Search Results (25)

Network Intrusion Detection Systems (NIDSs) are vital for safeguarding Internet of Things (IoT) networks from malicious attacks. Modern NIDSs utilize Machine Learning (ML) techniques to combat evolving threats. This study systematically examined adversarial attacks originating from the image domain against ML-based NIDSs, while incorporating a diverse selection of ML models. Specifically, we evaluated both white-box and black-box attacks on nine commonly used ML-based NIDS models. We analyzed the Projected Gradient Descent (PGD) attack, which uses gradient descent on input features, transfer attacks, the score-based Zeroth-Order Optimization (ZOO) attack, and two decision-based attacks: Boundary and HopSkipJump. Using the NSL-KDD dataset, we assessed the accuracy of the ML models under attack and the success rate of the adversarial attacks. Our findings revealed that the black-box decision-based attacks were highly effective against most of the ML models, achieving an attack success rate exceeding 86% across eight models. Additionally, while the Logistic Regression and Multilayer Perceptron models were highly susceptible to all the attacks studied, the instance-based ML models, such as KNN and Label Spreading, exhibited resistance to these attacks. These insights will contribute to the development of more robust NIDSs against adversarial attacks in IoT environments. Full article

The Internet of Things (IoT) is an important component of the smart environment, which produces a large volume of data that is considered challenging to handle. In addition, the IoT architecture is vulnerable to many cyberattacks that can target operational devices. Therefore, there is a need for monitoring IoT traffic to analyze, detect malicious activity, and classify cyberattack types. This research proposes a security framework to monitor asymmetrical network traffic in an IoT environment. The framework offers a network intrusion detection system (NIDS) to detect and classify cyberattacks, implemented using a machine learning (ML) model residing in the middleware layer of the IoT architecture. A dimensionality reduction technique known as principal component analysis (PCA) is utilized to facilitate data transmission, which is intended to be sent from the middleware layer to the cloud layer with reduced complexity and fewer unnecessary inputs without compromising the information content. Therefore, the reduced IoT traffic data are sent to the cloud and the PCA data are retransformed to approximate the original data for visualizing the IoT traffic. The NIDS is responsible for reporting the attack type to the cloud in the event of an attack. Our findings indicate that the proposed framework has promising results in classifying the attack type, which achieved a classification accuracy of 98%. In addition, the dimension of the IoT traffic data is reduced by around 50% and it has a similarity of around 90% compared to the original data. Full article

The rapid expansion and pervasive reach of the internet in recent years have raised concerns about evolving and adaptable online threats, particularly with the extensive integration of Machine Learning (ML) systems into our daily routines. These systems are increasingly becoming targets of malicious attacks that seek to distort their functionality through the concept of poisoning. Such attacks aim to warp the intended operations of these services, deviating them from their true purpose. Poisoning renders systems susceptible to unauthorized access, enabling illicit users to masquerade as legitimate ones, compromising the integrity of smart technology-based systems like Network Intrusion Detection Systems (NIDSs). Therefore, it is necessary to continue working on studying the resilience of deep learning network systems while there are poisoning attacks, specifically interfering with the integrity of data conveyed over networks. This paper explores the resilience of deep learning (DL)—based NIDSs against untethered white-box attacks. More specifically, it introduces a designed poisoning attack technique geared especially for deep learning by adding various amounts of altered instances into training datasets at diverse rates and then investigating the attack’s influence on model performance. We observe that increasing injection rates (from 1% to 50%) and random amplified distribution have slightly affected the overall performance of the system, which is represented by accuracy (0.93) at the end of the experiments. However, the rest of the results related to the other measures, such as PPV (0.082), FPR (0.29), and MSE (0.67), indicate that the data manipulation poisoning attacks impact the deep learning model. These findings shed light on the vulnerability of DL-based NIDS under poisoning attacks, emphasizing the significance of securing such systems against these sophisticated threats, for which defense techniques should be considered. Our analysis, supported by experimental results, shows that the generated poisoned data have significantly impacted the model performance and are hard to be detected. Full article

In recent years, Mobile Edge Computing (MEC) has revolutionized the landscape of the telecommunication industry by offering low-latency, high-bandwidth, and real-time processing. With this advancement comes a broad range of security challenges, the most prominent of which is Distributed Denial of Service (DDoS) attacks, which threaten the availability and performance of MEC’s services. In most cases, Intrusion Detection Systems (IDSs), a security tool that monitors networks and systems for suspicious activity and notify administrators in real time of potential cyber threats, have relied on shallow Machine Learning (ML) models that are limited in their abilities to identify and mitigate DDoS attacks. This article highlights the drawbacks of current IDS solutions, primarily their reliance on shallow ML techniques, and proposes a novel hybrid Autoencoder–Multi-Layer Perceptron (AE–MLP) model for intrusion detection as a solution against DDoS attacks in the MEC environment. The proposed hybrid AE–MLP model leverages autoencoders’ feature extraction capabilities to capture intricate patterns and anomalies within network traffic data. This extracted knowledge is then fed into a Multi-Layer Perceptron (MLP) network, enabling deep learning techniques to further analyze and classify potential threats. By integrating both AE and MLP, the hybrid model achieves higher accuracy and robustness in identifying DDoS attacks while minimizing false positives. As a result of extensive experiments using the recently released NF-UQ-NIDS-V2 dataset, which contains a wide range of DDoS attacks, our results demonstrate that the proposed hybrid AE–MLP model achieves a high accuracy of 99.98%. Based on the results, the hybrid approach performs better than several similar techniques. Full article

In the context of 6G technology, the Internet of Everything aims to create a vast network that connects both humans and devices across multiple dimensions. The integration of smart healthcare, agriculture, transportation, and homes is incredibly appealing, as it allows people to effortlessly control their environment through touch or voice commands. Consequently, with the increase in Internet connectivity, the security risk also rises. However, the future is centered on a six-fold increase in connectivity, necessitating the development of stronger security measures to handle the rapidly expanding concept of IoT-enabled metaverse connections. Various types of attacks, often orchestrated using botnets, pose a threat to the performance of IoT-enabled networks. Detecting anomalies within these networks is crucial for safeguarding applications from potentially disastrous consequences. The voting classifier is a machine learning (ML) model known for its effectiveness as it capitalizes on the strengths of individual ML models and has the potential to improve overall predictive performance. In this research, we proposed a novel classification technique based on the DRX approach that combines the advantages of the Decision tree, Random forest, and XGBoost algorithms. This ensemble voting classifier significantly enhances the accuracy and precision of network intrusion detection systems. Our experiments were conducted using the NSL-KDD, UNSW-NB15, and CIC-IDS2017 datasets. The findings of our study show that the DRX-based technique works better than the others. It achieved a higher accuracy of 99.88% on the NSL-KDD dataset, 99.93% on the UNSW-NB15 dataset, and 99.98% on the CIC-IDS2017 dataset, outperforming the other methods. Additionally, there is a notable reduction in the false positive rates to 0.003, 0.001, and 0.00012 for the NSL-KDD, UNSW-NB15, and CIC-IDS2017 datasets. Full article

With the increased sophistication of cyber-attacks, there is a greater demand for effective network intrusion detection systems (NIDS) to protect against various threats. Traditional NIDS are incapable of detecting modern and sophisticated attacks due to the fact that they rely on pattern-matching models or simple activity analysis. Moreover, Intelligent NIDS based on Machine Learning (ML) models are still in the early stages and often exhibit low accuracy and high false positives, making them ineffective in detecting emerging cyber-attacks. On the other hand, improved detection and prediction frameworks provided by ensemble algorithms have demonstrated impressive outcomes in specific applications. In this research, we investigate the potential of ensemble models in the enhancement of NIDS functionalities in order to provide a reliable and intelligent security defense. We present a NIDS hybrid model that uses ensemble ML techniques to identify and prevent various intrusions more successfully than stand-alone approaches. A combination of several distinct machine learning methods is integrated into a hybrid framework. The UNSW-NB15 dataset is pre-processed, and its features are engineered prior to being used to train and evaluate the proposed model structure. The performance evaluation of the ensemble of various ML classifiers demonstrates that the proposed system outperforms individual model approaches. Using all the employed experimental combination forms, the designed model significantly enhances the detection accuracy attaining more than 99%, while false positives are reduced to less than 1%. Full article

In the domain of network security, intrusion detection systems (IDSs) play a vital role in data security. While the utilization of the internet amongst consumers is increasing on a daily basis, the significance of security and privacy preservation of system alerts, due to malicious actions, is also increasing. IDS is a widely executed system that protects computer networks from attacks. For the identification of unknown attacks and anomalies, several Machine Learning (ML) approaches such as Neural Networks (NNs) are explored. However, in real-world applications, the classification performances of these approaches are fluctuant with distinct databases. The major reason for this drawback is the presence of some ineffective or redundant features. So, the current study proposes the Network Intrusion Detection System using a Lion Optimization Feature Selection with a Deep Learning (NIDS-LOFSDL) approach to remedy the aforementioned issue. The NIDS-LOFSDL technique follows the concept of FS with a hyperparameter-tuned DL model for the recognition of intrusions. For the purpose of FS, the NIDS-LOFSDL method uses the LOFS technique, which helps in improving the classification results. Furthermore, the attention-based bi-directional long short-term memory (ABiLSTM) system is applied for intrusion detection. In order to enhance the intrusion detection performance of the ABiLSTM algorithm, the gorilla troops optimizer (GTO) is deployed so as to perform hyperparameter tuning. Since trial-and-error manual hyperparameter tuning is a tedious process, the GTO-based hyperparameter tuning process is performed, which demonstrates the novelty of the work. In order to validate the enhanced solution of the NIDS-LOFSDL system in terms of intrusion detection, a comprehensive range of experiments was performed. The simulation values confirm the promising results of the NIDS-LOFSDL system compared to existing DL methodologies, with a maximum accuracy of 96.88% and 96.92% on UNSW-NB15 and AWID datasets, respectively. Full article

Utilizing machine learning (ML)-based approaches for network intrusion detection systems (NIDSs) raises valid concerns due to the inherent susceptibility of current ML models to various threats. Of particular concern are two significant threats associated with ML: adversarial attacks and distribution shifts. Although there has been a growing emphasis on researching the robustness of ML, current studies primarily concentrate on addressing specific challenges individually. These studies tend to target a particular aspect of robustness and propose innovative techniques to enhance that specific aspect. However, as a capability to respond to unexpected situations, the robustness of ML should be comprehensively built and maintained in every stage. In this paper, we aim to link the varying efforts throughout the whole ML workflow to guide the design of ML-based NIDSs with systematic robustness. Toward this goal, we conduct a methodical evaluation of the progress made thus far in enhancing the robustness of the targeted NIDS application task. Specifically, we delve into the robustness aspects of ML-based NIDSs against adversarial attacks and distribution shift scenarios. For each perspective, we organize the literature in robustness-related challenges and technical solutions based on the ML workflow. For instance, we introduce some advanced potential solutions that can improve robustness, such as data augmentation, contrastive learning, and robustness certification. According to our survey, we identify and discuss the ML robustness research gaps and future direction in the field of NIDS. Finally, we highlight that building and patching robustness throughout the life cycle of an ML-based NIDS is critical. Full article

The frequency of cyber-attacks on the Internet of Things (IoT) networks has significantly increased in recent years. Anomaly-based network intrusion detection systems (NIDSs) offer an additional layer of network protection by detecting and reporting the infamous zero-day attacks. However, the efficiency of real-time detection systems relies on several factors, including the number of features utilized to make a prediction. Thus, minimizing them is crucial as it implies faster prediction and lower storage space. This paper utilizes recursive feature elimination with cross-validation using a decision tree model as an estimator (DT-RFECV) to select an optimal subset of 15 of UNSW-NB15’s 42 features and evaluates them using several ML classifiers, including tree-based ones, such as random forest. The proposed NIDS exhibits an accurate prediction model for network flow with a binary classification accuracy of 95.30% compared to 95.56% when using the entire feature set. The reported scores are comparable to those attained by the state-of-the-art systems despite decreasing the number of utilized features by about 65%. Full article

In cybersecurity, a network intrusion detection system (NIDS) is a critical component in networks. It monitors network traffic and flags suspicious activities. To effectively detect malicious traffic, several detection techniques, including machine learning-based NIDSs (ML-NIDSs), have been proposed and implemented. However, in much of the existing ML-NIDS research, the experimental settings do not accurately reflect real-world scenarios where new attacks are constantly emerging. Thus, the robustness of intrusion detection systems against zero-day and adversarial attacks is a crucial area that requires further investigation. In this paper, we introduce and develop a framework named SGAN-IDS. This framework constructs adversarial attack flows designed to evade detection by five BlackBox ML-based IDSs. SGAN-IDS employs generative adversarial networks and self-attention mechanisms to generate synthetic adversarial attack flows that are resilient to detection. Our evaluation results demonstrate that SGAN-IDS has successfully constructed adversarial flows for various attack types, reducing the detection rate of all five IDSs by an average of 15.93%. These findings underscore the robustness and broad applicability of the proposed model. Full article

Modern society has quickly evolved to utilize communication and data-sharing media with the advent of the internet and electronic technologies. However, these technologies have created new opportunities for attackers to gain access to confidential electronic resources. As a result, data breaches have significantly impacted our society in multiple ways. To mitigate this situation, researchers have developed multiple security countermeasure techniques known as Network Intrusion Detection Systems (NIDS). Despite these techniques, attackers have developed new strategies to gain unauthorized access to resources. In this work, we propose using machine learning (ML) to develop a NIDS system capable of detecting modern attack types with a very high detection rate. To this end, we implement and evaluate several ML algorithms and compare their effectiveness using a state-of-the-art dataset containing modern attack types. The results show that the random forest model outperforms other models, with a detection rate of modern network attacks of 97 percent. This study shows that not only is accurate prediction possible but also a high detection rate of attacks can be achieved. These results indicate that ML has the potential to create very effective NIDS systems. Full article

The shear strength prediction of concrete beams reinforced with FRP rebars and stirrups is one of the most complicated issues in structural engineering applications. Numerous experimental and theoretical studies have been conducted to establish a relationship between the shear capacity and the design variables. However, existing semi-empirical models fail to deliver precise predictions due to the intricate nature of shear mechanisms. To provide a more accurate and reliable model, machine learning (ML) techniques are adopted to study the shear behavior of concrete beams reinforced with FRP rebars and stirrups. A database consisting of 120 tested specimens is compiled from the reported literature. An artificial neural network (ANN) and a combination of ANN with a genetic optimization algorithm (GA-ANN) are implemented for the development of an ML model. Through neural interpretation diagrams (NID), the critical design factors, i.e., beam width and effective depth, shear span-to-depth ratio, compressive strength of concrete, FRP longitudinal reinforcement ratio, FRP shear reinforcement ratio, and elastic modulus of FRP longitudinal reinforcement rebars and FRP stirrups, are identified and determined as input parameters of the models. The accuracy of the proposed models has been verified by comparing the model predictions with the available test results. The application of the GA-ANN model provides better statistical results (mean value V_exp/V_pre equal to 0.99, R² of 0.91, and RMSE of 22.6 kN) and outperforms CSA S806-12 predictions by improving the R² value by 18.2% and the RMSE value by 52.5%. Furthermore, special attention is paid to the coupling effects of design parameters on shear capacity, which has not been reasonably considered in the models in the literature and available design guidelines. Finally, an ML-regression equation considering the coupling effects is developed based on the data-driven regression analysis method. The analytical results revealed that the prediction agrees with the test results with reasonable accuracy, and the model can be effectively applied in the prediction of shear capacity of concrete beams reinforced with FRP bars and stirrups. Full article

Machine learning (ML)-based Network Intrusion Detection Systems (NIDSs) can classify each network’s flow behavior as benign or malicious by detecting heterogeneous features, including both categorical and numerical features. However, the present ML-based NIDSs are deemed insufficient in terms of their ability to generalize, particularly in changing network environments such as the Internet of Things (IoT)-based smart home. Although IoT devices add so much to home comforts, they also introduce potential risks and vulnerabilities. Recently, many NIDS studies on other IoT scenarios, such as the Internet of Vehicles (IoV) and smart cities, focus on utilizing the telemetry data of IoT devices for IoT intrusion detection. Because when IoT devices are under attack, their abnormal telemetry data values can reflect the anomaly state of those devices. Those telemetry data-based IoT NIDS methods detect intrusion events from a different view, focusing on the attack impact, from the traditional network traffic-based NIDS, which focuses on analyzing attack behavior. The telemetry data-based NIDS is more suitable for IoT devices without built-in security mechanisms. Considering the smart home IoT scenario, which has a smaller scope and a limited number of IoT devices compared to other IoT scenarios, both NIDS views can work independently. This motivated us to propose a novel ML-based NIDS to combine the network traffic-based and telemetry data-based NIDS together. In this paper, we propose a Transformer-based IoT NIDS method to learn the behaviors and effects of attacks from different types of data that are generated in the heterogeneous IoT environment. The proposed method utilizes a self-attention mechanism to learn contextual embeddings for input network features. Based on the contextual embeddings, our method can solve the feature set challenge, including both continuous and categorical features. Our method is the first to utilize both network traffic data and IoT sensors’ telemetry data at the same time for intrusion detection. Experiments reveal the effectiveness of our method on a realistic network traffic intrusion detection dataset named ToN_IoT, with an accuracy of 97.95% for binary classification and 95.78% for multiple classifications on pure network data. With the extra IoT information, the performance of our method has been improved to 98.39% and 97.06%, respectively. A comparative study with existing works shows that our method can achieve state-of-the-art performance on the ToN_IoT dataset. Full article

Machine learning (ML)-based network intrusion detection systems (NIDSs) depend entirely on the performance of machine learning models. Therefore, many studies have been conducted to improve the performance of ML models. Nevertheless, relatively few studies have focused on the feature set, which significantly affects the performance of ML models. In addition, features are generated by analyzing data collected after the session ends, which requires a significant amount of memory and a long processing time. To solve this problem, this study presents a new session feature set to improve the existing NIDSs. Current session-feature-based NIDSs are largely classified into NIDSs using a single-host feature set and NIDSs using a multi-host feature set. This research merges two different session feature sets into an integrated feature set, which is used to train an ML model for the NIDS. In addition, an incremental feature generation approach is proposed to eliminate the delay between the session end time and the integrated feature creation time. The improved performance of the NIDS using integrated features was confirmed through experiments. Compared to a NIDS based on ML models using existing single-host feature sets and multi-host feature sets, the NIDS with the proposed integrated feature set improves the detection rate by 4.15% and 5.9% on average, respectively. Full article

Marine sensors are highly vulnerable to illegal access network attacks. Moreover, the nation’s meteorological and hydrological information is at ever-increasing risk, which calls for a prompt and in depth analysis of the network behavior and traffic to detect network attacks. Network attacks are becoming more diverse, with a large number of rare and even unknown types of attacks appearing. This results in traditional-machine-learning (ML)-based network intrusion detection (NID) methods performing weakly due to the lack of training samples. This paper proposes an NID method combining the log-cosh conditional variational autoencoder (LCVAE) with convolutional the bi-directional long short-term memory neural network (LCVAE-CBiLSTM) based on deep learning (DL). It can generate virtual samples with specific labels and extract more significant attack features from the monitored traffic data. A reconstructed loss term based on the log-cosh model is introduced into the conditional autoencoder. From it, the virtual samples are able to inherit the discrete attack data and enhance the potential features of the imbalance attack type. Then, a hybrid feature extraction model is proposed by combining the CNN and BiLSTM to tackle the attack’s spatial and temporal features. The following experiments evaluated the proposed method’s performance on the NSL-KDD dataset. The results demonstrated that the LCVAE-CBiLSTM obtained better results than state-of-the-art works, where the accuracy, F1-score, recall, and FAR were 87.30%, 87.89%, 80.89%, and 4.36%. The LCVAE-CBiLSTM effectively improves the detection rate of a few classes of samples and enhances the NID performance. Full article