Search Results (177)

Resource-constrained Internet of Things (IoT) devices demand efficient and robust intrusion detection systems (IDSs) to counter evolving cyber threats. The traditional IDS models, however, struggle with high computational complexity and inadequate feature extraction, limiting their accuracy and generalizability in IoT environments. To address this, we propose FFT-RDNet, a lightweight IDS framework leveraging depthwise separable convolution and frequency-domain feature fusion. An ADASYN-Tomek Links hybrid strategy first addresses class imbalances. The core innovation of FFT-RDNet lies in its novel two-dimensional spatial feature modeling approach, realized through a dedicated dual-path feature embedding module. One branch extracts discriminative statistical features in the time domain, while the other branch transforms the data into the frequency domain via Fast Fourier Transform (FFT) to capture the essential energy distribution characteristics. These time–frequency domain features are fused to construct a two-dimensional feature space, which is then processed by a streamlined residual network using depthwise separable convolution. This network effectively captures complex periodic attack patterns with minimal computational overhead. Comprehensive evaluation on the NSL-KDD and CIC-IDS2018 datasets shows that FFT-RDNet outperforms state-of-the-art neural network IDSs across accuracy, precision, recall, and F1 score (improvements: 0.22–1%). Crucially, it achieves superior accuracy with a significantly reduced computational complexity, demonstrating high efficiency for resource-constrained IoT security deployments. Full article

The emergence of the Internet of Vehicles (IoV) has revolutionized intelligent transportation and communication systems. However, IoV presents many complex and ever-changing security challenges and thus requires robust cybersecurity protocols. This paper comprehensively describes and evaluates ensemble learning approaches for multi-class intrusion detection systems in the IoV environment. The study evaluates several approaches, such as stacking, voting, boosting, and bagging. A comprehensive review of the literature spanning 2020 to 2025 reveals important trends and topics that require further investigation and the relative merits of different ensemble approaches. The NSL-KDD, CICIDS2017, and UNSW-NB15 datasets are widely used to evaluate the performance of Ensemble Learning-Based Intrusion Detection Systems (ELIDS). ELIDS evaluation is usually carried out using some popular performance metrics, including Precision, Accuracy, Recall, F1-score, and Area Under Receiver Operating Characteristic Curve (AUC-ROC), which were used to evaluate and measure the effectiveness of different ensemble learning methods. Given the increasing complexity and frequency of cyber threats in IoV environments, ensemble learning methods such as bagging, boosting, and stacking enhance adaptability and robustness. These methods aggregate multiple learners to improve detection rates, reduce false positives, and ensure more resilient intrusion detection models that can evolve alongside emerging attack patterns. Full article

Deep neural networks (DNNs) are highly effective for intrusion detection systems (IDS) due to their ability to learn complex patterns and detect potential anomalies within the systems. However, their high resource consumption requirements including memory and computation make them difficult to deploy on low-powered platforms. This study explores the possibility of using knowledge distillation (KD) to reduce constraints such as power and hardware consumption and improve real-time inference speed but maintain high detection accuracy in IDS across all attack types. The technique utilizes the transfer of knowledge from DNNs (teacher) models to more lightweight shallow neural network (student) models. KD has been proven to achieve significant parameter reduction (92–95%) and faster inference speed (7–11%) while improving overall detection performance (up to 6.12%). Experimental results on datasets such as NSL-KDD, UNSW-NB15, CIC-IDS2017, IoTID20, and UAV IDS demonstrate DNN with KD’s effectiveness in achieving high accuracy, precision, F1 score, and area under the curve (AUC) metrics. These findings confirm KD’s ability as a potential edge computing strategy for IoT and UAV devices, which are suitable for resource-constrained environments and lead to real-time anomaly detection for next-generation distributed systems. Full article

In today’s increasingly interconnected digital world, cyber threats have grown in frequency and sophistication, making intrusion detection systems a critical component of modern cybersecurity frameworks. Traditional IDS methods, often based on static signatures and rule-based systems, are no longer sufficient to detect and respond to complex and evolving attacks. To address these challenges, Artificial Intelligence and machine learning have emerged as powerful tools for enhancing the accuracy, adaptability, and automation of IDS solutions. This study presents a novel, hybrid ensemble learning-based intrusion detection framework that integrates deep learning and traditional ML algorithms with explainable artificial intelligence for real-time cybersecurity applications. The proposed model combines an Artificial Neural Network and Support Vector Machine as base classifiers and employs a Random Forest as a meta-classifier to fuse predictions, improving detection performance. Recursive Feature Elimination is utilized for optimal feature selection, while SHapley Additive exPlanations (SHAP) provide both global and local interpretability of the model’s decisions. The framework is deployed using a Flask-based web interface in the Amazon Elastic Compute Cloud environment, capturing live network traffic and offering sub-second inference with visual alerts. Experimental evaluations using the NSL-KDD dataset demonstrate that the ensemble model outperforms individual classifiers, achieving a high accuracy of 99.40%, along with excellent precision, recall, and F1-score metrics. This research not only enhances detection capabilities but also bridges the trust gap in AI-powered security systems through transparency. The solution shows strong potential for application in critical domains such as finance, healthcare, industrial IoT, and government networks, where real-time and interpretable threat detection is vital. Full article

Due to domain variability and developing attack tactics, intrusion detection in heterogeneous and dynamic IoT systems is still a crucial challenge. For cross-domain intrusion detection, this paper proposes a novel algorithm, X-FuseRLSTM, a dual-path feature fusion framework that is attention guided and coupled with a residual LSTM architecture. The proposed algorithm is the combination of four major steps: first, feature extraction using deep encoder and sparse transformer; second, feature fusion of the extracted features and reducing the fused features; third, the classification model; and last, explainable artificial intelligence (XAI). The classification model used is a deep neural network and residual long short-term memory (RLSTM). The model effectively incorporates both spatial and temporal correlations in network traffic data, which improves its detection capability. The model predictions are explained using the XAI techniques. Extensive experiments on datasets including TON_IoT Network, NSL-KDD, and CICIoMT 2024 with both 19-class and 6-class variations show that X-FuseRLSTM achieves the highest accuracy of 99.40% on network, 99.72% on NSL-KDD, and 97.66% for 19-class and 98.05% for 6-class on CICIoMT 2024 datasets. The suggested method is appropriate for practical IoT security applications since it provides strong domain generalization and explainability while preserving computational efficiency. Full article

With the advancement of network communication technology and Internet of Everything (IoE) technology, which connects all edge devices to the internet, the network traffic generated in various platform environments is rapidly increasing. The increase in network traffic makes it more difficult for the detection system to analyze and detect malicious network traffic generated by malware or intruders. Additionally, processing high-dimensional network traffic data requires substantial computational resources, limiting real-time detection capabilities in practical deployments. Artificial intelligence (AI) algorithms have been widely used to detect malicious traffic, but most previous work focused on improving accuracy with various AI algorithms. Many existing methods, in pursuit of high accuracy, directly utilize the extensive raw features inherent in network traffic. This often leads to increased computational overhead and heightened complexity in detection models, potentially degrading overall system performance and efficiency. Furthermore, high-dimensional data often suffers from the curse of dimensionality, where the sparsity of data in high-dimensional space leads to overfitting, poor generalization, and increased computational complexity. This paper focused on feature engineering instead of AI algorithm selections, presenting an approach that uniquely balances detection accuracy with computational efficiency through strategic dimensionality reduction. For feature engineering, two jobs were performed: feature representations and feature analysis and selection. With effective feature engineering, we can reduce system resource consumption in the training period while maintaining high detection accuracy. We implemented a malicious network traffic detection framework based on Convolutional Neural Network (CNN) with our feature engineering techniques. Unlike previous approaches that use one-hot encoding, which increases dimensionality, our method employs label encoding and information gain to preserve critical information while reducing feature dimensions. The performance of the implemented framework was evaluated using the NSL-KDD dataset, which is the most widely used for intrusion detection system (IDS) performance evaluation. As a result of the evaluation, our framework maintained high classification accuracy while improving model training speed by approximately 17.47% and testing speed by approximately 19.44%. This demonstrates our approach’s ability to achieve a balanced performance, enhancing computational efficiency without sacrificing detection accuracy—a critical challenge in intrusion detection systems. With the reduced features, we achieved classification results of a precision of 0.9875, a recall of 0.9930, an F1-score of 0.9902, and an accuracy of 99.06%, with a false positive rate of 0.65%. Full article

Intrusion prevention and classification are common in the research field of cyber security. Models built from training data may fail to prevent or classify intrusions accurately if the dataset is imbalanced. Most researchers employ SMOTE to balance the dataset. SMOTE in turn fails to address the constraints associated with the dataset, such as diverse data types, preserving the data distribution, capturing non-linear relationships, and preserving oversampling noise. The novelty of this work is in addressing the issues associated with data distribution and SMOTE by employing Conditional Tabular Generative Adversarial Networks (CTGANs) on NSL_KDD and UNSW_NB15 datasets. The balanced input corpus is fed into the CNN model to predict the intrusion. The CNN model involves two convolution layers, max-pooling, ReLU as the activation layer, and a dense layer. The proposed work employs measures such as accuracy, recall, precision, specificity and F1-score for measuring the model performance. The study shows that CTGAN improves the intrusion detection rate. This research highlights the high-quality synthetic samples generated by CTGAN that significantly enhance CNN-based intrusion detection performance on imbalance datasets. This demonstrates the potential for deploying GAN-based oversampling techniques in real-world cybersecurity systems to improve detection accuracy and reduce false negatives. Full article

Network intrusion datasets often face class imbalance issues in intrusion detection tasks, where the number of majority class samples is much higher than minority class samples. Current solutions face notable limitations: traditional normalization weakens the multimodal distribution of continuous features, while mainstream generative models focus excessively on minority class mining while neglecting majority class information. To address these issues, we propose M2M-VAEGAN, which innovatively incorporates a Variational Gaussian Mixture (VGM) model to preserve multimodal characteristics of continuous features. We design a transfer learning framework, pre-training on majority classes to capture general attack patterns, followed by fine-tuning with balanced batches of majority and minority samples to prevent catastrophic forgetting. Additionally, we enhance the VAEGAN architecture with an auxiliary classifier to strengthen conditional information learning. On the NSL-KDD and CIC-IDS2017 datasets, M2M-VAEGAN outperforms methods such as SMOTE, CTGAN, and CTABGAN, achieving a 1.25% to 6.42% improvement in minority class recall. These results demonstrate the effectiveness of the proposed approach. Full article

Advanced Metering Infrastructure (AMI), as a critical data collection and communication hub within the smart grid architecture, is highly vulnerable to network intrusions due to its open bidirectional communication network. A significant challenge in AMI traffic data is the severe class imbalance, where existing methods tend to favor majority class samples while neglecting the detection of minority class attacks, thereby undermining the overall reliability of the detection system. Additionally, current approaches exhibit limitations in spatiotemporal feature extraction, failing to effectively capture the complex dependencies within network traffic data. In terms of global dependency modeling, existing models struggle to dynamically adjust key features, impacting the efficiency and accuracy of intrusion detection and response. To address these issues, this paper proposes an innovative hybrid deep learning model, AS-TBR, for AMI intrusion detection in smart grids. The proposed model incorporates the Adaptive Synthetic Sampling (ADASYN) technique to mitigate data imbalance, thereby enhancing the detection accuracy of minority class samples. Simultaneously, Transformer is leveraged to capture global temporal dependencies, BiGRU is employed to model bidirectional temporal relationships, and ResNet is utilized for deep spatial feature extraction. Experimental results demonstrate that the AS-TBR model achieves an accuracy of 93% on the UNSW-NB15 dataset and 80% on the NSL-KDD dataset. Furthermore, it outperforms baseline models in terms of precision, recall, and other key evaluation metrics, validating its effectiveness and robustness in AMI intrusion detection. Full article

An enormous number of the Internet of Things (IoT) applications and their networks have significantly impacted people’s lives in diverse situations. With the increasing adoption of these applications in various sectors, ensuring reliability and security has become a critical concern. Moreover, the network that interconnected IoT devices uses advanced communications norms and technologies to capture and transmit data. Still, these networks are subject to various types of attacks that will lead to the loss of user data. Concurrently, the field of anomaly detection for the Internet of Things (IoT) is experiencing rapid expansion. This expansion requires a thorough analysis of application trends and existing gaps. Furthermore, it is critical in detecting interesting phenomena such as device damage and unknown events. However, this task is tough due to the unpredictable nature of anomalies and the complexity of the environment. This paper offers a technique that uses an autoencoder neural network to identify anomalous network communications in IoT networks. More specifically, we propose and implement a model that uses DAE (deep autoencoder) to detect and classify the network data, with an ANOVA F-Test for the feature selection. The proposed model is validated using the NSL-KDD dataset. Compared to some IoT-based anomaly detection models, the experimental results reveal that the suggested model is more efficient at enhancing the accuracy of detecting malicious data. The simulation results show that it works better, with an overall accuracy rate of 85% and 92% successively for the binary and multi-class classifications. Full article

Network Intrusion Detection Systems (NIDS) often suffer from severe class imbalance, where minority attack types are underrepresented, leading to degraded detection performance. To address this challenge, we propose a novel augmentation framework that integrates Soft Nearest Neighbor Loss (SNNL) into Generative Adversarial Networks (GANs), including WGAN, CWGAN, and WGAN-GP. Unlike traditional oversampling methods (e.g., SMOTE, ADASYN), our approach improves feature-space alignment between real and synthetic samples, enhancing classifier generalization on rare classes. Experiments on NSL-KDD, CSE-CIC-IDS2017, and CSE-CIC-IDS2018 show that SNNL-augmented GANs consistently improve minority-class F1-scores without degrading overall accuracy or majority-class performance. UMAP visualizations confirm that SNNL produces more compact and class-consistent sample distributions. We also evaluate the computational overhead, finding the added cost moderate. These results demonstrate the effectiveness and practicality of SNNL as a general enhancement for GAN-based data augmentation in imbalanced NIDS tasks. Full article

With the rapid development of the internet, the increasing amount of malicious traffic poses a significant challenge to the network security of critical infrastructures, including power monitoring systems. As the core part of the power grid operation, the network security of power monitoring systems directly affects the stability of the power system and the safety of electricity supply. Nowadays, network attacks are complex and diverse, and traditional rule-based detection methods are no longer adequate. With the advancement of machine learning technologies, researchers have introduced them into the field of traffic detection to address this issue. Current malicious traffic detection methods mostly rely on single machine learning models, which face problems such as poor generalization, low detection accuracy, and instability. To solve these issues, this paper proposes a malicious traffic detection method based on multi-model fusion, using the stacking strategy to integrate models. Compared to single models, stacking enhances the model’s generalization and stability, improving detection accuracy. Experimental results show that the accuracy of the stacking model on the NSL-KDD test set is 96.5%, with an F1 score of 96.6% and a false-positive rate of 1.8%, demonstrating a significant improvement over single models and validating the advantages of multi-model fusion in malicious traffic detection. Full article

With the rapid emergence of the Internet of Things (IoT) devices, there were new vectors for attacking cyber, so there was a need for approachable intrusion detection systems (IDSs) with more innovative custom tactics. The traditional IDS models tend to find difficulties in generalization in the continuously changing and heterogeneous IoT environments. This paper contributes to an adaptive intrusion detection framework using Model-Agnostic Meta-Learning (MAML) and few-shot learning paradigms to quickly adapt to new tasks with little data. The goal of this research is to improve the security of IoT by developing a strong IDS that will perform well across assorted datasets and attack environments. Finally, we apply our proposed framework to two benchmark datasets, UNSW-NB15 and NSL-KDD99, which provide different attack scenarios and network behaviors. The methodology trains a base model with MAML to allow fast adaptation on specific tasks during fine-tuning. Our approach leads to experimental results with 99.98% accuracy, 99.5% precision, 99.0% recall, and 99.4% F1 score on the UNSW-NB15 dataset. The model achieved 99.1% accuracy, 97.3% precision, 98.2% recall, and 98.5% F1 score on the NSL-KDD99 dataset. That shows that MAML can detect many cyber threats in IoT environments. Based on this study, it is concluded that meta-learning-based intrusion detection could help build resilient IoT systems. Future works will move educated meta-learning to a federated setting and deploy it in real time in response to changing threats. Full article

With the requirements of government data protection regulations and industrial concerns regarding data protection and privacy, the security level required for data privacy and protection has increased. This has led researchers to investigate techniques that can train cybersecurity machine learning (ML) models without sharing personal data. Federated Learning (FL) is a newly developed decentralized and distributed ML mechanism that emphasize privacy. In this technique, a learning algorithm is trained without collecting or exchanging sensitive data from distributed client models running at different locations. With the rapid increase in the number of cybersecurity attacks reported in the aviation industry in the last two decades, strong, dynamic, and effective countermeasures are required to protect the aviation industry and air passengers against such attacks, which can most of the time lead to catastrophic situations. This paper proposes and implements an FL model for identifying cyberattacks on a Software Defined Network (SDN)-based aeronautical communication networks. The machine learning model used in the FL architecture is a Deep Neural Network (DNN) model. The publicly available National Security Laboratory–Knowledge Discovery and Datamining (NSL-KDD) dataset was employed to train and validate the proposed FL model. The simulation results illustrated that the FL-based system can accurately and effectively identify potential cybersecurity attacks and minimize the risk of data and service exposure without degrading model performance. A comparison was also made between the FL and non-FL machine learning models. Preliminary results demonstrated that the FL model outperformed the non-FL machine learning approaches. FL reached an accuracy of 96%, compared to 76% and 83% for NFL. Full article

With the rapid increase in cyber-attacks, intrusion detection systems (IDS) have become essential for network security. However, traditional IDS methods often struggle with class imbalance, leading to asymmetric data distributions that adversely affect detection performance and model generalization. To address this issue and enhance detection accuracy, this paper proposes SE-DWNet, a residual network model incorporating an attention mechanism and one-dimensional depthwise separable convolution, trained on a symmetrically preprocessed dataset using SMOTETomek sampling. First, the feature distributions of the training and test datasets are analyzed using box plots, highlighting the impact of feature difference. To mitigate this difference and restore a more symmetric data distribution, we employ the SMOTETomek integrated sampling method in conjunction with a Focal Loss function. Subsequently, a lightweight residual network, incorporating the SE module and the Res-DWNet module, is designed to improve detection accuracy while maintaining computational efficiency. Extensive experiments on the NSL-KDD, CICIDS2018, and ToN-IoT datasets demonstrate that SE-DWNet outperforms existing neural network-based IDS models, achieving accuracy, precision, recall, and F1-score improvements ranging from 0.17% to 5.33%. The results confirm the effectiveness and superiority of the proposed approach in intrusion detection tasks. Full article