViT model’s exceptional representational power for efficient classification. Experimental results on the ToN-IoT and Edge-IIoTset datasets reveal classification accuracies of 99.70% and 100%, respectively. In comparison to existing mainstream DTL approaches, the proposed model achieves considerable reductions in training time while sustaining high performance. The findings suggest that the HiViT-IDS offers superior potential and a competitive edge in adapting to complex and dynamic network environments. Full article

NFC has emerged as a critical technology in IoET ecosystems, facilitating seamless data exchange in proximity-based systems. However, the security and privacy challenges associated with NFC-enabled IoT devices remain significant, exposing them to various threats such as eavesdropping, relay attacks, and spoofing. This paper introduces DC-NFC, a novel deep learning framework designed to enhance the security and privacy of NFC communications within IoT environments. The proposed framework integrates three innovative components: the CE for capturing intricate temporal and spatial patterns, the PML for enforcing end-to-end privacy constraints, and the ATF module for real-time threat detection and dynamic model adaptation. Comprehensive experiments were conducted on four benchmark datasets—UNSW-NB15, Bot-IoT, TON-IoT Telemetry, and Edge-IIoTset. The results of the proposed approach demonstrate significant improvements in security metrics across all datasets, with accuracy enhancements up to 95% on UNSW-NB15, and consistent F1-scores above 0.90, underscoring the framework’s robustness in enhancing NFC security and privacy in diverse IoT environments. The simulation results highlight the framework’s real-time processing capabilities, achieving low latency of 20.53 s for 1000 devices on the UNSW-NB15 dataset. Full article

The Internet of Things (IoT) ecosystem is rapidly expanding. It is driven by continuous innovation but accompanied by increasingly sophisticated cybersecurity threats. Protecting IoT devices from these emerging vulnerabilities has become a critical priority. This study addresses the limitations of existing IoT threat detection methods, which often struggle with the dynamic nature of IoT environments and the growing complexity of cyberattacks. To overcome these challenges, a novel hybrid architecture combining Convolutional Neural Networks (CNN), Bidirectional Long Short-Term Memory (BiLSTM), and Deep Neural Networks (DNN) is proposed for accurate and efficient IoT threat detection. The model’s performance is evaluated using the IoT-23 and Edge-IIoTset datasets, which encompass over ten distinct attack types. The proposed framework achieves a remarkable 99% accuracy on both datasets, outperforming existing state-of-the-art IoT cybersecurity solutions. Advanced optimization techniques, including model pruning and quantization, are applied to enhance deployment efficiency in resource-constrained IoT environments. The results highlight the model’s robustness and its adaptability to diverse IoT scenarios, which address key limitations of prior approaches. This research provides a robust and efficient solution for IoT threat detection, establishing a foundation for advancing IoT security and addressing the evolving landscape of cyber threats while driving future innovations in the field. Full article

Internet of Things (IoT) networks’ wide range and heterogeneity make them prone to cyberattacks. Most IoT devices have limited resource capabilities (e.g., memory capacity, processing power, and energy consumption) to function as conventional intrusion detection systems (IDSs). Researchers have applied many approaches to lightweight IDSs, including energy-based IDSs, machine learning/deep learning (ML/DL)-based IDSs, and federated learning (FL)-based IDSs. FL has become a promising solution for IDSs in IoT networks because it reduces the overhead in the learning process by engaging IoT devices during the training process. Three FL architectures are used to tackle the IDSs in IoT networks, including centralized (client–server), decentralized (device-to-device), and semi-decentralized. However, none of them has solved the heterogeneity of IoT devices while considering lightweight-ness and performance at the same time. Therefore, we propose a semi-decentralized FL-based model for a lightweight IDS to fit the IoT device capabilities. The proposed model is based on clustering the IoT devices—FL clients—and assigning a cluster head to each cluster that acts on behalf of FL clients. Consequently, the number of IoT devices that communicate with the server is reduced, helping to reduce the communication overhead. Moreover, clustering helps in improving the aggregation process as each cluster sends the average model’s weights to the server for aggregation in one FL round. The distributed denial-of-service (DDoS) attack is the main concern in our IDS model, since it easily occurs in IoT devices with limited resource capabilities. The proposed model is configured with three deep learning techniques—LSTM, BiLSTM, and WGAN—using the CICIoT2023 dataset. The experimental results show that the BiLSTM achieves better performance and is suitable for resource-constrained IoT devices based on model size. We test the pre-trained semi-decentralized FL-based model on three datasets—BoT-IoT, WUSTL-IIoT-2021, and Edge-IIoTset—and the results show that our model has the highest performance in most classes, particularly for DDoS attacks. Full article

The continuous evolvement of IoT networks has introduced significant optimization challenges, particularly in resource management, energy efficiency, and performance enhancement. Most state-of-the-art solutions lack adequate adaptability and runtime cost-efficiency in dynamic 6G-enabled IoT environments. Accordingly, this paper proposes the Trust-centric Economically Optimized 6G-IoT (TEO-IoT) framework, which incorporates an adaptive trust management system based on historical behavior, data integrity, and compliance with security protocols. Additionally, dynamic pricing models, incentive mechanisms, and adaptive routing protocols are integrated into the framework to optimize resource usage in diverse IoT scenarios. TEO-IoT presents an end-to-end solution for security management and network traffic optimization, utilizing advanced algorithms for trust score estimation and anomaly detection. The proposed solution is emulated using the NS-3 network simulator across three datasets: Edge-IIoTset, N-BaIoT, and IoT-23. Results demonstrate that TEO-IoT achieves an optimal resource usage of 92.5% in Edge-IIoTset and reduces power consumption by 15.2% in IoT-23, outperforming state-of-the-art models like IDSOFT and RAT6G. Full article

The Internet of Things (IoT) contains many devices that can compute and communicate, creating large networks. Industrial Internet of Things (IIoT) represents a developed application of IoT, connecting with embedded technologies in production in industrial operational settings to offer sophisticated automation and real-time decisions. Still, IIoT compels significant cybersecurity threats beyond jamming and spoofing, which could ruin the critical infrastructure. Developing a robust Intrusion Detection System (IDS) addresses the challenges and vulnerabilities present in these systems. Traditional IDS methods have achieved high detection accuracy but need improved scalability and privacy issues from large datasets. This paper proposes a Fog-enabled Federated Learning-based Intrusion Detection System (FFL-IDS) utilizing Convolutional Neural Network (CNN) that mitigates these limitations. This framework allows multiple parties in IIoT networks to train deep learning models with data privacy preserved and low-latency detection ensured using fog computing. The proposed FFL-IDS is validated on two datasets, namely the Edge-IIoTset, explicitly tailored to environments with IIoT, and CIC-IDS2017, comprising various network scenarios. On the Edge-IIoTset dataset, it achieved 93.4% accuracy, 91.6% recall, 88% precision, 87% F1 score, and 87% specificity for jamming and spoofing attacks. The system showed better robustness on the CIC-IDS2017 dataset, achieving 95.8% accuracy, 94.9% precision, 94% recall, 93% F1 score, and 93% specificity. These results establish the proposed framework as a scalable, privacy-preserving, high-performance solution for securing IIoT networks against sophisticated cyber threats across diverse environments. Full article