To see the other types of publications on this topic, follow the link: CIC-IDS 2017 dataset.
Journal articles on the topic 'CIC-IDS 2017 dataset'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'CIC-IDS 2017 dataset.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Imene, BENSID, Dr MAHIMOUD Aissa, and Dr BOUDJADJA Rafik. "Analyzing and Exploring CIC-IDS 2017 Dataset." International Journal of Political Science 9, no. 1 (2023): 10–15. http://dx.doi.org/10.20431/2454-9452.0901002.
Full text
2
Imene, BENSID, Dr MAHIMOUD Aissa, and Dr BOUDJADJA Rafik. "Analyzing and Exploring CIC-IDS 2017 Dataset." International Journal of Research Studies in Computer Science and Engineering 9, no. 1 (2023): 10–15. http://dx.doi.org/10.20431/2349-4859.0901002.
Full text
3
Yulianto, Arif, Parman Sukarno, and Novian Anggis Suwastika. "Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset." Journal of Physics: Conference Series 1192 (March 2019): 012018. http://dx.doi.org/10.1088/1742-6596/1192/1/012018.
Full text
4
Mohammad, Rasheed, Faisal Saeed, Abdulwahab Ali Almazroi, Faisal S. Alsubaei, and Abdulaleem Ali Almazroi. "Enhancing Intrusion Detection Systems Using a Deep Learning and Data Augmentation Approach." Systems 12, no. 3 (2024): 79. http://dx.doi.org/10.3390/systems12030079.
Full textAbstract:
Cybersecurity relies heavily on the effectiveness of intrusion detection systems (IDSs) in securing business communication because they play a pivotal role as the first line of defense against malicious activities. Despite the wide application of machine learning methods for intrusion detection, they have certain limitations that might be effectively addressed by leveraging different deep learning architectures. Furthermore, the evaluation of the proposed models is often hindered by imbalanced datasets, limiting a comprehensive assessment of model efficacy. Hence, this study aims to address these challenges by employing data augmentation methods on four prominent datasets, the UNSW-NB15, 5G-NIDD, FLNET2023, and CIC-IDS-2017, to enhance the performance of several deep learning architectures for intrusion detection systems. The experimental results underscored the capability of a simple CNN-based architecture to achieve highly accurate network attack detection, while more complex architectures showed only marginal improvements in performance. The findings highlight how the proposed methods of deep learning-based intrusion detection can be seamlessly integrated into cybersecurity frameworks, enhancing the ability to detect and mitigate sophisticated network attacks. The outcomes of this study have shown that the intrusion detection models have achieved high accuracy (up to 91% for the augmented CIC-IDS-2017 dataset) and are strongly influenced by the quality and quantity of the dataset used.
5
Nitin W. Wanhade. "Accelerating Intrusion Detection Dataset Analysis- A Framework Using AutoGen Agents for CIC-IDS 2017." Journal of Information Systems Engineering and Management 10, no. 5s (2025): 671–81. https://doi.org/10.52783/jisem.v10i5s.758.
Full textAbstract:
An IDS is a vital component in securing any network, however, the practical operation of an IDC is often dependent upon reasonable response times for the data with a huge volume. In this paper, we attempt to enhance the analysis of the CIC-IDS 2017 dataset using AutoGen, a deep learning model framework related to state-of-the-art. AutoGen performs a lot of the work automatically without requiring human intervention bottlenecks such as data preprocessing, feature engineering, or even model training thus saving a lot of time and work when developing an IDS. We compared the performance of AutoGen against prompt-based language models by focusing on task completion metrics along with three additional metrics: Humane Evaluation score, time taken, and resource overhead. The results exhibited that AutoGen is far superior to conventional ones in every way possible. In summary, the findings of this study demonstrate AutoGen’s popularity for the future of intrusion detection through its data analysis function in the bias of the entire system performance parameter.
6
Gutiérrez-Galeano, Leopoldo, Juan-José Domínguez-Jiménez, Jörg Schäfer, and Inmaculada Medina-Bulo. "LLM-Based Cyberattack Detection Using Network Flow Statistics." Applied Sciences 15, no. 12 (2025): 6529. https://doi.org/10.3390/app15126529.
Full textAbstract:
Cybersecurity is a growing area of research due to the constantly emerging new types of cyberthreats. Tools and techniques exist to keep systems secure against certain known types of cyberattacks, but are insufficient for others that have recently appeared. Therefore, research is needed to design new strategies to deal with new types of cyberattacks as they arise. Existing tools that harness artificial intelligence techniques mainly use artificial neural networks designed from scratch. In this paper, we present a novel approach for cyberattack detection using an encoder–decoder pre-trained Large Language Model (T5), fine-tuned to adapt its classification scheme for the detection of cyberattacks. Our system is anomaly-based and takes statistics of already finished network flows as input. This work makes significant contributions by introducing a novel methodology for adapting its original task from natural language processing to cybersecurity, achieved by transforming numerical network flow features into a unique abstract artificial language for the model input. We validated the robustness of our detection system across three datasets using undersampling. Our model achieved consistently high performance across all evaluated datasets. Specifically, for the CIC-IDS-2017 dataset, we obtained an accuracy, precision, recall, and F-score of more than 99.94%. For CSE-CIC-IDS-2018, these metrics exceeded 99.84%, and for BCCC-CIC-IDS-2017, they were all above 99.90%. These results collectively demonstrate superior performance for cyberattack detection, while maintaining highly competitive false-positive rates and false-negative rates. This efficacy is achieved by relying exclusively on real-world network flow statistics, without the need for synthetic data generation.
7
Ji, Changpeng, Haofeng Yu, and Wei Dai. "Network Traffic Anomaly Detection Based on Spatiotemporal Feature Extraction and Channel Attention." Processes 12, no. 7 (2024): 1418. http://dx.doi.org/10.3390/pr12071418.
Full textAbstract:
To overcome the challenges of feature selection in traditional machine learning and enhance the accuracy of deep learning methods for anomaly traffic detection, we propose a novel method called DCGCANet. This model integrates dilated convolution, a GRU, and a Channel Attention Network, effectively combining dilated convolutional structures with GRUs to extract both temporal and spatial features for identifying anomalous patterns in network traffic. The one-dimensional dilated convolution (DC-1D) structure is designed to expand the receptive field, allowing for comprehensive traffic feature extraction while minimizing information loss typically caused by pooling operations. The DC structure captures spatial dependencies in the data, while the GRU processes time series data to capture dynamic traffic changes. Furthermore, the channel attention (CA) module assigns importance-based weights to features in different channels, enhancing the model’s representational capacity and improving its ability to detect abnormal traffic. DCGCANet achieved an accuracy rate of 99.6% on the CIC-IDS-2017 dataset, outperforming other algorithms. Additionally, the model attained precision, recall, and F1 score rates of 99%. The generalization capability of DCGCANet was validated on a subset of CIC-IDS-2017, demonstrating superior detection performance and robust generalization potential.
8
Jinsi, Jose, and V. Jose Deepa. "Deep learning algorithms for intrusion detection systems in internet of things using CIC-IDS 2017 dataset." International Journal of Electrical and Computer Engineering (IJECE) 13, no. 1 (2023): 1134–41. https://doi.org/10.11591/ijece.v13i1.pp1134-1141.
Full textAbstract:
Due to technological advancements in recent years, the availability and usage of smart electronic gadgets have drastically increased. Adoption of these smart devices for a variety of applications in our day-to-day life has become a new normal. As these devices collect and store data, which is of prime importance, securing is a mandatory requirement by being vigilant against intruders. Many traditional techniques are prevailing for the same, but they may not be a good solution for the devices with resource constraints. The impact of artificial intelligence is not negligible in this concern. This study is an attempt to understand and analyze the performance of deep learning algorithms in intrusion detection. A comparative analysis of the performance of deep neural network, convolutional neural network, and long short-term memory using the CIC-IDS 2017 dataset.
9
Jose, Jinsi, and Deepa V. Jose. "Deep learning algorithms for intrusion detection systems in internet of things using CIC-IDS 2017 dataset." International Journal of Electrical and Computer Engineering (IJECE) 13, no. 1 (2023): 1134. http://dx.doi.org/10.11591/ijece.v13i1.pp1134-1141.
Full textAbstract:
Due to technological advancements in recent years, the availability and usage of smart electronic gadgets have drastically increased. Adoption of these smart devices for a variety of applications in our day-to-day life has become a new normal. As these devices collect and store data, which is of prime importance, securing is a mandatory requirement by being vigilant against intruders. Many traditional techniques are prevailing for the same, but they may not be a good solution for the devices with resource constraints. The impact of artificial intelligence is not negligible in this concern. This study is an attempt to understand and analyze the performance of deep learning algorithms in intrusion detection. A comparative analysis of the performance of deep neural network, convolutional neural network, and long short-term memory using the CIC-IDS 2017 dataset.
10
Mao, Junyi, Xiaoyu Yang, Bo Hu, Yizhen Lu, and Guangqiang Yin. "Intrusion Detection System Based on Multi-Level Feature Extraction and Inductive Network." Electronics 14, no. 1 (2025): 189. https://doi.org/10.3390/electronics14010189.
Full textAbstract:
With the rapid development of the internet, network security threats are becoming increasingly complex and diverse, making traditional intrusion detection systems (IDSs) inadequate for handling the growing variety of sophisticated attacks. In particular, traditional methods based on rule matching and manual feature extraction demonstrate significant limitations in dealing with small samples and unknown attacks. This paper proposes an intrusion detection system based on multi-level feature extraction and inductive learning (MFEI-IDS) to address these challenges. The model innovatively integrates Fully Convolutional Networks (FCNs) with the Transformer architecture (FCN–Transformer) for feature extraction and utilizes an inductive learning component for efficient classification. The FCN–Transformer Encoder extracts multi-level features from raw network traffic, capturing local spatial patterns and global temporal dependencies, significantly enhancing the representation of network traffic while reducing reliance on manual feature engineering. The inductive learning module employs a dynamic routing mechanism to map sample feature vectors into robust class vector representations, achieving superior generalization when detecting unseen attack types. Compared to existing FCN–Transformer models, MFEI-IDS incorporates inductive learning to handle data imbalance and small-sample scenarios. Experiments on ISCX 2012 and CIC-IDS 2017 datasets show that MFEI-IDS outperforms mainstream IDS methods in accuracy, precision, recall, and F1-score, excelling in cross-dataset validation and demonstrating strong generalization capabilities. These results validate the practical potential of MFEI-IDS in small-sample learning, unknown attack detection, and dynamic network environments.
11
Sayegh, Hussein Ridha, Wang Dong, Bahaa Hussein Taher, Muhanad Mohammed Kadum, and Ali Mansour Al-madani. "Optimal intrusion detection for imbalanced data using Bagging method with deep neural network optimized by flower pollination algorithm." PeerJ Computer Science 11 (March 17, 2025): e2745. https://doi.org/10.7717/peerj-cs.2745.
Full textAbstract:
As the number of connected devices and Internet of Things (IoT) devices grows, it is becoming more and more important to develop efficient security mechanisms to manage risks and vulnerabilities in IoT networks. Intrusion detection systems (IDSs) have been developed and implemented in IoT networks to discern between regular network traffic and potential malicious attacks. This article proposes a new IDS based on a hybrid method of metaheuristic and deep learning techniques, namely, the flower pollination algorithm (FPA) and deep neural network (DNN), with an ensemble learning paradigm. To handle the problem of imbalance class distribution in intrusion datasets, a roughly-balanced (RB) Bagging strategy is utilized, where DNN models trained by FPA on a cost-sensitive fitness function are used as base learners. The RB Bagging strategy derives multiple RB training subsets from the original dataset and proper class weights are incorporated into the fitness function to attain unbiased DNN models. The performance of our IDS is evaluated using four commonly utilized public datasets, NSL-KDD, UNSW NB-15, CIC-IDS-2017, and BoT-IoT, in terms of different metrics, i.e., accuracy, precision, recall, and F1-score. The results demonstrate that our IDS outperforms existing ones in accurately detecting network intrusions with effective handling of class imbalance problem.
12
Ullah, Safi, Muazzam A. Khan, Jawad Ahmad, et al. "HDL-IDS: A Hybrid Deep Learning Architecture for Intrusion Detection in the Internet of Vehicles." Sensors 22, no. 4 (2022): 1340. http://dx.doi.org/10.3390/s22041340.
Full textAbstract:
Internet of Vehicles (IoV) is an application of the Internet of Things (IoT) network that connects smart vehicles to the internet, and vehicles with each other. With the emergence of IoV technology, customers have placed great attention on smart vehicles. However, the rapid growth of IoV has also caused many security and privacy challenges that can lead to fatal accidents. To reduce smart vehicle accidents and detect malicious attacks in vehicular networks, several researchers have presented machine learning (ML)-based models for intrusion detection in IoT networks. However, a proficient and real-time faster algorithm is needed to detect malicious attacks in IoV. This article proposes a hybrid deep learning (DL) model for cyber attack detection in IoV. The proposed model is based on long short-term memory (LSTM) and gated recurrent unit (GRU). The performance of the proposed model is analyzed by using two datasets—a combined DDoS dataset that contains CIC DoS, CI-CIDS 2017, and CSE-CIC-IDS 2018, and a car-hacking dataset. The experimental results demonstrate that the proposed algorithm achieves higher attack detection accuracy of 99.5% and 99.9% for DDoS and car hacks, respectively. The other performance scores, precision, recall, and F1-score, also verify the superior performance of the proposed framework.
13
Adithya Nallamuthu, Suresh. "A Hybrid Genetic-Neuro Algorithm for Cloud Intrusion Detection System." Journal of Computational Science and Intelligent Technologies 1, no. 2 (2020): 15–25. http://dx.doi.org/10.53409/mnaa.jcsit20201203.
Full textAbstract:
The security for cloud network systems is essential and significant to secure the data source from intruders and attacks. Implementing an intrusion detection system (IDS) for securing from those intruders and attacks is the best option. Many IDS models are presently based on different techniques and algorithms like machine learning and deep learning. In this research, IDS for the cloud computing environment is proposed. Here in this model, the genetic algorithm (GA) and back propagation neural network (BPNN) is used for attack detection and classification. The Canadian Institute for Cyber-security CIC-IDS 2017 dataset is used for the evaluation of performance analysis. Initially, from the dataset, the data are preprocessed, and by using the genetic algorithm, the attack was detected. The detected attacks are classified using the BPNN classifier for identifying the types of attacks. The performance analysis was executed, and the results are obtained and compared with the existing machine learning-based classifiers like FC-ANN, NB-RF, KDBN, and FCM-SVM techniques. The proposed GA-BPNN model outperforms all these classifying techniques in every performance metric, like accuracy, precision, recall, and detection rate. Overall, from the performance analysis, the best classification accuracy is achieved for Web attack detection with 97.90%, and the best detection rate is achieved for Brute force attack detection with 97.89%.
14
Zhang, Chunhui, Jian Li, Naile Wang, and Dejun Zhang. "Research on Intrusion Detection Method Based on Transformer and CNN-BiLSTM in Internet of Things." Sensors 25, no. 9 (2025): 2725. https://doi.org/10.3390/s25092725.
Full textAbstract:
With the widespread deployment of Internet of Things (IoT) devices, their complex network environments and open communication modes have made them prime targets for cyberattacks. Traditional Intrusion Detection Systems (IDS) face challenges in handling complex attack types, data imbalance, and feature extraction difficulties in IoT environments. Accurately detecting abnormal traffic in IoT has become increasingly critical. To address the limitation of single models in comprehensively capturing the diverse features of IoT traffic, this paper proposes a hybrid model based on CNN-BiLSTM-Transformer, which better handles complex features and long-sequence dependencies in intrusion detection. To address the issue of data class imbalance, the Borderline-SMOTE method is introduced to enhance the model’s ability to recognize minority class attack samples. To tackle the problem of redundant features in the original dataset, a comprehensive feature selection strategy combining XGBoost, Chi-square (Chi2), and Mutual Information is adopted to ensure the model focuses on the most discriminative features. Experimental validation demonstrates that the proposed method achieves 99.80% accuracy on the CIC-IDS 2017 dataset and 97.95% accuracy on the BoT-IoT dataset, significantly outperforming traditional intrusion detection methods, proving its efficiency and accuracy in detecting abnormal traffic in IoT environments.
15
Sachdev, Rithik, Shreya Mishra, and Shekhar Sharma. "Comparison of Supervised Learning Algorithms for DDOS Attack Detection." International Journal for Research in Applied Science and Engineering Technology 10, no. 8 (2022): 1766–72. http://dx.doi.org/10.22214/ijraset.2022.46506.
Full textAbstract:
Abstract: In today’s world, when ubiquitous computing has become quite prevalent, there has been an upsurge in the number of users on the internet. The Distributed Denial of Service attack is the most widespread attack that disrupts the functioning of websites, servers, and services. In such attacks, the resources are exhausted by overwhelming requests from multiple attackers and thus become unavailable to users. Hence, it is essential to detect these attacks and prevent network security breaches. This work presents a supervised learning-based DDoS detection comparison developed using the CIC-IDS 2017 dataset [7]. Various models have been compared on different performance metrics to analyze efficiency in detecting DDoS attacks.
16
Zekan, Marko, Igor Tomičić, and Markus Schatten. "Low-sample classification in NIDS using the EC-GAN method." JUCS - Journal of Universal Computer Science 28, no. 12 (2022): 1330–46. http://dx.doi.org/10.3897/jucs.85703.
Full textAbstract:
Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train. Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while  a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN. To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author’s results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset.
17
Zekan, Marko, Igor Tomičić, and Markus Schatten. "Low-sample classification in NIDS using the EC-GAN method." JUCS - Journal of Universal Computer Science 28, no. (12) (2022): 1330–46. https://doi.org/10.3897/jucs.85703.
Full textAbstract:
Numerous advanced methods have been applied throughout the years for the use in Network Intrusion Detection Systems (NIDS). Among these are various Deep Learning models, which have shown great success for attack classification. Nevertheless, false positive rate and detection rate of these systems remains a concern. This is mostly because of the low-sample, imbalanced nature of realistic datasets, which make models challenging to train.Considering this, we applied a novel semi-supervised EC-GAN method for network flow classifi- cation of CIC-IDS-2017 dataset. EC-GAN uses synthetic data to aid the training of a supervised classifier on low-sample data. To achieve this, we modified the original EC-GAN to work with tabular data. In our approach, WCGAN-GP is used for synthetic tabular data generation, while a simple deep neural network is used for classification. The conditional nature of WCGAN-GP diminishes the class imbalance problem, while GAN itself solves the low-sample problem. This approach was successful in generating believable synthetic data, which was consequently used for training and testing the EC-GAN.To obtain our results, we trained a classifier on progressively smaller versions of the CIC-DIS-2017 dataset, first via a novel EC-GAN method and then in the conventional way, without the help of synthetic data. We then compared these two sets of results with another author’s results using accuracy, false positive rate, detection rate and macro F1 score as metrics. Our results showed that supervised classifier trained with EC-GAN can achieve significant results even when trained on as little as 25% of the original imbalanced dataset.
18
Li, Qingfeng, Boyu Wang, Xueyan Wen, and Yuao Chen. "Malicious traffic prediction model for ResNet based on Maple-IDS dataset." PLOS One 20, no. 5 (2025): e0322000. https://doi.org/10.1371/journal.pone.0322000.
Full textAbstract:
In light of the increasing threat posed by cyberattacks, it is imperative for organizations to accurately identify malicious network traffic. However, the imbalance among various attack categories diminishes the accuracy of model predictions. To address this issue, we propose the Maple-IDS dataset as an innovative solution. We utilize DPDK along with its zero-copy (ZC) technology and BPF compiler to compile filtering rules. Additionally, a headless client is employed to generate control traffic, thereby preventing overfitting. Our data collections are sourced from a variety of operating systems and middleware platforms, ensuring broad applicability and relevance. By comparing our dataset with the CIC-IDS-2017 dataset, we achieve a more balanced representation of attack data, which enhances the model’s learning performance. To tackle the challenges of low accuracy and slow convergence speed in existing network security situation predictions, we propose a network situation awareness prediction model that integrates a residual network with an improved attention mechanism. This model leverages the attention mechanism to assign greater weight to abnormal data, thereby facilitating the accurate identification of anomalies within large data streams. Furthermore, the residual network accelerates convergence speed, enhances the model’s expressive capability, and improves the efficiency of rapid response to attacks. Experimental results indicate that the accuracy of predicting attack data flows reaches an impressive 99.83%, which significantly aids in the early detection of network security threats and enables preemptive measures to maintain normal network operations.
19
Karthiga, B., Danalakshmi Durairaj, Nishad Nawaz, Thiruppathy Kesavan Venkatasamy, Gopi Ramasamy, and A. Hariharasudan. "Intelligent Intrusion Detection System for VANET Using Machine Learning and Deep Learning Approaches." Wireless Communications and Mobile Computing 2022 (October 13, 2022): 1–13. http://dx.doi.org/10.1155/2022/5069104.
Full textAbstract:
Detecting the attacks in Vehicular Ad hoc Network (VANET) system is very important to provide more secure and reliable communication between all vehicles in the system. In this article, an effective Intelligent Intrusion Detection System (IDS) is proposed using machine learning and deep learning approaches such as Adaptive Neuro Fuzzy Inference System (ANFIS) and Convolutional Neural Networks (CNN), respectively. The existing methods focus on detecting only the known attacks in VANET environment. This limitation is overcome by proposing the Intelligent IDS system using soft computing techniques. The proposed method consists of Known IDS (KIDS) and Unknown IDS (UIDS) modules, which detect both known attacks and unknown attacks. The KIDS module uses ANFIS classification module to detect the known malicious attacks, whereas the UIDS module uses a deep learning algorithm to detect the unknown attacks in VANET. Modified LeeNET (MLNET) architecture is proposed in this article to identify the type of unknown attacks. In this work, DoS attacks, Botnet attacks, PortScan attacks, and Brute Force attacks are detected using this hybrid learning algorithm. The proposed system obtains 96.9% of Pr, 98.3% of Se, 98.7% of Sp, and 98.6% of Acc and consumed 1.75 s for detecting the DoS attack on i-VANET dataset. The proposed system obtains 98.1% of Pr, 98.9% of Se, 98.1% of Sp, and 98.1% of Acc and consumed 0.95 s for detecting the Botnet attack. The proposed system obtains 98.7% of Pr, 99.1% of Se, 98.9% of Sp, and 99.2% of Acc and consumed 1.38 s for detecting the PortScan attack. The proposed system obtains 99.1of Pr, 97.8% of Se, 98.7% of Sp, and 98.5% of Acc and consumed 1.29 s for detecting the Brute Force attack. The developed methodology is tested on the real-time CIC-IDS 2017 dataset, and the experimental results are compared with other state-of-the-art methods.
20
Jeamaon, Aomduan, and Chaiyaporn Khemapatapan. "Development Cyber Risk Assessment for Intrusion Detection Using Enhanced Random Forest." ECTI Transactions on Computer and Information Technology (ECTI-CIT) 18, no. 4 (2024): 429–42. http://dx.doi.org/10.37936/ecti-cit.2024184.256185.
Full textAbstract:
In cybersecurity, the lack of statistical data on cyber-attacks presents a significant challenge from an insurance perspective, hindering the accurate calculation of insurance premiums, furthermore assessing cybersecurity risk exposure and identifying high-risk threat categories. Effective intrusion detection systems (IDS) are paramount in addressing these issues. This research introduces a sophisticated cyber risk assessment model utilizing the Random Forest classification algorithm, tailored explicitly for IDS, and leverages the comprehensive CIC-IDS 2017 dataset. The central objective was to engineer robust models capable of classifying a broad array of cyber threats, focusing on classification accuracy. The model achieved an accurate average classification rate of 96.94% through systematic experimentation and hyperparameter tuning.This study found that 'n_estimators' values of 10 to 300 did not affect cyberattack performance. It was also shown that Bagging and bootstrapping improve model stability by mitigating variance and improving accuracy without many trees. Model performance was high, with an average F1-Score of 97.86%. Cyber-attack statistics are scarce, and from an insurance perspective, the lack of statistical data on cyber-attacks hinders the calculation of insurance premiums. Risk assessment allows for informed self-insurance or risk transfer processes ensuring that policies align with risk management strategies and premium calculations.
21
Martins Onyekwelu, Onuorah, Sun Yanxia, and Daniel Mashao. "Deep Learning-Based Intrusion Detection System: Embracing Long Short-Term Memory (LSTM) and Roughly Balanced Bagging Synergies." Inteligencia Artificial 28, no. 76 (2025): 40–65. https://doi.org/10.4114/intartif.vol28iss76pp40-65.
Full textAbstract:
This study introduces a novel approach to address class imbalance issues in network traffic datasets within a deep learning framework. We propose the implementation of roughly balanced bagging (RBB) in a long short-term memory (LSTM) architecture, using information gain (IG) to identify optimal features from an intrusion detection system (IDS) dataset exhibiting class imbalance. The approach begins with feature selection via information gain, applies RBB to create balanced subsets of the data, and then trains multiple LSTM models on these subsets to form an ensemble for improved classification of imbalanced network traffic data. Specifically, experimentation is conducted on subsets of features categorized into quartiles on the basis of their information gain, utilizing the CIC-IDS 2017 dataset. The minority class within each quartile is upsampled via the synthetic minority oversampling technique (SMOTE). Then, 10 roughly balanced bags are created from the upsampled data for classification by 10 long short-term memory (LSTM) models. This process is repeated across the first, second, and third quartiles, enabling a comprehensive analysis of feature importance and model performance across the different dataset subsets. Additionally, the dataset's 15 class labels were grouped into 7 classes on the basis of their characteristics, facilitating multiclassification tasks. Our methodology achieved an accuracy of 91.04%, precision of 91.04%, recall of 96.73%, AUC of 96.73%, and F1 score of 91.04% on binary classification using the first quartile (19) features. The performance of our methodology for multiclassification is measured by three metrics: recall, precision, and the F1 score. Class 2 has the highest recall of 98.00%, the F1 score of 92.00%, and class 3 has the highest precision of 97.00%.
22
Ye, Jiawei, Yanting Chen, Aierpanjiang Simayi, Yu Liu, Zhihui Lu, and Jie Wu. "A Network Traffic Characteristics Reconstruction Method for Mitigating the Impact of Packet Loss in Edge Computing Scenarios." Future Internet 17, no. 5 (2025): 208. https://doi.org/10.3390/fi17050208.
Full textAbstract:
This paper presents TCReC, an innovative model designed for reconstructing network traffic characteristics in the presence of packet loss. With the rapid expansion of wireless networks driven by edge computing, IoT, and 5G technologies, challenges such as transmission instability, channel competition, and environmental interference have led to significant packet loss rates, adversely impacting deep learning-based network traffic analysis tasks. To address this issue, TCReC leverages masked autoencoder techniques to reconstruct missing traffic features, ensuring reliable input for downstream tasks in edge computing scenarios. Experimental results demonstrate that TCReC maintains detection model accuracy within 10% of the original data, even under packet loss rates as high as 70%. For instance, on the ISCX-VPN-2016 dataset, TCReC achieves a Reconstruction Ability Index (RAI) of 94.02%, while on the CIC-IDS-2017 dataset, it achieves an RAI of 94.99% when combined with LSTM, significantly outperforming other methods such as Transformer, KNN, and RNN. Additionally, TCReC exhibits robustness across various packet loss scenarios, consistently delivering high-quality feature reconstruction for both attack traffic and common Internet application data. TCReC provides a robust solution for network traffic analysis in high-loss edge computing scenarios, offering practical value for real-world deployment.
23
Abdou, Vadhil Fatimetou, Salihi Mohamed Lemine, and Nanne Mohamedade Farouk. "Machine learning-based intrusion detection system for detecting web attacks." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 711–21. https://doi.org/10.11591/ijai.v13.i1.pp711-721.
Full textAbstract:
The increasing use of smart devices results in a huge amount of data, which raises concerns about personal data, including health data and financial data. This data circulates on the network and can encounter network traffic at any time. This traffic can either be normal traffic or an intrusion created by hackers with the aim of injecting abnormal traffic into the network. Firewalls and traditional intrusion detection systems detect attacks based on signature patterns. However, this is not sufficient to detect advanced or unknown attacks. To detect different types of unknown attacks, the use of intelligent techniques is essential. In this paper, we analyse some machine learning techniques proposed in recent years. In this study, several classifications were made to detect anomalous behaviour in network traffic. The models were built and evaluated based on the Canadian Institute for Cybersecurity-intrusion detection systems dataset released in 2017 (CIC-IDS-2017), which includes both current and historical attacks. The experiments were conducted using decision tree, random forest, logistic regression, gaussian naïve bayes, adaptive boosting, and their ensemble approach. The models were evaluated using various evaluation metrics such as accuracy, precision, recall, F1-score, false positive rate, receiver operating characteristic curve, and calibration curve.
24
Vashisht, Sanchit, Shalli Rani, and Mohammad Shabaz. "Towards a secure Metaverse: Leveraging hybrid model for IoT anomaly detection." PLOS ONE 20, no. 4 (2025): e0321224. https://doi.org/10.1371/journal.pone.0321224.
Full textAbstract:
The seamless interaction between the virtual and real worlds is due to the unprecedented degrees of decentralization, immersiveness and connectedness made possible by the Internet of Things (IoT) and the metaverse. In this light, it brings important ethical, privacy, and security considerations into play, hence calling for the strong protection of IoT-enabled metaverse systems. Anomaly detection is critical for solving the aforementioned issues and ensuring the dependability and security of the connected devices by identification and preventing malicious activity in IoT networks. With IoT networks being highly dynamic and complex, robust anomaly detection frameworks are essential for ensuring security and trust in the metaverse. This paper proposed a hybrid model combining Random Forest (RF) and Neural Network (NN) and compared it with a variety of machine learning (ML) techniques including Decision Tree (DT), Naive Bayes (NB), K-Nearest Neighbor (KNN), RF and Logistic Regression (LR) to detect anomalies in IoT-enabled metaverse environments. These models were trained and tested using the CIC-IDS 2017 Network Intrusion Dataset, a comprehensive benchmark used for evaluating intrusion detection systems (IDS). Indeed, with outstanding accuracy equaling a staggering 99.99%, the proposed hybrid model algorithm performed better than other ML models under study. This illustrates its vast potential for high-accuracy anomaly identification and false positives.
25
Anwar, Raja Waseem, Mohammad Abrar, Abdu Salam, and Faizan Ullah. "Federated learning with LSTM for intrusion detection in IoT-based wireless sensor networks: a multi-dataset analysis." PeerJ Computer Science 11 (March 28, 2025): e2751. https://doi.org/10.7717/peerj-cs.2751.
Full textAbstract:
Intrusion detection in Internet of Things (IoT)-based wireless sensor networks (WSNs) is essential due to their widespread use and inherent vulnerability to security breaches. Traditional centralized intrusion detection systems (IDS) face significant challenges in data privacy, computational efficiency, and scalability, particularly in resource-constrained IoT environments. This study aims to create and assess a federated learning (FL) framework that integrates with long short-term memory (LSTM) networks for efficient intrusion detection in IoT-based WSNs. We design the framework to enhance detection accuracy, minimize false positive rates (FPR), and ensure data privacy, while maintaining system scalability. Using an FL approach, multiple IoT nodes collaboratively train a global LSTM model without exchanging raw data, thereby addressing privacy concerns and improving detection capabilities. The proposed model was tested on three widely used datasets: WSN-DS, CIC-IDS-2017, and UNSW-NB15. The evaluation metrics for its performance included accuracy, F1 score, FPR, and root mean square error (RMSE). We evaluated the performance of the FL-based LSTM model against traditional centralized models, finding significant improvements in intrusion detection. The FL-based LSTM model achieved higher accuracy and a lower FPR across all datasets than centralized models. It effectively managed sequential data in WSNs, ensuring data privacy while maintaining competitive performance, particularly in complex attack scenarios. FL and LSTM networks work well together to make a strong way to find intrusions in IoT-based WSNs, which improves both privacy and detection. This study underscores the potential of FL-based systems to address key challenges in IoT security, including data privacy, scalability, and performance, making the proposed framework suitable for real-world IoT applications.
26
Bakhshi, Taimur, and Bogdan Ghita. "Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning." Security and Communication Networks 2021 (September 21, 2021): 1–16. http://dx.doi.org/10.1155/2021/5363750.
Full textAbstract:
An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.
27
Adesokan-Imran, Temilade Oluwatoyin, Anuoluwapo Deborah Popoola, Valerie Ojinika Ejiofor, Ademola Oluwaseun Salako, and Ogechukwu Scholastica Onyenaucheya. "Predictive Cybersecurity Risk Modeling in Healthcare by Leveraging AI and Machine Learning for Proactive Threat Detection." Journal of Engineering Research and Reports 27, no. 4 (2025): 144–65. https://doi.org/10.9734/jerr/2025/v27i41463.
Full textAbstract:
This study investigates the application of artificial intelligence (AI) and machine learning (ML) in predictive cybersecurity risk modeling within the healthcare sector. Given the increasing digitization of healthcare systems and the corresponding rise in cyber threats, it is crucial to develop proactive measures to safeguard sensitive patient data. To achieve this, the study employs quantitative methods and publicly available datasets to analyze risk patterns and evaluate the effectiveness of AI-driven models. Specifically, the research utilizes the Verizon Data Breach Investigations Report to examine threat prevalence, the CIC-IDS 2017 dataset to assess a Random Forest classifier, the Stanford AI Index Report to identify implementation challenges, and IBM’s Cost of a Data Breach Report to quantify AI's operational impact. The Random Forest model demonstrated high performance, achieving an accuracy of 92.7%, precision of 89.9%, recall of 90.5%, and an F1-score of 90.2%. Healthcare organizations leveraging AI experienced a significant 26% reduction in data breach costs and resolved incidents 36% faster compared to non-AI adopters. Key challenges identified include internal threats, regulatory compliance issues, and workforce skill gaps. To address these challenges, the study recommends targeted workforce training, strategic compliance alignment, the adoption of behavioral threat detection techniques, and the establishment of federated learning partnerships to enhance healthcare cybersecurity resilience.
28
Kummerow, André, Esrom Abrha, Markus Eisenbach, and Dennis Rösch. "Unsupervised Anomaly Detection and Explanation in Network Traffic with Transformers." Electronics 13, no. 22 (2024): 4570. http://dx.doi.org/10.3390/electronics13224570.
Full textAbstract:
Deep learning-based autoencoders represent a promising technology for use in network-based attack detection systems. They offer significant benefits in managing unknown network traces or novel attack signatures. Specifically, in the context of critical infrastructures, such as power supply systems, AI-based intrusion detection systems must meet stringent requirements concerning model accuracy and trustworthiness. For the intrusion response, the activation of suitable countermeasures can greatly benefit from additional transparency information (e.g., attack causes). Transformers represent the state of the art for learning from sequential data and provide important model insights through the widespread use of attention mechanisms. This paper introduces a two-stage transformer-based autoencoder for learning meaningful information from network traffic at the packet and sequence level. Based on this, we present a sequential attention weight perturbation method to explain benign and malicious network packets. We evaluate our method against benchmark models and expert-based explanations using the CIC-IDS-2017 benchmark dataset. The results show promising results in terms of detecting and explaining FTP and SSH brute-force attacks, highly outperforming the results of the benchmark model.
29
Akram, Urooj, Wareesa Sharif, Mobeen Shahroz, et al. "IoTTPS: Ensemble RKSVM Model-Based Internet of Things Threat Protection System." Sensors 23, no. 14 (2023): 6379. http://dx.doi.org/10.3390/s23146379.
Full textAbstract:
An Internet of Things (IoT) network is prone to many ways of threatening individuals. IoT sensors are lightweight, lack complicated security protocols, and face threats to privacy and confidentiality. Hackers can attack the IoT network and access personal information and confidential data for blackmailing, and negatively manipulate data. This study aims to propose an IoT threat protection system (IoTTPS) to protect the IoT network from threats using an ensemble model RKSVM, comprising a random forest (RF), K nearest neighbor (KNN), and support vector machine (SVM) model. The software-defined networks (SDN)-based IoT network datasets such as KDD cup 99, NSL-KDD, and CICIDS are used for threat detection based on machine learning. The experimental phase is conducted by using a decision tree (DT), logistic regression (LR), Naive Bayes (NB), RF, SVM, gradient boosting machine (GBM), KNN, and the proposed ensemble RKSVM model. Furthermore, performance is optimized by adding a grid search hyperparameter optimization technique with K-Fold cross-validation. As well as the NSL-KDD dataset, two other datasets, KDD and CIC-IDS 2017, are used to validate the performance. Classification accuracies of 99.7%, 99.3%, 99.7%, and 97.8% are obtained for DoS, Probe, U2R, and R2L attacks using the proposed ensemble RKSVM model using grid search and cross-fold validation. Experimental results demonstrate the superior performance of the proposed model for IoT threat detection.
30
Abdou Vadhil, Fatimetou, Mohamed Lemine Salihi, and Mohamedade Farouk Nanne. "Machine learning-based intrusion detection system for detecting web attacks." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 711. http://dx.doi.org/10.11591/ijai.v13.i1.pp711-721.
Full textAbstract:
<p>The increasing use of smart devices results in a huge amount of data, which raises concerns about personal data, including health data and financial data. This data circulates on the network and can encounter network traffic at any time. This traffic can either be normal traffic or an intrusion created by hackers with the aim of injecting abnormal traffic into the network. Firewalls and traditional intrusion detection systems detect attacks based on signature patterns. However, this is not sufficient to detect advanced or unknown attacks. To detect different types of unknown attacks, the use of intelligent techniques is essential. In this paper, we analyse some machine learning techniques proposed in recent years. In this study, several classifications were made to detect anomalous behaviour in network traffic. The models were built and evaluated based on the Canadian Institute for Cybersecurity-intrusion detection systems dataset released in 2017 (CIC-IDS-2017), which includes both current and historical attacks. The experiments were conducted using decision tree, random forest, logistic regression, gaussian naïve bayes, adaptive boosting, and their ensemble approach. The models were evaluated using various evaluation metrics such as accuracy, precision, recall, F1-score, false positive rate, receiver operating characteristic curve, and calibration curve.</p>
31
Guo, Derui, and Yufei Xie. "Research on Network Intrusion Detection Model Based on Hybrid Sampling and Deep Learning." Sensors 25, no. 5 (2025): 1578. https://doi.org/10.3390/s25051578.
Full textAbstract:
This study proposes an enhanced network intrusion detection model, 1D-TCN-ResNet-BiGRU-Multi-Head Attention (TRBMA), aimed at addressing the issues of incomplete learning of temporal features and low accuracy in the classification of malicious traffic found in existing models. The TRBMA model utilizes Temporal Convolutional Networks (TCNs) to improve the ResNet18 architecture and incorporates Bidirectional Gated Recurrent Units (BiGRUs) and Multi-Head Self-Attention mechanisms to enhance the comprehensive learning of temporal features. Additionally, the ResNet network is adapted into a one-dimensional version that is more suitable for processing time-series data, while the AdamW optimizer is employed to improve the convergence speed and generalization ability during model training. Experimental results on the CIC-IDS-2017 dataset indicate that the TRBMA model achieves an accuracy of 98.66% in predicting malicious traffic types, with improvements in precision, recall, and F1-score compared to the baseline model. Furthermore, to address the challenge of low identification rates for malicious traffic types with small sample sizes in unbalanced datasets, this paper introduces TRBMA (BS-OSS), a variant of the TRBMA model that integrates Borderline SMOTE-OSS hybrid sampling. Experimental results demonstrate that this model effectively identifies malicious traffic types with small sample sizes, achieving an overall prediction accuracy of 99.88%, thereby significantly enhancing the performance of the network intrusion detection model.
32
Huang, Wanwei, Haobin Tian, Sunan Wang, Chaoqin Zhang, and Xiaohui Zhang. "Integration of simulated annealing into pigeon inspired optimizer algorithm for feature selection in network intrusion detection systems." PeerJ Computer Science 10 (July 16, 2024): e2176. http://dx.doi.org/10.7717/peerj-cs.2176.
Full textAbstract:
In the context of the 5G network, the proliferation of access devices results in heightened network traffic and shifts in traffic patterns, and network intrusion detection faces greater challenges. A feature selection algorithm is proposed for network intrusion detection systems that uses an improved binary pigeon-inspired optimizer (SABPIO) algorithm to tackle the challenges posed by the high dimensionality and complexity of network traffic, resulting in complex models, reduced accuracy, and longer detection times. First, the raw dataset is pre-processed by uniquely one-hot encoded and standardized. Next, feature selection is performed using SABPIO, which employs simulated annealing and the population decay factor to identify the most relevant subset of features for subsequent review and evaluation. Finally, the selected subset of features is fed into decision trees and random forest classifiers to evaluate the effectiveness of SABPIO. The proposed algorithm has been validated through experimentation on three publicly available datasets: UNSW-NB15, NLS-KDD, and CIC-IDS-2017. The experimental findings demonstrate that SABPIO identifies the most indicative subset of features through rational computation. This method significantly abbreviates the system’s training duration, enhances detection rates, and compared to the use of all features, minimally reduces the training and testing times by factors of 3.2 and 0.3, respectively. Furthermore, it enhances the F1-score of the feature subset selected by CPIO and Boost algorithms when compared to CPIO and XGBoost, resulting in improvements ranging from 1.21% to 2.19%, and 1.79% to 4.52%.
33
Kareem, Morenikeji Kabirat, Olaniyi Dada Aborisade, Saidat Adebukola Onashoga, Tole Sutikno, and Olaniyi Mathew Olayiwola. "Efficient model for detecting application layer distributed denial of service attacks." Bulletin of Electrical Engineering and Informatics 12, no. 1 (2023): 441–50. http://dx.doi.org/10.11591/eei.v12i1.3871.
Full textAbstract:
The increasing advancement of technologies and communication infrastructures has been posing threats to the internet services. One of the most powerful attack weapons for disrupting web-based services is the distributed denial of service (DDoS) attack. The sophisticated nature of attack tools being created and used for launching attacks on target systems makes it difficult to distinguish between normal and attack traffic. Consequently, there is a need to detect application layer DDoS attacks from network traffic efficiently. This paper proposes a detection system coined eXtreme gradient boosting (XGB-DDoS) using a tree-based ensemble model known as XGBoost to detect application layer DDoS attacks. The Canadian institute for cybersecurity intrusion detection systems (CIC IDS) 2017 dataset consisting of both benign and malicious attacks was used in training and testing of the proposed model. The performance results of the proposed model indicate that the accuracy rate, recall, precision rate, and F1-score of XGB-DDoS are 0.999, 0.997, 0.995, and 0.996, respectively, as against those of k-nearest neighbor (KNN), support vector machine (SVM), principal component analysis (PCA) hybridized with XGBoost, and KNN with SVM. So, the XGB-DDoS detection model did better than the models that were chosen. This shows that it is good at finding application layer DDoS attacks.
34
Abdulsalam, S. O., R. A. Ayofe, M. F. Edafeajiroke, J. F. Ajao, and R. S. Babatunde. "Development of an intrusion detection system using mayfly feature selection and artificial neural network algorithms." LAUTECH Journal of Engineering and Technology 8, no. 2 (2024): 148–60. http://dx.doi.org/10.36108/laujet/4202.81.0241.
Full textAbstract:
Protecting the privacy and confidentiality of information and devices in computer networks requires reliable methods of intrusion detection. However, effective intrusion detection is made more difficult by the enormous dimensions of data available in computer networks. To boost intrusion detection classification performance in computer networks, this study developed a feature selection mode for the classification task. The proposed model utilized the Mayfly feature selection algorithm and ANN as the classifiers. The model was also tested without a mayfly algorithm. The model's efficacy was determined through a comparison of its accuracy, specificity, precision, sensitivity, and F1 score. The experimental outcomes revealed that the proposed model is more efficient than existing models based on the performance evaluation and the CIC-IDS 2017 dataset employed in this research. Accuracy scores of 99.94% (using Data+mayfly+ANN) and 90.17% (using Data+ANN) were attained after experimentation. In comparison to existing models, the proposed model yielded better results in terms of accuracy, sensitivity, specificity, and F1-score metrics. The model's sturdiness can be attributed to the use of mayfly techniques, which harness the strength in PSO, GA and FA for selecting optimal feature subsets. The results of this research provide a reliable dimensionality reduction model that may be used in the field of computer networks for intrusion detection and enhancement of security in computer networking environments.
35
Alsyaibani, Omar Muhammad Altoumi, Ema Utami, Suwanto Raharjo, and Anggit Dwi Hartanto. "Stacked LSTM-GRU Model for Traffic Anomalies Detection." Telematika 15, no. 2 (2022): 81–91. http://dx.doi.org/10.35671/telematika.v15i2.1855.
Full textAbstract:
This study aims to improve the accuracy of the intrusion detection system model. It focused on LSTM and GRU methods proposed by several previous studies. The bidirectional layer was also tested to see if it improves model performance. Dataset used in the study was CIC IDS 2017. The dataset was divided into 3 parts, for training, validation, and testing purposes. Validation data was used to evaluate model performance in every training iteration. It helped to make the model would not overfit the training data. Furthermore, Dropout layer and L2 regularization were also added to the model architecture. The training model was done in a binary classification approach with a learning rate of 0.0001. We found that the stacked method reached accuracy 98.1087% in 100 iteration training. This result is slightly higher than LSTM, GRU, Bidirectional LSTM, and Bidirectional GRU. The method which contains LSTM layer performed its best accuracy using Tanh activation. Differently, GRU and Bidirectional GRU performed the best performance with Lrelu and Prelu activation function, respectively. All models could reach the plateau in the first 20 iterations, while in the next 80 iterations the model performance still could be fluctuately improved. Even though the model already reached the plateau in 20 iteration training, it is still possible for the model to slowly improve by using a small learning rate and by implementing Dropout layer and L2 regularization. Fluctuation of model performance implies that the highest model performance was not always reached in the last training iteration. ModelCheckPoint could help to overcome the issue. In addition, the Bidirectional layer increased the complexity of the model which certainly increased training duration. The bidirectional layer improved the performance of the GRU method, but it did not improve the performance LSTM method.
36
Gong, Xingyu, Ke Cao, Na Li, and Pengtao Jia. "Network Anomaly Traffic Detection Algorithm Based on RIC-SC-DeCN." Computational Intelligence and Neuroscience 2022 (May 24, 2022): 1–9. http://dx.doi.org/10.1155/2022/8315442.
Full textAbstract:
In the research of network abnormal traffic detection, in view of the characteristics of high dimensionality and redundancy in traffic data and the loss of original information caused by the pooling operation in the convolutional neural network, which leads to the problem of unsatisfactory detection effect, this paper proposes a network abnormal traffic detection algorithm based on RIC-SC-DeCN to improve the above problems. Firstly, a recursive information correlation (RIC) feature selection mechanism is proposed, which reduces data redundancy through the maximum information correlation feature selection algorithm and recursive feature elimination method. Secondly, a skip-connected deconvolutional neural network model (SC-DeCN) is proposed to reduce the information loss by reconstructing the input signal. Finally, the RIC mechanism and the SC-DeCN model are merged to form a network abnormal traffic detection algorithm based on RIC-SC-DeCN. The experimental results on the CIC-IDS-2017 dataset show that the RIC feature selection mechanism proposed in this paper has the highest accuracy when using MSCNN as the detection model compared to the other three, which can reach 96.22%. Compared with the other five models, the SC-DeCN model has the highest detection accuracy, while the model training time is moderate and can reach 96.55%. Compared with the SC-DeCN model, the RIC-SC-DeCN model reduces the overall training time by 45.50%, while the accuracy rate is increased to 97.68%. It shows that the algorithm proposed in this paper has a good detection effect in the detection of network abnormal traffic.
37
Jumabek, Alikhanov, SeungSam Yang, and YoungTae Noh. "CatBoost-Based Network Intrusion Detection on Imbalanced CIC-IDS-2018 Dataset." Journal of Korean Institute of Communications and Information Sciences 46, no. 12 (2021): 2191–97. http://dx.doi.org/10.7840/kics.2021.46.12.2191.
Full text
38
Vasilica, Bogdan-Valentin, Florin-Daniel Anton, Radu Pietraru, Silvia-Oana Anton, and Beatrice-Nicoleta Chiriac. "Enhancing Security in Smart Robot Digital Twins Through Intrusion Detection Systems." Applied Sciences 15, no. 9 (2025): 4596. https://doi.org/10.3390/app15094596.
Full textAbstract:
This paper investigates the integration of intrusion detection systems (IDSs) within Digital Twin (DT) architectures to enhance cybersecurity in industrial environments. Using the CICIDS2017, CIC Modbus, and 4SICS 2015 datasets, we evaluate the performance of Random Forest (RF) and Support Vector Machine (SVM) in detecting network intrusions. Results indicate that RF achieves an accuracy of 99.9% for CICIDS2017, with high precision, recall, and low false positives. In contrast, SVM exhibits an accuracy of 94.2% for the same dataset, struggling with high rates of false positives and moderate recall. Similarly, for 4SICS 2015, RF demonstrates an accuracy of 93%, being balanced and reliable for industrial applications, while SVM shows only 88% accuracy, with a low precision of 65% and a high false alarm rate. For the CIC Modbus dataset, RF displays an accuracy of 95% in validation and 93% in testing, highlighting strong detection in ICS networks. However, SVM maintains an accuracy of 88%, with weak separation between benign and malicious traffic, and a higher misclassification rate. Our findings highlight the importance of DT-IDS integration in real-time threat detection and system resilience, paving the way for future research in deep learning-based IDS solutions.
39
Chimphlee, Witcha, and Siriporn Chimphlee. "Hyperparameters optimization XGBoost for network intrusion detection using CSE-CIC-IDS 2018 dataset." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 817. http://dx.doi.org/10.11591/ijai.v13.i1.pp817-826.
Full textAbstract:
<p>With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learni ng algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CIC-IDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.</p>
40
Chimphlee, Witcha, and Siriporn Chimphlee. "Hyperparameters optimization XGBoost for network intrusion detection using CSE-CIC-IDS 2018 dataset." IAES International Journal of Artificial Intelligence (IJ-AI) 13, no. 1 (2024): 817–26. https://doi.org/10.11591/ijai.v13.i1.pp817-826.
Full textAbstract:
With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learni ng algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CICIDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.
41
Al-Dulaimi, Reem Talal Abdulhameed, and Ayça Kurnaz Türkben. "A Hybrid Tree Convolutional Neural Network with Leader-Guided Spiral Optimization for Detecting Symmetric Patterns in Network Anomalies." Symmetry 17, no. 3 (2025): 421. https://doi.org/10.3390/sym17030421.
Full textAbstract:
In the realm of cybersecurity, detecting Distributed Denial of Service (DDoS) attacks with high accuracy is a critical task. Traditional machine learning models often fall short in handling the complexity and high dimensionality of network traffic data. This study proposes a hybrid framework leveraging symmetry in feature distribution, network behavior, and model optimization for anomaly detection. A Tree Convolutional Neural Network (Tree-CNN) captures hierarchical symmetrical dependencies, while a deep autoencoder preserves latent symmetrical structures, reducing noise for better classification. A Leader-Guided Velocity-Based Spiral Optimization Algorithm is proposed to optimize the parameters of the system and achieve better performance. A Leader-Guided Velocity-Based Spiral Optimization Algorithm is introduced to maintain a symmetrical balance between exploration and exploitation, optimizing the autoencoder, Tree-CNN, and classification thresholds. Validation using three datasets—UNSW-NB15, CIC-IDS 2017, and CIC-IDS 2018—demonstrates the framework’s superiority. The model achieves 96.02% accuracy on UNSW-NB15, 99.99% on CIC-IDS 2017, and 99.96% on CIC-IDS 2018, with near-perfect precision and recall. Despite a slightly higher computational cost, the symmetrically optimized framework ensures high efficiency and superior detection, making it ideal for real-time complex networks. These findings emphasize the critical role of symmetrical network patterns and feature selection strategies for enhancing intrusion detection performance.
42
Songma, Surasit, Theera Sathuphan, and Thanakorn Pamutha. "Optimizing Intrusion Detection Systems in Three Phases on the CSE-CIC-IDS-2018 Dataset." Computers 12, no. 12 (2023): 245. http://dx.doi.org/10.3390/computers12120245.
Full textAbstract:
This article examines intrusion detection systems in depth using the CSE-CIC-IDS-2018 dataset. The investigation is divided into three stages: to begin, data cleaning, exploratory data analysis, and data normalization procedures (min-max and Z-score) are used to prepare data for use with various classifiers; second, in order to improve processing speed and reduce model complexity, a combination of principal component analysis (PCA) and random forest (RF) is used to reduce non-significant features by comparing them to the full dataset; finally, machine learning methods (XGBoost, CART, DT, KNN, MLP, RF, LR, and Bayes) are applied to specific features and preprocessing procedures, with the XGBoost, DT, and RF models outperforming the others in terms of both ROC values and CPU runtime. The evaluation concludes with the discovery of an optimal set, which includes PCA and RF feature selection.
43
Alromaihi, Noora, Mohsen Rouached, and Aymen Akremi. "Design and Analysis of an Effective Architecture for Machine Learning Based Intrusion Detection Systems." Network 5, no. 2 (2025): 13. https://doi.org/10.3390/network5020013.
Full textAbstract:
The increase in new cyber threats is the result of the rapid growth of using the Internet, thus raising questions about the effectiveness of traditional Intrusion Detection Systems (IDSs). Machine learning (ML) technology is used to enhance cybersecurity in general and especially for reactive approaches, such as traditional IDSs. In several instances, it is seen that a single assailant may direct their efforts towards different servers belonging to an organization. This behavior is often perceived by IDSs as infrequent attacks, thus diminishing the effectiveness of detection. In this context, this paper aims to create a machine learning-based IDS model able to detect malicious traffic received by different organizational network interfaces. A centralized proxy server is designed to receive all the incoming traffic at the organization’s servers, scan the traffic by using the proposed IDS, and then redirect the traffic to the requested server. The proposed IDS was evaluated by using three datasets: CIC-MalMem-2022, CIC-IDS-2018, and CIC-IDS-2017. The XGBoost model showed exceptional performance in rapid detection, achieving 99.96%, 99.73%, and 99.84% accuracy rates within short time intervals. The Stacking model achieved the highest level of accuracy among the evaluated models. The developed IDS demonstrated superior accuracy and detection time outcomes compared with previous research in the field.
44
Baklizi, Mahmoud Khalid, Issa Atoum, Mohammad Alkhazaleh, et al. "Web Attack Intrusion Detection System Using Machine Learning Techniques." International Journal of Online and Biomedical Engineering (iJOE) 20, no. 03 (2024): 24–38. http://dx.doi.org/10.3991/ijoe.v20i03.45249.
Full textAbstract:
Web attacks often target web applications because they can be accessed over a network and often have vulnerabilities. The success of an intrusion detection system (IDS) in detecting web attacks depends on an effective traffic classification system. Several previous studies have utilized machine learning classification methods to create an efficient IDS with various datasets for different types of attacks. This paper utilizes the Canadian Institute for Cyber Security’s (CIC-IDS2017) IDS dataset to assess web attacks. Importantly, the dataset contains 80 attributes of recent assaults, as reported in the 2016 McAfee report. Three machine learning algorithms have been evaluated in this research, namely random forests (RF), k-nearest neighbor (KNN), and naive bayes (NB). The primary goal of this research is to propose an effective machine learning algorithm for the IDS web attacks model. The evaluation compares the performance of three algorithms (RF, KNN, and NB) based on their accuracy and precision in detecting anomalous traffic. The results indicate that the RF outperformed the NB and KNN in terms of average accuracy achieved during the training phase. During the testing phase, the KNN algorithm outperformed others, achieving an average accuracy of 99.4916%. However, RF and KNN achieved 100% average precision and recall rates compared to other algorithms. Finally, the RF and KNN algorithms have been identified as the most effective for detecting IDS web attacks.
45
Ali, Zeeshan, Adnan Akram, Naeem Aslam, and Muhammad Saeed Khurram. "Supervised Learning Approach for Intrusion Detection in Unbalanced Network Traffic." VFAST Transactions on Software Engineering 13, no. 2 (2025): 01–12. https://doi.org/10.21015/vtse.v13i2.2116.
Full textAbstract:
Intrusion detection systems (IDS) serve as critical sentinels in network security, assuming a paramount role in identifying and mitigating potential threats. With the evolution of our digital landscape, robust and productive intrusion detection mechanisms have become increasingly imperative. The significance of IDS lies in their ability to safeguard network resources’ integrity, confidentiality, and availability. In an era where cyber threats constantly evolve in complexity and scale, IDS serves as the front line of defence, tirelessly monitoring network traffic to pinpoint suspicious activities and mitigate potential security breaches. To address the class imbalance problem, the Synthetic Minority Over-sampling Technique (SMOTE) was applied to pre-process the CIC-IDS 2017 and NSL-KDD 2009 datasets. Advanced machine learning technique is harnessed to enhance IDS capabilities, specifically through utilising Support Vector Machines (SVM) for subsequent classification tasks. The experimental outcomes on both datasets unveil exceptional accuracy of 99% and performance across multiple intrusion types, underscoring the effectiveness of our SVM-based approach in strengthening IDS.
46
Gupta, Saksham, and Aditya Sharma. "CyberWatch: Deep Learning-Driven Network Intrusion Detection." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 01 (2024): 1–6. http://dx.doi.org/10.55041/ijsrem28322.
Full textAbstract:
Abstract—The present era is being dominated by the digital world which has also given rise to growing cyber threats and crimes, the project introduces an innovative intrusion detection system(IDS) that deploys deep learning’s pattern recognition capabilities with a real-time algorithm approach to threats and network security. The project’s framework involves two key components: Graph theory and Artificial Neural Network (ANN). The graph theory is used to represent the IoT network structure which helps represent relations between network structures and analyze the anomalies or malicious activities present in the network. Artificial Neural Network (ANN) model, on the other hand, is based on a human’s brain neural network; which works as a machine learning algorithm to recognize and predict patterns. Cyberwatch is trained on various datasets such as CIC IDS 2018 and CIC IDS 2017. The project’s main aim is to provide an effective solution to the ever-changing landscape of network intrusion. Keywords—Intrusion Detection System(IDS), Energy Ef- ficiency, Internet Of Things(IoT), Network Forensics, Graph Theory Support Vector Machine(SVM), Genetic Algorithm, Artificial Neural Networks(ANN), Cybercrime
47
Santhoshi, Polisheetty. "Revolutionizing Intrusion Detection: An Incremental Majority Voting Strategy with Machine Learning." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 09, no. 03 (2025): 1–9. https://doi.org/10.55041/ijsrem42579.
Full textAbstract:
With the rapid growth of digitalization and the increasing volume of data, the cybersecurity threat landscape is expanding at an alarming rate. Intrusion Detection Systems (IDS) have become crucial in conjunction with firewalls to safeguard networks from malicious activities. In this work, four well-known cybersecurity datasets—CIC IDS 2017, NSL KDD, KDD Cup, and CIC IDS 2018—are employed to evaluate the effectiveness of various techniques for intrusion detection. Feature selection is performed using Mutual Information to enhance the relevance of selected features. Data sampling techniques are also explored, including Original Data, Random Under Sampling, Random Over Sampling, and a combination of both under and over-sampling to address data imbalance. To further improve the detection performance, a refined approach utilizing a Stacking Classifier combining Random Forest (RF) and Decision Tree (DT) with a Bagging Classifier is implemented. The results show that this approach achieves high performance across all datasets and sampling techniques, demonstrating its effectiveness in accurately detecting network intrusions in dynamic cybersecurity environments. “Index Terms – Incremental learning, network intrusion detection, machine learning, majority voting classifier, random sampling, Stacking classifier, Cyber Security”.
48
Shyaa, Methaq A., Zurinahni Zainol, Rosni Abdullah, Mohammed Anbar, Laith Alzubaidi, and José Santamaría. "Enhanced Intrusion Detection with Data Stream Classification and Concept Drift Guided by the Incremental Learning Genetic Programming Combiner." Sensors 23, no. 7 (2023): 3736. http://dx.doi.org/10.3390/s23073736.
Full textAbstract:
Concept drift (CD) in data streaming scenarios such as networking intrusion detection systems (IDS) refers to the change in the statistical distribution of the data over time. There are five principal variants related to CD: incremental, gradual, recurrent, sudden, and blip. Genetic programming combiner (GPC) classification is an effective core candidate for data stream classification for IDS. However, its basic structure relies on the usage of traditional static machine learning models that receive onetime training, limiting its ability to handle CD. To address this issue, we propose an extended variant of the GPC using three main components. First, we replace existing classifiers with alternatives: online sequential extreme learning machine (OSELM), feature adaptive OSELM (FA-OSELM), and knowledge preservation OSELM (KP-OSELM). Second, we add two new components to the GPC, specifically, a data balancing and a classifier update. Third, the coordination between the sub-models produces three novel variants of the GPC: GPC-KOS for KA-OSELM; GPC-FOS for FA-OSELM; and GPC-OS for OSELM. This article presents the first data stream-based classification framework that provides novel strategies for handling CD variants. The experimental results demonstrate that both GPC-KOS and GPC-FOS outperform the traditional GPC and other state-of-the-art methods, and the transfer learning and memory features contribute to the effective handling of most types of CD. Moreover, the application of our incremental variants on real-world datasets (KDD Cup ‘99, CICIDS-2017, CSE-CIC-IDS-2018, and ISCX ‘12) demonstrate improved performance (GPC-FOS in connection with CSE-CIC-IDS-2018 and CICIDS-2017; GPC-KOS in connection with ISCX2012 and KDD Cup ‘99), with maximum accuracy rates of 100% and 98% by GPC-KOS and GPC-FOS, respectively. Additionally, our GPC variants do not show superior performance in handling blip drift.
49
Siriporn, Chimphlee, and Chimphlee Witcha. "Machine learning to improve the performance of anomalybased network intrusion detection in big data." Machine learning to improve the performance of anomalybased network intrusion detection in big data 30, no. 2 (2023): 1106–19. https://doi.org/10.11591/ijeecs.v30.i2.pp1106-1119.
Full textAbstract:
With the rapid growth of digital technology communications are overwhelmed by network data traffic. The demand for the internet is growing every day in today's cyber world, raising concerns about network security. Big Data are a term that describes a vast volume of complicated data that is critical for evaluating network patterns and determining what has occurred in the network. Therefore, detecting attacks in a large network is challenging. Intrusion detection system (IDS) is a promising cybersecurity research field. In this paper, we proposed an efficient classification scheme for IDS, which is divided into two procedures, on the CSE-CIC-IDS-2018 dataset, data pre-processing techniques including under-sampling, feature selection, and classifier algorithms were used to assess and decide the best performing model to classify invaders. We have implemented and compared seven classifier machine learning algorithms with various criteria. This work explored the application of the random forest (RF) for feature selection in conjunction with machine learning (ML) techniques including linear regression (LR), k-Nearest Neighbor (k-NN), classification and regression trees (CART), Bayes, RF, multi layer perceptron (MLP), and XGBoost in order to implement IDSS. The experimental results show that the MLP algorithm in the most successful with best performance with evaluation matrix.
50
Najafi Mohsenabad, Hadi, and Mehmet Ali Tut. "Optimizing Cybersecurity Attack Detection in Computer Networks: A Comparative Analysis of Bio-Inspired Optimization Algorithms Using the CSE-CIC-IDS 2018 Dataset." Applied Sciences 14, no. 3 (2024): 1044. http://dx.doi.org/10.3390/app14031044.
Full textAbstract:
In computer network security, the escalating use of computer networks and the corresponding increase in cyberattacks have propelled Intrusion Detection Systems (IDSs) to the forefront of research in computer science. IDSs are a crucial security technology that diligently monitor network traffic and host activities to identify unauthorized or malicious behavior. This study develops highly accurate models for detecting a diverse range of cyberattacks using the fewest possible features, achieved via a meticulous selection of features. We chose 5, 9, and 10 features, respectively, using the Artificial Bee Colony (ABC), Flower Pollination Algorithm (FPA), and Ant Colony Optimization (ACO) feature-selection techniques. We successfully constructed different models with a remarkable detection accuracy of over 98.8% (approximately 99.0%) with Ant Colony Optimization (ACO), an accuracy of 98.7% with the Flower Pollination Algorithm (FPA), and an accuracy of 98.6% with the Artificial Bee Colony (ABC). Another achievement of this study is the minimum model building time achieved in intrusion detection, which was equal to 1 s using the Flower Pollination Algorithm (FPA), 2 s using the Artificial Bee Colony (ABC), and 3 s using Ant Colony Optimization (ACO). Our research leverages the comprehensive and up-to-date CSE-CIC-IDS2018 dataset and uses the preprocessing Discretize technique to discretize data. Furthermore, our research provides valuable recommendations to network administrators, aiding them in selecting appropriate machine learning algorithms tailored to specific requirements.