Figure - available from: Applied Intelligence
This content is subject to copyright. Terms and conditions apply.
Source publication
With the rapid advancement in network technologies, the need for cybersecurity has gained increasing momentum in recent years. As a primary defense mechanism, an intrusion detection system (IDS) is expected to adapt and secure the computing infrastructures from the ever-changing sophisticated threat landscape. Many deep learning approaches have rec...
Similar publications
Adversarial attack techniques have taken a firm stand against the capabilities of deep neural networks, rendering them less efficient in performing their functions. Various kinds of attacks have been studied and appropriate defense mechanisms have been proposed in the Computer Vision and Image Processing domains. The progress in Intrusion Detection...
Citations
... SVM is a binary data-supervised classifier. It can, however, be applied to unsupervised machine learning (Binbusayyis and Vaiyapuri, 2021). The main aim of SVM is to determine the optimal hyperplane that effectively separates a collection of training vectors within a high-dimensional space into two distinct classes ). ...
... The overall performance improved when the results were compared to different DL and ML methods. In Binbusayyis and Vaiyapuri (2021), the autoencoder (1D CAE) and a one-class support vector machine (OCSVM) are suggested. To test the model, the authors use the NSL-KDD and UNSWNB15 datasets. ...
The advancement of communication and internet technology has brought risks
to network security. Thus, Intrusion Detection Systems (IDS) was developed to
combat malicious network attacks. However, IDSs still struggle with accuracy,
false alarms, and detecting new intrusions. Therefore, organizations are using
Machine Learning (ML) and Deep Learning (DL) algorithms in IDS for more
accurate attack detection. This paper provides an overview of IDS, including its
classes and methods, the detected attacks as well as the dataset, metrics, and
performance indicators used. A thorough examination of recent publications on
IDS-based solutions is conducted, evaluating their strengths and weaknesses, as
well as a discussion of their potential implications, research challenges, and new
trends. We believe that this comprehensive review paper covers the most recent
advances and developments in ML and DL-based IDS, and also facilitates future
research into the potential of emerging Artificial Intelligence (AI) to address the
growing complexity of cybersecurity challenges
... The focus area of [16] is the combination of the strengths of convolutional auto-encoders (CAE) and one-class support vector machine learning (SVM), aiming to enhance the performance of network intrusion detection. The proposed work uses the CAE to extract meaningful features from network traffic and detect anomalies, then the authors apply one-class SVM to classify network traffic into normal and abnormal categories. ...
Protecting Internet of things (IoT) devices against cyber attacks is imperative owing to inherent security vulnerabilities. These vulnerabilities can include a spectrum of sophisticated attacks that pose significant damage to both individuals and organizations. Employing robust security measures like intrusion detection systems (IDSs) is essential to solve these problems and protect IoT systems from such attacks. In this context, our proposed IDS model consists on a combination of convolutional neural network (CNN) and long short-term memory (LSTM) deep learning (DL) models. This fusion facilitates the detection and classification of IoT traffic into binary categories, benign and malicious activities by leveraging the spatial feature extraction capabilities of CNN for pattern recognition and the sequential memory retention of LSTM for discerning complex temporal dependencies in achieving enhanced accuracy and efficiency. In assessing the performance of our proposed model, the authors employed the new CICIoT2023 dataset for both training and final testing, while further validating the model's performance through a conclusive testing phase utilizing the CICIDS2017 dataset. Our proposed model achieves an accuracy rate of 98.42%, accompanied by a minimal loss of 0.0275. False positive rate(FPR) is equally important, reaching 9.17% with an F1-score of 98.57%. These results demonstrate the effectiveness of our proposed CNN-LSTM IDS model in fortifying IoT environments against potential cyber threats.
... In addition to being an excellent data processing, storing facility, human interface access point, BS usually serves as gateway to another network [5]. Moreover, can serve as connector to pull data from network, distribute control information [6]. Additionally, the base station has mentioned the washbasin. ...
Today’s internets are made up of nearly half million various networks. In any network connection, detecting attacks by their kinds is challenging task as various attacks may have several connections, their number vary from few to hundreds of network connections. In this paper, Design and Performance Evaluation of Network Intrusion Detection System Based on Deep Learning (NID-SPGAN-STO) is proposed. Initially, input data are collected by NSL-KDD dataset. Afterward, data are fed to preprocessing. In preprocessing, Distributed Set-Membership Fusion Filtering is used to remove redundant and biased records from input data. The pre-processed output is given to feature selection for selecting optimal features utilizing Piranha foraging Optimization Algorithm. Finally the selected features are transferred into the Semantic-Preserved Generative Adversarial Network (SPGAN) for detecting Network Intrusion, like DoS, Probe, R2L, U2R and Normal. Generally SPGAN doesn’t reveal some adoption of optimization techniques for computing optimal parameters for promising precise network intrusion detection. Hence Siberian Tiger Optimisation (STO) is used to enhance weight parameters of SPGAN. The proposed NID-SPGAN-STO method is implemented using Python. To detect network intrusion detection, performance metrics likes precision, sensitivity, FI-score, specificity, accuracy, RoC, computational time are considered. The NID-SPGAN-STO method attains 30.58%, 28.73% and 25.62%, higher precision, 20.48%, 24.73%, 29.32% higher specificity and 30.98%, 26.66% and 21.32% higher F-score, 26.78%, 34.47%, and 22.86% higher recall analysed, with existing techniques likes improved binary gray wolf optimizer with SVM for intrusion detection system in WSNs (NID-SVM-IDS), network intrusion detection system utilizing deep learning (NID-DNN), design with improvement of efficient network intrusion detection system utilizing ML methods (NID-IDS-ANN) respectively.
... One-class SVMs are widely used in detecting structural damage [49], faults [50], and network intrusion [51]. They are derived from typical SVM classifiers and were proposed by Schölkopf et al. [52]. ...
The growing popularity of social media has engendered the social problem of spam proliferation through this medium. New spam types that evade existing spam detection systems are being developed continually, necessitating corresponding countermeasures. This study proposes an anomaly detection-based framework to detect new Twitter spam, which works by modeling the characteristics of non-spam tweets and using anomaly detection to classify tweets deviating from this model as anomalies. However, because modeling varied non-spam tweets is challenging, the technique’s spam detection and false positive (FP) rates are low and high, respectively. To overcome this shortcoming, anomaly detection is performed on known spam tweets pre-detected using a trained decision tree while modeling normal tweets. A one-class support vector machine and an autoencoder with high detection rates are used for anomaly detection. The proposed framework exhibits superior detection rates for unknown spam compared to conventional techniques, while maintaining equivalent or improved detection and FP rates for known spam. Furthermore, the framework can be adapted to changes in spam conditions by adjusting the costs of detection errors.
... For example, Mirsky et al. [1] and Li et al. [7] both use autoencoders for intrusion detection. Binbusayyis et al. propose an unsupervised NIDS combining convolutional autoencoder and one-class SVM [21]. In [22], the authors propose an A-NIDS approach based on isolation forest. ...
Anomaly-based network intrusion detection systems (A-NIDS) use unsupervised models to detect unforeseen attacks. However, existing A-NIDS solutions suffer from low throughput, lack of interpretability, and high maintenance costs. Recent in-network intelligence (INI) exploits programmable switches to offer line-rate deployment of NIDS. Nevertheless, current in-network NIDS are either model-specific or only apply to supervised models. In this paper, we propose Genos, a general in- network framework for unsupervised A-NIDS by rule extraction, which consists of a Model Compiler, a Model Interpreter, and a Model Debugger. Specifically, observing benign data are multi- modal and usually located in multiple subspaces in the feature space, we utilize a divide-and-conquer approach for model- agnostic rule extraction. In the Model Compiler, we first propose a tree-based clustering algorithm to partition the feature space into subspaces, then design a decision boundary estimation mech- anism to approximate the source model in each subspace. The Model Interpreter interprets predictions by important attributes to aid network operators in understanding the predictions. The Model Debugger conducts incremental updating to rectify errors by only fine-tuning rules on affected subspaces, thus reducing maintenance costs. We implement a prototype using physical hardware, and experiments demonstrate its superior performance of 100 Gbps throughput, great interpretability, and trivial updating overhead.
... In this context, autoencoders (AEs) and extensions such as Sparse AE [18], Denoising AE (DAE) [19,20], or Convolutional AE (CAE) have gained wide popularity because of their ability to extract discriminative and robust features [12,15,[21][22][23][24]. The use of deep learning techniques in a preprocessing step allows shallow machine learning algorithms, such as support vector machine (SVM), to be used to interpret encoded features for classification [21,22]. ...
... In this context, autoencoders (AEs) and extensions such as Sparse AE [18], Denoising AE (DAE) [19,20], or Convolutional AE (CAE) have gained wide popularity because of their ability to extract discriminative and robust features [12,15,[21][22][23][24]. The use of deep learning techniques in a preprocessing step allows shallow machine learning algorithms, such as support vector machine (SVM), to be used to interpret encoded features for classification [21,22]. This framework has been successfully applied in various domain applications [21,22,25,26]. ...
... The use of deep learning techniques in a preprocessing step allows shallow machine learning algorithms, such as support vector machine (SVM), to be used to interpret encoded features for classification [21,22]. This framework has been successfully applied in various domain applications [21,22,25,26]. In particular, CAEs have performed well in medical image classification [12,13]. ...
Many new reconstruction techniques have been deployed to allow low-dose CT examinations. Such reconstruction techniques exhibit nonlinear properties, which strengthen the need for a task-based measure of image quality. The Hotelling observer (HO) is the optimal linear observer and provides a lower bound of the Bayesian ideal observer detection performance. However, its computational complexity impedes its widespread practical usage. To address this issue, we proposed a self-supervised learning (SSL)-based model observer to provide accurate estimates of HO performance in very low-dose chest CT images. Our approach involved a two-stage model combining a convolutional denoising auto-encoder (CDAE) for feature extraction and dimensionality reduction and a support vector machine for classification. To evaluate this approach, we conducted signal detection tasks employing chest CT images with different noise structures generated by computer-based simulations. We compared this approach with two supervised learning-based methods: a single-layer neural network (SLNN) and a convolutional neural network (CNN). The results showed that the CDAE-based model was able to achieve similar detection performance to the HO. In addition, it outperformed both SLNN and CNN when a reduced number of training images was considered. The proposed approach holds promise for optimizing low-dose CT protocols across scanner platforms.
... Their depth and architecture allow for the extraction of hierarchical features, capturing intricate patterns in the data, so the training process iteratively adjusts network weights and biases to minimize the loss function, therefore improving prediction accuracy (Vieira et al., 2020). The Support Vector Machines (SVM) represent another major machine learning approach, based on searching for an optimal hyperplane which fits the training data while minimizing the deviation from the hyperplane (Binbusayyis and Vaiyapuri, 2021). Its regression variant, or support vector regression, enables the nonlinear prediction using kernel functions, including linear, polynomial, and radial basis function. ...
Accurate geospatial prediction of soil parameters provides a basis for large-scale digital soil mapping, making efficient use of the expensive and time-consuming process of field soil sampling. To date, few studies have used deep learning for geospatial prediction of soil parameters, but there is evidence that it may provide higher accuracy compared to machine learning methods. To address this research gap, this study proposed a deep neural network (DNN) for geospatial prediction of total soil carbon (TC) in European agricultural land and compared it with the eight most commonly used machine learning methods based on studies indexed in the Web of Science Core Collection. A total of 6209 preprocessed soil samples from the Geochemical mapping of agricultural and grazing land soil (GEMAS) dataset in heterogeneous agricultural areas covering 4,899,602 km2 in Europe were used. Prediction was performed based on 96 environmental covariates from climate and remote sensing sources, with extensive comprehensive hyperparameter tuning for all evaluated methods. DNN outperformed all evaluated machine learning methods (R2 = 0.663, RMSE = 9.595, MAE = 5.565), followed by Quantile Random Forest (QRF) (R2 = 0.635, RMSE = 25.993, MAE = 22.081). The ability of DNN to accurately predict small TC values and thus produce relatively low absolute residuals was a major reason for the higher prediction accuracy compared to machine learning methods. Climate parameters were the main factors in the achieved prediction accuracy, with 23 of the 25 environmental covariates with the highest variable importance being climate or land surface temperature parameters. These results demonstrate the superiority of DNN over machine learning methods for TC prediction, while highlighting the need for more recent soil sampling to assess the impact of climate change on TC content in European agricultural land.
... Liu et al. [15] proposed the use of an independent component analysis (ICA) algorithm to extract features and eliminate redundant features so that the model has better feature learning ability and more accurate classification ability. Binbusayyis et al. [16] presented an unsupervised deep learning methodology for intrusion detection, integrating autoencoders (1D CAE) and a class of support vector machines (OCSVM) as classifiers in an IDS for the first time. Su et al. [17] proposed a traffic anomaly detection model called BAT. ...
... In this section, the OCSVM [16], K-Nearest Neighbor (KNN) [20], Deep Neural Networks (DNN) [21], LSTM [23], and CNN_LSTM [24] models are used in our comparison experiments. Fig. 6 gives the identification results of each model for several common intrusion traffic types including Bot, DDoS, PortScan, and SSH. ...
With the increasing dimensionality of network traffic, extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems (IDS). However, both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features, resulting in an analysis that is not an optimal set. Therefore, in order to extract more representative traffic features as well as to improve the accuracy of traffic identification, this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T² and a multilayer convolutional bidirectional long short-term memory (MSC_BiLSTM) classifier model for network traffic intrusion detection. This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory (BiLSTM) network, which fully considers the influence between the before and after features. The network traffic is first characteristically downscaled by principal component analysis (PCA), and then the downscaled principal components are used as input to Hotelling’s T² to compare the differences between groups. For datasets with outliers, Hotelling’s T² can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers. Finally, a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data. The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision, recall and F1-score juxtaposed with the prevailing techniques. The results show that the intrusion detection accuracy, precision, and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%, 95.97%, and 90.22%.
... These techniques face significant challenges in detecting different attack classes when traffic data is unbalanced or when samples of anomalous traffic are small. To overcome this problem, Binbusayyis et al. [19] proposed an unsupervised network intrusion detection method incorporating a Convolutional Neural Networkbased AutoEncoder and a class of support vector machines. The method uses only normal samples and optimizes 1D CAE for compact feature representation and OCSVM for classification to improve the model's performance. ...
Network intrusion detection systems (NIDS) based on deep learning have continued to make significant advances. However, the following challenges remain: on the one hand, simply applying only Temporal Convolutional Networks (TCNs) can lead to models that ignore the impact of network traffic features at different scales on the detection performance. On the other hand, some intrusion detection methods consider multi-scale information of traffic data, but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features. To address both of these issues, we propose a hybrid Convolutional Neural Network that supports a multi-output strategy (BONUS) for industrial internet intrusion detection. First, we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic. Meanwhile, we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic. In addition, we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch. Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%, respectively, which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.
... Other studies combine layer types inside the autoencoder model to conduct feature extraction. Along with the conventional network layer, a convolutional layer [49][50][51] and an LSTM layer [52,53] are applied to the autoencoder model of the NIDS. Yu et al. [49] presented dilated convolutional autoencoders based on NIDS. ...
... Binbusayyis and Vaiyapuri [50] proposed a single-stage IDS that combines a one-dimensional convolutional autoencoder (1DAE-CAE) with a one-class support vector machine (OCSVM). The encoder section of the CAE was mapped to the RBM kernel on the OCSVM, trained, and tuned using a grid search for kernel parameter determination and regularization. ...
... As illustrated in Fig. 1c, a convolutional autoencoder encodes and decodes using convolutional neural networks. Therefore, this study employs a stacked convolutional autoencoder based on 1D-CNN on the CAE structure [50,56]. The DCAE extracts sequential onedimensional input data from network traffic data and converts it to input vectors. ...
The rapid growth of the Internet of things (IoT) platform has implications on security vulnerabilities that need to be resolved. This requires an intrusion detection system (IDS) to secure attacks on the platforms. In line with this, numerous machine and deep learning algorithms have been adopted to detect cyber-attacks. Real-time IoT devices transmit massive amounts of heterogeneous data, which affects the network. Traffic networks generate redundant and large amounts of data that must be reduced before processing. This study proposed a hybrid deep learning model for an IDS on the IoT platform. We used unsupervised approaches to extract data dimensions and features, then a neural network for classification. Several approaches were used to determine the effectiveness of the deep learning-based IoT IDS with two scenarios of feature extraction. The first case used autoencoder variants such as deep autoencoder (DAE), deep LSTM autoencoder (LSTM-DAE), and deep convolutional autoencoder. The second case used stacked models for feature extraction, including stacked autoencoder and deep belief network. The feature extraction output from the five models was fine-tuned to the fully connected layer using the BoT-IoT dataset. The results showed a good detection performance of almost 100% and a false positive rate (FPR) of nearly 0%. On the CSE-CIC-IDS2018 dataset, the proposed deep learning model was evaluated using a transfer learning approach with the highest detection rate of 99.17% and the lowest FPR of 0.18%. The model developed from the feature extraction process recognized attacks significantly better than the previous approach.
