Search Results (267)

The Internet of Things (IoT) is rapidly advancing toward increased autonomy; however, the inherent dynamism, environmental uncertainty, device heterogeneity, and diverse data modalities pose serious challenges to its reliability and security. This paper proposes a novel framework for embedding security awareness into IoT systems—where security awareness refers to the system’s ability to detect uncertain changes and understand their impact on its security posture. While machine learning and deep learning (ML/DL) models integrated with explainable AI (XAI) methods offer capabilities for threat detection, they often lack contextual interpretation linked to system security. To bridge this gap, our framework maps XAI-generated explanations to a system’s structured security profile, enabling the identification of components affected by detected anomalies or threats. Additionally, we introduce a procedural method to compute an Importance Factor (IF) for each component, reflecting its operational criticality. This framework generates actionable insights by highlighting contextual changes, impacted components, and their respective IFs. We validate the framework using a smart irrigation IoT testbed, demonstrating its capability to enhance security awareness by tracking evolving conditions and providing real-time insights into potential Distributed Denial of Service (DDoS) attacks. Full article

Software-defined networking (SDN) represents a transformative shift in network architecture by decoupling the control plane from the data plane, enabling centralized and flexible management of network resources. However, this architectural shift introduces significant security challenges, as SDN’s centralized control becomes an attractive target for various types of attacks. While the body of current research on attack detection in SDN has yielded important results, several critical gaps remain that require further exploration. Addressing challenges in feature selection, broadening the scope beyond Distributed Denial of Service (DDoS) attacks, strengthening attack decisions based on multi-flow analysis, and building models capable of detecting unseen attacks that they have not been explicitly trained on are essential steps toward advancing security measures in SDN environments. In this paper, we introduce a novel approach that leverages Natural Language Processing (NLP) and the pre-trained Bidirectional Encoder Representations from Transformers (BERT)-base-uncased model to enhance the detection of attacks in SDN environments. Our approach transforms network flow data into a format interpretable by language models, allowing BERT-base-uncased to capture intricate patterns and relationships within network traffic. By utilizing Random Forest for feature selection, we optimize model performance and reduce computational overhead, ensuring efficient and accurate detection. Attack decisions are made based on several flows, providing stronger and more reliable detection of malicious traffic. Furthermore, our proposed method is specifically designed to detect previously unseen attacks, offering a solution for identifying threats that the model was not explicitly trained on. To rigorously evaluate our approach, we conducted experiments in two scenarios: one focused on detecting known attacks, achieving an accuracy, precision, recall, and F1-score of 99.96%, and another on detecting previously unseen attacks, where our model achieved 99.96% in all metrics, demonstrating the robustness and precision of our framework in detecting evolving threats, and reinforcing its potential to improve the security and resilience of SDN networks. Full article

The rapid expansion of the Internet of Things (IoT) ecosystem has transformed industries but also exposed significant cybersecurity vulnerabilities. Traditional centralized methods for securing IoT networks struggle to balance privacy preservation with real-time threat detection. This study presents a Federated Learning-Driven Cybersecurity Framework designed for IoT environments, enabling decentralized data processing through local model training on edge devices to ensure data privacy. Secure aggregation using homomorphic encryption supports collaborative learning without exposing sensitive information. The framework employs GRU-based recurrent neural networks (RNNs) for anomaly detection, optimized for resource-constrained IoT networks. Experimental results demonstrate over 98% accuracy in detecting threats such as distributed denial-of-service (DDoS) attacks, with a 20% reduction in energy consumption and a 30% reduction in communication overhead, showcasing the framework’s efficiency over traditional centralized approaches. This work addresses critical gaps in IoT cybersecurity by integrating federated learning with advanced threat detection techniques. It offers a scalable, privacy-preserving solution for diverse IoT applications, with future directions including blockchain integration for model aggregation traceability and quantum-resistant cryptography to enhance security. Full article

The widespread adoption of Internet of Things (IoT) devices has been accompanied by a remarkable rise in both the frequency and intensity of Distributed Denial of Service (DDoS) attacks, which aim to overwhelm and disrupt the availability of networked systems and connected infrastructures. In this paper, we present a novel approach to DDoS attack detection and mitigation that integrates state-of-the-art machine learning techniques with Blockchain-based Mobile Edge Computing (MEC) in IoT environments. Our solution leverages the decentralized and tamper-resistant nature of Blockchain technology to enable secure and efficient data collection and processing at the network edge. We evaluate multiple machine learning models, including K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), Transformer architectures, and LightGBM, using the CICDDoS2019 dataset. Our results demonstrate that Transformer models achieve a superior detection accuracy of 99.78%, while RF follows closely with 99.62%, and LightGBM offers optimal efficiency for real-time detection. This integrated approach significantly enhances detection accuracy and mitigation effectiveness compared to existing methods, providing a robust and adaptive mechanism for identifying and mitigating malicious traffic patterns in IoT environments. Full article

The exponential growth of Distributed Denial-of-Service (DDoS) attacks in high-speed networks presents significant real-time detection and mitigation challenges. The existing detection frameworks are categorized into flow-based and packet-based detection approaches. Flow-based approaches usually suffer from high latency and controller overhead in high-volume traffic. In contrast, packet-based approaches are prone to high false-positive rates and limited attack classification, resulting in delayed mitigation responses. To address these limitations, we propose a real-time DDoS detection architecture that combines hardware-accelerated statistical preprocessing with GPU-accelerated deep learning models. The raw packet header information is transformed into multivariate time series data to enable classification of complex traffic patterns using Temporal Convolutional Networks (TCN), Long Short-Term Memory (LSTM) networks, and Transformer architectures. We evaluated the proposed system using experiments conducted under low to high-volume background traffic to validate each model’s robustness and adaptability in a real-time network environment. The experiments are conducted across different time window lengths to determine the trade-offs between detection accuracy and latency. The results show that larger observation windows improve detection accuracy using TCN and LSTM models and consistently outperform the Transformer in high-volume scenarios. Regarding model latency, TCN and Transformer exhibit constant latency across all window sizes. We also used SHAP (Shapley Additive exPlanations) analysis to identify the most discriminative traffic features, enhancing model interpretability and supporting feature selection for computational efficiency. Among the experimented models, TCN achieves the most balance between detection performance and latency, making it an applicable model for the proposed architecture. These findings validate the feasibility of the proposed architecture and support its potential as a real-time DDoS detection application in a realistic high-speed network. Full article

Imbalanced data is a major challenge in network security applications, particularly in DDoS (Distributed Denial of Service) traffic classification, where detecting minority classes is critical for timely and cost-effective defense. Existing machine learning and deep learning models often fail to accurately classify such underrepresented attack types, leading to significant degradation in performance. In this study, we propose an adaptive sampling strategy that combines oversampling and undersampling techniques to address the class imbalance problem at the data level. We evaluated our approach using benchmark DDoS traffic datasets, where it demonstrated improved classification performance across key metrics, including accuracy, recall, and F1-score, compared to baseline models and conventional sampling methods. The results indicate that the proposed adaptive sampling approach improved minority class detection performance under the tested conditions, thereby improving the reliability of sensor-driven security systems. This work contributes a robust and adaptable method for imbalanced data classification, with potential applications across simulated sensor environments where anomaly detection is essential. Full article

As digital infrastructure continues to expand, networks, web services, and Internet of Things (IoT) devices become increasingly vulnerable to distributed denial of service (DDoS) attacks. Remarkably, IoT devices have become attracted to DDoS attacks due to their common deployment and limited applied security measures. Therefore, attackers take advantage of the growing number of unsecured IoT devices to reflect massive traffic that overwhelms networks and disrupts necessary services, making protection of IoT devices against DDoS attacks a major concern for organizations and administrators. In this paper, the effectiveness of supervised machine learning (ML) classification and deep learning (DL) algorithms in detecting DDoS attacks on IoT networks was investigated by conducting an extensive analysis of network traffic dataset (legitimate and malicious). The performance of the models and data quality improved when emphasizing the impact of feature selection and data pre-processing approaches. Five machine learning models were evaluated by utilizing the Edge-IIoTset dataset: Random Forest (RF), Support Vector Machine (SVM), Long Short-Term Memory (LSTM), and K-Nearest Neighbors (KNN) with multiple K values, and Convolutional Neural Network (CNN). Findings revealed that the RF model outperformed other models by delivering optimal detection speed and remarkable performance across all evaluation metrics, while KNN (K = 7) emerged as the most efficient model in terms of training time. Full article

Cyber threats that target Internet of Things (IoT) and edge computing environments are growing in scale and complexity, which necessitates the development of security solutions that are both robust and scalable while also protecting privacy. Edge scenarios require new intrusion detection solutions because traditional centralized intrusion detection systems (IDSs) lack in the protection of data privacy, create excessive communication overhead, and show limited contextual adaptation capabilities. This paper introduces the SecFedDNN framework, which combines federated deep learning (FDL) capabilities to protect edge–cloud environments from cyberattacks such as Distributed Denial of Service (DDoS), Denial of Service (DoS), and injection attacks. SecFedDNN performs edge-level pre-aggregation filtering through Layer-Adaptive Sparsified Model Aggregation (LASA) for anomaly detection while supporting balanced multi-class evaluation across federated clients. A Deep Neural Network (DNN) forms the main model that trains concurrently with multiple clients through the Federated Averaging (FedAvg) protocol while keeping raw data local. We utilized Google Cloud Platform (GCP) along with Google Colaboratory (Colab) to create five federated clients for simulating attacks on the TON_IoT dataset, which we balanced across selected attack types. Initial tests showed DNN outperformed Long Short-Term Memory (LSTM) and SimpleNN in centralized environments by providing higher accuracy at lower computational costs. Following federated training, the SecFedDNN framework achieved an average accuracy and precision above 84% and recall and F1-score above 82% across all clients with suitable response times for real-time deployment. The study proves that FDL can strengthen intrusion detection across distributed edge networks without compromising data privacy guarantees. Full article

In this paper, we focus on defending against distributed denial-of-service (DDoS) attacks in a low-earth-orbit (LEO) satellite network (LSN). To enhance the security of LSN, we propose the K-Bottleneck Minimize routing method. The algorithm ensures path diversity while avoiding vulnerable bottleneck paths, which significantly increases the cost for attackers. Additionally, the attacker’s detectability is reduced. The results show that the algorithm avoids the bottleneck paths that are vulnerable to attacks, improves the attacker’s cost by about 13.1% and 16.6% on average and median, and improves the detectability of attackers by 48.5% and 45.4% on average and median. The algorithm generates multiple non-overlapping inter-satellite paths, preventing the exploitation of bottleneck paths and ensuring better robustness and attack resistance. Full article

Distributed Denial-of-Service (DDoS) attacks generate deceptive, high-volume traffic that bypasses conventional detection mechanisms. When interception fails, effectively allocating mixed benign and malicious traffic under resource constraints becomes a critical challenge. To address this, we propose SchedOpt Engine (SOE), a scheduling framework formulated as a discrete multi-objective optimization problem. The goal is to optimize four conflicting objectives: a benign traffic acceptance rate (BTAR), malicious traffic interception rate (MTIR), server load balancing, and malicious traffic isolation. These objectives are combined into a composite scalarized loss function with soft constraints, prioritizing a BTAR while maintaining flexibility. To solve this problem, we introduce MOFATA, a multi-objective extension of the Fata Morgana Algorithm (FATA) within a Pareto-based evolutionary framework. An $ϵ$-dominance mechanism is incorporated to improve solution granularity and diversity. Simulations under varying attack intensities and resource constraints validate the effectiveness of SOE. Results show that SOE consistently achieves a high BTAR and MTIR while balancing server loads. Under extreme attacks, SOE isolates malicious traffic to a subset of servers, preserving capacity for benign services. SOE also demonstrates strong adaptability in fluctuating attack environments, providing a practical solution for DDoS mitigation. Full article

With the growing prevalence of cybercrime, botnets have emerged as a significant threat, infiltrating an increasing number of legitimate computers annually. Challenges arising for organizations, educational institutions, and individuals as a result of botnet attacks include distributed denial of service (DDoS) attacks, phishing attacks, and extortion attacks, generation of spam, and identity theft. The stealthy nature of botnets, characterized by constant alterations in network structures, attack methodologies, and data transmission patterns, poses a growing difficulty in their detection. This paper introduces an innovative strategy for mitigating botnet threats. Employing differential evolution, we propose a feature selection approach that enhances the ability to discern peer-to-peer (P2P) botnet traffic amidst evolving cyber threats. Differential evolution is a population-based meta-heuristic technique which can be applied to nonlinear and non-differentiable optimization problems owing to its fast convergence and use of few control parameters. Apart from that, an ensemble learning algorithm is also employed to support and enhance the detection phase, providing a robust defense against the dynamic and sophisticated nature of modern P2P botnets. The results demonstrate that our model achieves 99.99% accuracy, 99.49% precision, 98.98% recall, and 99.23% F1-score, which outperform the state-of-the-art P2P detection approaches. Full article

The widespread adoption of Internet of Things (IoT) devices has significantly increased the exposure of cloud-based architectures to cybersecurity risks, particularly Distributed Denial-of-Service (DDoS) attacks. Traditional detection methods often fail to efficiently identify and mitigate these threats in dynamic IoT/Cloud environments. This study proposes a machine-learning-based framework to enhance DDoS attack detection and mitigation, employing Random Forest, XGBoost, and Long Short-Term Memory (LSTM) models. Two well-established datasets, CIC-DDoS2019 and N-BaIoT, were used to train and evaluate the models, with feature selection techniques applied to optimize performance. A comparative analysis was conducted using key performance metrics, including accuracy, precision, recall, and F1-score. The results indicate that Random Forest outperforms other models, achieving a precision of 99.96% and an F1-score of 95.84%. Additionally, a web-based dashboard was developed to visualize detection outcomes, facilitating real-time monitoring. This research highlights the importance of efficient data preprocessing and feature selection for improving detection capabilities in IoT/Cloud infrastructures. Furthermore, the potential integration of metaheuristic optimization for hyperparameter tuning and feature selection is identified as a promising direction for future work. The findings contribute to the development of more resilient and adaptive cybersecurity solutions for IoT/Cloud-based environments. Full article

Feature selection plays a crucial role in the effectiveness of distributed denial of service (DDoS) attack detection methods, particularly as network traffic data becomes increasingly complex. This study conducts a categorical investigation of feature selection methods in clustering-based DDoS attack detection, comparing wrapper and hybrid approaches. Through two experiments using one-way ANOVA analyses, the research evaluated the effectiveness of different clustering approaches and supervised learning algorithms. The findings reveal that clustering-based wrapper methods performed more effectively than supervised learning approaches in feature selection for clustering-based DDoS attack detection methods. The results show strong statistical significance for clustering-based methods, with p-values of less than 0.05 and η² values indicating robust relationships between methods. Our clustering-based wrapper approach achieved a 57.7% reduction in false positive rates compared to supervised learning methods (mean FPR of 0.17 versus 0.40) on the CICIDS2017 dataset, with certain configurations reaching a false positive rate of 0.000. A similar pattern was observed with the NSL-KD dataset, where clustering-based methods reduced false positive rates by 63.1% compared to supervised approaches (0.048 versus 0.128). This study provides empirical evidence for effective combinations in which organizations and agencies can implement DDoS attack detection methods that have high performance. Full article

As a distributed communication and storage system, blockchain forms a Computing Power Blockchain Network (CPBN) by integrating computing nodes and network resources. However, its open architecture faces major security threats such as Sybil attacks, computational fraud, and DDoS attacks. Traditional detection methods often fail in dynamic environments with scarce domain data. To address this, we developed a lightweight blockchain simulator to generate Sybil and DDoS attack scenarios, constructing a 14-dimensional feature dataset. To address Sybil attacks and distributed denial-of-service attack scenarios, this paper proposes an adaptive attention random forest convolutional neural network anomaly detection method (CAA-RF). Our approach uses multi-layer convolutional operations to capture high-order data correlations, combines attention mechanisms for global dependency modeling, and employs random forest for robust anomaly detection, enabling effective real-time security protection for blockchain systems. Full article

With the rapid development of the internet of things (IoT) and smart cities, the risk of network attacks, particularly distributed denial of service (DDoS) attacks, has significantly increased. Traditional centralized security systems struggle to address large-scale attacks while simultaneously safeguarding privacy. In this study, we created a decentralized security framework that integrates federated learning (FL) with blockchain technology for DDoS attack detection and prevention. Federated learning enables devices to collaboratively learn without sharing raw data and ensures data privacy, while blockchain provides immutable event logging and distributed monitoring to enhance the overall security of the system. The created framework leverages multi-layer encryption and Hashgraph technology for event recording, ensuring data integrity and efficiency. Additionally, software-defined networking (SDN) was employed for dynamic resource management and rapid responses to attacks. This system improves the accuracy of DDoS detection and effectively reduces communication costs and resource consumption. It has significant potential for large-scale attack defense in IoT and smart city environments. Full article