Network Intrusion Detection & Prevention Research Papers (original) (raw)

2025

With the recent advances in Internet-of-thing devices (IoT), cloud-based services, and diversity in the network data, there has been a growing need for sophisticated anomaly detection algorithms within the network intrusion detection system (NIDS) that can tackle advanced network threats. Advances in Deep and Machine learning (ML) has been garnering considerable interest among researchers since it has the capacity to provide a solution to advanced threats such as the zero-day attack. An Intrusion Detection System (IDS) is the first line of defense against network-based attacks compared to other traditional technologies, such as firewall systems. This report adds to the existing approaches by proposing a novel strategy to incorporate both supervised and unsupervised learning to Intrusion Detection Systems (IDS). Specifically, the study will utilize deep Autoencoder (DAE) as a dimensionality reduction tool and Support Vector Machine (SVM) as a classifier to perform anomaly-based classification. The study diverts from other similar studies by performing a thorough analysis of using deep autoencoders as a valid non-linear dimensionality tool by comparing it against Principal Component Analysis (PCA) and tuning hyperparameters that optimizes for 'F-1 Micro' score and 'Balanced Accuracy' since we are dealing with a dataset with imbalanced classes. The study employs robust analysis tools such as Precision-Recall Curves,

2025, International Journal of Information Security

This paper presents Duenna, an authentication framework for smart home systems (SHSs). When using controlling apps (e.g., a smartphone app), Duenna makes sure that only legitimate SHS users are allowed to operate their Internet of things (IoT) devices. Duenna is built upon a behavioral anomaly detection (BAD)-based approach. In particular, we hypothesize that SHS users usually operate their home IoT devices in typical and distinctive patterns. Therefore, users that attempt to operate devices differently from such a regular behavior are considered malicious. Technically, Duenna operates in two modes. In an initialization operation, Duenna first collects and processes the historical cyber and physical activities of an SHS user in addition to the historical states of the SHS itself to build a set of incremental anomaly detection (AD) models. Then, in an interactive operation, the trained AD models are, then, used as a baseline from which anomalous commands (i.e., outliers) are detected and rejected, while regular commands (i.e., targets) are considered legitimate and allowed to be executed. Through an empirical evaluation conducted on real-world data, Duenna exhibits high authentication rates ensuring both security and user experience. The findings obtained from such evaluation show that a user behavior-based approach is a promising security scheme that could be integrated into existing SHS platforms.

2025, SPIE Proceedings

Whereas single class classification has been a highly active topic in optical remote sensing, much less effort has been given to the multi-label classification framework, where pixels are associated with more than one labels, an approach closer to the reality than single-label classification. Given the complexity of this problem, identifying representative features extracted from raw images is of paramount importance. In this work, we investigate feature learning as a feature extraction process in order to identify the underlying explanatory patterns hidden in low-level satellite data for the purpose of multi-label classification. Sparse autoencoders composed of a single hidden layer, as well as stacked in a greedy layer-wise fashion formulate the core concept of our approach. The results suggest that learning such sparse and abstract representations of the features can aid in both remote sensing and multi-label problems. The results presented in the paper correspond to a novel real dataset of annotated spectral imagery naturally leading to the multi-label formulation.

2025, Research Journal of Engineering and Technology

2025, Msc Thesis, Kwame Nkrumah University of Science and Technology

ABSTRACT
Concerns about confidentiality, integrity, authenticity, and non-repudiation are greatly heightened by the information flow and data upkeep inside organizations. A variety of symmetric and asymmetric cryptographic algorithms have been used to appropriately handle the aforementioned issues. AES and RSA are two of the most used cryptographic algorithms. Even though AES is a relatively quick symmetric encryption method, exchanging secret keys with external parties might be difficult. With the benefits of key distribution, RSA is an asymmetric cryptographic method that employs various keys for encryption and decryption. However, RSA is sluggish and leaves openings for attack. This study's major goal was to compare, contrast, and analyze the key components of the AES and RSA encryption algorithms in order to build an enhanced hybrid encryption algorithm that significantly improves data security. For this study, the empirical research approach was employed. Based on processing speed, data volume, and crypto-security specifications, the study was conducted. In practice, the research combines a hybrid encryption method with the hashing functions of RSA asymmetric, AES symmetric, and digital signatures. The study's findings showed that the Enhanced Hybrid Encryption method addresses the four main security issues of secrecy, integrity, authentication, and non-repudiation. Data confidentiality and integrity were accomplished by encrypting data with AES-256 and decrypting it with RSA. Compared to using the two methods separately, this increased efficiency while cutting down on processing time. In cases when there is no secret key distribution, the Enhanced hybrid encryption approach makes use of several keys. Additionally, a digital signature is used to assure data authenticity, and employing SHA-1 instead of MD5 results in a better hashing algorithm and eventual non-repudiation of data.

2025

Malware detection faces escalating challenges due to evolving attack vectors, encrypted traffic, and zero-day exploits. Traditional signaturebased methods fall short in dynamic environments, while anomaly-based approaches often suffer from high false positives. This paper proposes an Enhanced Entropy-Based Malware Detection (EEBMD) framework that leverages quantum-inspired entropy gradients and adaptive machine learning to identify threats with unprecedented accuracy. By modeling network traffic as a non-space field with information-theoretic entropy dynamics, we detect anomalies through deviations in entropy propagation patterns. Key innovations include: • Context-aware entropy profiling using time-windowing, reinforcement learning, and dynamic thresholds. • Real-time gradient analysis (∇S) to pinpoint malware-induced distortions in information flow. • Scalable edge architecture with federated learning for distributed threat intelligence. Benchmarks demonstrate >90% detection rates for exfiltration, C2 beaconing, and lateral movement, with <2% false positives under normal traffic. Future directions explore quantum clustering and automated response systems. This work bridges network security, information theory, and quantum computation, offering a robust foundation for nextgeneration intrusion detection.

2025

The term “Bot” refers to an infected computer that takes order and reports back. Botnet is a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam. More specifically a botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. Now a days in case of network security botnet detection becomes a challenging work and it makes easier for intruders and attackers to generate attacks. Due to the concept of centralized propagation, botnet floods infectious hazards through different botnet clients inside the network and then network security becomes hampered. To overcome the challenges in identifying the botnet, we propose a new modified propagation algorithm for botnet...

2025, Research Conference on Advances in Information and Communication Technology

With the growth of the usage of computers over the network, security vulnerabilities on all the computer systems seem very difficult and expensive. The Intrusion Detection System (IDS) generates huge numbers of false alerts. Therefore, it is necessary to assist in categorizing the degree of threat by using data mining techniques. We have used the NSL-KDD dataset for this research study. The response time was found to be high when the complexity of the dataset is high. Therefore, we have utilized Infogain feature selection algorithms. Four machine learning classification
algorithms such as Sequential Minimal Optimization, Nave Bayes, J48, and Random Forest are
utilized for this study. The Random Forest scores the best accuracy at 99.9%. However, J48 was
chosen with an accuracy score of 99.8% with a minimum response time. .

2025, Journal of Computers

Recently, research on intrusion detection in computer systems has received much attention to the computational intelligence society. Many intelligence learning algorithms applied to the huge volume of complex and dynamic dataset for the construction of efficient intrusion detection systems (IDSs). Despite of many advances that have been achieved in existing IDSs, there are still some difficulties, such as correct classification of large intrusion detection dataset, unbalanced detection accuracy in the high speed network traffic, and reduce false positives. This paper presents a new approach to the alert classification to reduce false positives in intrusion detection using improved self adaptive Bayesian algorithm (ISABA). The proposed approach applied to the security domain of anomaly based network intrusion detection, which correctly classifies different types of attacks of KDD99 benchmark dataset with high classification rates in short response time and reduce false positives using limited computational resources.

2025, IJIES

As the prevalence of Internet of Things (IoT) devices increases, Cyber incidents are also increasing significantly. These Cyber incidents are mainly caused by various attacks, such as Distributed Denial of Service (DDoS), Denial of Service (DoS), intrusions, and web-based attacks. This type of attacks can severely impact valuable IoT system resources, compromise stored data, and lead to substantial financial losses if not adequately mitigated. Detecting these attacks within network traffic is complex and requires intelligent Intrusion Detection Systems (IDS). This paper proposes a Machine Learning (ML) based hybrid IDS model for edge computing networks. The feature selection process employs the 'Recursive Feature Elimination technique' (RFE) combined with 'Random Forest' (RF) to identify optimal features for attack detection. The Hybrid IDS model integrates 'Random Forest' (RF), 'Decision Tree' (DT), 'Extra Tree' (ET), and 'K-Nearest Neighbor' (KNN) algorithms. The Hybrid IDS model is evaluated on four datasets: 'CIC-IDS-2017', 'NSL-KDD', 'UNSW-NB15', and 'CSE-CIC-IDS-2018'. The results of the proposed model show maximum prediction accuracy of 99.92%, 99.89%, 99.50%, and 99.13%, and F1-score values obtained are 99.95%, 99.90%, 99.23%, and 99.13% on 'CIC-IDS-2017', 'NSL-KDD', 'UNSW-NB15', and 'CSE-CIC-IDS-2018' datasets, respectively. The experimental results clearly demonstrate that the proposed model performs better than the models reported in the existing studies.

2025, Sciforce Publications

The term "big data" refers to extensive collections of data that are sizable, diverse, and intricate in their structure, presenting challenges in storage, analysis, and visualization for subsequent procedures or outcomes. The activity of investigating massive volumes of data to uncover concealed patterns and undisclosed connections is referred to as big data analytics. Introduction: The concept of Big Data holds significance in handling data that deviates from the conventional structure of traditional databases. Big Data encompasses various pivotal technologies such as, HDFS, No SQL , Map Reduce, Mongo DB, Cassandra, PIG, HIVE, and HBASE, which collaborate to attain the ultimate objective of deriving value from data that might have been previously regarded as un utilizable.

2025

The Euler totient function, denoted as (𝑛), is an important concept in number theory. It counts the positive integers up to 𝑛 that are co-prime with 𝑛. This work delves into the definition, properties, and computational methods of (𝑛), emphasizing its significance in cryptography. We examine its theoretical foundations and showcase its crucial role in the RSA encryption algorithm, which is vital for secure data transmission. By exploring the function's application in cryptographic protocols, we underscore its importance in ensuring confidentiality and security in digital communications. This study highlights the impact of number theory on modern cryptography.

2025, Lecture Notes in Computer Science

The expressive power of regular expressions has been often exploited in network intrusion detection systems, virus scanners, and spam filtering applications. However, the flexible pattern matching functionality of regular expressions in these systems comes with significant overheads in terms of both memory and CPU cycles, since every byte of the inspected input needs to be processed and compared against a large set of regular expressions. In this paper we present the design, implementation and evaluation of a regular expression matching engine running on graphics processing units (GPUs). The significant spare computational power and data parallelism capabilities of modern GPUs permits the efficient matching of multiple inputs at the same time against a large set of regular expressions. Our evaluation shows that regular expression matching on graphics hardware can result to a 48 times speedup over traditional CPU implementations and up to 16 Gbit/s in processing throughput. We demonstrate the feasibility of GPU regular expression matching by implementing it in the popular Snort intrusion detection system, which results to a 60% increase in the packet processing throughput.

2025, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)

Monitoring systems observe important information that could be a valuable resource to malicious users: attackers can use the knowledge of topology information, application logs, or configuration data to target attacks and make them hard to detect. The increasing need for correlating information across distributed systems to better detect potential attacks and to meet regulatory requirements can potentially exacerbate the problem if the monitoring is centralized. A single zero-day vulnerability would permit an attacker to access all information. This paper introduces a novel algorithm for performing policy-based security monitoring. We use policies to distribute information across several hosts, so that any host compromise has limited impact on the confidentiality of the data about the overall system. Experiments show that our solution spreads information uniformly across distributed monitoring hosts and forces attackers to perform multiple actions to acquire important data.

2025, Journal of Computer and Knowledge Engineering

For computer networks to remain secure, intrusion detection is essential. Analyzing network traffic data is part of this activity to spot possible cyber threats. However, the curse of dimensionality presents a challenge because there are so many dimensions in the data. To overcome this challenge, feature selection is essential to creating a successful intrusion detection system. It involves removing irrelevant and redundant features, which enhances the classification model's accuracy and lowers the dimensionality of the feature space. Metaheuristic algorithms are optimization techniques inspired by nature and are well-suited to choose features for network intrusion detection. They are effective in exploring large search spaces and have been widely used for this purpose. In this study, we improve the Sine Cosine Algorithm named ISCA for feature selection by introducing a controlling parameter to balance exploration and exploitation. Based on the NSL-KDD dataset, the results show that compared to other competing algorithms, the ISCA performs better than other metaheuristic algorithms in terms of both the number of features selected and the accuracy of classification.

2025

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component
of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This project provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge from
IDS can assist network administrators and network staff in understanding how to tackle different attacks with state-of-the-art technologies. Here, a platform was developed to aid a proactive detection measure against database intrusion using the Unified Modeling Language (UML) methodologies. Structured System Analysis and Design Methodology (SSADM) was used to oversee the
development of the platform. PHP was used as the scripting language and JavaScript was used as the platform control mechanism. The generated output from this development as shown in this project certified that the system could provide a proactive detection measure against detection measure.

2025, Journal of Telecommunication, Electronic and Computer Engineering

In modern networking, the efficient prioritization and classification of network traffic is paramount to ensure optimal network performance and optimization. This study presents an approach to enhance intelligent packet forwarding priority classification on Differentiated Services Code Point (DSCP), leveraging classifiers from machine learning algorithms for Deep Packet Inspection (DPI). The DSCP resides inside the Differentiated Services (DS) field of the Internet Protocol (IP) packet header in an OSI or TCP/IP model, which prioritizes different types of packets for forwarding to the router based on the attached payload. Similarly, DPI plays a crucial role in network management, enabling the identification of applications, services, and potential threats within the network traffic. In this study, various machine learning models, namely Support Vector Machine (SVM), K-Nearest Neighbors (KNN), Decision Tree, Random Forest, Logistic Regression and ensemble models such as, XGBoost, AdaBoost were used to harness the capabilities of network packet classification based on DSCP. Detailed experimentation was conducted to evaluate their performance. The results show that AdaBoost demonstrated superior performance with an accuracy of around 89.91%, showcasing its ability to adapt the evolving network configurations and conditions while maintaining high classification accuracy on the IP packets. The random forest model also performed well, achieving an accuracy of 89.41%, making it a strong candidate for the DSCP classification in network transmission. This study has the potential to significantly improve how networks manage traffic, prioritize packets, and secure complex and dynamic network environments.

2025, Lecture Notes in Computer Science

Network intrusion detection has been generally dealt with using sophisticated software and statistical analysis, although sometimes it has to be done by administrators, either by detecting the intruders in real time or by revising network logs, making this a tedious and timeconsuming task. To support this, intrusion detection analysis has been carried out using visual, auditory or tactile sensory information in computer interfaces. However, little is known about how to best integrate the sensory channels for analyzing intrusion detection alarms. In the past, we proposed a set of ideas outlining the benefits of enhancing intrusion detection alarms with multimodal interfaces. In this paper, we present a simplified sound-assisted attack mitigation system enhanced with auditory channels. Results indicate that the resulting intrusion detection system effectively generates distinctive sounds upon a series of simple attack scenarios consisting of denial-of-service and port scanning.

2025, IEEE International Conference 2025 AI-Driven Smart Healthcare for Society 5.0 (AdSoc 5.0)At: Kolkata, India

Health monitoring has become a major concern in current society especially due to the continuously rising incidences of chronic ailments. Some of the primary monitoring techniques face a severe disadvantage in that they are incapable of identifying even the subtlest of health changes in real-time. Other systems also have difficulties handling large scales, nonlinear, dynamic data, for instance, from wearables' sensors. To deal with such problems, this work developed a new approach based on Autoencoder for learning the features without requiring the label and GAN for the online detection of the anomalous data in real-time health information. It involves wearables with IoT for perpetually monitoring the patients and using sophisticated detection algorithms for feasible cloud analysis. The initial performance shows a better accuracy/precision, and recall compared to the conventional models and serves as an efficient means to provide timely basic health intelligence.

2025, 2024 IEEE International Conference on Data Mining Workshops (ICDMW)

In the domain of financial cybersecurity, where trust and reliability is paramount, the advent of Artificial Intelligence is bringing novel tools for network intrusion detection. This paper introduces AI4FIDS, a novel AI-powered Intrusion Detection System leveraging Federated Learning (FL) to enhance data privacy while enabling decentralized model training across multiple financial entities. Concurrently, we present TRUST4AI.xAI, an explainability module designed to render AI decision-making transparent and interpretable, thereby aligning with the critical need for model accountability in financial applications. Our experimental results, conducted in the framework of the AI4CYBER project’s financial sector pilot, demonstrate in detecting network intrusions in financial infrastructure while maintaining user privacy, while increasing trustworthiness via explain-ability methods. The integration of these technologies addresses the dual challenges of effective threat detection and regulatory compliance, offering a scalable solution for modern financial institutions. This work contributes to the ongoing dialogue on leveraging AI for financial security and sets a benchmark for the development of privacy-preserving, interpretable AI models in this sector.

2025, International Conference on Innovative Computing and Communications

E-learning is recently days considered the easy media used to teach materials and courses. The E-learning environment contains a lot of resources and content related to each user profile. Those contents are considered private data or information for the user, so it is important to provide a secure environment for the users to keep their privacy safe. E-learning over fog computing takes place very fast, especially with the spread of (IoT) devices. Fog computing is offering a way to avoid latency and reduce the distance between the end users and resources over the cloud. This paper aimed to offer a secure method for the learning resources based on fog computing. Elliptic Curve Cryptography (ECC) algorithm is used to secure the data flow of the E-learning system over fog computing by using common and special key encryption in combination with AES. As the user data is encrypted and decrypted with the users' keys to protect his privacy. The ECC is powerful encryption way and did not effects on the performance of the E-learning environment. At the end of the paper there is a comparison between RSA and ECC usage to illustrate the main difference between the two types of cryptography.

2025, Elsevier Computer Networks

The advent of the Internet of Things (IoT) has ushered in an era of unprecedented connectivity and convenience, enabling everyday objects to gather and share data autonomously, revolutionizing industries, and improving quality of life. However, this interconnected landscape poses cybersecurity challenges, as the expanded attack surface exposes vulnerabilities ripe for exploitation by malicious actors. The surge in network attacks targeting IoT devices underscores the urgency for robust and evolving security measures. Class Incremental Learning (CIL) emerges as a dynamic strategy to address these challenges, empowering Machine Learning (ML) and Deep Learning (DL) models to adapt to evolving threats while maintaining proficiency in detecting known ones. In the context of IoT security, characterized by the constant emergence of novel attack types, CIL offers a powerful means to enhance Network Intrusion Detection Systems (NIDS) resilience and network security. This paper aims to investigate how CIL methods can support the evolution of NIDS within IoT networks (i) by evaluating both attack detection and classification tasksoptimizing hyperparameters associated with the incremental update or to the traffic input definition-and (ii) by addressing also key research questions related to real-world NIDS challenges-such as the explainability of decisions, the robustness to perturbation of traffic inputs, and scenarios with a scarcity of new-attack samples. Leveraging 4 recently-collected and comprehensive IoT attack datasets, the study aims to evaluate the effectiveness of CIL techniques in classifying 0-day attacks.

2025

Normally, The Internet grows rapidly and most useful in each domain but network vulnerability and intrusions are still an important issue that causes attacks. Attacks can immediately cause system down. Therefore, it is necessary to detect network attacks before they damage the whole system for that we used firstly dataset. Generally, Intrusion detection system can be deployed to detect network threats and attacks. A good system to detect the illegal user is to monitoring the packets and using the different algorithms, methods and applications which are created and implemented to solve the problem of detecting the attacks in intrusion detection systems. Most methods detect attacks and categorize in two groups, normal or threat. We consider network intrusion detection using fuzzy genetic algorithm to classify attacks in the datasets. Fuzzy rule is a machine learning algorithm that can classify network attack data and protect the system from damage, while a genetic algorithm is an optimization algorithm that can help finding appropriate fuzzy rule and give the optimal solution. And also a new approach of intrusion detection system based on neural network. In this paper, we have a Multi-Layer Perceptron (MLP) is used for intrusion detection system, which is better solution for the intrusion detection using weka tool. This algorithm uses the number of layers so it is more secure from the hacker. We consider both well-known KDD99 dataset and our own network dataset. The KDD99 dataset is a benchmark dataset which is already stored. While our network dataset is an online network data captured in actual network environment. We evaluate our IDS in terms of detection speed, detection rate and false alarm rate.

2025, IEEE

Recent advancements in adversarial machine learning underscore the need for robust defenses against sophisticated attacks that compromise AI systems' reliability. Existing frameworks, such as AI Guardian, offer valuable defenses but often rely on assumptions that can limit their effectiveness, such as incorporating adversarial examples into training data and expecting attacks to be directional. This paper introduces an innovative approach to adversarial defense that diverges from traditional methods by proposing a defense strategy based on stable diffusion[1], [2]. Our method avoids training with adversarial examples and instead leverages continuous learning and comprehensive threat modeling to build inherently resilient AI systems. By addressing the limitations of existing defenses and emphasizing a dynamic, adaptive strategy, our approach aims to provide a more generalized and robust solution to adversarial threats. We present the theoretical underpinnings, experimental design, and anticipated benefits of our approach, with a focus on enhancing AI security and adaptability against unpredictable adversarial attacks[3], [4].

2025, IEEE

In this paper, the author proposes a novel AIbased cybersecurity model meant for improving threat identification and response in critical infrastructure contexts. Using highly developed methods of artificial neural networks, the system adapts to network flows, logs and system outages and identifies and counteracts increasingly complex cyber threats. The product was developed and validated through exercise scenarios in order to evaluate the impact on sectors of critical infrastructure such as energy, transport, healthcare and others. The outcomes show that the system has received substantial enhancements in threat detection of multiple classes, with classification level of 94% and the false positive levels of 4%. The large-scale AI system was shown to be able to attain better scalability than the model trained on the local set without decreased performance during the high network utilization. Moreover, time responses for threat counteraction reduced dramatically as the system developed through iterations, demonstrating its real-time learning ability. It also describes difficulties which appear when applying the solution, for example, when it comes to data variety and integration of AI models with existing systems. Nonetheless, the solution that is proposed herein has the potential for achieving a scalable and adaptive security in key sectors.

2025, Journal of Cyber Security and Risk Auditing (JCSRA)

Wireless sensor networks (WSNs) are a rapidly advancing technology and serve as a foundational component for the Internet of Things (IoT) and various other domains, including healthcare, education, surveillance, military applications, and more. These networks possess unique characteristics such as limited memory, battery life, and processing power, as well as the ability to be deployed in remote or inaccessible areas. While these features enable their widespread use, they also impose significant constraints, making the implementation of robust security and protection mechanisms a complex challenge. This research paper examines a collection of recent scientific studies and proposals aimed at enhancing the security of wireless sensor networks against diverse types of attacks. The primary objective of this study is to explore the common challenges faced by WSNs as an emerging technology. Through a comprehensive review of existing research and practical implementations, it identifies potential risks and threats, evaluates current security measures, and analyzes the outcomes of these studies to provide insights for future advancements in the field.

2025, IEEE INFOCOM Workshops: Quantum Networked Applications and Protocols (QuNAP)

Network security is a theme facing a continuous transformation, due to the diversity of users and devices that populate the Internet. On the technology side, quantum computing represents a reality in progress, offering new solutions and applications. Among these, Quantum Machine Learning (QML) is a good candidate to be employed in network security, thanks to benefits like computation speed-up and efficient treatment of big volumes of data. In this paper we analyze the effectiveness of two classical QML approaches (named AMPE and ANGE) in Attack Classification (AC) and Misuse Detection (MD) scenarios, comparing with two DL approaches (named 1D-CNN and HYBRID). Two popular and publicly available IOT securityaware datasets, i.e., IOT-NIDD and EDGE-IIOT, are considered for experimental evaluation. Moreover, we further examine the algorithms by performing a cross-evaluation, to test robustness of such models in network contexts they were not explicitly trained for. The experimental campaign we conduct shows how QML can represent a valid choice for the deployment in IOT network intrusion detection systems.

2025, Human-Computer Interaction Perspectives

Few-shot learning (FSL) represents a paradigm shift in machine learning and computer vision, addressing the challenge of model generalization from a limited number of training examples. This paper presents a comprehensive overview of few-shot learning techniques, exploring their practical applications and techniques in the realm of computer vision. Few-shot learning

2025, Jurnal Ilmiah FIFO

This study aims to evaluate the effectiveness of Logistic Regression in diagnosing heart disease using the UCI Heart Disease dataset. The dataset comprises 303 patient records with 14 features, including age, gender, blood pressure, and cholesterol, divided into 60% training data, 20% validation data, and 20% testing data. The research begins with problem formulation and literature review, followed by data preprocessing, which includes missing value imputation, feature normalization, and dataset splitting. Various machine learning models, including k-Nearest Neighbors (kNN), Support Vector Machine (SVM), Logistic Regression, Naïve Bayes, and Neural Network, are applied and compared. The models are evaluated using accuracy, precision, recall, and F1 score metrics. Results show that Logistic Regression achieves the highest accuracy of 0.89, with superior precision and recall. Naïve Bayes and kNN achieve accuracies of 0.87 and 0.85, respectively, while Neural Network shows the lowest accuracy of 0.77. Tuning hyperparameters of the Neural Network did not reveal a clear pattern for improving accuracy. This study concludes that Logistic Regression is the most effective model for heart disease prediction compared to others, particularly in medical applications that require interpretability and efficiency.

2025, The power of Julia in Cyber Defence.

The abstract of this master's project report provides a concise overview of the research, focusing on the advantages of employing Julia for anomaly detection and intrusion detection in cybersecurity. This project

2025

AbstractThis paper presents a framework for a new approach in intrusion detection by combining two existing machine learning methods (ie SVM and CSOACN). The IDS based on the new algorithm can be applied as pure SVM, pure CSOACN or their... more

2025, Utilitas mathematica

This paper proposes a new framework for classifying malicious intrusions and attacks in IoT networks using a deep learning model, namely GAN. Any traditional IDS based on defined patterns face challenges when faced with constantly changing attack signatures. To overcome this, we describe the deployment of a GAN model, which comprises a generator and a discriminator to identify both known and unknown attacks' signatures. UNSW-NB15 was adopted for both training and testing the model and it consists of different attack signatures. The proposed system has a 98% detection rate of the growth of malicious activities in the system without necessarily relying on given signature attacks. Some other evaluation pointers like precision rate, recall rate and confusion matrix also support the model's ability to drastically reduce the number of false positives and/or false negatives. The experimental outcomes provide a note for GAN-based intrusion detection that can effectively improve security in the evolving IoT context and promote a real-time IoT security platform.

2025, Proceedings of 2nd International Conference on Computing Technologies, Tools and Applications

In today's information and technological age, the Internet provides resources that offer easy and efficient solutions for tasks but also poses threats such as privacy theft and data breaches. This work proposes the design of an Intrusion Detection System (IDS) utilizing the Snort tool to improve network security. The research reviews past studies on IDS, while the methodology discusses the implementation of the Waterfall Model for development. Results include the study's preliminary conclusions, system use case diagrams, and details on the creation and examination of prototypes. The recommendations section provides ideas for potential future changes. The final section reviews the project phases and highlights the successes of the project, including the development of a Linux-based Network Intrusion Detection System using Snort IDS to enhance network security.

2025, Artificial Intelligence Review

Telecommunication networks are becoming increasingly dynamic and complex due to the massive amounts of data they process. As a result, detecting abnormal events within these networks is essential for maintaining security and ensuring seamless operation. Traditional methods of anomaly detection, which rely on rule-based systems, are no longer effective in today's fast-evolving telecom landscape. Thus, making AI useful in addressing these shortcomings. This review critically examines the role of Artificial Intelligence (AI), particularly deep learning, in modern anomaly detection systems for telecom networks. It explores the evolution from early strategies to current AI-driven approaches, discussing the challenges, the implementation of machine learning algorithms, and practical case studies. Additionally, emerging AI technologies such as Generative Adversarial Networks (GANs) and Reinforcement Learning (RL) are highlighted for their potential to enhance anomaly detection. This review provides AI's transformative impact on telecom anomaly detection, addressing challenges while leveraging 5G/6G, edge computing, and the Internet of Things (IoT). It recommends hybrid models, advanced data preprocessing, and self-adaptive systems to enhance robustness and reliability, enabling telecom operators to proactively manage anomalies and optimize performance in a data driven environment.

2025

As the use of Internet is growing, the need of strong computer security and network is increasing. Intrusion detection is an evolving as a research area to fulfil the demands of IT business. Though intrusion prevention is the best option from security viewpoint, practically it may not be possible as hackers are forming new techniques for breaking the security. Hence, detecting an intrusion at the earliest becomes the prudent option. The objective of intrusion detection is to examine the network data continuously in order to monitor the network security and detect the malicious activity in the form of an attack or intrusion. It should have a high detection rate and low false positive. Due to the vastness of data to be examined, the data mining techniques have been focused in the research of network intrusion detection where pattern classifiers play an important role. A generalized framework has been proposed by Biggio et. al. (2013) which is useful for evaluation of classifier securi...

2025, International Research Journal of Engineering and Technology

In an era where cyber threats are escalating in sophistication and frequency, the need for robust and responsive security measures has never been greater. This paper presents an innovative cyber security detecting and alerting device designed to provide a comprehensive approach to threat detection and mitigation. Our integrated system leverages advanced machine learning algorithms, real-time data analysis, and automated response mechanisms to identify and neutralize potential threats before they can inflict damage. By combining anomaly detection, behavioural analysis, and signature-based techniques, the device ensures multi-layered protection against a wide range of cyber threats. Kexx`y features include rapid threat detection, real-time alerts, and automated mitigation processes, all tailored to adapt to evolving security landscapes. The system's effectiveness is demonstrated through rigorous testing in various scenarios, highlighting its capability to safeguard critical infrastructure and sensitive information. This innovative device represents a significant advancement in cyber security, offering enhanced protection and peace of mind for organizations and individuals alike.

2025

Modern Network Intrusion Detection Systems (NIDS) inspect the network packet payload to check if it conforms to the security policies of the given network. This process, of-ten referred to as deep packet inspection, involves detection of predefined signature strings or keywords starting at an arbitrary location in the payload. String matching is a computationally intensive task and can become a potential bottleneck without high-speed processing. Since the conventional software-implemented string matching algorithms have not kept pace with the increasing network speeds, special purpose hardware solutions have been introduced. In this paper we show how Bloom filters can be used effectively to perform string matching for thousands of strings at wire speed. We describe how Bloom filters can be implemented feasibly on commodity FPGA. Our analysis shows that this approach for string matching is more effective than the current FPGA-based solutions which use Deterministic or Non-deterministic Finite Automata (DFA or NFA). Fi-nally, we give the details of our implementation of string matching technique on Xilinx XCV 2000E FPGA.

2025

FPGA technology has become widely used for real-time network intrusion detection. In this paper, a novel packet classification architecture called BV-TCAM is presented, which is implemented for an FPGA-based Network Intrusion Detection System (NIDS). The classifier can report multiple matches at gigabit per second network link rates. The BV-TCAM architecture combines the Ternary Content Addressable Memory (TCAM) and the Bit Vector (BV) algorithm to effectively compress the data representations and boost throughput. A tree-bitmap implementation of the BV algorithm is used for source and destination port lookup while a TCAM performs the lookup of the other header fields, which can be represented as a prefix or exact value. The architecture eliminates the requirement for prefix expansion of port ranges. With the aid of a small embedded TCAM, packet classification can be implemented in a relatively small part of the available logic of an FPGA. The design is prototyped and evaluated in a Xilinx FPGA XCV2000E on the FPX platform. Even with the most difficult set of rules and packet inputs, the circuit is fast enough to sustain OC48 traffic throughput. Using larger and faster FPGAs, the system can work at speeds greater than OC192.

2025

I appreciate all the people who have assisted and motivated me during the research and study period. I personally want to register special thanks to my supervisors. Dr. Joseph Siror and Dr Moses Thiga for the support and guidance they accorded me that helped me finish up the research and thesis writing. Their perpetual energy and enthusiasm motivated me to complete this study, their sincere concern and assistance throughout my study period are not in vain. I would also like to thank Mr Peter Kemei and all my classmates for their invaluable comments and ideas during my proposal at the early stage of my study. Special thanks goes to the respected evaluators and chairman: Prof. Simon Karume, Dr. Betty Tikoko, Dr. Maghanga,. Dr. Nelson Masese and Dr. Peter Rugiri who have given me constructive comments during defense of my proposal and thesis. My deepest gratitude goes to my dearest family and friends for their undying support and endless love. They are my true inspiration in achieving all my dreams. Last but not least, thanks to School of Computing, Kabarak University and Ministry of Higher Education (MoHE) for giving me the opportunity to further my doctorate.

2025

The world is moving into a new era with the deployment of 5G communication infrastructure. Many new developments are deployed centred around this technology. One such advancement is 5G Vehicle to Everything communication. This technology can be used for applications such as driverless delivery of goods, immediate response to medical emergencies, and improving traffic efficiency. The concept of Intelligent Transport Systems (ITS) is built around these systems, which are completely autonomous; the concern for security is imperative. This paper studies the Distributed Denial of Service (DDoS) attack carried out over a 5G network and analyses security attacks, particularly the DDoS attack. The aim is to implement a machine learning model capable of classifying different types of DDoS attacks and predicting the quality of 5G latency.
The initial steps of implementation

2025

Cover: Nine voltage profiles from four ECUs sending nine different message-IDs on the Boxcar.

2025, Leveraging Machine Learning for Enhanced Network Intrusion Detection: A Case Study Using the KDDCUP99 Dataset

In the context of an escalating frequency and sophistication of cyberattacks, Artificial Intelligence (AI) has emerged as a pivotal tool for enhancing the effectiveness of security operations, particularly for under-resourced analysts. This study explores a significant opportunity for cybersecurity consultants to develop an AI-driven solution using the KDDCUP99 dataset, which simulates a military network environment and encompasses a broad spectrum of intrusion types. As a cybersecurity consultant, the primary objective is to design and implement a network intrusion detection system capable of distinguishing between "bad" connections—indicative of intrusions or attacks—and "good" connections, representing normal network traffic. However, network attackers have developed adversarial methods to disrupt AI classification models by inputting false data (Roseline and Geetha, 2021). While advancements in network intrusion detection have been made, machine learning approaches exhibit drawbacks, including an inability to handle large datasets effectively and inconsistent detection rates across different types of intrusions. In contrast, deep learning addresses these limitations with superior prediction capabilities and strong adaptability (Li et al., 2020). This project leverages advanced AI techniques, including both Machine Learning (ML) and Deep Learning (DL), to analyze network traffic data, enhancing anomaly detection and misuse identification. The classifiers employed in this study include Decision Trees (DT), K-Nearest Neighbors (KNN), Random Forest (RF), Naïve Bayes (NB), XGBoost, and Neural Networks. After reviewing test and experimental data, Random Forest and XGBoost achieved 100% accuracy in detecting malware, alongside perfect precision (1.00), recall (1.00), and F1-scores (1.00). The use of feature selection was crucial in improving prediction accuracy (Muhammad and Tao, 2023). The deliverables include a comprehensive report detailing the configuration of learning models, the development of a self-adjusting AI model for intrusion detection, and an evaluation of the model's performance metrics based on insights from at least ten academic papers. A comparative analysis of the model's effectiveness will be presented, alongside a proposed automated mitigation and control system aimed at fortifying organizational resilience against potential breaches. Additionally, a Python-based software implementation will be provided, featuring a robust training and testing framework using the KDDCUP dataset. This dual approach emphasizes the design and operationalization of the predictive model while underscoring the importance of proactive measures in combating the evolving landscape of cyber threats. Overall, this research contributes to the field of cybersecurity by demonstrating the efficacy of AI in safeguarding critical infrastructure and offers practical insights for practitioners in the realm of network security.

2025, New Trends in Signal Processing (NTSP)

In the field of intrusion detection, research has
made enormous progress over the past decade, and there are
many articles devoted to this issue. Currently, however,
intrusion detection covers a very wide spectrum of new
technologies, and mapping this area, current trends and open
problems could greatly help researchers find their way and
choose the path to take. There are also many different reviews
and studies in this domain, which provide different taxonomy
and categorization for the same terms what is causing confusion,
especially for new researchers in this domain. The article is
providing comprehensive overview of different Intrusion
Detection System (IDS) methodologies, techniques and
taxonomy. Also, the most important principles are described so
that the reader, after reading it, clearly understands what IDS
is and what its different categories are, how it works. A big
emphasis is placed on various open problems for future
research.

2024, Bulletin of Electrical Engineering and Informatics

Distributed denial of service (DDoS) attacks involves disrupting a target
system by flooding it with an immense volume of traffic originating from
numerous sources. These attacks can disrupt online services, causing
financial losses and reputational damage to various organizations. To combat
this threat, the proposed network intrusion detection system (NIDS) utilizes
machine learning (ML) algorithms trained on the KDDCup99 dataset. This
dataset encompasses a diverse array of network traffic patterns, bounded by
both regular traffic and various attack types. By training the NIDS on this
dataset, it becomes capable of accurately identifying DDoS attacks based on
their distinctive patterns. The NIDS model is constructed using ML
approaches like random forest (RF), support vector machines (SVM), and
naive Bayes (NB). The developed NIDS is evaluated using performance
metrics such as accuracy, precision, recall, F1-score, and receiver operating
characteristic (ROC) curve. The proposed method demonstrates the NIDS’s
accuracy of about 93%, precision of 99% and recall of 92% in detecting
DDoS attacks, transforming it into a valuable tool for network security in
comparison with the current methods. The study contributes to the domain of
network security by providing an effective NIDS solution for detecting the
DDoS attacks in the wireless sensor network.

2024, School of Engineer and Computer Science

It has become increasingly difficult to monitor computer networks as they have grown in scale and complexity. This lack of awareness makes responding to, or even recognizing, attacks a challenge. As a result, organizations’ reactions to attacks are delayed, typically leaving them to address the situation long after an incident has taken place. The central idea behind this research is to provide earlier notification of potential network attacks by using deceptive network service information as bait. These "decoy" or "honey-services" will indicate system weak points which do not exist when suspicious network circumstances are detected. That is, although up-to-date versions of the programs will be running on the system at all times, software versions with vulnerabilities will be advertised when a potential attack or reconnaissance effort is detected. Attacks against these services will be unsuccessful because the server running our system is not actually running the vulnerable services. By providing fake vulnerable points, our system is capable of collecting information about attacks earlier in the reconnaissance
phase, potentially catching adversaries in the act without exposing any actual system weaknesses. Our solution effectively transforms any legitimate server into a "honeypot" without the added overhead of setting up and maintaining a set of fake network infrastructure.

2024, International Journal for Scientific Research and Development

Vehicular Ad Hoc Networks are create by apply the standards of mobile ad hoc networks (MANETs) the unconstrained creation of a wireless network for transmit and exchange data to the wireless node(vehicles). it is a main key component of intelligent transportation systems (ITS).Nowadays, Automation on vehicle and Transportation technology is broadly used by every people. But they have more concern about security. So that implementing security Is necessary in VANETs for This project work proposes detection technique for insider attack and mitigation using some hybrid security framework and ID-based and signature based authentication in between Roadside unit (RSUs) and vehicular node. So that it will reduce insider attack by applying this specific method or scheme based approach can be designed to mitigate attack. Also, it can provide attack classication which categorizes security threats to VANETs.Additionally, this work discusses countermeasures on attacks facing and mitigation techn...

2024, Journal of Telecommunication, Electronic and Computer Engineering (JTEC)

2024, Muneer Ahmad Dar

The large volume of critical data exchanged through open networks in a smart city is vulnerable and the privacy of users is at risk. The cryptographic algorithms are applied to such data and the data is exchanged through the networks in encrypted form. The various devices are used in a smart city to exchange such critical information. One of the important devices in such communication is the Smartphone, capable of doing everything that can be done with a traditional computer. As the resource of such hand held devices is limited in terms of storage and processing capabilities, the cryptographic algorithms like RSA, ECC, DES, AES which are very complex and well suited for high speed computers are not feasible for such low power devices. This paper evaluates the time complexity of various cryptographic algorithms on smart phones with limited configuration. The objective of this investigation is to find out how much time these traditional algorithms are taking on low runtime memory and low processor device. The Android virtual device (AVD) is created that abstracts for these low end devices. These algorithms are executed and are compared to find out how they can run without much delay to a common user in a smart city. The comparative analysis of RSA, ECC, DES and AES is performed and the proof of the evaluation is done on Android platform by making use of the Android Studio. The real challenge of this study is the actual implementation in a real smart city environment where millions of users are getting connected and sharing the resources, other important aspect is the data over collection in a smart city with data coming from everywhere. This paper addresses these issues with real time implementation.

2024

Mobile Adhoc networks (MANET) are one category of wireless networks that operates without any centralized infrastructure. Every node in MANET not only acts as a host and also acts as a router to forward the packets from neighbor nodes. Security becomes a major concern in MANET. Intrusion detection system plays a major role to detect intruder in MANET. Here PFRACK approach is proposed to detect intruder in MANET. Here every node maintains PFR table which contains the packet forward ratio of the node. To access the performance, PFRACK is compared with A3ACK method in terms of packet delivery ratio and routing overhead. Results shows that PFRACK provides better packet delivery ratio and routing overhead compared to existing A3ACK method.