Search Results (7)

The integration of connected vehicles into smart city infrastructure introduces critical cybersecurity challenges for the Internet of Vehicles (IoV), where resource-constrained vehicles and powerful roadside units (RSUs) must collaborate for secure communication. We propose H-RT-IDPS, a hierarchical real-time intrusion detection and prevention system targeting two high-priority IoV security pillars: availability (traffic overload) and integrity/authenticity (spoofing), with spoofing evaluated across multiple subclasses (GAS, RPM, SPEED, and steering wheel). In the offline phase, deep learning and hybrid models were benchmarked on the vehicular CAN bus dataset CICIoV2024, with the BiLSTM-XGBoost hybrid chosen for its balance between accuracy and inference speed. Real-time deployment uses a TinyML-distilled CNN on vehicles for ultra-lightweight, low-latency detection, while RSU-level BiLSTM-XGBoost performs a deeper temporal analysis. A Kafka–Spark Streaming pipeline supports localized classification, prevention, and dashboard-based monitoring. In baseline, stealth, and coordinated modes, the evaluation achieved accuracy, precision, recall, and F1-scores all above 97%. The mean end-to-end inference latency was 148.67 ms, and the resource usage was stable. The framework remains robust in both high-traffic and low-frequency attack scenarios, enhancing operator situational awareness through real-time visualizations. These results demonstrate a scalable, explainable, and operator-focused IDPS well suited for securing SC-IoV deployments against evolving threats. Full article

This research utilizes machine learning (ML), and especially deep learning (DL), techniques for efficient feature extraction of intrusion attacks. We use DL to provide better learning and utilize machine learning multilayer perceptron (MLP) as an intrusion detection (IDS) and intrusion prevention (IPS) system (IDPS) method. We deploy DL and MLP together as DLMLP. DLMLP improves the high detection of all intrusion attack features on the Internet of Things (IoT) device dataset, known as the CICIoT2023 dataset. We reference the CICIoT2023 dataset from the Canadian Institute of Cybersecurity (CIC) IoT device dataset. Our proposed method, the deep learning multilayer perceptron intrusion detection and prevention system model (DLMIDPSM), provides IDPST (intrusion detection and prevention system topology) capability. We use our proposed IDPST to capture, analyze, and prevent all intrusion attacks in the dataset. Moreover, our proposed DLMIDPSM employs a combination of artificial neural networks, ANNs, convolutional neural networks (CNNs), and recurrent neural networks (RNNs). Consequently, this project aims to develop a robust real-time intrusion detection and prevention system model. DLMIDPSM can predict, detect, and prevent intrusion attacks in the CICIoT2023 IoT dataset, with a high accuracy of above 85% and a high precision rate of 99%. Comparing the DLMIDPSM to the other literature, deep learning models and machine learning (ML) models have used decision tree (DT) and support vector machine (SVM), achieving a detection and prevention rate of 81% accuracy with only 72% precision. Furthermore, this research project breaks new ground by incorporating combined machine learning and deep learning models with IDPS capability, known as ML and DLMIDPSMs. We train, validate, or test the ML and DLMIDPSMs on the CICIoT2023 dataset, which helps to achieve higher accuracy and precision than the other deep learning models discussed above. Thus, our proposed combined ML and DLMIDPSMs achieved higher intrusion detection and prevention based on the confusion matrix’s high-rate attack detection and prevention values. Full article

Mobile cloud computing (MCC) is a technological paradigm for providing services to mobile device (MD) users. A compromised MD may cause harm to both its user and to other MCC customers. This study explores the use of machine learning (ML) models and stochastic methods for the protection of Android MDs connected to the mobile cloud. To test the validity and feasibility of the proposed models and methods, the study adopted a proof-of-concept approach and developed a prototype system named MINDPRESS. The static component of MINDPRES assesses the risk of the apps installed on the MD. It uses a device-based ML model for static feature analysis and a cloud-based stochastic risk evaluator. The device-based hybrid component of MINDPRES monitors app behavior in real time. It deploys two ML models and functions as an intrusion detection and prevention system (IDPS). The performance evaluation results of the prototype showed that the accuracy achieved by the methods for static and hybrid risk evaluation compared well with results reported in recent work. Power consumption data indicated that MINDPRES did not create an overload. This study contributes a feasible and scalable framework for building distributed systems for the protection of the data and devices of MCC customers. Full article

The number of connected devices or Internet of Things (IoT) devices has rapidly increased. According to the latest available statistics, in 2023, there were approximately 17.2 billion connected IoT devices; this is expected to reach 25.4 billion IoT devices by 2030 and grow year over year for the foreseeable future. IoT devices share, collect, and exchange data via the internet, wireless networks, or other networks with one another. IoT interconnection technology improves and facilitates people’s lives but, at the same time, poses a real threat to their security. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are considered the most common and threatening attacks that strike IoT devices’ security. These are considered to be an increasing trend, and it will be a major challenge to reduce risk, especially in the future. In this context, this paper presents an improved framework (SDN-ML-IoT) that works as an Intrusion and Prevention Detection System (IDPS) that could help to detect DDoS attacks with more efficiency and mitigate them in real time. This SDN-ML-IoT uses a Machine Learning (ML) method in a Software-Defined Networking (SDN) environment in order to protect smart home IoT devices from DDoS attacks. We employed an ML method based on Random Forest (RF), Logistic Regression (LR), k-Nearest Neighbors (kNN), and Naive Bayes (NB) with a One-versus-Rest (OvR) strategy and then compared our work to other related works. Based on the performance metrics, such as confusion matrix, training time, prediction time, accuracy, and Area Under the Receiver Operating Characteristic curve (AUC-ROC), it was established that SDN-ML-IoT, when applied to RF, outperforms other ML algorithms, as well as similar approaches related to our work. It had an impressive accuracy of 99.99%, and it could mitigate DDoS attacks in less than 3 s. We conducted a comparative analysis of various models and algorithms used in the related works. The results indicated that our proposed approach outperforms others, showcasing its effectiveness in both detecting and mitigating DDoS attacks within SDNs. Based on these promising results, we have opted to deploy SDN-ML-IoT within the SDN. This implementation ensures the safeguarding of IoT devices in smart homes against DDoS attacks within the network traffic. Full article

The development of new technologies has significantly enhanced the monitoring and analysis of network traffic. Modern solutions like the Extended Berkeley Packet Filter (eBPF) demonstrate a clear advancement over traditional techniques, allowing for more customized and efficient filtering. These technologies are crucial for influencing system performance as they operate at the lowest layer of the operating system, such as the kernel. Network-based Intrusion Detection/Prevention Systems (IDPS), including Snort, Suricata, and Bro, passively monitor network traffic from terminal access points. However, most IDPS are signature-based and face challenges on large networks, where the drop rate increases due to limitations in capturing and processing packets. High throughput leads to overheads, causing IDPS buffers to drop packets, which can pose serious threats to network security. Typically, IDPS are targeted by volumetric and multi-vector attacks that overload the network beyond the reception and processing capacity of IDPS, resulting in packet loss due to buffer overflows. To address this issue, the proposed solution, iKern, utilizes eBPF and Virtual Network Functions (VNF) to examine and filter packets at the kernel level before forwarding them to user space. Packet stream inspection is performed within the iKern Engine at the kernel level to detect and mitigate volumetric floods and multi-vector attacks. The iKern detection engine, operating within the Linux kernel, is powered by eBPF bytecode injected from user space. This system effectively handles volumetric Distributed Denial of Service (DDoS) attacks. Real-time implementation of this scheme has been tested on a 1Gbps network and shows significant detection and reduction capabilities against volumetric and multi-vector floods. Full article

Many intrusion detection and prevention systems (IDPS) have been introduced to identify suspicious activities. However, since attackers are exploiting new vulnerabilities in systems and are employing more sophisticated advanced cyber-attacks, these zero-day attacks remain hidden from IDPS in most cases. These features have incentivized many researchers to propose different artificial intelligence-based techniques to prevent, detect, and respond to such advanced attacks. This has also created a new requirement for a comprehensive comparison of the existing schemes in several aspects ; after a thorough study we found that there currently exists no detailed comparative analysis of artificial intelligence-based techniques published in the last five years. Therefore, there is a need for this kind of work to be published, as there are many comparative analyses in other fields of cyber security that are available for readers to review.In this paper, we provide a comprehensive review of the latest and most recent literature, which introduces well-known machine learning and deep learning algorithms and the challenges they face in detecting zero-day attacks. Following these qualitative analyses, we present the comparative evaluation results regarding the highest accuracy, precision, recall, and F1 score compared to different datasets. Full article

In-vehicle electronic control unit (ECU) communications generally count on private protocols (defined by the manufacturers) under controller area network (CAN) specifications. Parsing the private protocols for a particular vehicle model would be of great significance in testing the vehicle’s resistance to various attacks, as well as in designing efficient intrusion detection and prevention systems (IDPS) for the vehicle. This paper proposes a suite of methods for parsing ECU private protocols on in-vehicle CAN network. These methods include an algorithm for parsing discrete variables (encoded in a discrete manner, e.g., gear state), an algorithm for parsing continuous variables (encoded in a continuous manner, e.g., vehicle speed), and a parsing method based on upper-layer protocols (e.g., OBD and UDS). Extensive verifications have been performed on five different brands of automobiles (including an electric vehicle) to demonstrate the universality and the correctness of these parsing algorithms. Some parsing tips and experiences are also presented. Our continuous-variables parsing algorithm could run in a semi-automatic manner and the parsing algorithm from upper-layer protocols could execute in a completely automatic manner. One might view the results obtained by our parsing algorithms as an important indicator of penetration testing on in-vehicle CAN network. Full article