Search Results (181)

The diverse usage of Unmanned Aerial Vehicles (UAVs) across commercial, military, and civil domains has significantly heightened the need for robust cybersecurity mechanisms. Given their reliance on wireless communications, real-time control systems, and sensor integration, UAVs are highly susceptible to cyber intrusions that can disrupt missions, compromise data integrity, or cause physical harm. This paper presents a comprehensive literature review of Intrusion Detection Systems (IDSs) that leverage artificial intelligence (AI) to enhance the security of UAV and UAV swarm environments. Through rigorous analysis of recent peer-reviewed publications, we have examined the studies in terms of AI model algorithm, dataset origin, deployment mode: centralized, distributed or federated. The classification also includes the detection strategy: online versus offline. Results show a dominant preference for centralized, supervised learning using standard datasets such as CICIDS2017, NSL-KDD, and KDDCup99, limiting applicability to real UAV operations. Deep learning (DL) methods, particularly Convolutional Neural Networks (CNNs), Long Short-term Memory (LSTM), and Autoencoders (AEs), demonstrate strong detection accuracy, but often under ideal conditions, lacking resilience to zero-day attacks and real-time constraints. Notably, emerging trends point to lightweight IDS models and federated learning frameworks for scalable, privacy-preserving solutions in UAV swarms. This review underscores key research gaps, including the scarcity of real UAV datasets, the absence of standardized benchmarks, and minimal exploration of lightweight detection schemes, offering a foundation for advancing secure UAV systems. Full article

Edge computing builds relevant services and applications on the edge server near the user side, which enables a faster service response. However, the lack of large-scale hardware resources leads to weak defense for edge devices. Therefore, proactive defense security mechanisms, such as Intrusion Detection Systems (IDSs), are widely deployed in edge computing. Unfortunately, most of those IDSs lack causal analysis capabilities and still suffer the threats from Advanced Persistent Threat (APT) attacks. To effectively detect APT attacks, we propose a heterogeneous graph neural networks threat detection model based on the provenance graph. Specifically, we leverage the powerful analysis and tracking capabilities of the provenance graph to model the long-term behavior of the adversary. Moreover, we leverage the predictive power of heterogeneous graph neural networks to embed the provenance graph by a node-level and semantic-level heterogeneous mutual attention mechanism. In addition, we also propose a provenance graph reduction algorithm based on the semantic similarity of graph substructures to improve the detection efficiency and accuracy of the model, which reduces and integrates redundant information by calculating the semantic similarity between substructures. The experimental results demonstrate that the prediction accuracy of our method reaches 99.8% on the StreamSpot dataset and achieves 98.13% accuracy on the NSL-KDD dataset. Full article

In this study, we introduce an enhanced hybrid Autoencoder–Dense–Transformer Neural Network (AE-DTNN) model for developing an effective intrusion detection system (IDS) aimed at improving the performance and robustness of threat detection strategies within a rapidly changing and increasingly complex network landscape. The Autoencoder component restructures network traffic data, while a stack of Dense layers performs feature extraction to generate more meaningful representations. The Transformer network then facilitates highly precise and comprehensive classification. Our strategy incorporates adaptive synthetic sampling (ADASYN) for both binary and multi-class classification tasks, complemented by the edited nearest neighbors (ENN) technique and the use of class weights to mitigate class imbalance issues. In experiments conducted on the NF-BoT-IoT-v2 dataset, the AE-DTNN-based IDS achieved outstanding performance, with 99.98% accuracy in binary classification and 98.30% in multi-class classification. On the NSL-KDD dataset, the model reached 98.57% accuracy for binary classification and 97.50% for multi-class classification. Additionally, the model attained 99.92% and 99.78% accuracy in binary and multi-class classification, respectively, on the CSE-CIC-IDS2018 dataset. These results demonstrate the exceptional effectiveness of the proposed model in contrast to conventional approaches, highlighting its strong potential to detect a broad range of network intrusions with high reliability. Full article

Internet of Things (IoT) applications and services have transformed the way people interact with their environment, enhancing comfort and quality of life. Additionally, Machine Learning (ML) approaches show significant promise for detecting intrusions in IoT environments. However, the high dimensionality, class imbalance, and complexity of network traffic—combined with the dynamic nature of sensor networks—pose substantial challenges to the development of efficient and effective detection algorithms. In this study, a multi-objective metaheuristic optimization approach, referred to as MOOIDS-IoT, is integrated with ML techniques to develop an intelligent cybersecurity system for IoT environments. MOOIDS-IoT combines a Genetic Algorithm (GA)-based feature selection technique with a multi-objective Particle Swarm Optimization (PSO) algorithm. PSO optimizes convergence speed, model complexity, and classification accuracy by dynamically adjusting the weights and thresholds of the deployed classifiers. Furthermore, PSO integrates Pareto-based multi-objective optimization directly into the particle swarm framework, extending conventional swarm intelligence while preserving a diverse set of non-dominated solutions. In addition, the GA reduces training time and eliminates redundancy by identifying the most significant input characteristics. The MOOIDS-IoT framework is evaluated using two lightweight models—MOO-PSO-XGBoost and MOO-PSO-RF—across two benchmark datasets, namely the NSL-KDD and CICIoT2023 datasets. On CICIoT2023, MOO-PSO-RF obtains 91.42% accuracy, whereas MOO-PSO-XGBoost obtains 98.38% accuracy. In addition, both models perform well on NSL-KDD (MOO-PSO-RF: 99.66% accuracy, MOO-PSO-XGBoost: 98.46% accuracy). The proposed approach is particularly appropriate for IoT applications with limited resources, where scalability and model efficiency are crucial considerations. Full article

Resource-constrained Internet of Things (IoT) devices demand efficient and robust intrusion detection systems (IDSs) to counter evolving cyber threats. The traditional IDS models, however, struggle with high computational complexity and inadequate feature extraction, limiting their accuracy and generalizability in IoT environments. To address this, we propose FFT-RDNet, a lightweight IDS framework leveraging depthwise separable convolution and frequency-domain feature fusion. An ADASYN-Tomek Links hybrid strategy first addresses class imbalances. The core innovation of FFT-RDNet lies in its novel two-dimensional spatial feature modeling approach, realized through a dedicated dual-path feature embedding module. One branch extracts discriminative statistical features in the time domain, while the other branch transforms the data into the frequency domain via Fast Fourier Transform (FFT) to capture the essential energy distribution characteristics. These time–frequency domain features are fused to construct a two-dimensional feature space, which is then processed by a streamlined residual network using depthwise separable convolution. This network effectively captures complex periodic attack patterns with minimal computational overhead. Comprehensive evaluation on the NSL-KDD and CIC-IDS2018 datasets shows that FFT-RDNet outperforms state-of-the-art neural network IDSs across accuracy, precision, recall, and F1 score (improvements: 0.22–1%). Crucially, it achieves superior accuracy with a significantly reduced computational complexity, demonstrating high efficiency for resource-constrained IoT security deployments. Full article

The emergence of the Internet of Vehicles (IoV) has revolutionized intelligent transportation and communication systems. However, IoV presents many complex and ever-changing security challenges and thus requires robust cybersecurity protocols. This paper comprehensively describes and evaluates ensemble learning approaches for multi-class intrusion detection systems in the IoV environment. The study evaluates several approaches, such as stacking, voting, boosting, and bagging. A comprehensive review of the literature spanning 2020 to 2025 reveals important trends and topics that require further investigation and the relative merits of different ensemble approaches. The NSL-KDD, CICIDS2017, and UNSW-NB15 datasets are widely used to evaluate the performance of Ensemble Learning-Based Intrusion Detection Systems (ELIDS). ELIDS evaluation is usually carried out using some popular performance metrics, including Precision, Accuracy, Recall, F1-score, and Area Under Receiver Operating Characteristic Curve (AUC-ROC), which were used to evaluate and measure the effectiveness of different ensemble learning methods. Given the increasing complexity and frequency of cyber threats in IoV environments, ensemble learning methods such as bagging, boosting, and stacking enhance adaptability and robustness. These methods aggregate multiple learners to improve detection rates, reduce false positives, and ensure more resilient intrusion detection models that can evolve alongside emerging attack patterns. Full article

Deep neural networks (DNNs) are highly effective for intrusion detection systems (IDS) due to their ability to learn complex patterns and detect potential anomalies within the systems. However, their high resource consumption requirements including memory and computation make them difficult to deploy on low-powered platforms. This study explores the possibility of using knowledge distillation (KD) to reduce constraints such as power and hardware consumption and improve real-time inference speed but maintain high detection accuracy in IDS across all attack types. The technique utilizes the transfer of knowledge from DNNs (teacher) models to more lightweight shallow neural network (student) models. KD has been proven to achieve significant parameter reduction (92–95%) and faster inference speed (7–11%) while improving overall detection performance (up to 6.12%). Experimental results on datasets such as NSL-KDD, UNSW-NB15, CIC-IDS2017, IoTID20, and UAV IDS demonstrate DNN with KD’s effectiveness in achieving high accuracy, precision, F1 score, and area under the curve (AUC) metrics. These findings confirm KD’s ability as a potential edge computing strategy for IoT and UAV devices, which are suitable for resource-constrained environments and lead to real-time anomaly detection for next-generation distributed systems. Full article

In today’s increasingly interconnected digital world, cyber threats have grown in frequency and sophistication, making intrusion detection systems a critical component of modern cybersecurity frameworks. Traditional IDS methods, often based on static signatures and rule-based systems, are no longer sufficient to detect and respond to complex and evolving attacks. To address these challenges, Artificial Intelligence and machine learning have emerged as powerful tools for enhancing the accuracy, adaptability, and automation of IDS solutions. This study presents a novel, hybrid ensemble learning-based intrusion detection framework that integrates deep learning and traditional ML algorithms with explainable artificial intelligence for real-time cybersecurity applications. The proposed model combines an Artificial Neural Network and Support Vector Machine as base classifiers and employs a Random Forest as a meta-classifier to fuse predictions, improving detection performance. Recursive Feature Elimination is utilized for optimal feature selection, while SHapley Additive exPlanations (SHAP) provide both global and local interpretability of the model’s decisions. The framework is deployed using a Flask-based web interface in the Amazon Elastic Compute Cloud environment, capturing live network traffic and offering sub-second inference with visual alerts. Experimental evaluations using the NSL-KDD dataset demonstrate that the ensemble model outperforms individual classifiers, achieving a high accuracy of 99.40%, along with excellent precision, recall, and F1-score metrics. This research not only enhances detection capabilities but also bridges the trust gap in AI-powered security systems through transparency. The solution shows strong potential for application in critical domains such as finance, healthcare, industrial IoT, and government networks, where real-time and interpretable threat detection is vital. Full article

Due to domain variability and developing attack tactics, intrusion detection in heterogeneous and dynamic IoT systems is still a crucial challenge. For cross-domain intrusion detection, this paper proposes a novel algorithm, X-FuseRLSTM, a dual-path feature fusion framework that is attention guided and coupled with a residual LSTM architecture. The proposed algorithm is the combination of four major steps: first, feature extraction using deep encoder and sparse transformer; second, feature fusion of the extracted features and reducing the fused features; third, the classification model; and last, explainable artificial intelligence (XAI). The classification model used is a deep neural network and residual long short-term memory (RLSTM). The model effectively incorporates both spatial and temporal correlations in network traffic data, which improves its detection capability. The model predictions are explained using the XAI techniques. Extensive experiments on datasets including TON_IoT Network, NSL-KDD, and CICIoMT 2024 with both 19-class and 6-class variations show that X-FuseRLSTM achieves the highest accuracy of 99.40% on network, 99.72% on NSL-KDD, and 97.66% for 19-class and 98.05% for 6-class on CICIoMT 2024 datasets. The suggested method is appropriate for practical IoT security applications since it provides strong domain generalization and explainability while preserving computational efficiency. Full article

With the advancement of network communication technology and Internet of Everything (IoE) technology, which connects all edge devices to the internet, the network traffic generated in various platform environments is rapidly increasing. The increase in network traffic makes it more difficult for the detection system to analyze and detect malicious network traffic generated by malware or intruders. Additionally, processing high-dimensional network traffic data requires substantial computational resources, limiting real-time detection capabilities in practical deployments. Artificial intelligence (AI) algorithms have been widely used to detect malicious traffic, but most previous work focused on improving accuracy with various AI algorithms. Many existing methods, in pursuit of high accuracy, directly utilize the extensive raw features inherent in network traffic. This often leads to increased computational overhead and heightened complexity in detection models, potentially degrading overall system performance and efficiency. Furthermore, high-dimensional data often suffers from the curse of dimensionality, where the sparsity of data in high-dimensional space leads to overfitting, poor generalization, and increased computational complexity. This paper focused on feature engineering instead of AI algorithm selections, presenting an approach that uniquely balances detection accuracy with computational efficiency through strategic dimensionality reduction. For feature engineering, two jobs were performed: feature representations and feature analysis and selection. With effective feature engineering, we can reduce system resource consumption in the training period while maintaining high detection accuracy. We implemented a malicious network traffic detection framework based on Convolutional Neural Network (CNN) with our feature engineering techniques. Unlike previous approaches that use one-hot encoding, which increases dimensionality, our method employs label encoding and information gain to preserve critical information while reducing feature dimensions. The performance of the implemented framework was evaluated using the NSL-KDD dataset, which is the most widely used for intrusion detection system (IDS) performance evaluation. As a result of the evaluation, our framework maintained high classification accuracy while improving model training speed by approximately 17.47% and testing speed by approximately 19.44%. This demonstrates our approach’s ability to achieve a balanced performance, enhancing computational efficiency without sacrificing detection accuracy—a critical challenge in intrusion detection systems. With the reduced features, we achieved classification results of a precision of 0.9875, a recall of 0.9930, an F1-score of 0.9902, and an accuracy of 99.06%, with a false positive rate of 0.65%. Full article

Intrusion prevention and classification are common in the research field of cyber security. Models built from training data may fail to prevent or classify intrusions accurately if the dataset is imbalanced. Most researchers employ SMOTE to balance the dataset. SMOTE in turn fails to address the constraints associated with the dataset, such as diverse data types, preserving the data distribution, capturing non-linear relationships, and preserving oversampling noise. The novelty of this work is in addressing the issues associated with data distribution and SMOTE by employing Conditional Tabular Generative Adversarial Networks (CTGANs) on NSL_KDD and UNSW_NB15 datasets. The balanced input corpus is fed into the CNN model to predict the intrusion. The CNN model involves two convolution layers, max-pooling, ReLU as the activation layer, and a dense layer. The proposed work employs measures such as accuracy, recall, precision, specificity and F1-score for measuring the model performance. The study shows that CTGAN improves the intrusion detection rate. This research highlights the high-quality synthetic samples generated by CTGAN that significantly enhance CNN-based intrusion detection performance on imbalance datasets. This demonstrates the potential for deploying GAN-based oversampling techniques in real-world cybersecurity systems to improve detection accuracy and reduce false negatives. Full article

Network intrusion datasets often face class imbalance issues in intrusion detection tasks, where the number of majority class samples is much higher than minority class samples. Current solutions face notable limitations: traditional normalization weakens the multimodal distribution of continuous features, while mainstream generative models focus excessively on minority class mining while neglecting majority class information. To address these issues, we propose M2M-VAEGAN, which innovatively incorporates a Variational Gaussian Mixture (VGM) model to preserve multimodal characteristics of continuous features. We design a transfer learning framework, pre-training on majority classes to capture general attack patterns, followed by fine-tuning with balanced batches of majority and minority samples to prevent catastrophic forgetting. Additionally, we enhance the VAEGAN architecture with an auxiliary classifier to strengthen conditional information learning. On the NSL-KDD and CIC-IDS2017 datasets, M2M-VAEGAN outperforms methods such as SMOTE, CTGAN, and CTABGAN, achieving a 1.25% to 6.42% improvement in minority class recall. These results demonstrate the effectiveness of the proposed approach. Full article

Advanced Metering Infrastructure (AMI), as a critical data collection and communication hub within the smart grid architecture, is highly vulnerable to network intrusions due to its open bidirectional communication network. A significant challenge in AMI traffic data is the severe class imbalance, where existing methods tend to favor majority class samples while neglecting the detection of minority class attacks, thereby undermining the overall reliability of the detection system. Additionally, current approaches exhibit limitations in spatiotemporal feature extraction, failing to effectively capture the complex dependencies within network traffic data. In terms of global dependency modeling, existing models struggle to dynamically adjust key features, impacting the efficiency and accuracy of intrusion detection and response. To address these issues, this paper proposes an innovative hybrid deep learning model, AS-TBR, for AMI intrusion detection in smart grids. The proposed model incorporates the Adaptive Synthetic Sampling (ADASYN) technique to mitigate data imbalance, thereby enhancing the detection accuracy of minority class samples. Simultaneously, Transformer is leveraged to capture global temporal dependencies, BiGRU is employed to model bidirectional temporal relationships, and ResNet is utilized for deep spatial feature extraction. Experimental results demonstrate that the AS-TBR model achieves an accuracy of 93% on the UNSW-NB15 dataset and 80% on the NSL-KDD dataset. Furthermore, it outperforms baseline models in terms of precision, recall, and other key evaluation metrics, validating its effectiveness and robustness in AMI intrusion detection. Full article

An enormous number of the Internet of Things (IoT) applications and their networks have significantly impacted people’s lives in diverse situations. With the increasing adoption of these applications in various sectors, ensuring reliability and security has become a critical concern. Moreover, the network that interconnected IoT devices uses advanced communications norms and technologies to capture and transmit data. Still, these networks are subject to various types of attacks that will lead to the loss of user data. Concurrently, the field of anomaly detection for the Internet of Things (IoT) is experiencing rapid expansion. This expansion requires a thorough analysis of application trends and existing gaps. Furthermore, it is critical in detecting interesting phenomena such as device damage and unknown events. However, this task is tough due to the unpredictable nature of anomalies and the complexity of the environment. This paper offers a technique that uses an autoencoder neural network to identify anomalous network communications in IoT networks. More specifically, we propose and implement a model that uses DAE (deep autoencoder) to detect and classify the network data, with an ANOVA F-Test for the feature selection. The proposed model is validated using the NSL-KDD dataset. Compared to some IoT-based anomaly detection models, the experimental results reveal that the suggested model is more efficient at enhancing the accuracy of detecting malicious data. The simulation results show that it works better, with an overall accuracy rate of 85% and 92% successively for the binary and multi-class classifications. Full article

Network Intrusion Detection Systems (NIDS) often suffer from severe class imbalance, where minority attack types are underrepresented, leading to degraded detection performance. To address this challenge, we propose a novel augmentation framework that integrates Soft Nearest Neighbor Loss (SNNL) into Generative Adversarial Networks (GANs), including WGAN, CWGAN, and WGAN-GP. Unlike traditional oversampling methods (e.g., SMOTE, ADASYN), our approach improves feature-space alignment between real and synthetic samples, enhancing classifier generalization on rare classes. Experiments on NSL-KDD, CSE-CIC-IDS2017, and CSE-CIC-IDS2018 show that SNNL-augmented GANs consistently improve minority-class F1-scores without degrading overall accuracy or majority-class performance. UMAP visualizations confirm that SNNL produces more compact and class-consistent sample distributions. We also evaluate the computational overhead, finding the added cost moderate. These results demonstrate the effectiveness and practicality of SNNL as a general enhancement for GAN-based data augmentation in imbalanced NIDS tasks. Full article