Top Research Papers on Intrusion Detection System

A multitiered hybrid IDS that incorporates a signature- based IDS and an anomaly-based IDS is proposed to detect both known and unknown attacks on vehicular networks, and experimental results illustrate the feasibility of implementing the proposed system in real-time vehicle systems.

This survey reviews the state of the art in explainable AI (XAI) for IDS, its current challenges, and discusses how these challenges span to the design of an X-IDS, and proposes a generic architecture that considers human-in-the-loop which can be used as a guideline when designing anX-IDS.

Passban is presented, an intelligent intrusion detection system (IDS) able to protect the IoT devices that are directly connected to it that can be deployed directly on very cheap IoT gateways, taking full advantage of the edge computing paradigm to detect cyber threats as close as possible to the corresponding data sources.

A DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion Detection System.

Intrusion Detection Systems (IDS) plays a part in modern cyber security, as a result of the increasing need for cyber security systems in the “real” world due to the increasing number of cyber attacks, more sophisticated systems are required in order to prevent these attacks - an IDS can provide this protection. Due to the sophistication of these systems, they must be properly understood, developed and analyzed - research papers can be used as a tool to improve IDS systems. This paper is composed of two main sections: a survey and a taxonomy, providing information, reviews ...

This paper proposes an algorithm-level approach called Improved Siam-IDS (I-SiamIDS), which is a two-layer ensemble for handling class imbalance problem and showed significant improvement in terms of Accuracy, Recall, Precision, F1-score and values of Area Under the Curve (AUC) for both NSL-KDD and CIDDS-001 datasets.

A novel Imbalanced Generative Adversarial Network (IGAN) to tackle the class imbalance problem is proposed, and an IGAN-based Intrusion Detection System is established to cope with class-imbalanced intrusion detection.

A network intrusion detection system is critical for cyber security against illegitimate attacks. In terms of feature perspectives, network traffic may include a variety of elements such as attack reference, attack type, a sub-category of attack, host information, malicious scripts, etc. In terms of network perspectives, network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic. It is challenging to identify a specific attack due to complex features and data imbalance issues. To address these issues, this paper proposes an Intrusion Detection System us...

The proposed Siam-IDS is able to detect R2L and U2R attacks without using traditional class balancing techniques such as oversampling and random undersampling, and was compared with existing IDSs developed using DL techniques namely Deep Neural Network (DNN) and Convolutional Neural network (CNN).

This paper proposes an IDS named SwiftIDS, which is capable of both analyzing massive traffic data in high-speed networks timely and keeping satisfactory detection performance, and takes advantage of LightGBM’s effective detection performance to simplify the data preprocessing.

A novel mobile agent based intrusion detection system to secure the network of connected medical devices is designed and developed, which is hierarchical, autonomous, and employs machine learning and regression algorithms to detect network level intrusions as well as anomalies in sensor data.

The mission of an intrusion detection system (IDS) is to monitor network activities and assess whether or not they are malevolent. Specifically, anomaly-based IDS can discover irregular activities by discriminating between normal and anomalous deviations. Nonetheless, existing strategies for detecting anomalies generally rely on single classification models that are still incapable of reducing the false alarm rate and increasing the detection rate. This study introduces a dual ensemble model by combining two existing ensemble techniques, such as bagging and gradient boosting decision tree (GBD...

A hybrid deep learning (DL) model for cyber attack detection in IoV is proposed based on long short-term memory (LSTM) and gated recurrent unit (GRU) and the experimental results demonstrate that the proposed algorithm achieves higher attack detection accuracy.

An optimal convolutional neural network and long short-term memory network (CNN-LSTM) model, normalized UTF-8 character encoding for Spatial Feature Learning (SFL) to adequately extract the characteristics of real-time HTTP traffic without encryption, calculating entropy, and compression is proposed.

How deep learning or deep neural networks can facilitate flexible IDS with learning capability to detect recognized and new or zero-day network behavioral features, consequently ejecting the systems intruder and reducing the risk of compromise is proposed.

This article gives a thorough overview of recent literature regarding neural networks usage in intrusion detection system area, including surveys and new method proposals.

The high quality feature set obtained by the three-layered feature construction using the GA, FCM, CNN extractor, and a hybrid CNN and BG learning method significantly improves the final detection performance.

This scientific review study presents a road map for researchers and industry employees who focus on IDSs and investigates new attack types, protection mechanisms, and recent scientific studies that have been made in this area.

This work presents an in-depth analysis of attacks exploiting IEC–61850 substations and recent research efforts for detecting and preventing them, and presents an original taxonomy comprising design and evaluation aspects for substation-specific Intrusion Detection Systems.

Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network than conventional machine learning and deep learning model.

This work is unique in the intrusion detection field, presenting the first use of the SHAP method to give explanations for IDSs, and the different interpretations between different kinds of classifiers can also help security experts better design the structures of theIDSs.

The increasing number of security attacks have inspired researchers to employ various classifiers, such as support vector machines (SVMs), to deal with them in Intrusion detection systems (IDSs). This paper presents a comprehensive study and investigation of the SVM-based intrusion detection and feature selection systems proposed in the literature. It first presents the essential concepts and background knowledge about security attacks, IDS, and SVM classifiers. It then provides a taxonomy of the SVM-based IDS schemes and describes how they have adapted numerous types of SVM classifiers in det...

A new XAI-based framework to give explanations to any critical DL-based decisions for IoT-related IDSs to improve the interpretability of the IoT IDS against well-known IoT attacks, and help the cybersecurity experts get a better understanding of IDS decisions.

An Intrusion Detection System (IDS) founded on the fusion of a Jumping Gene adapted NSGA-II multi-objective optimization method for data dimension reduction and the Convolutional Neural Network integrating Long Short-Term Memory (LSTM) deep learning techniques for classifying the attack is proposed.

A review of the research trends in network-based intrusion detection systems (NIDS), their approaches, and the most common datasets used to evaluate IDS Models is presented.

An approach to develop efficient IDS by using the principal component analysis (PCA) and the random forest classification algorithm and results obtained states that the proposed approach works more efficiently in terms of accuracy as compared to other techniques like SVM, Naive Bayes, and Decision Tree.

This paper presents a comprehensive investigation of the fuzzy misuse detection schemes designed using various machine learning and data mining techniques to deal with different kinds of intrusions.

A Robust Transformer-based Intrusion Detection System (RTIDS) reconstructing feature representations to make a trade-off between dimensionality reduction and feature retention in imbalanced datasets is proposed.

A novel Software-Defined Networking-orchestrated Deep Learning approach to design an intelligent Intrusion Detection System (IDS) for smart CE network and the simulations results support the validation of the proposed approach over some recent state-of-the-art security solutions and confirms it a phenomenal choice for next-generation smart CE network.

A federated deep learning-based intrusion detection framework (FED-IDS) to efficiently detect attacks by offloading the learning process from servers to distributed vehicular edge nodes and reveals the credibility of securing networks of intelligent transportation systems against cyber-attacks.

A light weight IDS based on information gain and Multi-layer perceptron Neural Network suitable for real time intrusion detection is presented.

An in-depth survey and classification of deep learning-based intrusion detection schemes is put forward and describes how deep learning networks are utilized in the intrusion detection process to recognize intrusions accurately.

This article designs a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS.

Internet of Things (IoT) is suffered from different types of attacks due to vulnerability present in devices. Due to many IoT network traffic features, the machine learning models take time to detect attacks. This paper proposes a feature selection for intrusion detection systems (IDSs) using Information Gain (IG) and Gain Ratio (GR) with the ranked top 50% features for the detection of DoS and DDoS attacks. The proposed system obtains feature subsets using insertion and union operations on subsets obtained by the ranked top 50% IG and GR features. The proposed method is evaluated and validate...

‘Curse of dimensionality’ and the trade-off between low false alarm rate and high detection rate are the major concerns while designing an efficient intrusion detection system. In this study, we propose a hybrid framework comprising deep auto-encoder (AE) with the long short term memory (LSTM) and the bidirectional long short term memory (Bi-LSTM) for intrusion detection system by obtaining optimal features using AE and then LSTMs for classification into normal and anomaly samples. The performance of the proposed models is evaluated on the well-known dataset NSL-KDD in terms of error indices i...

An ensemble-based intrusion detection model that combines logistic regression, naive Bayes, and decision tree have been deployed with voting classifier after analyzing model’s performance with some prominent existing state-of-the-art techniques and results illustrate significant improvement in terms of accuracy as compared to existing models.

This article discusses the security of AI models, necessary steps to develop AI-based IDSs in the CAN bus, identifies the limitations of existing proposals, and gives recommendations for future research directions.

This paper introduces Realguard, an DNN-based network intrusion detection system (NIDS) directly operated on local gateways to protect IoT devices within the network and can accurately detect multiple cyber attacks in real time with a small computational footprint.

In recent times, Network-based Intrusion Detection Systems (NIDSs) have become very popular for detecting intrusions in computer networks. Existing NIDSs can easily identify those intrusions that have been frequently witnessed in the network (majority attacks), but they cannot identify new and infrequent intrusions (minority attacks) accurately. Moreover, such systems solely focus on maximizing the overall Attack Detection Rate while overlooking the number of false alarms. To address these issues, this paper proposes CSE-IDS, a three-layer NIDS, based on Cost-Sensitive Deep Learning and Ensemb...

The Internet of Things (IoT) is emerging as a new technology for the development of various critical applications. However, these applications are still working on centralized storage architecture and have various key challenges like privacy, security, and single point of failure. Recently, the blockchain technology has emerged as a backbone for the IoT-based application development. The blockchain can be leveraged to solve privacy, security, and single point of failure (third-part dependency) issues of IoT applications. The integration of blockchain with IoT can benefit both individual and so...