Explore the vast range of titles available.

This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest their superiority in terms of accuracy, detection rate, false alarm rate and time overhead as compared to state of the art existing schemes.

The rush to deploy IoT devices has greatly increased the threat of cyberattacks. Although prevention methods enhance security, they remain insufficient. Intrusion Detection Systems (IDS) represent a crucial complementary line of defense for IoT networks. In this paper, we propose a novel IDS for the Internet of Things (IoT) that combines the Grey Wolf Optimization (GWO) meta-heuristic, the Light Gradient Boosting Machine (LightGBM) model, and Convolutional Neural Networks (CNN). On the one hand, GWO reduces the number of selected features to the most relevant ones, which positively impacts the computation time in IoT. On the other hand, LightGBM presents the advantage of fast training with low memory usage and performs low latency, whereas CNN performs as a second deep feature extractor of LightGBM outputs and acts as the final classifier. The experimental evaluation of our new model, conducted on the CICIoT2023 and CICIoMT2024 datasets, demonstrated its high performance. For the CICIoT2023 dataset, our model achieved notable performance improvements, with an accuracy of 95.24%, a precision of 95.22%, and a very high true positive rate for several attack classes, such as Distributed Denial of Service, reaching 99.85%. Similarly, for the CICIoMT2024 dataset, our model achieved even higher results, with an Accuracy of 99.50%, a Precision of 99.52%, an F1-Score of 99.51%, an Average Accuracy of 93.22%, and an Average Detection Rate (DR) of 92.36%. Moreover, our model provides a very low false alarm rate with 1.30% and 2.45% for CICIoT2023 and CICIoMT2024, respectively. Therefore, it outperforms well-known machine learning techniques (RF, SVM) and deep learning models, namely DNN, CNN, LSTM, and Multi-head Attention.

The advent of the Internet of Things has enriched the network field with new themes, among which we find the Internet of Vehicles (IoV). IoV improved the various smart traffic applications for management or security. It makes vehicles autonomously deal with the unexpected by sharing various resources like critical information, computing resources, etc. Nonetheless and as a user of current network technologies, IoV suffers from the same vulnerabilities of these technologies, which makes it vulnerable to various kinds of attacks that affect security and privacy. To overcome these new challenges, researchers have considered different IoV authentication protocols. However, most of them are compromised and contain real security problems. Dealing with IoV authentication protocol security flaws is a real challenge. Recently, Jiang et al. (Comput Commun 173:45–55, 2021) designed a three-factor authentication protocol for IoV environment. The proposed protocol combines lightweight operations that include elliptic curve cryptography, hash function, physically unclonable function, concatenation on one side, and XOR operation on the other side. Contrariwise, it contains several flaws. In this paper, we detailed the security analysis of Jiang et al. protocol that proves the limit of security guarantees between only user and data center due to the possibility for an adversary to deduce a session key shared between vehicle sensor and data center and between vehicle sensor and user. Moreover, regarding these limitations, we propose an improvement to remedy all the said security pitfalls.

The Internet of Healthcare Things (IoHT) marks a significant breakthrough in modern medicine by enabling a new era of healthcare services. IoHT supports real-time, continuous, and personalized monitoring of patients’ health conditions. However, the security of sensitive data exchanged within IoHT remains a major concern, as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities. Potential threats include unauthorized access, device compromise, data breaches, and data alteration, all of which may compromise the confidentiality and integrity of patient information. In this paper, we provide an in-depth security analysis of LAP-IoHT, an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments. This analysis reveals several vulnerabilities in the LAP-IoHT protocol, namely its inability to resist various attacks, including user impersonation and privileged insider threats. To address these issues, we introduce LSAP-IoHT, a secure and lightweight authentication protocol for the Internet of Healthcare Things (IoHT). This protocol leverages Elliptic Curve Cryptography (ECC), Physical Unclonable Functions (PUFs), and Three-Factor Authentication (3FA). Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random (ROR) model. The results demonstrate strong resistance against man-in-the-middle (MITM) attacks, replay attacks, identity spoofing, stolen smart device attacks, and insider threats, while maintaining low computational and communication costs.

The use of Internet key exchange protocols in IP Security architecture and IoT environments has vulnerable to various malicious attacks and affects communication efficiency. To address these weaknesses, we propose a novel efficient and secure Internet key exchange protocol (ESIKE), which achieves a high level of security along with low computational cost and energy consumption. ESIKE achieves perfect forward secrecy, anonymity, known-key security, and untraceability properties. ESIKE can resist several attacks, such as, replay, DoS, eavesdropping, man-in-the-middle and modification. In addition, the formal security validation using AVISPA tools confirms the superiority of ESIKE in terms of security.

E-commerce platforms have become essential in meeting diverse consumer needs rapidly. For instance, Jumia-the largest e-commerce platform in North Africa- receives a high volume of user reviews that reflect a wide range of opinions regarding products. This diversity challenges platform owners striving to offer high-quality products and leaves buyers uncertain about making the best choices. To address these issues, we developed a sentiment analysis framework specifically tailored to the Algerian dialect. Our approach involved constructing a comprehensive database of user reviews categorized into positive, negative, and neutral sentiments. We further enhanced this resource by compiling a specialized dictionary of commonly used Algerian terms and applying GAN-based expansion techniques, as well as translating reviews into English and French to broaden linguistic coverage. To evaluate our method, we implemented two deep learning classifiers: a Deep Neural Network (DNN) and a BERT-based model. Notably, the BERT model achieved its optimal performance at 20 training epochs, with an accuracy of 95.44%, precision of 93.1%, recall of 95.57%, and an F1-score of 94.7%. These results significantly surpassed those obtained using the DNN model, as confirmed by ROC curve analyses and comparative accuracy evaluations. Our findings demonstrate that the integration of advanced NLP techniques with domain-specific language resources markedly enhances sentiment classification, paving the way for more effective analysis systems in e-commerce applications and the broader incorporation of Maghrebi dialects into scientific research.

In this paper, we propose an Efficient Secure routing Scheme based on searchable encryption with vehicle Proxy Re-encryption, called ESSPR, for achieving privacy preservation of message in vehicular peer-to-peer social network (VP2PSN). Specifically, the proposed ESSPR scheme consists of six phases: system initializations phase, peer registration phase, document generation phase, document forwarding phase, vehicle proxy re-encryption phase, and document receiving phase. Based on rationale of QoS-based clustering strategy, public key encryption with keyword search, identity based aggregate signature, and proxy re-encryption, ESSPR provides privacy for keyword, privacy for resources, and authentication and data integrity of the demand’s source. In addition, ESSPR is robust against eavesdropping attack, wormhole attack, packet analysis attack, packet tracing attack, and replay attack. Through performance evaluation, we demonstrate the effectiveness of ESSPR in terms of delivery ratio, average delay, average fairness, and detection ratio under malicious peers proportions in VP2PSN.

Purpose – The purpose of this paper is to build a new hierarchical intrusion detection system (IDS) based on a binary tree of different types of classifiers. The proposed IDS model must possess the following characteristics: combine a high detection rate and a low false alarm rate, and classify any connection in a specific category of network connection. Design/methodology/approach – To build the binary tree, the authors cluster the different categories of network connections hierarchically based on the proportion of false-positives and false-negatives generated between each of the two categories. The built model is a binary tree with multi-levels. At first, the authors use the best classifier in the classification of the network connections in category A and category G2 that clusters the rest of the categories. Then, in the second level, they use the best classifier in the classification of G2 network connections in category B and category G3 that represents the different categories clustered in G2 without category B. This process is repeated until the last two categories of network connections. Note that one of these categories represents the normal connection, and the rest represent the different types of abnormal connections. Findings – The experimentation on the labeled data set for flow-based intrusion detection, NSL-KDD and KDD’99 shows the high performance of the authors' model compared to the results obtained by some well-known classifiers and recent IDS models. The experiments’ results show that the authors' model gives a low false alarm rate and the highest detection rate. Moreover, the model is more accurate than some well-known classifiers like SVM, C4.5 decision tree, MLP neural network and naïve Bayes with accuracy equal to 83.26 per cent on NSL-KDD and equal to 99.92 per cent on the labeled data set for flow-based intrusion detection. As well, it is more accurate than the best of related works and recent IDS models with accuracy equal to 95.72 per cent on KDD’99. Originality/value – This paper proposes a novel hierarchical IDS based on a binary tree of classifiers, where different types of classifiers are used to create a high-performance model. Therefore, it confirms the capacity of the hierarchical model to combine a high detection rate and a low false alarm rate.

This article proposes an optimization of using Genetic Algorithms for the Security Audit Trail Analysis Problem, which was proposed by L. Mé in 1995 and improved by Pedro A. Diaz-Gomez and Dean F. Hougen in 2005. This optimization consists in filtering the attacks. So, we classify attacks in “Certainly not existing attacks class”, “Certainly existing attacks class” and “Uncertainly existing attacks class”. The proposed idea is to divide the 3rd class to independent sub-problems easier to solve. We use also the remote method invocation (RMI) to reduce resolution time. The results are very significant: 0% false+, 0%false-, detection rate equal to 100%. We present also, a comparative study to confirm the given improvement.

In this paper, we review the state of the art of privacy-preserving schemes for ad hoc social networks, including, mobile social networks (MSNs) and vehicular social networks (VSNs). Specifically, we select and in-detail examine thirty-three privacy preserving schemes developed for or applied in the context of ad hoc social networks. These schemes are published between 2008 and 2016. Based on this existing privacy preservation schemes, we survey privacy preservation models, including location privacy, identity privacy, anonymity, traceability, interest privacy, backward privacy, and content oriented privacy. The recent important attacks of leaking privacy, countermeasures, and game theoretic approaches in VSNs and MSNs are summarized in form of tables. In addition, an overview of recommendations for further research is also provided. With this survey, readers can have a more thorough understanding of research trends in privacy-preserving schemes for ad hoc social networks