Explore the vast range of titles available.

This study reviews and analyses the research landscape for intrusion detection systems (IDSs) based on deep learning (DL) techniques into a coherent taxonomy and identifies the gap in this pivotal research area. The focus is on articles related to the keywords ‘deep learning’, ‘intrusion’ and ‘attack’ and their variations in four major databases, namely Web of Science, ScienceDirect, Scopus and the Institute of Electrical and Electronics Engineers’ Xplore . These databases are sufficiently broad to cover the technical literature. The dataset comprises 68 articles. The largest proportion (72.06%; 49/68) relates to articles that develop an approach for evaluating or identifying intrusion detection techniques using the DL approach. The second largest proportion (22.06%; 15/68) relates to studying/applying articles to the DL area, IDSs or other related issues. The third largest proportion (5.88%; 4/68) discusses frameworks/models for running or adopting IDSs. The basic characteristics of this emerging field are identified from the aspects of motivations, open challenges that impede the technology’s utility, authors’ recommendations and substantial analysis. Then, a result analysis mapping for new directions is discussed. Three phases are designed to meet the demands of detecting distributed denial-of-service attacks with a high accuracy rate. This study provides an extensive resource background for researchers who are interested in IDSs based on DL.

Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

The Internet of Things (IoT) is an expanding field of computer networks where resource-constrained devices connect to the internet through various wireless technologies. IoT systems already cover a broad spectrum, including smart homes, smart hospital systems, and hazard detection systems, with their influence expected to grow in the coming years. However, IoT systems are not without their drawbacks, as security breaches and device malfunctions can lead to severe disruptions in the ecosystem. In this article, we introduce an edge-assisted hybrid intrusion detection system designed to detect and mitigate Sinkhole Attacks (SHAs) within the IoT ecosystem. The unique aspect of our proposed approach is its deployment on edge devices, enabling it to identify SHAs as close as possible to the relevant data sources. Furthermore, we provide a comparative analysis based on simulation results and real-world testbed experiments to support our proposed methodology. Our findings demonstrate considerable improvements in scalability, accuracy, precision, recall, F 1 score, packet delivery ratio, per-node power consumption, overall IoT network energy consumption, and end-to-end delay.

The threat of cyber-attacks is ever increasing in today’s society. There is a clear need for better and more effective defensive tools. Intrusion detection can be defined as the detection of anomalous behavior either in the host or in the network. An intrusion detection system can be used to identify the anomalous behavior of the system. The two major tasks of intrusion detection are to monitor data and raise an alert to the system administrators when an intrusion takes place. The current intrusion detection system is incapable of tackling sophisticated attacks which take place on the entire network containing large number of nodes while maintaining a low number of login attempts on each node in the system. A collaborative intrusion detection system (CIDS) was designed to remove the inefficiency of the current intrusion detection system which failed to detect coordinated distributed attacks. The main problem in the CIDS is the concept of trust. Hosts in the network need to trust the data sent by other peers in the network. To bring in the concept of trust and implement the proof-of-concept, blockchain was used. Pluggable authentication modules (PAM) were also used to track login activity securely before an intruder could modify the login activity. To implement blockchain, an Ethereum-based private blockchain was used.

Information security is of pivotal concern for consistently streaming information over the widespread internetwork. The bottleneck flow of incoming and outgoing data traffic introduces the issues of malicious activities taken place by intruders, hackers and attackers in the form of authenticity obstruction, gridlocking data traffic, vandalizing data and crashing the established network. The issue of emerging suspicious activities is managed by the domain of Intrusion Detection Systems (IDS). The IDS consistently monitors the network for the identification of suspicious activities, and generates alarm and indication in the presence of malicious threats and worms. The performance of IDS is improved by using different machine learning algorithms. In this paper, the Nesterov-Accelerated Adaptive Moment Estimation–Stochastic Gradient Descent (HNADAM-SDG) algorithm is proposed to determine the performance of Intrusion Detection Systems IDS. The algorithm is used to optimize IDS systems by hybridization and tuning of hyperparameters. The performance of algorithm is compared with other classification algorithms such as logistic regression, ridge classifier and ensemble algorithms where the experimental analysis and computations show the improved accuracy with 99.8%, sensitivity with 99.7%, and specificity with 99.5%.

In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to identify intrusions. It alerts the system administrators about the detected intrusions and makes them responsible for restoring the affected system(s). To automatically handle intrusions, an IDS is integrated with a response component, and the combined system is known as an intrusion detection and response system (IDRS). An IDRS forms a reactive pair that detects and responds to intrusions affecting the system(s). To prevent the occurrence of intrusions proactively, an intrusion prevention system (IPS) is deployed with an IDRS. Intrusion prevention and detection system (IPDS) forms a strong line of defense against malicious attempts that try to violate the privacy and security of the monitored device(s). This paper is an up-to-date survey of 113 research articles published in the area of IPSs, IDSs, and IDRSs in the past 7 years. It provides several insights into the literature, highlighting various future research areas. It describes the characteristics, merits, and demerits of different types of IPSs, IDSs, and IDRSs, that are a pre-requisite for developing efficient IPDSs. The foundations of the three systems and the description of their complementary functionalities as a combined system are also explained in this paper. To the best of our knowledge, there exist survey papers that focus on IPS, IDS, and IDRS separately, but not all three systems together. This paper explains the interconnected roles of IPS, IDS, and IDRS to develop an IPDS.

Cyberspace has become an indispensable factor for all areas of the modern world. The world is becoming more and more dependent on the internet for everyday living. The increasing dependency on the internet has also widened the risks of malicious threats. On account of growing cybersecurity risks, cybersecurity has become the most pivotal element in the cyber world to battle against all cyber threats, attacks, and frauds. The expanding cyberspace is highly exposed to the intensifying possibility of being attacked by interminable cyber threats. The objective of this survey is to bestow a brief review of different machine learning (ML) techniques to get to the bottom of all the developments made in detection methods for potential cybersecurity risks. These cybersecurity risk detection methods mainly comprise of fraud detection, intrusion detection, spam detection, and malware detection. In this review paper, we build upon the existing literature of applications of ML models in cybersecurity and provide a comprehensive review of ML techniques in cybersecurity. To the best of our knowledge, we have made the first attempt to give a comparison of the time complexity of commonly used ML models in cybersecurity. We have comprehensively compared each classifier’s performance based on frequently used datasets and sub-domains of cyber threats. This work also provides a brief introduction of machine learning models besides commonly used security datasets. Despite having all the primary precedence, cybersecurity has its constraints compromises, and challenges. This work also expounds on the enormous current challenges and limitations faced during the application of machine learning techniques in cybersecurity.

Network Intrusion Detection Systems (NIDSs) are important tools for the protection of computer networks against increasingly frequent and sophisticated cyber attacks. Recently, a lot of research effort has been dedicated to the development of Machine Learning (ML) based NIDSs. As in any ML-based application, the availability of high-quality datasets is critical for the training and evaluation of ML-based NIDS. One of the key problems with the currently available NIDS datasets is the lack of a standard feature set. The use of a unique and proprietary set of features for each of the publicly available datasets makes it virtually impossible to compare the performance of ML-based traffic classifiers on different datasets, and hence to evaluate the ability of these systems to generalise across different network scenarios. To address that limitation, this paper proposes and evaluates standard NIDS feature sets based on the NetFlow network meta-data collection protocol and system. We evaluate and compare two NetFlow-based feature set variants, a version with 12 features, and another one with 43 features. For our evaluation, we converted four widely used NIDS datasets (UNSW-NB15, BoT-IoT, ToN-IoT, CSE-CIC-IDS2018) into new variants with our proposed NetFlow based feature sets. Based on an Extra Tree classifier, we compared the classification performance of the NetFlow-based feature sets with the proprietary feature sets provided with the original datasets. While the smaller feature set cannot match the classification performance of the proprietary feature sets, the larger set with 43 NetFlow features, surprisingly achieves a consistently higher classification performance compared to the original feature set, which was tailored to each of the considered NIDS datasets. The proposed NetFlow-based NIDS feature set, together with four benchmark datasets, made available to the research community, allow a fair comparison of ML-based network traffic classifiers across different NIDS datasets. We believe that having a standard feature set is critical for allowing a more rigorous and thorough evaluation of ML-based NIDSs and that it can help bridge the gap between academic research and the practical deployment of such systems.

Wireless Sensor Networks (WSNs) are frequently deployed in environments that are either unattended or hostile, exposing them to a variety of attack types. It is vital to secure WSNs, particularly when they are monitoring sensitive or critical data. Utilizing an Intrusion Detection System (IDS) can aid in identifying unauthorized access or harmful activities in the network. In the domain of Network Intrusion Detection Systems (NIDS), conventional methods have limitations in detecting new threats and unknown attack patterns efficiently. Addressing these issues, this study introduces a new method known as the Deep Hybrid Network with Spatial and Channel Attention (DHN-SCA). This method merges deep learning techniques with attention mechanisms. The DHN employs Convolutional Neural Networks (CNNs) alongside a Local Attention Module to improve the precision and effectiveness of intrusion detection. The Local Attention Module comprises two components: spatial attention and channel attention. Spatial attention uses average pooling on the feature tensor, and Channel Attention incorporates both global average pooling and global max pooling, followed by fully connected layers. These components refine the feature tensor by element-wise multiplication with the original features. The performance of the DHN is tested and evaluated using benchmark datasets. Evaluation metrics such as accuracy, precision, recall, and F1-score are used to gauge the DHN’s performance against other intrusion detection methods.

Developing cyber security is very necessary and has attracted considerable attention from academy and industry organizations worldwide. It is also very necessary to provide sustainable computing for the the Internet of Things (IoT). Machine learning techniques play a vital role in the cybersecurity of the IoT for intrusion detection and malicious identification. Thus, in this study, we develop new feature extraction and selection methods and for the IDS system using the advantages of the swarm intelligence (SI) algorithms. We design a feature extraction mechanism depending on the conventional neural networks (CNN). After that, we present an alternative feature selection (FS) approach using the recently developed SI algorithm, Aquila optimizer (AQU). Moreover, to assess the quality of the developed IDS approach, four well-known public datasets, CIC2017, NSL-KDD, BoT-IoT, and KDD99, were used. We also considered extensive comparisons to other optimization methods to verify the competitive performance of the developed method. The results show the high performance of the developed approach using different evaluation indicators.