Search Results (116)

Due to Internet of Drones (IoD) technology, drone networks have proliferated, transforming surveillance, logistics, and disaster management. Distributed Denial of Service (DDoS) attacks, malware infections, and communication abnormalities increase cybersecurity dangers to these networks, threatening operational safety and efficiency. Current Intrusion Detection Systems (IDSs) fail to handle drone transmission data’s dynamic, high-dimensional nature, resulting in inadequate real-time anomaly identification and mitigation. This study presents the Cross-Layer Convolutional Attention Network (CLCAN), a new IDS architecture for IoD networks. CLCAN accurately detects complex cyber threats using multi-scale convolutional processing, hierarchical contextual attention, and dynamic feature fusion. Preprocessing methods like weighted differential scaling and gradient-based adaptive resampling improve data quality and reduce class imbalances. Contextual attribute transformation captures the nuanced network behaviors needed for anomaly identification. The proposed technique is shown to be necessary and effective by real-world drone communication dataset evaluations. CLCAN outperforms CNN, LSTM, and XGBoost with 98.4% accuracy, 98.7% recall, and 98.1% F1-score. The model has a remarkable AUC of 0.991. CLCAN can handle datasets of over 118,000 balanced data records in 85 s, compared to 180 s for comparable frameworks. This study pioneers a unified security solution for Drone-to-Drone (D2D) and Drone-to-Base Station (D2BS) communications, filling a crucial IoD security gap. It protects mission-critical drone operations with a strong, efficient, and scalable IDS from emerging cyber threats. Full article

Network and cloud environments must be fortified against a dynamic array of threats, and intrusion detection systems (IDSs) are critical tools for identifying and thwarting hostile activities. IDSs, classified as anomaly-based or signature-based, have increasingly incorporated deep learning models into their framework. Recently, significant advancements have been made in anomaly-based IDSs, particularly those using machine learning, where attack detection accuracy has been notably high. Our proposed method demonstrates that deep learning models can achieve unprecedented success in identifying both known and unknown threats within cloud environments. However, existing benchmark datasets for intrusion detection typically contain more normal traffic samples than attack samples to reflect real-world network traffic. This imbalance in the training data makes it more challenging for IDSs to accurately detect specific types of attacks. Thus, our challenges arise from two key factors, unbalanced training data and the emergence of new, unidentified threats. To address these issues, we present a hybrid transformer-convolutional neural network (Transformer-CNN) deep learning model, which leverages data resampling techniques such as adaptive synthetic (ADASYN), synthetic minority oversampling technique (SMOTE), edited nearest neighbors (ENN), and class weights to overcome class imbalance. The transformer component of our model is employed for contextual feature extraction, enabling the system to analyze relationships and patterns in the data effectively. In contrast, the CNN is responsible for final classification, processing the extracted features to accurately identify specific attack types. The Transformer-CNN model focuses on three primary objectives to enhance detection accuracy and performance: (1) reducing false positives and false negatives, (2) enabling real-time intrusion detection in high-speed networks, and (3) detecting zero-day attacks. We evaluate our proposed model, Transformer-CNN, using the NF-UNSW-NB15-v2 and CICIDS2017 benchmark datasets, and assess its performance with metrics such as accuracy, precision, recall, and F1-score. The results demonstrate that our method achieves an impressive 99.71% accuracy in binary classification and 99.02% in multi-class classification on the NF-UNSW-NB15-v2 dataset, while for the CICIDS2017 dataset, it reaches 99.93% in binary classification and 99.13% in multi-class classification, significantly outperforming existing models. This proves the enhanced capability of our IDS in defending cloud environments against intrusions, including zero-day attacks. Full article

The Internet of Things (IoT) connects people, devices, and processes in multiple ways, resulting in the rapid transformation of several industries. Apart from several positive impacts, the IoT presents various challenges that must be overcome. Considering that related devices are often resource-constrained and are deployed in insecure environments, the proliferation of IoT devices causes several security concerns. Given these vulnerabilities, this paper presents criteria for identifying those features most closely related to such vulnerabilities to help enhance anomaly-based intrusion detection systems (IDSs). This study uses the RT-IoT2022 dataset, sourced from the UCI Machine Learning Repository, which was specifically developed for real-time IoT intrusion detection tasks. Feature selection is performed by combining the concepts of information gain, gain ratio, correlation-based feature selection, Pearson’s correlation analysis, and symmetric uncertainty. This approach offers new insights into the tasks of detecting and mitigating IoT-based threats by analyzing the major correlations between several features of the network and specific types of attacks, such as the relationship between ‘fwd_init_window_size’ and SYN flood attacks. The proposed IDS framework is an accurate framework that can be integrated with real-time applications and provides a robust solution to IoT security threats. These selected features can be applied to machine learning and deep learning classifiers to further enhance detection capabilities in IoT environments. Full article

The growing integration of Internet of Things (IoT) devices into various sectors like healthcare, transportation, and agriculture has dramatically increased their presence in everyday life. However, this rapid expansion has exposed new vulnerabilities within computer networks, creating security challenges. These IoT devices, often limited by their hardware constraints, lack advanced security features, making them easy targets for attackers and compromising overall network integrity. To counteract these security issues, Behavioral-based Intrusion Detection Systems (IDS) have been proposed as a potential solution for safeguarding IoT networks. While Behavioral-based IDS have demonstrated their ability to detect threats effectively, they encounter practical challenges due to their reliance on pre-labeled data and the heavy computational power they require, limiting their practical deployment. This research introduces the IoT-FIDS (Flow-based Intrusion Detection System for IoT), a lightweight and efficient anomaly detection framework tailored for IoT environments. Instead of employing traditional machine learning techniques, the IoT-FIDS focuses on identifying unusual behaviors by examining flow-based representations that capture standard device communication patterns, services used, and packet header details. By analyzing only benign traffic, this network-based IDS offers a streamlined and practical approach to securing IoT networks. Our experimental results reveal that the IoT-FIDS can accurately detect most abnormal traffic patterns with minimal false positives, making it a feasible security solution for real-world IoT implementations. Full article

The number of connected IoT devices is increasing significantly due to their many benefits, including automation, improved efficiency and quality of life, and reducing waste. However, these devices have several vulnerabilities that have led to the rapid growth in the number of attacks. Therefore, several machine learning-based intrusion detection system (IDS) tools have been developed to detect intrusions and suspicious activity to and from a host (HIDS—Host IDS) or, in general, within the traffic of a network (NIDS—Network IDS). The proposed work performs a comparative analysis and an ablative study among recent machine learning-based NIDSs to develop a benchmark of the different proposed strategies. The proposed work compares both shallow learning algorithms, such as decision trees, random forests, Naïve Bayes, logistic regression, XGBoost, and support vector machines, and deep learning algorithms, such as DNNs, CNNs, and LSTM, whose approach is relatively new in the literature. Also, the ensembles are tested. The algorithms are evaluated on the KDD-99, NSL-KDD, UNSW-NB15, IoT-23, and UNB-CIC IoT 2023 datasets. The results show that the NIDS tools based on deep learning approaches achieve better performance in detecting network anomalies than shallow learning approaches, and ensembles outperform all the other models. Full article

In recent years, deep learning-based approaches, particularly those leveraging the Transformer architecture, have garnered widespread attention for network traffic anomaly detection. However, when dealing with noisy data sets, directly inputting network traffic sequences into Transformer networks often significantly degrades detection performance due to interference and noise across dimensions. In this paper, we propose a novel multi-channel network traffic anomaly detection model, MTC-Net, which reduces computational complexity and enhances the model’s ability to capture long-distance dependencies. This is achieved by decomposing network traffic sequences into multiple unidimensional time sequences and introducing a patch-based strategy that enables each sub-sequence to retain local semantic information. A backbone network combining Transformer and CNN is employed to capture complex patterns, with information from all channels being fused at the final classification header in order to achieve modelling and detection of complex network traffic patterns. The experimental results demonstrate that MTC-Net outperforms existing state-of-the-art methods in several evaluation metrics, including accuracy, precision, recall, and F1 score, on four publicly available data sets: KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017. Full article

Smart farming technologies to track and analyze pig behaviors in natural environments are critical for monitoring the health status and welfare of pigs. This study aimed to develop a robust multi-object tracking (MOT) approach named YOLOv8 + OC-SORT(V8-Sort) for the automatic monitoring of the different behaviors of group-housed pigs. We addressed common challenges such as variable lighting, occlusion, and clustering between pigs, which often lead to significant errors in long-term behavioral monitoring. Our approach offers a reliable solution for real-time behavior tracking, contributing to improved health and welfare management in smart farming systems. First, the YOLOv8 is employed for the real-time detection and behavior classification of pigs under variable light and occlusion scenes. Second, the OC-SORT is utilized to track each pig to reduce the impact of pigs clustering together and occlusion on tracking. And, when a target is lost during tracking, the OC-SORT can recover the lost trajectory and re-track the target. Finally, to implement the automatic long-time monitoring of behaviors for each pig, we created an automatic behavior analysis algorithm that integrates the behavioral information from detection and the tracking results from OC-SORT. On the one-minute video datasets for pig tracking, the proposed MOT method outperforms JDE, Trackformer, and TransTrack, achieving the highest HOTA, MOTA, and IDF1 scores of 82.0%, 96.3%, and 96.8%, respectively. And, it achieved scores of 69.0% for HOTA, 99.7% for MOTA, and 75.1% for IDF1 on sixty-minute video datasets. In terms of pig behavior analysis, the proposed automatic behavior analysis algorithm can record the duration of four types of behaviors for each pig in each pen based on behavior classification and ID information to represent the pigs’ health status and welfare. These results demonstrate that the proposed method exhibits excellent performance in behavior recognition and tracking, providing technical support for prompt anomaly detection and health status monitoring for pig farming managers. Full article

The objective of this article is to recommend products using association rule mining from an E-commerce site. This helps us to recommend products through utilizing the filtering concept. In this article, we use the Apriori and FP-Growth algorithms. Our model not only suggests products but also gives tips on how to make strong suggestion systems that can deal with a lot of data and give quick responses. Our objective is to predict ratings so that the users could be recommended and buy products. There are 1,048,100 records in the dataset. This dataset consists of four features, and these are are follows: {user-id, productid, Ratings, and timing}. Here, we consider the rating as our dependent attribute, and others factors are independent features. In this article, we use collaborative filtering algorithms (SVD, SVD+, and ALS) and also item-based filtering techniques (KNNBasic) to recommend products. Apart from these, sssociation rule mining, hybridization of Apriori, and FP-Growth are used. K-means clustering is used to identify anomalies as well as to create a dashboard, using Power BI for data visualization. Apart from these, we have also developed a hybridization algorithm using Apriori and FP-Growth. Among all the recommendation algorithms, SVD outperforms in recommending the product, and the average RMSE and MAE values are 1.31, and 1.04, respectively. Full article

To address the class imbalance issue in network intrusion detection, which degrades performance of intrusion detection models, this paper proposes a novel generative model called VAE-WACGAN to generate minority class samples and balance the dataset. This model extends the Variational Autoencoder Generative Adversarial Network (VAEGAN) by integrating key features from the Auxiliary Classifier Generative Adversarial Network (ACGAN) and the Wasserstein Generative Adversarial Network with Gradient Penalty (WGAN-GP). These enhancements significantly improve both the quality of generated samples and the stability of the training process. By utilizing the VAE-WACGAN model to oversample anomalous data, more realistic synthetic anomalies that closely mirror the actual network traffic distribution can be generated. This approach effectively balances the network traffic dataset and enhances the overall performance of the intrusion detection model. Experimental validation was conducted using two widely utilized intrusion detection datasets, UNSW-NB15 and CIC-IDS2017. The results demonstrate that the VAE-WACGAN method effectively enhances the performance metrics of the intrusion detection model. Furthermore, the VAE-WACGAN-based intrusion detection approach surpasses several other advanced methods, underscoring its effectiveness in tackling network security challenges. Full article

The explosive growth of the Internet of Things (IoT) has highlighted the urgent need for strong network security measures. The distinctive difficulties presented by Internet of Things (IoT) environments, such as the wide variety of devices, the intricacy of network traffic, and the requirement for real-time detection capabilities, are difficult for conventional intrusion detection systems (IDS) to adjust to. To address these issues, we propose DCGR_IoT, an innovative intrusion detection system (IDS) based on deep neural learning that is intended to protect bidirectional communication networks in the IoT environment. DCGR_IoT employs advanced techniques to enhance anomaly detection capabilities. Convolutional neural networks (CNN) are used for spatial feature extraction and superfluous data are filtered to improve computing efficiency. Furthermore, complex gated recurrent networks (CGRNs) are used for the temporal feature extraction module, which is utilized by DCGR_IoT. Furthermore, DCGR_IoT harnesses complex gated recurrent networks (CGRNs) to construct multidimensional feature subsets, enabling a more detailed spatial representation of network traffic and facilitating the extraction of critical features that are essential for intrusion detection. The effectiveness of the DCGR_IoT was proven through extensive evaluations of the UNSW-NB15, KDDCup99, and IoT-23 datasets, which resulted in a high detection accuracy of 99.2%. These results demonstrate the DCG potential of DCGR-IoT as an effective solution for defending IoT networks against sophisticated cyber-attacks. Full article

Intrusion detection systems (IDS) are crucial in safeguarding network security by identifying unauthorized access attempts through various techniques. Statistical Process Control (SPC), particularly Hotelling’s T² control charts, is noted for monitoring network traffic against known attack patterns or anomaly detection. This research advances the domain by incorporating robust statistical estimators—namely, the Fast-MCD and MRCD (Minimum Regularized Covariance Determinant) estimators—into bootstrap-enhanced Hotelling’s T² control charts. These enhanced charts aim to strengthen detection accuracy by offering improved resistance to outlier contamination, a prevalent challenge in intrusion detection. The methodology emphasizes the MRCD estimator’s robustness in overcoming the limitations of traditional T² charts, especially in environments with a high incidence of outliers. Applying the proposed bootstrap-based robust T² charts to the UNSW-NB15 dataset illustrates a marked enhancement in intrusion detection performance. Results indicate superior performance of the proposed method over conventional T² and Fast-MCD-based T² charts in detection accuracy, even in varied levels of outlier contamination. Despite increasing execution time, the precision and reliability in detecting intrusions present a justified trade-off. The findings underscore the significant potential of integrating robust statistical methods to enhance IDS effectiveness. Full article

Advanced metering infrastructures (AMIs) aim to enhance the efficiency, reliability, and stability of electrical systems while offering advanced functionality. However, an AMI collects copious volumes of data and information, making the entire system sensitive and vulnerable to malicious attacks that may cause substantial damage, such as a deficit in national security, a disturbance of public order, or significant economic harm. As a result, it is critical to guarantee a steady and dependable supply of information and electricity. Furthermore, storing massive quantities of data in one central entity leads to compromised data privacy. As such, it is imperative to engineer decentralized, federated learning (FL) solutions. In this context, the performance of participating clients has a significant impact on global performance. Moreover, FL models have the potential for a Single Point of Failure (SPoF). These limitations contribute to system failure and performance degradation. This work aims to develop a performance-based hierarchical federated learning (HFL) anomaly detection system for an AMI through (1) developing a deep learning model that detects attacks against this critical infrastructure; (2) developing a novel aggregation strategy, FedAvg-P, to enhance global performance; and (3) proposing a peer-to-peer architecture guarding against a SPoF. The proposed system was employed in experiments on the CIC-IDS2017 dataset. The experimental results demonstrate that the proposed system can be used to develop a reliable anomaly detection system for AMI networks. Full article

In detecting hypersonic vehicles, the radar echo signal is coupled with an intra-pulse Doppler frequency (I-D frequency) component caused by relative motion of a plasma sheath (PSh) and the vehicle, which can induce the phenomenon of a ghost target in a one-dimensional range profile. In order to investigate the I-D frequency generated by the relative motion of a PSh, this study transforms a linear frequency modulated (LFM) signal into a single carrier frequency signal based on echo signal equivalent time delay-dechirp processing and realizes high resolution and fast extraction of the I-D frequency coupled with the frequency-domain echo signal. Furthermore, by relying on the computation of the surface flow field of the RAMC-II Blunt Cone Reentry Vehicle, the coupled I-D frequency in the radar echo signal of a PSh-enveloped target under circumstances of typical altitudes and carrier frequencies is extracted and further investigated, revealing the variation law of I-D frequency. The key findings of this study provide a novel approach for suppressing anomalies in radar detection of PSh-enveloped targets as well as effective detecting and as robust target tracking. Full article

The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to network defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, infiltration, and Heartbleed. This study focuses on leveraging unsupervised learning for training detection models to counter these threats effectively. The proposed method utilizes basic autoencoders (bAEs) for dimensionality reduction and encompasses a three-stage detection model: one-class support vector machine (OCSVM) and deep autoencoder (dAE) attack detection, complemented by density-based spatial clustering of applications with noise (DBSCAN) for attack clustering. Accurately delineated clusters aid in mapping attack tactics. The MITRE ATT&CK framework establishes a “Cyber Threat Repository”, cataloging attacks and tactics, enabling immediate response based on priority. Leveraging preprocessed and unlabeled normal network traffic data, this approach enables the identification of novel attacks while mitigating the impact of imbalanced training data on model performance. The autoencoder method utilizes reconstruction error, OCSVM employs a kernel function to establish a hyperplane for anomaly detection, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determining cluster count, ensuring scalability, and minimizing false positives and false negatives. Evaluated on standard datasets such as CIC-IDS2017 and CSECIC-IDS2018, the proposed model outperforms existing state of art methods. Our approach achieves accuracies exceeding 98% for the two datasets, thus confirming its efficacy and effectiveness for application in efficient intrusion detection systems. Full article

To overcome the challenges of feature selection in traditional machine learning and enhance the accuracy of deep learning methods for anomaly traffic detection, we propose a novel method called DCGCANet. This model integrates dilated convolution, a GRU, and a Channel Attention Network, effectively combining dilated convolutional structures with GRUs to extract both temporal and spatial features for identifying anomalous patterns in network traffic. The one-dimensional dilated convolution (DC-1D) structure is designed to expand the receptive field, allowing for comprehensive traffic feature extraction while minimizing information loss typically caused by pooling operations. The DC structure captures spatial dependencies in the data, while the GRU processes time series data to capture dynamic traffic changes. Furthermore, the channel attention (CA) module assigns importance-based weights to features in different channels, enhancing the model’s representational capacity and improving its ability to detect abnormal traffic. DCGCANet achieved an accuracy rate of 99.6% on the CIC-IDS-2017 dataset, outperforming other algorithms. Additionally, the model attained precision, recall, and F1 score rates of 99%. The generalization capability of DCGCANet was validated on a subset of CIC-IDS-2017, demonstrating superior detection performance and robust generalization potential. Full article