In recent years,frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security.This paper presents a novel intrusion detection system consisting of a data prep...In recent years,frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security.This paper presents a novel intrusion detection system consisting of a data prepro-cessing stage and a deep learning model for accurately identifying network attacks.We have proposed four deep neural network models,which are constructed using architectures such as Convolutional Neural Networks(CNN),Bi-directional Long Short-Term Memory(BiLSTM),Bidirectional Gate Recurrent Unit(BiGRU),and Attention mechanism.These models have been evaluated for their detection performance on the NSL-KDD dataset.To enhance the compatibility between the data and the models,we apply various preprocessing techniques and employ the particle swarm optimization algorithm to perform feature selection on the NSL-KDD dataset,resulting in an optimized feature subset.Moreover,we address class imbalance in the dataset using focal loss.Finally,we employ the BO-TPE algorithm to optimize the hyperparameters of the four models,maximizing their detection performance.The test results demonstrate that the proposed model is capable of extracting the spatiotemporal features of network traffic data effectively.In binary and multiclass experiments,it achieved accuracy rates of 0.999158 and 0.999091,respectively,surpassing other state-of-the-art methods.展开更多
Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune de...Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method.The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements.Then,to improve the accuracy of similarity calculation,a quantitative matching method is proposed.The model uses mathematical methods to train and evolve immune elements,increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions.The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection,overcoming the disadvantages of traditional methods.The experiment results show that the proposed model can detect intrusions effectively.It has a detection rate of more than 99.6%on average and a false alarm rate of 0.0264%.It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance.展开更多
Network intrusion detection systems(NIDS)based on deep learning have continued to make significant advances.However,the following challenges remain:on the one hand,simply applying only Temporal Convolutional Networks(...Network intrusion detection systems(NIDS)based on deep learning have continued to make significant advances.However,the following challenges remain:on the one hand,simply applying only Temporal Convolutional Networks(TCNs)can lead to models that ignore the impact of network traffic features at different scales on the detection performance.On the other hand,some intrusion detection methods considermulti-scale information of traffic data,but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features.To address both of these issues,we propose a hybrid Convolutional Neural Network that supports a multi-output strategy(BONUS)for industrial internet intrusion detection.First,we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic.Meanwhile,we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic.In addition,we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch.Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%,respectively,which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.展开更多
In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciat...In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.展开更多
The blockchain-empowered Internet of Vehicles(IoV)enables various services and achieves data security and privacy,significantly advancing modern vehicle systems.However,the increased frequency of data transmission and...The blockchain-empowered Internet of Vehicles(IoV)enables various services and achieves data security and privacy,significantly advancing modern vehicle systems.However,the increased frequency of data transmission and complex network connections among nodes also make them more susceptible to adversarial attacks.As a result,an efficient intrusion detection system(IDS)becomes crucial for securing the IoV environment.Existing IDSs based on convolutional neural networks(CNN)often suffer from high training time and storage requirements.In this paper,we propose a lightweight IDS solution to protect IoV against both intra-vehicle and external threats.Our approach achieves superior performance,as demonstrated by key metrics such as accuracy and precision.Specifically,our method achieves accuracy rates ranging from 99.08% to 100% on the Car-Hacking dataset,with a remarkably short training time.展开更多
With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(...With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.展开更多
With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detectin...With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.展开更多
The importance of this study is to identify the newly reordered and recognized basaltic intrusion for the first time in Maasser El Chouf in Lebanon. The recorded basaltic intrusion cut the Jurassic-Lower Cretaceous ro...The importance of this study is to identify the newly reordered and recognized basaltic intrusion for the first time in Maasser El Chouf in Lebanon. The recorded basaltic intrusion cut the Jurassic-Lower Cretaceous rock in this area. Necessary field inspection, geology, mineralogy and chemical tests were carried out on 8 basalt samples to determine their mineralogy, petrography and chemical composition. Representative samples have been tested with polarizing microscope, X-ray diffraction (XRD) and X-ray fluorescence (XRF). Petrographic and mineralogical studies show that the basalt is characterized by presence mainly of calcic-plagioclase feldspar, pyroxene-augite and olivine minerals. Secondary minerals of iron oxides also present (ilmenite and magnetite). The most appeared property is the alteration of olivine mineral to iddingsite that indicated highly weathered process. The composition of the basaltic samples reflects ultrabasic-basic type (Basanite-Tholeiitic basalt). The existence of volcanic activity occurred mostly with Pliocene age (< 2 Ma) as indicated by previous studies for similar basalt in Lebanon. Possibly, these boulders have been carried up from some deeper intrusive magmatic body under very active tension zones. Volcanism of Lebanon basalts belong to the alkaline olivine basalt, suite generally associated with tension, rifting and block faulting movements of the continental crust. Most of the volcanisms in Lebanon and in Harrat Ash Shaam Basalt from Syria and Palestine through Jordan to Saudi Arabia are related and connected to the opening of the Red Sea Rift System, making the area with tremendous volcanic tectonic activities.展开更多
This paper explains various factors that contribute to saltwater intrusion, including overexploitation of freshwater resources and climate change as well as the different techniques essential for effective saltwater i...This paper explains various factors that contribute to saltwater intrusion, including overexploitation of freshwater resources and climate change as well as the different techniques essential for effective saltwater intrusion management. The impact of saltwater intrusion along coastal regions and its impact on the environment, hydrogeology and groundwater contamination. It suggests potential solutions to mitigate the impact of saltwater intrusion, including effective water management and techniques for managing SWI. The application of A.I (assessment index) serves as a guideline to correctly identify wells with SWI ranging from no intrusion, slight intrusion and strong intrusion. The challenges of saltwater intrusion in Lagos and the salinization of wells were investigated using the hydro-chemical parameters. The study identifies four wells (“AA”, “CMS”, “OBA” and “VIL”) as having high electric conductivities, indicating saline water intrusion, while other wells (“EBM”, “IKJ, and “IKO”) with lower electric conductivities, indicate little or no salt-water intrusion, and “AJ” well shows slight intrusion. The elevation of the wells also played a vital role in the SWI across coastal regions of Lagos. The study recommends continuous monitoring of coastal wells to help sustain and reduce saline intrusion. The findings of the study are important for policymakers, researchers, and practitioners who are interested in addressing the challenges of saltwater intrusion along coastal regions. We assessed the SWI across the eight (8) wells using the Assessment Index to identify wells with SWI. Wells in “CMS” and “VIL” has strong intrusions. A proposed classification system based on specific ion ratios categorizes water quality from good (+) to highly (-) contaminated (refer to Table 4). These findings underscore the need for attention and effective management strategies to address groundwater unsuitability for various purposes.展开更多
With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems...With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems,such as large assets,complex and diverse structures,and lack of computing resources.Traditional network intrusion detection systems cannot meet the security needs of IoT applications.In view of this situation,this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance.Usually,traditional intrusion detection algorithms require considerable time for training,and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes;therefore,it is necessary to study intrusion detection algorithms with low weights,short training time,and high detection accuracy for deployment and application on cloud nodes.An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats.This paper discusses the problems related to IoT intrusion prevention in cloud computing environments.Based on the analysis of cloud computing security threats,this study extensively explores IoT intrusion detection,cloud node monitoring,and intrusion response in cloud computing environments by using cloud computing,an improved extreme learning machine,and other methods.We use the Multi-Feature Extraction Extreme Learning Machine(MFE-ELM)algorithm for cloud computing,which adds a multi-feature extraction process to cloud servers,and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes.In our simulation experiments,a classical dataset for intrusion detection is selected as a test,and test steps such as data preprocessing,feature engineering,model training,and result analysis are performed.The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes.Furthermore,it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time,so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.展开更多
Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)...Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.展开更多
Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increas...Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.展开更多
This paper uses the Coupled Ocean-Atmosphere-Wave-Sediment Transport(COAWST)model to analyze the impact of typhoon‘Hongxia’on the velocity and position movement of the Kuroshio axis,the impact of typhoons on the Kur...This paper uses the Coupled Ocean-Atmosphere-Wave-Sediment Transport(COAWST)model to analyze the impact of typhoon‘Hongxia’on the velocity and position movement of the Kuroshio axis,the impact of typhoons on the Kuroshio intrusion into South China Sea(SCS),the corresponding water,heat,and salt fluxes,and the impact of Kuroshio water in the northeastern SCS.When typhoon‘Hongxia’passed,the Kuroshio intrusion into the SCS was the most significant at 21?N latitude.In the vertical direction,the Kuroshio intrusion was strongest in the subsurface layer,leading to the most significant changes in temperature and salinity in the northeastern part of the SCS in the subsurface layer.Under the influence of the southeastern monsoon in summer,a large amount of low-salinity water accumulates at the surface of the northeastern part of the SCS,and Kuroshio intrusive water remains in the bottom and middle portions of the subsurface layer.The westward deviation of the Kuroshio axis caused by the typhoon displays a certain lag compared with the hot and salty water intrusion into the SCS approximately 7 d later.The impact of the typhoon on the Kuroshio intrusion into the SCS lasts for 20 d.The typhoon caused increases in the water,heat,and salt fluxes associated with the Kuroshio intrusion into the SCS,and the contribution of the typhoon to these fluxes was as high as 40%.Under typhoon conditions,the maximum Kuroshio intrusion flux reached more than twice that before the typhoon.展开更多
Estuarine projects can change local topography and influence water transport and saltwater intrusion.The Changjiang(Yangtze)River estuary is a multichannel estuary,and four major reclamation projects have been impleme...Estuarine projects can change local topography and influence water transport and saltwater intrusion.The Changjiang(Yangtze)River estuary is a multichannel estuary,and four major reclamation projects have been implemented in the Changjiang River estuary in recent years:the Xincun Shoal reclamation project(RP-XCS),the Qingcao Shoal reclamation project(RP-QCS),the Eastern Hengsha Shoal reclamation project(RP-EHS),and the Nanhui Shoal reclamation project(RP-NHS).The effects of the four reclamation projects and each project on the saltwater intrusion and water resources in the Changjiang River estuary were simulated in a 3D numerical model.Results show that for a multichannel estuary,local reclamation projects change the local topography and water diversion ratio(WDR)between channels and influence water and salt transport and freshwater utilization in the estuary.During spring tide,under the cumulative effect of the four reclamation projects,the salinity decreases by approximately 0.5in the upper reaches of the North Branch and increases by 0.5-1.0 in the middle and lower reaches of the North Branch.In the North Channel,the salinity decreases by approximately 0.5.In the North Passage,the salinity increases by 0.5-1.0.In the South Passage,the salinity increases by approximately 0.5 in the upper reaches and decreases by 0.2-0.5 on the north side of the middle and lower reaches.During neap tide,the cumulative effects of the four reclamation projects and the individual projects are similar to those during spring tide,but there are some differences.The effects of an individual reclamation project on WDR and saltwater intrusion during spring and neap tides are simulated and analyzed in detail.The cumulative effect of the four reclamation projects favors freshwater usage in the Changjiang River estuary.展开更多
Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervise...Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervised Neural Networks(NN)and unsupervised clustering,but there are few works dedicated to their hybridization with metaheuristic algorithms.As intrusion detection data usually contains several features,it is essential to select the best ones appropriately.Linear Discriminant Analysis(LDA)and t-statistic are considered as efficient conventional techniques to select the best features,but they have been little exploited in IDS design.Thus,the research proposed in this paper can be summarized as follows.a)The proposed approach aims to use hybridized unsupervised and hybridized supervised detection processes of all the attack categories in the CICIDS2017 Dataset.Nevertheless,owing to the large size of the CICIDS2017 Dataset,only 25%of the data was used.b)As a feature selection method,the LDAperformancemeasure is chosen and combinedwith the t-statistic.c)For intrusion detection,unsupervised Fuzzy C-means(FCM)clustering and supervised Back-propagation NN are adopted.d)In addition and in order to enhance the suggested classifiers,FCM and NN are hybridized with the seven most known metaheuristic algorithms,including Genetic Algorithm(GA),Particle Swarm Optimization(PSO),Differential Evolution(DE),Cultural Algorithm(CA),Harmony Search(HS),Ant-Lion Optimizer(ALO)and Black Hole(BH)Algorithm.Performance metrics extracted from confusion matrices,such as accuracy,precision,sensitivity and F1-score are exploited.The experimental result for the proposed intrusion detection,based on training and test CICIDS2017 datasets,indicated that PSO,GA and ALO-based NNs can achieve promising results.PSO-NN produces a tested accuracy,global sensitivity and F1-score of 99.97%,99.95%and 99.96%,respectively,outperforming performance concluded in several related works.Furthermore,the best-proposed approaches are valued in the most recent intrusion detection datasets:CSE-CICIDS2018 and LUFlow2020.The evaluation fallouts consolidate the previous results and confirm their correctness.展开更多
Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achi...Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achievement due to distributed and open architecture that is prone to intruders.Intrusion Detection System(IDS)refers to one of the commonly utilized system for detecting attacks on cloud.IDS proves to be an effective and promising technique,that identifies malicious activities and known threats by observing traffic data in computers,and warnings are given when such threatswere identified.The current mainstream IDS are assisted with machine learning(ML)but have issues of low detection rates and demanded wide feature engineering.This article devises an Enhanced Coyote Optimization with Deep Learning based Intrusion Detection System for Cloud Security(ECODL-IDSCS)model.The ECODL-IDSCS model initially addresses the class imbalance data problem by the use of Adaptive Synthetic(ADASYN)technique.For detecting and classification of intrusions,long short term memory(LSTM)model is exploited.In addition,ECO algorithm is derived to optimally fine tune the hyperparameters related to the LSTM model to enhance its detection efficiency in the cloud environment.Once the presented ECODL-IDSCS model is tested on benchmark dataset,the experimental results show the promising performance of the ECODL-IDSCS model over the existing IDS models.展开更多
With the advancement of network communication technology,network traffic shows explosive growth.Consequently,network attacks occur frequently.Network intrusion detection systems are still the primary means of detectin...With the advancement of network communication technology,network traffic shows explosive growth.Consequently,network attacks occur frequently.Network intrusion detection systems are still the primary means of detecting attacks.However,two challenges continue to stymie the development of a viable network intrusion detection system:imbalanced training data and new undiscovered attacks.Therefore,this study proposes a unique deep learning-based intrusion detection method.We use two independent in-memory autoencoders trained on regular network traffic and attacks to capture the dynamic relationship between traffic features in the presence of unbalanced training data.Then the original data is fed into the triplet network by forming a triplet with the data reconstructed from the two encoders to train.Finally,the distance relationship between the triples determines whether the traffic is an attack.In addition,to improve the accuracy of detecting unknown attacks,this research proposes an improved triplet loss function that is used to pull the distances of the same class closer while pushing the distances belonging to different classes farther in the learned feature space.The proposed approach’s effectiveness,stability,and significance are evaluated against advanced models on the Android Adware and General Malware Dataset(AAGM17),Knowledge Discovery and Data Mining Cup 1999(KDDCUP99),Canadian Institute for Cybersecurity Group’s Intrusion Detection Evaluation Dataset(CICIDS2017),UNSW-NB15,Network Security Lab-Knowledge Discovery and Data Mining(NSL-KDD)datasets.The achieved results confirmed the superiority of the proposed method for the task of network intrusion detection.展开更多
With the continuous integration of new energy into the power grid,various new attacks continue to emerge and the feature distributions are constantly changing during the deployment of intelligent pumped storage power ...With the continuous integration of new energy into the power grid,various new attacks continue to emerge and the feature distributions are constantly changing during the deployment of intelligent pumped storage power stations.The intrusion detection model trained on the old data is hard to effectively identify new attacks,and it is difficult to update the intrusion detection model in time when lacking data.To solve this issue,by using model-based transfer learning methods,in this paper we propose a convolutional neural network(CNN)based transfer online sequential extreme learning machine(TOS-ELM)scheme to enable the online intrusion detection,which is called CNN-TOSELM in this paper.In our proposed scheme,we use pre-trained CNN to extract the characteristics of the target domain data as input,and then build online learning classifier TOS-ELM to transfer the parameter of the ELM classifier of the source domain.Experimental results show the proposed CNNTOSELM scheme can achieve better detection performance and extremely short model update time for intelligent pumped storage power stations.展开更多
Intrusion detection involves identifying unauthorized network activity and recognizing whether the data constitute an abnormal network transmission.Recent research has focused on using semi-supervised learning mechani...Intrusion detection involves identifying unauthorized network activity and recognizing whether the data constitute an abnormal network transmission.Recent research has focused on using semi-supervised learning mechanisms to identify abnormal network traffic to deal with labeled and unlabeled data in the industry.However,real-time training and classifying network traffic pose challenges,as they can lead to the degradation of the overall dataset and difficulties preventing attacks.Additionally,existing semi-supervised learning research might need to analyze the experimental results comprehensively.This paper proposes XA-GANomaly,a novel technique for explainable adaptive semi-supervised learning using GANomaly,an image anomalous detection model that dynamically trains small subsets to these issues.First,this research introduces a deep neural network(DNN)-based GANomaly for semi-supervised learning.Second,this paper presents the proposed adaptive algorithm for the DNN-based GANomaly,which is validated with four subsets of the adaptive dataset.Finally,this study demonstrates a monitoring system that incorporates three explainable techniques—Shapley additive explanations,reconstruction error visualization,and t-distributed stochastic neighbor embedding—to respond effectively to attacks on traffic data at each feature engineering stage,semi-supervised learning,and adaptive learning.Compared to other single-class classification techniques,the proposed DNN-based GANomaly achieves higher scores for Network Security Laboratory-Knowledge Discovery in Databases and UNSW-NB15 datasets at 13%and 8%of F1 scores and 4.17%and 11.51%for accuracy,respectively.Furthermore,experiments of the proposed adaptive learning reveal mostly improved results over the initial values.An analysis and monitoring system based on the combination of the three explainable methodologies is also described.Thus,the proposed method has the potential advantages to be applied in practical industry,and future research will explore handling unbalanced real-time datasets in various scenarios.展开更多
An intrusion detection system(IDS)becomes an important tool for ensuring security in the network.In recent times,machine learning(ML)and deep learning(DL)models can be applied for the identification of intrusions over...An intrusion detection system(IDS)becomes an important tool for ensuring security in the network.In recent times,machine learning(ML)and deep learning(DL)models can be applied for the identification of intrusions over the network effectively.To resolve the security issues,this paper presents a new Binary Butterfly Optimization algorithm based on Feature Selection with DRL technique,called BBOFS-DRL for intrusion detection.The proposed BBOFSDRL model mainly accomplishes the recognition of intrusions in the network.To attain this,the BBOFS-DRL model initially designs the BBOFS algorithm based on the traditional butterfly optimization algorithm(BOA)to elect feature subsets.Besides,DRL model is employed for the proper identification and classification of intrusions that exist in the network.Furthermore,beetle antenna search(BAS)technique is applied to tune the DRL parameters for enhanced intrusion detection efficiency.For ensuring the superior intrusion detection outcomes of the BBOFS-DRL model,a wide-ranging experimental analysis is performed against benchmark dataset.The simulation results reported the supremacy of the BBOFS-DRL model over its recent state of art approaches.展开更多
文摘In recent years,frequent network attacks have highlighted the importance of efficient detection methods for ensuring cyberspace security.This paper presents a novel intrusion detection system consisting of a data prepro-cessing stage and a deep learning model for accurately identifying network attacks.We have proposed four deep neural network models,which are constructed using architectures such as Convolutional Neural Networks(CNN),Bi-directional Long Short-Term Memory(BiLSTM),Bidirectional Gate Recurrent Unit(BiGRU),and Attention mechanism.These models have been evaluated for their detection performance on the NSL-KDD dataset.To enhance the compatibility between the data and the models,we apply various preprocessing techniques and employ the particle swarm optimization algorithm to perform feature selection on the NSL-KDD dataset,resulting in an optimized feature subset.Moreover,we address class imbalance in the dataset using focal loss.Finally,we employ the BO-TPE algorithm to optimize the hyperparameters of the four models,maximizing their detection performance.The test results demonstrate that the proposed model is capable of extracting the spatiotemporal features of network traffic data effectively.In binary and multiclass experiments,it achieved accuracy rates of 0.999158 and 0.999091,respectively,surpassing other state-of-the-art methods.
基金This research was funded by the Scientific Research Project of Leshan Normal University(No.2022SSDX002)the Scientific Plan Project of Leshan(No.22NZD012).
文摘Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method.The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements.Then,to improve the accuracy of similarity calculation,a quantitative matching method is proposed.The model uses mathematical methods to train and evolve immune elements,increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions.The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection,overcoming the disadvantages of traditional methods.The experiment results show that the proposed model can detect intrusions effectively.It has a detection rate of more than 99.6%on average and a false alarm rate of 0.0264%.It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance.
基金sponsored by the Autonomous Region Key R&D Task Special(2022B01008)the National Key R&D Program of China(SQ2022AAA010308-5).
文摘Network intrusion detection systems(NIDS)based on deep learning have continued to make significant advances.However,the following challenges remain:on the one hand,simply applying only Temporal Convolutional Networks(TCNs)can lead to models that ignore the impact of network traffic features at different scales on the detection performance.On the other hand,some intrusion detection methods considermulti-scale information of traffic data,but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features.To address both of these issues,we propose a hybrid Convolutional Neural Network that supports a multi-output strategy(BONUS)for industrial internet intrusion detection.First,we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic.Meanwhile,we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic.In addition,we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch.Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%,respectively,which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.
基金supported in part by the Gansu Province Higher Education Institutions Industrial Support Program:Security Situational Awareness with Artificial Intelligence and Blockchain Technology.Project Number(2020C-29).
文摘In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.
基金supported in part by the Open Research Fund of Joint Laboratory on Cyberspace Security,China Southern Power Grid(Grant No.CSS2022KF03)the Science and Technology Planning Project of Guangzhou,China(GrantNo.202201010388)the Fundamental Research Funds for the Central Universities.
文摘The blockchain-empowered Internet of Vehicles(IoV)enables various services and achieves data security and privacy,significantly advancing modern vehicle systems.However,the increased frequency of data transmission and complex network connections among nodes also make them more susceptible to adversarial attacks.As a result,an efficient intrusion detection system(IDS)becomes crucial for securing the IoV environment.Existing IDSs based on convolutional neural networks(CNN)often suffer from high training time and storage requirements.In this paper,we propose a lightweight IDS solution to protect IoV against both intra-vehicle and external threats.Our approach achieves superior performance,as demonstrated by key metrics such as accuracy and precision.Specifically,our method achieves accuracy rates ranging from 99.08% to 100% on the Car-Hacking dataset,with a remarkably short training time.
基金supported by Tianshan Talent Training Project-Xinjiang Science and Technology Innovation Team Program(2023TSYCTD).
文摘With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.
基金The author extends the appreciation to the Deanship of Postgraduate Studies and Scientific Research atMajmaah University for funding this research work through the project number(R-2024-920).
文摘With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.
文摘The importance of this study is to identify the newly reordered and recognized basaltic intrusion for the first time in Maasser El Chouf in Lebanon. The recorded basaltic intrusion cut the Jurassic-Lower Cretaceous rock in this area. Necessary field inspection, geology, mineralogy and chemical tests were carried out on 8 basalt samples to determine their mineralogy, petrography and chemical composition. Representative samples have been tested with polarizing microscope, X-ray diffraction (XRD) and X-ray fluorescence (XRF). Petrographic and mineralogical studies show that the basalt is characterized by presence mainly of calcic-plagioclase feldspar, pyroxene-augite and olivine minerals. Secondary minerals of iron oxides also present (ilmenite and magnetite). The most appeared property is the alteration of olivine mineral to iddingsite that indicated highly weathered process. The composition of the basaltic samples reflects ultrabasic-basic type (Basanite-Tholeiitic basalt). The existence of volcanic activity occurred mostly with Pliocene age (< 2 Ma) as indicated by previous studies for similar basalt in Lebanon. Possibly, these boulders have been carried up from some deeper intrusive magmatic body under very active tension zones. Volcanism of Lebanon basalts belong to the alkaline olivine basalt, suite generally associated with tension, rifting and block faulting movements of the continental crust. Most of the volcanisms in Lebanon and in Harrat Ash Shaam Basalt from Syria and Palestine through Jordan to Saudi Arabia are related and connected to the opening of the Red Sea Rift System, making the area with tremendous volcanic tectonic activities.
文摘This paper explains various factors that contribute to saltwater intrusion, including overexploitation of freshwater resources and climate change as well as the different techniques essential for effective saltwater intrusion management. The impact of saltwater intrusion along coastal regions and its impact on the environment, hydrogeology and groundwater contamination. It suggests potential solutions to mitigate the impact of saltwater intrusion, including effective water management and techniques for managing SWI. The application of A.I (assessment index) serves as a guideline to correctly identify wells with SWI ranging from no intrusion, slight intrusion and strong intrusion. The challenges of saltwater intrusion in Lagos and the salinization of wells were investigated using the hydro-chemical parameters. The study identifies four wells (“AA”, “CMS”, “OBA” and “VIL”) as having high electric conductivities, indicating saline water intrusion, while other wells (“EBM”, “IKJ, and “IKO”) with lower electric conductivities, indicate little or no salt-water intrusion, and “AJ” well shows slight intrusion. The elevation of the wells also played a vital role in the SWI across coastal regions of Lagos. The study recommends continuous monitoring of coastal wells to help sustain and reduce saline intrusion. The findings of the study are important for policymakers, researchers, and practitioners who are interested in addressing the challenges of saltwater intrusion along coastal regions. We assessed the SWI across the eight (8) wells using the Assessment Index to identify wells with SWI. Wells in “CMS” and “VIL” has strong intrusions. A proposed classification system based on specific ion ratios categorizes water quality from good (+) to highly (-) contaminated (refer to Table 4). These findings underscore the need for attention and effective management strategies to address groundwater unsuitability for various purposes.
基金funded by the Key Research and Development plan of Jiangsu Province (Social Development)No.BE20217162Jiangsu Modern Agricultural Machinery Equipment and Technology Demonstration and Promotion Project No.NJ2021-19.
文摘With the rapid development of the Internet of Things(IoT),there are several challenges pertaining to security in IoT applications.Compared with the characteristics of the traditional Internet,the IoT has many problems,such as large assets,complex and diverse structures,and lack of computing resources.Traditional network intrusion detection systems cannot meet the security needs of IoT applications.In view of this situation,this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance.Usually,traditional intrusion detection algorithms require considerable time for training,and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes;therefore,it is necessary to study intrusion detection algorithms with low weights,short training time,and high detection accuracy for deployment and application on cloud nodes.An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats.This paper discusses the problems related to IoT intrusion prevention in cloud computing environments.Based on the analysis of cloud computing security threats,this study extensively explores IoT intrusion detection,cloud node monitoring,and intrusion response in cloud computing environments by using cloud computing,an improved extreme learning machine,and other methods.We use the Multi-Feature Extraction Extreme Learning Machine(MFE-ELM)algorithm for cloud computing,which adds a multi-feature extraction process to cloud servers,and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes.In our simulation experiments,a classical dataset for intrusion detection is selected as a test,and test steps such as data preprocessing,feature engineering,model training,and result analysis are performed.The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes.Furthermore,it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time,so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.
基金supported by King Khalid University,Saudi Arabia underGrant No.RGP.2/61/43.
文摘Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.
文摘Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.
基金Tianjin Key Laboratory for Oceanic Meteorology for its support via the 2020 Open Fund Project(No.2020TKLOMZD01).
文摘This paper uses the Coupled Ocean-Atmosphere-Wave-Sediment Transport(COAWST)model to analyze the impact of typhoon‘Hongxia’on the velocity and position movement of the Kuroshio axis,the impact of typhoons on the Kuroshio intrusion into South China Sea(SCS),the corresponding water,heat,and salt fluxes,and the impact of Kuroshio water in the northeastern SCS.When typhoon‘Hongxia’passed,the Kuroshio intrusion into the SCS was the most significant at 21?N latitude.In the vertical direction,the Kuroshio intrusion was strongest in the subsurface layer,leading to the most significant changes in temperature and salinity in the northeastern part of the SCS in the subsurface layer.Under the influence of the southeastern monsoon in summer,a large amount of low-salinity water accumulates at the surface of the northeastern part of the SCS,and Kuroshio intrusive water remains in the bottom and middle portions of the subsurface layer.The westward deviation of the Kuroshio axis caused by the typhoon displays a certain lag compared with the hot and salty water intrusion into the SCS approximately 7 d later.The impact of the typhoon on the Kuroshio intrusion into the SCS lasts for 20 d.The typhoon caused increases in the water,heat,and salt fluxes associated with the Kuroshio intrusion into the SCS,and the contribution of the typhoon to these fluxes was as high as 40%.Under typhoon conditions,the maximum Kuroshio intrusion flux reached more than twice that before the typhoon.
基金Supported by the Science and Technology Commission of Shanghai Municipality(No.21JC1402500)。
文摘Estuarine projects can change local topography and influence water transport and saltwater intrusion.The Changjiang(Yangtze)River estuary is a multichannel estuary,and four major reclamation projects have been implemented in the Changjiang River estuary in recent years:the Xincun Shoal reclamation project(RP-XCS),the Qingcao Shoal reclamation project(RP-QCS),the Eastern Hengsha Shoal reclamation project(RP-EHS),and the Nanhui Shoal reclamation project(RP-NHS).The effects of the four reclamation projects and each project on the saltwater intrusion and water resources in the Changjiang River estuary were simulated in a 3D numerical model.Results show that for a multichannel estuary,local reclamation projects change the local topography and water diversion ratio(WDR)between channels and influence water and salt transport and freshwater utilization in the estuary.During spring tide,under the cumulative effect of the four reclamation projects,the salinity decreases by approximately 0.5in the upper reaches of the North Branch and increases by 0.5-1.0 in the middle and lower reaches of the North Branch.In the North Channel,the salinity decreases by approximately 0.5.In the North Passage,the salinity increases by 0.5-1.0.In the South Passage,the salinity increases by approximately 0.5 in the upper reaches and decreases by 0.2-0.5 on the north side of the middle and lower reaches.During neap tide,the cumulative effects of the four reclamation projects and the individual projects are similar to those during spring tide,but there are some differences.The effects of an individual reclamation project on WDR and saltwater intrusion during spring and neap tides are simulated and analyzed in detail.The cumulative effect of the four reclamation projects favors freshwater usage in the Changjiang River estuary.
文摘Due to the increasing number of cyber-attacks,the necessity to develop efficient intrusion detection systems(IDS)is more imperative than ever.In IDS research,the most effectively used methodology is based on supervised Neural Networks(NN)and unsupervised clustering,but there are few works dedicated to their hybridization with metaheuristic algorithms.As intrusion detection data usually contains several features,it is essential to select the best ones appropriately.Linear Discriminant Analysis(LDA)and t-statistic are considered as efficient conventional techniques to select the best features,but they have been little exploited in IDS design.Thus,the research proposed in this paper can be summarized as follows.a)The proposed approach aims to use hybridized unsupervised and hybridized supervised detection processes of all the attack categories in the CICIDS2017 Dataset.Nevertheless,owing to the large size of the CICIDS2017 Dataset,only 25%of the data was used.b)As a feature selection method,the LDAperformancemeasure is chosen and combinedwith the t-statistic.c)For intrusion detection,unsupervised Fuzzy C-means(FCM)clustering and supervised Back-propagation NN are adopted.d)In addition and in order to enhance the suggested classifiers,FCM and NN are hybridized with the seven most known metaheuristic algorithms,including Genetic Algorithm(GA),Particle Swarm Optimization(PSO),Differential Evolution(DE),Cultural Algorithm(CA),Harmony Search(HS),Ant-Lion Optimizer(ALO)and Black Hole(BH)Algorithm.Performance metrics extracted from confusion matrices,such as accuracy,precision,sensitivity and F1-score are exploited.The experimental result for the proposed intrusion detection,based on training and test CICIDS2017 datasets,indicated that PSO,GA and ALO-based NNs can achieve promising results.PSO-NN produces a tested accuracy,global sensitivity and F1-score of 99.97%,99.95%and 99.96%,respectively,outperforming performance concluded in several related works.Furthermore,the best-proposed approaches are valued in the most recent intrusion detection datasets:CSE-CICIDS2018 and LUFlow2020.The evaluation fallouts consolidate the previous results and confirm their correctness.
基金The Deanship of Scientific Research(DSR)at King Abdulaziz University(KAU),Jeddah,Saudi Arabia has funded this project,under grant no.KEP-1-120-42.
文摘Cloud Computing(CC)is the preference of all information technology(IT)organizations as it offers pay-per-use based and flexible services to its users.But the privacy and security become the main hindrances in its achievement due to distributed and open architecture that is prone to intruders.Intrusion Detection System(IDS)refers to one of the commonly utilized system for detecting attacks on cloud.IDS proves to be an effective and promising technique,that identifies malicious activities and known threats by observing traffic data in computers,and warnings are given when such threatswere identified.The current mainstream IDS are assisted with machine learning(ML)but have issues of low detection rates and demanded wide feature engineering.This article devises an Enhanced Coyote Optimization with Deep Learning based Intrusion Detection System for Cloud Security(ECODL-IDSCS)model.The ECODL-IDSCS model initially addresses the class imbalance data problem by the use of Adaptive Synthetic(ADASYN)technique.For detecting and classification of intrusions,long short term memory(LSTM)model is exploited.In addition,ECO algorithm is derived to optimally fine tune the hyperparameters related to the LSTM model to enhance its detection efficiency in the cloud environment.Once the presented ECODL-IDSCS model is tested on benchmark dataset,the experimental results show the promising performance of the ECODL-IDSCS model over the existing IDS models.
基金support of National Natural Science Foundation of China(U1936213)Yunnan Provincial Natural Science Foundation,“Robustness analysis method and coupling mechanism of complex coupled network system”(202101AT070167)Yunnan Provincial Major Science and Technology Program,“Construction and application demonstration of intelligent diagnosis and treatment system for childhood diseases based on intelligent medical platform”(202102AA100021).
文摘With the advancement of network communication technology,network traffic shows explosive growth.Consequently,network attacks occur frequently.Network intrusion detection systems are still the primary means of detecting attacks.However,two challenges continue to stymie the development of a viable network intrusion detection system:imbalanced training data and new undiscovered attacks.Therefore,this study proposes a unique deep learning-based intrusion detection method.We use two independent in-memory autoencoders trained on regular network traffic and attacks to capture the dynamic relationship between traffic features in the presence of unbalanced training data.Then the original data is fed into the triplet network by forming a triplet with the data reconstructed from the two encoders to train.Finally,the distance relationship between the triples determines whether the traffic is an attack.In addition,to improve the accuracy of detecting unknown attacks,this research proposes an improved triplet loss function that is used to pull the distances of the same class closer while pushing the distances belonging to different classes farther in the learned feature space.The proposed approach’s effectiveness,stability,and significance are evaluated against advanced models on the Android Adware and General Malware Dataset(AAGM17),Knowledge Discovery and Data Mining Cup 1999(KDDCUP99),Canadian Institute for Cybersecurity Group’s Intrusion Detection Evaluation Dataset(CICIDS2017),UNSW-NB15,Network Security Lab-Knowledge Discovery and Data Mining(NSL-KDD)datasets.The achieved results confirmed the superiority of the proposed method for the task of network intrusion detection.
文摘With the continuous integration of new energy into the power grid,various new attacks continue to emerge and the feature distributions are constantly changing during the deployment of intelligent pumped storage power stations.The intrusion detection model trained on the old data is hard to effectively identify new attacks,and it is difficult to update the intrusion detection model in time when lacking data.To solve this issue,by using model-based transfer learning methods,in this paper we propose a convolutional neural network(CNN)based transfer online sequential extreme learning machine(TOS-ELM)scheme to enable the online intrusion detection,which is called CNN-TOSELM in this paper.In our proposed scheme,we use pre-trained CNN to extract the characteristics of the target domain data as input,and then build online learning classifier TOS-ELM to transfer the parameter of the ELM classifier of the source domain.Experimental results show the proposed CNNTOSELM scheme can achieve better detection performance and extremely short model update time for intelligent pumped storage power stations.
基金supported by Korea Institute for Advancement of Technology(KIAT)grant funded by theKoreaGovernment(MOTIE)(P0008703,The CompetencyDevelopment Program for Industry Specialist).
文摘Intrusion detection involves identifying unauthorized network activity and recognizing whether the data constitute an abnormal network transmission.Recent research has focused on using semi-supervised learning mechanisms to identify abnormal network traffic to deal with labeled and unlabeled data in the industry.However,real-time training and classifying network traffic pose challenges,as they can lead to the degradation of the overall dataset and difficulties preventing attacks.Additionally,existing semi-supervised learning research might need to analyze the experimental results comprehensively.This paper proposes XA-GANomaly,a novel technique for explainable adaptive semi-supervised learning using GANomaly,an image anomalous detection model that dynamically trains small subsets to these issues.First,this research introduces a deep neural network(DNN)-based GANomaly for semi-supervised learning.Second,this paper presents the proposed adaptive algorithm for the DNN-based GANomaly,which is validated with four subsets of the adaptive dataset.Finally,this study demonstrates a monitoring system that incorporates three explainable techniques—Shapley additive explanations,reconstruction error visualization,and t-distributed stochastic neighbor embedding—to respond effectively to attacks on traffic data at each feature engineering stage,semi-supervised learning,and adaptive learning.Compared to other single-class classification techniques,the proposed DNN-based GANomaly achieves higher scores for Network Security Laboratory-Knowledge Discovery in Databases and UNSW-NB15 datasets at 13%and 8%of F1 scores and 4.17%and 11.51%for accuracy,respectively.Furthermore,experiments of the proposed adaptive learning reveal mostly improved results over the initial values.An analysis and monitoring system based on the combination of the three explainable methodologies is also described.Thus,the proposed method has the potential advantages to be applied in practical industry,and future research will explore handling unbalanced real-time datasets in various scenarios.
文摘An intrusion detection system(IDS)becomes an important tool for ensuring security in the network.In recent times,machine learning(ML)and deep learning(DL)models can be applied for the identification of intrusions over the network effectively.To resolve the security issues,this paper presents a new Binary Butterfly Optimization algorithm based on Feature Selection with DRL technique,called BBOFS-DRL for intrusion detection.The proposed BBOFSDRL model mainly accomplishes the recognition of intrusions in the network.To attain this,the BBOFS-DRL model initially designs the BBOFS algorithm based on the traditional butterfly optimization algorithm(BOA)to elect feature subsets.Besides,DRL model is employed for the proper identification and classification of intrusions that exist in the network.Furthermore,beetle antenna search(BAS)technique is applied to tune the DRL parameters for enhanced intrusion detection efficiency.For ensuring the superior intrusion detection outcomes of the BBOFS-DRL model,a wide-ranging experimental analysis is performed against benchmark dataset.The simulation results reported the supremacy of the BBOFS-DRL model over its recent state of art approaches.
