Explore the vast range of titles available.

Wireless Sensor Networks (WSNs) are increasingly being used in mission-critical infrastructures. In such applications, they are evaluated on the risk of cyber intrusions that can target the already constrained resources. Traditionally, Intrusion Detection Systems (IDS) in WSNs have been based on machine learning techniques; however, these models fail to capture the nonlinear, temporal, and topological dependencies across the network nodes. As a result, they often suffer degradation in detection accuracy and exhibit poor adaptability against evolving threats. To overcome these limitations, this study introduces a hybrid deep learning-based IDS that integrates multi-scale convolutional feature extraction, dual-stage attention fusion, and graph convolutional reasoning. Moreover, bidirectional long short-term memory components are embedded into the unified framework. Through this combination, the proposed architecture effectively captures the hierarchical spatial–temporal correlations in the traffic patterns, thereby enabling precise discrimination between normal and attack behaviors across several intrusion classes. The model has been evaluated on a publicly available benchmarking dataset, and it has been found to attain higher classification capability in multiclass scenarios. Furthermore, the model outperforms conventional IDS-focused approaches. In addition, the proposed design aims to retain suitable computational efficiency, making it appropriate for edge and distributed deployments. Consequently, this makes it an effective solution for next-generation WSN cybersecurity. Overall, the findings emphasize that combining topology-aware learning with multi-branch attention mechanisms offers a balanced trade-off between interpretability, accuracy, and deployment efficiency for resource-constrained WSN environments.

This research investigates Denial of Service (DoS) attacks targeting the Internet’s Application Layer protocols, namely Session Initiation Protocol (SIP), and SPDY, the proposed second version of the Hyper Text Transfer Protocol (HTTP 2.0). The attack detection methodology was set using a Statistical Process Control (SPC) technique and Monitoring charts, as well as Cumulative Summation (CUSUM) and Exponential Weighted Moving Average (EWMA). The techniques tackle different possible flooding attacks, typically through monitoring the incoming messages. The system works by sensing sudden changes and detecting abnormal traffic increases alerting for an attack, and then triggering an alarm on the DoS attack. The scenarios are designed for SIP to simulate normal traffic behaviour and attack traffic behaviour; some scenarios were set to have a large ratio of the non-acknowledged requests, and another scenario was set to simulate a slight increase in the ratio. There was a scenario in which its traffic was imported from another SIP related research. In addition, the thesis discusses the results of DoS attacks targeting the SPDY protocol; one scenario is about a large increase in the total number of the sent requests by a user towards a SPDY proxy, and another scenario is set with a slight increase. SPC was tested on all previously mentioned scenarios; they have shown significant results in detecting the attacks, either it was large sudden flooding, or slight low rate DoS flood, as the low rate DoS attacks are very difficult and sometimes impossible to detect. SPC was tested to aim in false attack alarms reduction, as they are also difficult to deal with. These techniques were applied in two approaches: in the first approach, the Offline implementation, the statistical values of the whole observations, the mean and the standard deviation, are found and then applied to the equations. In the second approach, the Online implementation, the statistical values were updated on getting a new observation and immediately applying the SPC equations; there has not been any other research that discussed such an approach. The first approach represents a system with previous knowledge and experience of the ongoing traffic. This reduces the overhead spent in finding the mean and the standard deviation every time a new observation is added to the sequence. The second approach represents a system that is newly starting with no knowledge, or a system which was reset after detecting an attack. Finally, a framework was suggested to effectively employ the previous contributions in detecting the flood of the traffic. Key words: DoS, SIP, SPDY, HTTP, SPC, CUSUM, EWMA, traffic behaviour. Email: b.elmasri@surrey.ac.uk WWW: http://www.surrey.ac.uk/