Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging
endlessly. So it is critical to protect the networks from attackers and the Intrusion detection
technology becomes popular. Therefore, it is necessary that this security concern must be articulate
right from the beginning of the network design and deployment. The intrusion detection technology is the
process of identifying network activity that can lead to a compromise of security policy. Lot of work has
been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a
novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and
manage misuse and anomaly detects
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Detecting network attacks model based on a convolutional neural network IJECEIAES
Due to the increasing use of networks at present, Internet systems have raised many security problems, and statistics indicate that the rate of attacks or intrusions has increased excessively annually, and in the event of any malicious attack on network vulnerabilities or information systems, it may lead to serious disasters, violating policies on network security, i.e., “confidentiality, integrity, and availability” (CIA). Therefore, many detection systems, such as the intrusion detection system, appeared. In this paper, we built a system that detects network attacks using the latest machine learning algorithms and a convolutional neural network based on a dataset of the CSE-CIC-IDS2018. It is a recent dataset that contains a set of common and recent attacks. The detection rate is 99.7%, distinguishing between aggressive attacks and natural assertiveness.
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging
endlessly. So it is critical to protect the networks from attackers and the Intrusion detection
technology becomes popular. Therefore, it is necessary that this security concern must be articulate
right from the beginning of the network design and deployment. The intrusion detection technology is the
process of identifying network activity that can lead to a compromise of security policy. Lot of work has
been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a
novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and
manage misuse and anomaly detects
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Detecting network attacks model based on a convolutional neural network IJECEIAES
Due to the increasing use of networks at present, Internet systems have raised many security problems, and statistics indicate that the rate of attacks or intrusions has increased excessively annually, and in the event of any malicious attack on network vulnerabilities or information systems, it may lead to serious disasters, violating policies on network security, i.e., “confidentiality, integrity, and availability” (CIA). Therefore, many detection systems, such as the intrusion detection system, appeared. In this paper, we built a system that detects network attacks using the latest machine learning algorithms and a convolutional neural network based on a dataset of the CSE-CIC-IDS2018. It is a recent dataset that contains a set of common and recent attacks. The detection rate is 99.7%, distinguishing between aggressive attacks and natural assertiveness.
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...Editor IJCATR
IEEE 802.16, known as WiMax, is at the top of communication technology because it is gaining a great position in the wireless networks. In this paper, an intrusion detection system for DDOS attacks diagnosis is proposed, inspired by artificial immune system. Since the detection unit on all subscriber stations in the network is WIMAX, proposed system is a fully distributed system. A risk theory is used for antigens detection in attack time. The proposed system decreases the attack effects and increases network performance. Results of simulation show that the proposed system improves negative selection time, detection Precision, and ability to identify new attacks compared to the similar algorithm.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
Hyperparameters optimization XGBoost for network intrusion detection using CS...IAESIJAI
With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learning algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CICIDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Outstanding to the promotion of the Internet and local networks, interruption occasions to computer
systems are emerging. Intrusion detection systems are becoming progressively vital in retaining
appropriate network safety. IDS is a software or hardware device that deals with attacks by gathering
information from a numerous system and network sources, then evaluating signs of security complexities.
Enterprise networked systems are unsurprisingly unprotected to the growing threats posed by hackers as
well as malicious users inside to a network. IDS technology is one of the significant tools used now-a-days,
to counter such threat. In this research we have proposed framework by using advance feature selection
and dimensionality reduction technique we can reduce IDS data then applying Fuzzy ARTMAP classifier
we can find intrusions so that we get accurate results within less time. Feature selection, as an active
research area in decreasing dimensionality, eliminating unrelated data, developing learning correctness,
and improving result unambiguousness.
Machine learning-based intrusion detection system for detecting web attacksIAESIJAI
The increasing use of smart devices results in a huge amount of data, which raises concerns about personal data, including health data and financial data. This data circulates on the network and can encounter network traffic at any time. This traffic can either be normal traffic or an intrusion created by hackers with the aim of injecting abnormal traffic into the network. Firewalls and traditional intrusion detection systems detect attacks based on signature patterns. However, this is not sufficient to detect advanced or unknown attacks. To detect different types of unknown attacks, the use of intelligent techniques is essential. In this paper, we analyse some machine learning techniques proposed in recent years. In this study, several classifications were made to detect anomalous behaviour in network traffic. The models were built and evaluated based on the Canadian Institute for Cybersecurity-intrusion detection systems dataset released in 2017 (CIC-IDS-2017), which includes both current and historical attacks. The experiments were conducted using decision tree, random forest, logistic regression, gaussian naïve bayes, adaptive boosting, and their ensemble approach. The models were evaluated using various evaluation metrics such as accuracy, precision, recall, F1-score, false positive rate, receiver operating characteristic curve, and calibration curve.
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
More Related Content
Similar to Three level intrusion detection system based on conditional generative adversarial network
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...Editor IJCATR
IEEE 802.16, known as WiMax, is at the top of communication technology because it is gaining a great position in the wireless networks. In this paper, an intrusion detection system for DDOS attacks diagnosis is proposed, inspired by artificial immune system. Since the detection unit on all subscriber stations in the network is WIMAX, proposed system is a fully distributed system. A risk theory is used for antigens detection in attack time. The proposed system decreases the attack effects and increases network performance. Results of simulation show that the proposed system improves negative selection time, detection Precision, and ability to identify new attacks compared to the similar algorithm.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
Hyperparameters optimization XGBoost for network intrusion detection using CS...IAESIJAI
With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learning algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CICIDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
Intrusion Detection Systems (IDS) form a key part of system defence, where it identifies abnormal
activities happening in a computer system. In recent years different soft computing based techniques have
been proposed for the development of IDS. On the other hand, intrusion detection is not yet a perfect
technology. This has provided an opportunity for data mining to make quite a lot of important
contributions in the field of intrusion detection. In this paper we have proposed a new hybrid technique
by utilizing data mining techniques such as fuzzy C means clustering, Fuzzy neural network / Neurofuzzy and radial basis function(RBF) SVM for fortification of the intrusion detection system. The
proposed technique has five major steps in which, first step is to perform the relevance analysis, and then
input data is clustered using Fuzzy C-means clustering. After that, neuro-fuzzy is trained, such that each
of the data point is trained with the corresponding neuro-fuzzy classifier associated with the cluster.
Subsequently, a vector for SVM classification is formed and in the last step, classification using RBF-
SVM is performed to detect intrusion has happened or not. Data set used is the KDD cup 1999 dataset
and we have used precision, recall, F-measure and accuracy as the evaluation metrics parameters. Our
technique could achieve better accuracy for all types of intrusions. The results of proposed technique are
compared with the other existing techniques. These comparisons proved the effectiveness of our
technique.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Outstanding to the promotion of the Internet and local networks, interruption occasions to computer
systems are emerging. Intrusion detection systems are becoming progressively vital in retaining
appropriate network safety. IDS is a software or hardware device that deals with attacks by gathering
information from a numerous system and network sources, then evaluating signs of security complexities.
Enterprise networked systems are unsurprisingly unprotected to the growing threats posed by hackers as
well as malicious users inside to a network. IDS technology is one of the significant tools used now-a-days,
to counter such threat. In this research we have proposed framework by using advance feature selection
and dimensionality reduction technique we can reduce IDS data then applying Fuzzy ARTMAP classifier
we can find intrusions so that we get accurate results within less time. Feature selection, as an active
research area in decreasing dimensionality, eliminating unrelated data, developing learning correctness,
and improving result unambiguousness.
Machine learning-based intrusion detection system for detecting web attacksIAESIJAI
The increasing use of smart devices results in a huge amount of data, which raises concerns about personal data, including health data and financial data. This data circulates on the network and can encounter network traffic at any time. This traffic can either be normal traffic or an intrusion created by hackers with the aim of injecting abnormal traffic into the network. Firewalls and traditional intrusion detection systems detect attacks based on signature patterns. However, this is not sufficient to detect advanced or unknown attacks. To detect different types of unknown attacks, the use of intelligent techniques is essential. In this paper, we analyse some machine learning techniques proposed in recent years. In this study, several classifications were made to detect anomalous behaviour in network traffic. The models were built and evaluated based on the Canadian Institute for Cybersecurity-intrusion detection systems dataset released in 2017 (CIC-IDS-2017), which includes both current and historical attacks. The experiments were conducted using decision tree, random forest, logistic regression, gaussian naïve bayes, adaptive boosting, and their ensemble approach. The models were evaluated using various evaluation metrics such as accuracy, precision, recall, F1-score, false positive rate, receiver operating characteristic curve, and calibration curve.
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Similar to Three level intrusion detection system based on conditional generative adversarial network (20)
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
Developing a smart system for infant incubators using the internet of things ...IJECEIAES
This research is developing an incubator system that integrates the internet of things and artificial intelligence to improve care for premature babies. The system workflow starts with sensors that collect data from the incubator. Then, the data is sent in real-time to the internet of things (IoT) broker eclipse mosquito using the message queue telemetry transport (MQTT) protocol version 5.0. After that, the data is stored in a database for analysis using the long short-term memory network (LSTM) method and displayed in a web application using an application programming interface (API) service. Furthermore, the experimental results produce as many as 2,880 rows of data stored in the database. The correlation coefficient between the target attribute and other attributes ranges from 0.23 to 0.48. Next, several experiments were conducted to evaluate the model-predicted value on the test data. The best results are obtained using a two-layer LSTM configuration model, each with 60 neurons and a lookback setting 6. This model produces an R 2 value of 0.934, with a root mean square error (RMSE) value of 0.015 and a mean absolute error (MAE) of 0.008. In addition, the R 2 value was also evaluated for each attribute used as input, with a result of values between 0.590 and 0.845.
A review on internet of things-based stingless bee's honey production with im...IJECEIAES
Honey is produced exclusively by honeybees and stingless bees which both are well adapted to tropical and subtropical regions such as Malaysia. Stingless bees are known for producing small amounts of honey and are known for having a unique flavor profile. Problem identified that many stingless bees collapsed due to weather, temperature and environment. It is critical to understand the relationship between the production of stingless bee honey and environmental conditions to improve honey production. Thus, this paper presents a review on stingless bee's honey production and prediction modeling. About 54 previous research has been analyzed and compared in identifying the research gaps. A framework on modeling the prediction of stingless bee honey is derived. The result presents the comparison and analysis on the internet of things (IoT) monitoring systems, honey production estimation, convolution neural networks (CNNs), and automatic identification methods on bee species. It is identified based on image detection method the top best three efficiency presents CNN is at 98.67%, densely connected convolutional networks with YOLO v3 is 97.7%, and DenseNet201 convolutional networks 99.81%. This study is significant to assist the researcher in developing a model for predicting stingless honey produced by bee's output, which is important for a stable economy and food security.
A trust based secure access control using authentication mechanism for intero...IJECEIAES
The internet of things (IoT) is a revolutionary innovation in many aspects of our society including interactions, financial activity, and global security such as the military and battlefield internet. Due to the limited energy and processing capacity of network devices, security, energy consumption, compatibility, and device heterogeneity are the long-term IoT problems. As a result, energy and security are critical for data transmission across edge and IoT networks. Existing IoT interoperability techniques need more computation time, have unreliable authentication mechanisms that break easily, lose data easily, and have low confidentiality. In this paper, a key agreement protocol-based authentication mechanism for IoT devices is offered as a solution to this issue. This system makes use of information exchange, which must be secured to prevent access by unauthorized users. Using a compact contiki/cooja simulator, the performance and design of the suggested framework are validated. The simulation findings are evaluated based on detection of malicious nodes after 60 minutes of simulation. The suggested trust method, which is based on privacy access control, reduced packet loss ratio to 0.32%, consumed 0.39% power, and had the greatest average residual energy of 0.99 mJoules at 10 nodes.
Fuzzy linear programming with the intuitionistic polygonal fuzzy numbersIJECEIAES
In real world applications, data are subject to ambiguity due to several factors; fuzzy sets and fuzzy numbers propose a great tool to model such ambiguity. In case of hesitation, the complement of a membership value in fuzzy numbers can be different from the non-membership value, in which case we can model using intuitionistic fuzzy numbers as they provide flexibility by defining both a membership and a non-membership functions. In this article, we consider the intuitionistic fuzzy linear programming problem with intuitionistic polygonal fuzzy numbers, which is a generalization of the previous polygonal fuzzy numbers found in the literature. We present a modification of the simplex method that can be used to solve any general intuitionistic fuzzy linear programming problem after approximating the problem by an intuitionistic polygonal fuzzy number with n edges. This method is given in a simple tableau formulation, and then applied on numerical examples for clarity.
The performance of artificial intelligence in prostate magnetic resonance im...IJECEIAES
Prostate cancer is the predominant form of cancer observed in men worldwide. The application of magnetic resonance imaging (MRI) as a guidance tool for conducting biopsies has been established as a reliable and well-established approach in the diagnosis of prostate cancer. The diagnostic performance of MRI-guided prostate cancer diagnosis exhibits significant heterogeneity due to the intricate and multi-step nature of the diagnostic pathway. The development of artificial intelligence (AI) models, specifically through the utilization of machine learning techniques such as deep learning, is assuming an increasingly significant role in the field of radiology. In the realm of prostate MRI, a considerable body of literature has been dedicated to the development of various AI algorithms. These algorithms have been specifically designed for tasks such as prostate segmentation, lesion identification, and classification. The overarching objective of these endeavors is to enhance diagnostic performance and foster greater agreement among different observers within MRI scans for the prostate. This review article aims to provide a concise overview of the application of AI in the field of radiology, with a specific focus on its utilization in prostate MRI.
Seizure stage detection of epileptic seizure using convolutional neural networksIJECEIAES
According to the World Health Organization (WHO), seventy million individuals worldwide suffer from epilepsy, a neurological disorder. While electroencephalography (EEG) is crucial for diagnosing epilepsy and monitoring the brain activity of epilepsy patients, it requires a specialist to examine all EEG recordings to find epileptic behavior. This procedure needs an experienced doctor, and a precise epilepsy diagnosis is crucial for appropriate treatment. To identify epileptic seizures, this study employed a convolutional neural network (CNN) based on raw scalp EEG signals to discriminate between preictal, ictal, postictal, and interictal segments. The possibility of these characteristics is explored by examining how well timedomain signals work in the detection of epileptic signals using intracranial Freiburg Hospital (FH), scalp Children's Hospital Boston-Massachusetts Institute of Technology (CHB-MIT) databases, and Temple University Hospital (TUH) EEG. To test the viability of this approach, two types of experiments were carried out. Firstly, binary class classification (preictal, ictal, postictal each versus interictal) and four-class classification (interictal versus preictal versus ictal versus postictal). The average accuracy for stage detection using CHB-MIT database was 84.4%, while the Freiburg database's time-domain signals had an accuracy of 79.7% and the highest accuracy of 94.02% for classification in the TUH EEG database when comparing interictal stage to preictal stage.
Analysis of driving style using self-organizing maps to analyze driver behaviorIJECEIAES
Modern life is strongly associated with the use of cars, but the increase in acceleration speeds and their maneuverability leads to a dangerous driving style for some drivers. In these conditions, the development of a method that allows you to track the behavior of the driver is relevant. The article provides an overview of existing methods and models for assessing the functioning of motor vehicles and driver behavior. Based on this, a combined algorithm for recognizing driving style is proposed. To do this, a set of input data was formed, including 20 descriptive features: About the environment, the driver's behavior and the characteristics of the functioning of the car, collected using OBD II. The generated data set is sent to the Kohonen network, where clustering is performed according to driving style and degree of danger. Getting the driving characteristics into a particular cluster allows you to switch to the private indicators of an individual driver and considering individual driving characteristics. The application of the method allows you to identify potentially dangerous driving styles that can prevent accidents.
Hyperspectral object classification using hybrid spectral-spatial fusion and ...IJECEIAES
Because of its spectral-spatial and temporal resolution of greater areas, hyperspectral imaging (HSI) has found widespread application in the field of object classification. The HSI is typically used to accurately determine an object's physical characteristics as well as to locate related objects with appropriate spectral fingerprints. As a result, the HSI has been extensively applied to object identification in several fields, including surveillance, agricultural monitoring, environmental research, and precision agriculture. However, because of their enormous size, objects require a lot of time to classify; for this reason, both spectral and spatial feature fusion have been completed. The existing classification strategy leads to increased misclassification, and the feature fusion method is unable to preserve semantic object inherent features; This study addresses the research difficulties by introducing a hybrid spectral-spatial fusion (HSSF) technique to minimize feature size while maintaining object intrinsic qualities; Lastly, a soft-margins kernel is proposed for multi-layer deep support vector machine (MLDSVM) to reduce misclassification. The standard Indian pines dataset is used for the experiment, and the outcome demonstrates that the HSSF-MLDSVM model performs substantially better in terms of accuracy and Kappa coefficient.
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Student information management system project report ii.pdf
Three level intrusion detection system based on conditional generative adversarial network
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 13, No. 2, April 2023, pp. 2240~2258
ISSN: 2088-8708, DOI: 10.11591/ijece.v13i2.pp2240-2258 2240
Journal homepage: http://ijece.iaescore.com
Three level intrusion detection system based on conditional
generative adversarial network
Hasan Abdulameer1
, Inam Musa2
, Noora Salim Al-Sultani3
1
Department of Medical Instrumentation Techniques Engineering, Al-Hussain University College, Karbala, Iraq
2
Department of Electrical Power Techniques Engineering, Al-Hussain University College, Karbala, Iraq
3
Department of Water Resources Management Engineering, College of Engineering, Al-Qasim Green University, Babylon, Iraq
Article Info ABSTRACT
Article history:
Received Mar 23, 2022
Revised Sep 20, 2022
Accepted Oct 15, 2022
Security threat protection is important in the internet of things (IoT)
applications since both the connected device and the captured data can be
hacked or hijacked or both at the same time. To tackle the above-mentioned
problem, we proposed three-level intrusion detection system conditional
generative adversarial network (3LIDS-CGAN) model which includes four
phases such as first-level intrusion detection system (IDS), second-level
IDS, third-level IDS, and attack type classification. In first-level IDS,
features of the incoming packets are extracted by the firewall. Based on the
extracted features the packets are classified into three classes such as normal,
malicious, and suspicious using support vector machine and golden eagle
optimization. Suspicious packets are forwarded to the second-level IDS
which classified the suspicious packets as normal or malicious. Here,
signature-based intrusions are detected using attack history information, and
anomaly-based intrusions are detected using event-based semantic mapping.
In third-level IDS, adversary packets are detected using CGAN which
automatically learns the adversarial environment and detects adversary
packets accurately. Finally, proximal policy optimization is proposed to
detect the attack type. Experiments are conducted using the NS-3.26 network
simulator and performance is evaluated by various performance metrics
which results that the proposed 3LIDS-CGAN model outperforming other
existing works.
Keywords:
Conditional generative
adversarial network
Firewall
Intrusion detection system
Proximal policy optimization
This is an open access article under the CC BY-SA license.
Corresponding Author:
Hasan Abdulameer
Department of Medical Instrumentation Techniques Engineering, Al-Hussain University College
Karbala, Iraq
Email: hasanabdulameer@huciraq.edu.iq
1. INTRODUCTION
In internet of things (IoT) environment, an enormous amount of data containing various types of
information (sensitive and non-sensitive) are collected from the devices and transmitted through internet [1]
There are many chances of compromising the information during data transmission by attackers due to lack
in security and data encryption. Intrusion detection is one of the main techniques implemented to detect
attacks. In recent days all devices are converted into smart devices, which means transferring data over a
network without requiring human-to-human or human-to-computer interaction. Instead, all things are
connected to the internet and performed the task via the Internet. Therefore, many transactions are performed
at a particular time because of huge environment which increases network traffic [2]. At the same time,
attackers are also present in the network traffic to hack the data. Hence intrusion detection system (IDS) is
important in IoT environment [3]. The intrusion detection system is a system that monitors network traffic is
normal or malicious. In IDS, both detections detect and analyze all the inbound and outbound network traffic
2. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2241
and prevention by proactively inspecting a system’s incoming traffic to weed out malicious requests [4].
However, some researchers are only focused on detection, not on prevention, which leads to unable to
prevent attacks that use a preexisting database for signature recognition based on traffic and behavioral
anomalies [5]. An ID has two types such as signature-based intrusion detection (SIDS) and anomaly-based
intrusion detection (AIDS). SIDS is used to detect known attacks such as structured query language (SQL),
which can easily detect because these patterns already exist in system whereas AIDS is used to detect
unknown attacks and these attacks are difficult to detect [6], [7].
Firewalls protect against outside cyber attackers by shielding your computer or network from
malicious software or unnecessary network traffic. However, the firewall is an important component in IDS
which is used to filter the network packets in an earlier stage. It classifies the network packets into normal or
malicious [8]. It can be configured to allow necessary and relevant data through the network or computers
and block malicious packets in an earlier stage. Moreover, this process helps to reduce the complexity and
also increase the detection rate [9]. IDS has adversarial intrusion; detection of adversarial intrusions is
difficult because they look like normal packets [10]. Adversarial learning is used for detecting these types of
intrusions which learning adversarial environments and detecting adversarial intrusions in an accurate
manner [11]. Several types of attacks are present in network traffic such as: i) distributed denial of service
(DDoS), ii) phishing, iii) SQL injection, iv) man in the middle, and v) false data injection
These attacks are mitigated by using IDS and giving an alarm to every node present in a network
which helps to prevent other nodes from intrusions [12]. The concept of human immunity against
pathological diseases was leveraged to design a two-layer IDS in which the B-cells and T-cells were
considered [13]. The detection accuracy of several deep neural networks (DNN) was compared to find that
the neural network structure had better accuracy in detecting anomalies [14]. The reinforcement learning-
based IDS provided resistance to many newly generated malware in the network thereby ensuring the
security of resource constraint IoT environment [15], [16]. The complexity of the IDS is considerably
reduced by performing filtering of packets and reducing of dimensionality of huge data [17].
Several rule-based anomaly detection techniques were implemented for precise detection of
anomalies in the network, but these approaches classified only known attacks [18], [19]. The evaluation of
several machine learning and deep learning algorithms against conventional intrusion detection algorithms
was carried out to conclude the efficacy of those algorithms but those algorithms were effective only for
particular types of attacks [20]–[25]. The execution of hybrid-based IDS was found to be more efficient in
detecting the anomalies in the network [26].
In our paper, we propose hybrid intrusion detection of both signatures-based and anomaly-based
attacks in IoT environments. The major problem statements encountered in detection of intrusion based on
hybrid methods are described in this section. The existing hybrid intrusion detection models used support
vector machine based (SVM) packet classification for accurate detection of malicious packets. The
combination of C5 decision tree classifier and one class SVM was used for detection of both signatures-based
and anomaly-based intrusions [27]. In [28] preprocessing is performed by implementing normalization of the
data. Further, K means clustering algorithm is used to cluster the network traffic in terms of normal, denial of
service (DoS), and Probe data, and SVM is utilized to classify the attacks in terms of normal, Dos, or Probe.
Here, anomalies are detected by using hybridization of machine learning algorithms (C5 decision tree, one-
class SVM) to give better results but SVM takes much time to select kernel which increases latency. K means
clustering algorithm is used for clustering the network traffic, but it was not suitable for global optimal
solution. The number of clusters should be defined initially which is not appropriate thereby reducing the
performance of the process. In order to overcome these problems our proposed system uses SVM with
golden eagle optimization which is used to select an optimal kernel.
This paper is further organized into several sections which are as follows: section 2 discusses the
current research works on IDS in IoT. This section describes limitations of each work. Section 3 provides the
most significant problems briefly faced by the hybrid IDS. Section 4 describes the methodology of the
proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN)
model with the implementation of 3LIDS-CGAN model with the simulation setup. In this section, the
validation of proposed work is carried out in terms of several performance metrics. Section 5 concludes the
3LIDS-CGAN model with future work in an elaborative manner.
2. RELATED WORKS
This section describes the literature on the previous state-of-the-art methods related to the proposed
3LIDS-CGAN model. Intrusion detection with hybrid sampling using deep hierarchical network was
proposed in [29]. The main objective of the proposed system is to imbalance the network traffic data. The
proposed system used hybrid method which includes one side selection (OSS) method that removes the noise
for reducing the majority samples and SMOTE algorithm is used to increase the minority samples. Data
3. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2242
preprocessing is done by using deep hierarchical network. Classification is done by using hierarchical
network which includes convolution neural network (CNN) and Belts. The performance of the proposed
system is evaluated by using NSL-KDD and UNSW-NB15 datasets.
A lightweight intrusion detection system for IoT environment was proposed in [30]. The proposed
system has two sections a training section and evaluation section. The features are extracted from the
network traffic. After feature extraction, classification is done by using SVM classifier which classifies the
traffic into normal or intrusion. Hybrid neural network-based anomaly detection was proposed in [31]. The
proposed system has five phases, first phase is flow mapping and processing which is used to detect whether
the flow-id timeout or not. Second phase is sequence packet features (SPF) of single processing which
extracts the features from the network flow. Third phase is used to extract the general statistical features
(GSF) of single flow processing. Fourth phase is performed to extract the environmental features of the flow
processing which extracts the features from the active flows in the flow sliding window.
An ensemble-based intrusion detection system for IoT environment was proposed in [32]. The
proposed system performs hybrid intrusion detection which includes both signatures-based and anomaly-
based intrusion detection with the help of C5 and one-class SVM. The proposed system aims to detect both
well-known and zero-day attacks.
A hybrid intrusion detection using principal component analysis-grey wolf optimization (PCA-
GWO) and DNN which is suitable for IoT environments was proposed in [33]. The proposed system
performs preprocessing by using one-hot encoding which converts all values into numerical. After that,
normalization is proposed for converting the data within the range of zero to one. PCA and GWO algorithms
are used to reduce the dimensionality of the dataset.
Atefi et al. [34] proposed an ensemble-based modified adaptive boosting algorithm to detect network
intrusions that have two types such as M-Adaboost-A-SMV and M-Adaboost-A-PSO. This proposed work
aimed to solve the imbalance in the network intrusions detection which covers the area of boosting process.
Wireless intrusion detection by using improved convolution neural network (ICNN) was proposed in
[35]. The proposed system has three processes such as preprocessing and normalization, ICNN training, and
classification. Preprocessing is used to convert the data into numerical value and the processed numerical
value is mapped to the feature range which is known as normalization that has a standard value.
Intrusion detection by using improved genetic algorithm (GA) and deep belief network for IoT
environment was proposed in [36]. GA is used to detect optimal solutions and DBN is used to classify the
network attacks. An optimization-based hybrid IDS was proposed by Rose et al. [37]. The binary grey wolf
optimization algorithm (BGWO) was combined with statistical algorithms like naïve Bayes (NB) to perform
optimal detection of intrusions in the IoT network.
A novel intrusion detection technique implementing both multi-objective genetic algorithm (NSGA-
II) and artificial neural network (ANN) along with decision tree-based random forest classifier for effective
detection of anomalies in the network was proposed in [38]. The activity of the log data is mapped using the
algorithm as heuristic miner in [39]. Initially, data collection was performed by extracting the data from the
corresponding event log. Secondly, checking process is performed to obtain the matrix casual data’s fitness
value by heuristic miners. This process is followed by enhancement phase to obtain the placement model.
Kumar and Harikiran [40] proposed an approach to preserve the privacy of the activities by
recognizing the actions using a prediction algorithm that comes under deep neural network. This algorithm
anonymized the content of video to protect the privacy from various adversaries. Finally, the recognition
framework is used to recognize the privacy-preserved actions.
Kim et al. [41] performed anomaly detection for the vibration data city train using generative
adversarial network. For vibration data analysis, spectral density evaluation was carried out. Train the
vibration data using long short-term memory algorithm.
3. 3LIDS-CGAN MODEL
Our proposed system focuses to detect both signature and anomaly-based intrusions in an IoT
environment. It has four consecutive phases such as: i) first level IDS, ii) second level IDS, iii) third level
IDS, and iv) attack type classification. The real-time packets entering the IDS model contain several existing
and new attacks which are identified with improved accuracy. The first phase classifies incoming packets
into three classes namely normal, suspicious, and malicious from which the malicious packets are dropped
and suspicious packets are sent to the second phase in which the signature-based and anomaly-based IDS
takes place which results in classification of those packets into normal and malicious from which the
malicious packets are dropped. The normal packets from first and second phases are processed in the third
phase to detect the adversaries to improve the security of the IoT environment.
4. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2243
3.1. First level IDS
In first level IDS, first process is packet flow-based feature extraction. The packet features are
extracted by using firewall which filters the incoming packets with the features of packet interval time,
packet size, packet type, payload length, and timestamp. The extracted features are classified by using SVM
and golden eagle optimization which is used to select the kernel function of the SVM like linear, polynomial,
radial basis function (RBF), and sigmoid which has four parameters such as cost, gamma, coefficient, and
degree. Intrusions are detected based on the extracted features from the firewall. The SVM is already with the
normal patterns. Every new packet is matched to the normal patterns if it varies from the threshold then it is
marked as intrusion or attack. In this research, we used multiclass SVM for classification. In SVM
hyperplane is used to classify the features into three classes, that hyperplane needs to follow the rule in (1),
𝐹(𝑦) = (𝑣, 𝑦) + 𝑎 (1)
where v represents the normal vector and a represent the bias value and y represents the test sample. In SVM
the intrusion detection is performed by selecting optimal kernel for that we proposed golden eagle
optimization which selects the optimal kernel from the four kernels (linear, RBF, sigmoid, and polynomial)
of SVM. The classification function of SVM is defined as (2).
𝐹(𝑦) = {
−1, 𝑖𝑓 𝑦 ∈ 𝑚𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠
0, 𝑖𝑓 𝑦 ∈ 𝑠𝑢𝑠𝑝𝑖𝑐𝑖𝑜𝑢𝑠
1, 𝑖𝑓 𝑦 ∈ 𝑛𝑜𝑟𝑚𝑎𝑙
(2)
In next stage of SVM, assume y2,y2…yn be a training sample. And then, separate the data from the
origin for that we need to solve the quadratic programming problems.
𝑀𝑖𝑛
1
2
||𝑊||2
+
1
𝑣𝑛
∑ 𝐸𝑖 − 𝑃
𝑛
𝑖=1 (3)
𝑊 × 𝜑(𝑦𝑖)) ≥ 𝜎 − 𝐸𝑖𝑖 = 1,2, … . , 𝑛 𝐸𝑖 ≥ 0 (4)
If W and σ solve the quadratic programming problem, then the decision function will be normal for
maximum instances in the training set.
𝐹(𝑦) = 𝑆𝑖𝑔𝑛 ((𝑊 × 𝜑(𝑦𝑖)) − 𝜎) (5)
This research used RBF kernel function which is selected by golden eagle optimization which
optimizes the parameters of c and γ. Every kernel has specific parameters that can be enhanced to get the best
performance result which is illustrated in Table 1. SVM identifies the behavior of the normal packets using
extracted features. It proposed that SVM classifies the current packets into normal, malicious, or suspicious.
Table 1. Types of kernel functions and their parameters
Function of Kernel Equation Parameter
RBF 𝑘(𝑦𝑛, 𝑦𝑖) = exp(−𝛾||𝑦𝑛 − 𝑦𝑖||2
+c) 𝑐 𝑎𝑛𝑑 𝛾
Linear 𝑘(𝑦𝑛, 𝑦𝑖) = (𝑦𝑛, 𝑦𝑖) 𝑐 𝑎𝑛𝑑 𝛾
Polynomial 𝑘(𝑦𝑛, 𝑦𝑖) = (𝛾( 𝑚 (𝑦𝑛,𝑦𝑖) + 𝑠)𝑏
𝑐, 𝛾, 𝑠 𝑎𝑛𝑑 𝑏
Sigmoid 𝑘(𝑦𝑛,𝑦𝑖) = tanh(𝛾((𝑦𝑛, 𝑦𝑖) + 𝑠) 𝑐, 𝛾𝑎𝑛𝑑 𝑠
Where c represents cost and 𝛾 denotes gamma and s represents coefficient and b represents degree. For
getting the optimal value from the kernel, the search method is performed using the parameters
𝑐, 𝛾, 𝑠 and 𝑏.
The first process of golden eagle optimization is defined as follows. The attack is modeled through a
vector beginning from the current position of the golden eagle; the attack vector is calculated as (6):
𝑎𝑖
⃗⃗⃗ = 𝑦𝑓
∗
− 𝑦𝑖 (6)
where, 𝑎𝑖
⃗⃗⃗ is represent the eagle 𝑖 attack vector and 𝑦𝑓
∗
represent the best location visited by eagle𝑓, and 𝑦𝑖
represent the current location of the eagle 𝑖. Next process is to calculate the cruise vector concerning attack
vector. Cruise vector is a tangent vector to the circular and that is positioned perpendicular to the attack
vector. The tangent hyperplane is calculated as (7),
5. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2244
𝐻1𝑦1 + ⋯ 𝐻𝑛𝑦𝑛 = 𝐷 → ∑ 𝐻𝑗𝑦𝑗 = 𝐷
𝑛
𝑗=1 (7)
where ℎ
⃗ = [𝐻1, … 𝐻𝑛] represent the normal vector and 𝑌 = [𝑦1, … 𝑦𝑛] represent the variable vector,
𝐷 = ℎ
⃗ . 𝑆. 𝑆 represent the arbitrary point. Therefore, the hyperplane is represented as (8),
∑ 𝐴𝑗𝑦𝑗 = ∑ 𝐴𝑗
𝑡
𝑦𝑗
∗
𝑛
𝑗=1
𝑛
𝑗=1 (8)
where 𝑎𝑖
⃗⃗⃗ = [𝐴1, … . . , 𝐴𝑛] represent the attack vector and 𝑌∗
= [𝑦1
∗
, … , 𝑦𝑛
∗ ] is represent the location. The new
position of the eagle is defined as (9),
∆𝑦𝑖 = 𝑅
⃗1𝑃𝐴
𝑎
⃗ 𝑖
||𝑎
⃗ 𝑖||
+ 𝑅
⃗ 2𝑃𝑏
𝐵
⃗ 𝑖
||𝐵
⃗ 𝑖||
(9)
where, 𝑃𝐴
𝑡
is represent the attack coefficient at iteration t and 𝑃𝑏 represent the cruise coefficient and 𝑅
⃗1 and
𝑅
⃗ 2 represent the random vectors between the interval of [0,1]. And‖𝐴𝑖‖ and ‖𝑏
⃗𝑖‖ represent Euclidean norm
of attack that is defined as (10).
‖𝐴𝑖‖ = √∑ 𝐴𝑗
2
𝑛
𝑗=1 and ‖𝑏
⃗𝑖‖ = √∑ 𝑏𝑗
2
𝑛
𝑗=1 (10)
The position of the eagle is calculated as (11).
𝑦𝑡+1
= 𝑦𝑡
+ ∆𝑦𝑖
𝑡
(11)
The fitness of new position of eagle 𝑖 is better than the current position; hence the new position is updated.
In this algorithm, 𝑃𝐴, 𝑃𝑏 is used to shift from exploration to exploitation. Initially, this algorithm
starts with minimum 𝑃𝐴 and maximum 𝑃𝑏. Starting and finishing parameters are determined by the user and
intermediate values are calculated using the linear function, which is defined as (12),
{
𝑃𝐴 = 𝑃𝐴
0
+
𝑡
𝑇
|𝑃𝐴
𝑇
− 𝑃𝐴
0
|
𝑃𝑏 = 𝑃𝑏
0
+
𝑡
𝑇
|𝑃𝑏
𝑇
− 𝑃𝑏
0
|
(12)
where t represents the current iteration and T represents maximum iteration and 𝑃𝑏
0
and 𝑃𝑏
𝑇
represent the
initial and final values of attack (𝑃𝑏) and 𝑃𝐴
0
and 𝑃𝐴
𝑇
represent the initial and final values of attack (𝑃𝐴).
Finally, the best kernel function is selected using this algorithm. In our work, RBF is selected as the best
kernel for classification. Our proposed system performs accurate classification which improves the accuracy
of the process. The firewall ignores the malicious packets and forwards suspicious packets into next-level
IDS. The pseudo-code for first-level IDS is provided below in which the selection of kernel is described
above in an elaborative manner.
Pseudocode for support vector machine (SVM) with golden eagle optimization
INPUT: Extracted features 𝐹 = {𝑓1, 𝑓2 …. . 𝑓𝑛}, kernel parameters 𝑐, 𝑠, 𝑏, 𝛾
OUTPUT: Kernel selection
Begin
Initialize 𝑃𝐴 𝑎𝑛𝑑 𝑃𝑏
Initialize 𝑐, 𝑠, 𝑏 𝑎𝑛𝑑 𝛾
Form SVM by training dataset and initialized position of each attack
Evaluate the fitness function
for each iteration t do
Update 𝑃𝐴 𝑎𝑛𝑑 𝑃𝑏 using (12)
for each eagle 𝑖 do
Select random prey from the memory of populations
Compute attack vector 𝑎𝑖
⃗⃗⃗ using (6)
𝑖𝑓 (𝑎𝑖
⃗⃗⃗ ≠ 0) 𝑡ℎ𝑒𝑛
Compute cruise vector using (7) and (8)
Compute step vector using (9) and (10)
Position is updated using (11)
Calculate fitness value for new position
if new position is better than current position then
replace new position as the best position (fitness)
6. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2245
end if
end if
end for
//(after select optimal kernel)
Compute classification for every 𝑓𝑖 using kernel
end
3.2. Second level IDS
The suspicious packets are entered into the second level of IDS. In this stage, suspicious packets are
classified as normal or malicious. Generally, two types of IDS are presented in network traffic such as
signature-based intrusion and anomaly-based intrusion. Signature-based intrusions are detected by using the
history of the attacks which are trained and stored in a database. Anomaly-based intrusions are detected by using
the event-based semantic mapping which means that the intrusions are mapped with respect to the time series.
This map is constructed by using naive Bayes algorithm and this map has event-based intrusions.
The probability of packets having the most likely features is formulated as (13),
𝑎
̂ = arg max
𝑎
𝑃(𝑎|𝑏) (13)
where, 𝑃(𝑎|𝑏) can be expressed as (14),
𝑃(𝑎|𝑏) =
𝑃(𝑏|𝑎)𝑃(𝑎)
𝑃(𝑏)
∝ 𝑃(𝑏|𝑎)𝑃(𝑎) (14)
where, the likelihood of packet b of class a, can be represented as 𝑃(𝑏|𝑎). The likelihood is calculated based
on the similarity of features possessed by the packets. The packet features are classified into two types
namely spatial and temporal features. The spatial features include information all about the source and
destination and the temporal features comprise time-related features which affect the network. From this, the
(13) can be formulated as (15).
𝑎
̂ = arg max
𝑎
𝑃(𝑏𝑠𝑏𝑡|𝑎) 𝑃(𝑎) (15)
The independency of two types of features can be represented as,
𝑃(𝑏𝑠𝑏𝑡|𝑎) = 𝑃(𝑏𝑠|𝑎)𝑃(𝑏𝑡|𝑎) (16)
Initially, the semantic features of normal packets are considered. The semantic score of the normal
packets is formulated and the mapping of incoming suspicious packets is taken place. Here the packets
having highest matching with the normal packets are considered normal and those packets which are lowest
matching are termed anomalies as shown in Figure 1. By doing so, the IDS can detect even new anomalies
generated in the network. The score calculation is computed by cumulating the individual score of spatial
features, temporal features, and labels. The classification of packets based on score can be formulated as (17),
𝑎
̂ = arg max
𝑎
𝑃(𝑏𝑠|𝑎)𝛽
𝑃(𝑎) ∏ 𝑃(𝑓|𝑎)𝑛(𝑓,𝑏)
𝑓∈𝑏 (17)
where 𝛽 denotes the scaling factor, 𝑓 denotes the packet features and 𝑛(𝑓, 𝑏) represents the frequency of
packet features.
3.3. Third-level IDS
This level performs to detect an adversary packet which is also under anomaly detection but
adversary packets look like normal packets. Detection of adversary packets is a challenging task in network
intrusion detection. In our proposed system we used conditional generative adversarial network (CGAN)
which detects adversary packets because it automatically learns the adversarial environment and detects the
adversarial packets well. The pseudo-code for CGAN-based adversarial sample detection is presented above
in which the detection of new adversaries is performed to ensure the overall security of IoT environment.
Figure 2. Illustrates the CGAN based adversary detection. This process improves the attack detection rate and
accuracy. A traditional GANT consists of two kinds of modules as generator and discriminator. Both types of
modules use neural network models. Especially, generator module used neural network module, and
discriminator used convolutional neural network module. For adversarial intrusion detection task, anomaly
score is computed to quantify the incoming attack patterns and CGAN is used to judge how the samples are
not similar to the trained set and it computes the great difference between the testing samples and learned
patterns of normal packets. Here, adversary score is computed as (18) and (19).
7. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2246
𝐴𝑆 = (1 − ∑ 𝜆𝑖
𝑛
𝑖=1 )𝔑𝑙 + ∑ 𝜆𝑖𝑙𝐷𝑖
𝑛
𝑖=1 (18)
𝔑𝑙 = |𝑥 − 𝐺(𝑧)| (19)
Spatial features
Temporal
features
Label
Spatial features
Temporal
features
Label
Dataset
Trained class
Incoming class
Real time packet flow
Normal
Malicious
Packet
classification
Figure 1. Event-based semantic mapping
Figure 2. CGAN for adversarial samples detection
Pseudocode for conditional generative adversarial network (CGAN)
INPUT: Anomaly packets and patterns
OUTPUT: Adversary/Normal
1. Begin
2. Initialize attack patterns
3. For packet 1….n
4. Learning rate is initialized for Generator (G) and Discriminator (D)
5. Adjust the parameters
6. Weight value is set for both generators (WG) and discriminator (WD)
7. While (not satisfied) do
8. Update G
9. Collect new attack patterns
10. Predict ASi for all packets
11. Collect updated WG
12. Update the module D
13. end while
14. end for
15. end
8. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2247
3.4. Attack type classification
After completing three-level IDS we know that the suspicious packets are normal or malicious. And
next classification is performed by using proximal policy optimization (PPO) algorithm which is under
reinforcement learning as illustrated in Figure 3 which learned the type of attacks from the training dataset by
correlating the abnormal events, hence it provides accurate classification. This stage classifies what type of
attack is occurring in our network (ex. DDoS, man in the middle, phishing, SQL injection, and false data
injection). PPO is a deep reinforcement learning algorithm that follows actor and critic architecture. PPO
balances between implementation ease, tuning ease, and sample complexity and tries to compute the updates
for each step and minimizes the cost function which ensures the deviation from the previous policies are
relatively lower. A stochastic policy is defined as 𝜋𝜃 (𝛼𝑡|𝛿𝑡) that maps states with Gaussian distribution on
the set of actions. A critic value function is 𝑉
𝑤(𝛿𝑡) that result from the average reward in state 𝛿𝑡. In order to
update the actor’s parameters, a clipped surrogate objective is applied. Further, loss function is used to clip
the surrogate objective in which the 𝑟𝑡(𝜃) denotes the probability ratio which is computed as (20),
𝑟𝑡(𝜃) =
𝜋𝜃(𝛼𝑡|𝛿𝑡)
𝜋𝜃𝑜𝑙𝑑
(𝛼𝑡|𝛿𝑡)
(20)
where 𝜃𝑜𝑙𝑑 is the actor’s parameter vector before the update. A new varied objective function is defined as
(21),
𝐿𝐶𝐿𝐼𝑃(𝜃) = 𝐸
̂𝑡[𝑚𝑖𝑛(𝑟𝑡(𝜃)𝐴
̂𝑡, 𝑐𝑙𝑖𝑝(𝑟𝑡(𝜃), 1 − 𝜀, 1 + 𝜀)𝐴
̂𝑡)] (21)
where 𝜃 is the policy parameter, 𝐸
̂𝑡 is the empirical expectation over the time steps, 𝑟𝑡 represents the ratio of
the probability from the old and new policies, respectively, 𝐴
̂𝑡 represents the estimated advantage at time t. 𝜀
represents the hyper parameter, which is usually between 0.1 and 0.2. In PPO, attacks are classified into
specific types based on the attack patterns. From the source, packet and flow information is acquired. Table 2
illustrates the attack patterns and the corresponding classes. Pseudocode for PPO can be followed in which
the attack types are classified based on the observed patterns of the attacks. The PPO learns the environment
and estimates the attack type utilizing respective policies. By learning attack patterns from the source packet
to the destination, PPO computes the corresponding actions from the policy attributes, and loss is computed
to update the training set.
PPO Algorithm
DNN Policy
Network Environment
Agent
Environment
Evaluating Past
Attacks
Receiving IDS Alerts
Action
Reward
State
Figure 3. PPO algorithm for attack type classification
Procedure for proximal policy optimization (PPO)
1. Begin
// Attacks types detection
2. Initialize all attack patterns
3. For 𝑒 ∈ 𝑒𝑝𝑖𝑠𝑜𝑑𝑒𝑠 do
4. For 𝑎 ∈ 𝑎𝑐𝑡𝑜𝑟𝑠 do
5. Run policy 𝜋𝜃𝑜𝑙𝑑
in environment for 𝑇 time steps
6. Compute the advantage estimations 𝐴
̂1 … 𝐴
̂𝑇
9. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2248
7. Predict attack type by policies
8. End For
9. Optimizes actor’s loss function i.e., 𝐿𝐶𝐿𝐼𝑃(𝜃) by. (21)
10. 𝜃𝑜𝑙𝑑 ← 𝜃
11. End for
Table 2. Attack type classification
No. Attack Patterns Type of Attack
1 Duration of connection
Source bytes
Number of files creations
Number of files accessed
Probe Attack
2 Percentage of connections
Source bytes
Percentage of packets with errors
DoS Attacks
3 Service requested
Host level features
Number of failed login attempts
R2L Attacks
4 Number of file creations
Number of shell prompts invoked
U2R Attacks
4. RESULTS AND DISCUSSION
In this section, we describe the experimental analysis of the proposed 3LIDS-CGAN model in IoT
environment to validate the performance. This section includes three sub-sections such as simulation setup,
comparative analysis, and research summary. The result section shows that the proposed 3LIDS-CGAN
model achieves superior performance compared to the previous models. In the following, a detailed design of
the experimental study is presented.
4.1. Simulation setup
This section explains the simulation setup of the proposed 3LIDS-CGAN model which is
experimented with and evaluated using NS-3.26 network simulator. This simulation tool consists of the
specifications which are correlated to the proposed 3LIDS-CGAN model. The simulation of the proposed
3LIDS-CGAN method is performed with 800×1000 m simulation area. Tables 3 and 4 illustrate the system
configuration and the network configuration respectively.
Table 3. System configuration
Software Specifications Hardware specifications
Operating system Ubuntu 14.04 LTS Hard Disk 60 GB
Network Simulator NS3.26 RAM 2 GB
Processor Pentium Dual Core and above
Table 4. Simulation parameters
Parameter Value Parameter Value
Network Parameters Mobility Parameters
No. of IoT users 100 Mobility of node 10 m/s
No. of firewall 1 Range of transmission 150 m
No. of gateway 1 Type of mobility model Random waypoint
No. of cloud server 1 Network Traffic Parameters
Simulation Area 800 ×1000 m Type of queue FIFO
No. of malicious nodes 1-5 nodes No. of traffic flows 2-5
Initial Energy 100 J Type of traffic CBR, TCP, UDP
Simulation time 300s Bandwidth of channel 100 MHz
Modules Wi-Fi, Internet, Ipv4 Security Parameters
Packet Transmission parameters Attack frequency 10-20 packets per sec
Type of protocol UDP Probability ratio of attacks 1:10
Data rate of packets 100 Mbps No. of attacks ~4
Interval of packets 1s Interval of attacks 3-5 Sec
No. of packets 1000 Detected attacks Probe attack, DoS attack,
DDoS attack, SQL injection
attack, R2L attack, and
U2R attack
No. of retransmission 7
Size of packets 64, 128, 256,
512, 1024 bytes
10. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2249
The NSL-KDD dataset is an extended version of KDDCUP00 and the network-based intrusions are
categorized into the following four classes which are presented in Table 5.
− Probe: if an attacker wants to use the gain information of the target network via device/system/host
scanning activities.
− DoS: if an attacker interrupts the connection of authorized hosts that access to a given node is allowed
− U2R: if any attackers attempt for an escalating the limited user’s privilege to the super user or the root
access. For instance, malware infection or credentials stolen
− R2L: if an attacker wants to remote access the victim machine that imitates the previous legitimate hosts.
Table 5. Attacks in NSL-KDD dataset
Attack Main Type Subclass (Attack) in Trained Set New Sub Classes (Attacks) in Tested Set
DoS Back, Land, Smurf, Pod, Neptune, TearDrop Apache 2, Processtable, Mailbomb
Probe Imap, Multihop, Phf, Spy, Warezclient, Warezmater,
Ftp write, Guess Passwd
Mscan, Saint
U2R Buffer Overflow, Perl, Load Module, Rootkit Httptunnel, Ps, Sqlattack, Xterm
R2L Ipsweep, NMAP, Portsweep, Satan Sendmail, Named, Snmpgetattack, Snm guess,
Xlock, Xsnoop, and Worm
4.2. Comparative study
In this section, we explain the comparison between the proposed 3LIDS-CGAN model and existing
methods such as hybrid intrusion detection system (HIDS) [35] and scalable and hybrid intrusion detection
system (SHIDS )-long short-term memory (LSTM) [36]. This work aims to detect IDS in IoT environment.
The proposed work is compared to the existing works and proved that the proposed 3LIDS-CGAN model
achieves better performance in terms of attack detection rate, false-positive rate, true positive rate, F-score,
accuracy, energy consumption, precision, recall, roc curve.
4.2.1. Impact of attack detection rate (ADR)
This metric is used to calculate the number of attacks detected in a given amount of time, which is
calculated with respect to true positive values, which are calculated as (22),
𝐴𝐷𝑅 =
𝜏
շ
× 100% (22)
where ADR represents attack detection rate and τ represents number of detected attacks and 2 represents
total number of attacks.
Figure 4 represents the comparison of attack detection rate for both existing HIDS and SHIDS-
LSTM and proposed 3LIDS-CGAN model with respect to number of malicious nodes. The figure clears that
the proposed 3LIDS-CGAN model achieves high detection rate compared to existing works. A network with
high attack detection rate increases the security against various types of threats. The attack detection rate
decreases with increasing the number of malicious nodes which is otherwise known as the attack detection
rate are inversely proportional to the number of malicious nodes. In the proposed 3LIDS-CGAN model, we
detect the attacks by performing three-level IDS and classification, hence we achieve high attack detection
rate. The previous works perform only anomaly-based intrusion detection or signature-based intrusion
detection that does not provide accurate results in attack detection. Some of the works are concentrated on
both signature and anomaly-based intrusion detection [35], [36] which performs well, however, it does not
detect adversarial packets that are also one of the intrusions that looks like a normal packet. Detecting
adversary packets is a challenging task in that if it does not detect may lead to destroying our data or network.
Figure 4. Attack detection rate vs. # of malicious nodes
90
92
94
96
98
100
Attack
Detection
Rate
(%)
# of malicious nodes
3LIDS-CGAN
HIDS
SHIDS-LSTM
2 4 6 8 10
11. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2250
In order to overcome the aforementioned issues, we detect the adversary packets with the help of
CGAN in the proposed 3LIDS-CGAN model that increases attack detection rate compared to the existing
works. We achieve high attack detection rate due to detecting adversarial packets in the network. The
proposed 3LIDS-CGAN model achieves 98.9% of attack detection rate for the 10 malicious nodes which are
8% higher than SHIDS-LSTM and 6% higher than HIDS models for the same number of malicious nodes.
Table 6 illustrates the numerical analysis of attack detection rate. That compares the number of malicious
packets and corresponding attack detection rate for both proposed (3LIDS-CGAN) and existing models
(HIDS, SHIDS-LSTM).
Table 6. Attack detection rate (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 99.8 ± 0.12 95.8 ± 0.34 93.17 ± 0.52
4 99.5 ± 0.16 94.3 ± 0.36 92.3 ± 0.51
6 99.4 ± 0.14 93.6 ± 0.35 91.5 ± 0.57
8 99.2 ± 0.17 92.9 ± 0.39 91 ± 0.53
10 98.9 ± 0.19 92.1 ± 0.37 90.4 ± 0.55
4.2.2. Impact of false positive rate (FPR)
This metric is used to detect wrongly classified packets in the environment, which is calculated as (23),
𝐹𝑃𝑅 =
ή
ὰ
× 100% (23)
where FPR represents the false positive rate and ή represents the number of misclassified packets and ὰ
represents the total amount of packets. The main aim of false-positive rate is to reduce misclassification.
Figure 5 represents the comparison of false-positive rate with respect to number of malicious nodes
between the proposed 3LIDS-CGAN model and other existing approaches. A network with low false-positive
rate increases the security in terms of detecting the attacks accurately. In the proposed 3LIDS-CGAN model,
intrusions are detected in three stages. In first stage, the malicious packets are dropped, and suspicious packets
are sent to the next level for detection of intrusions. In second level, the suspicious packets are classified as
normal or malicious. Third-level IDS detects adversary packets. After completing the three levels we detect
intrusion accurately, hence it reduces false positive rate and misclassification. In [36], the intrusions are detected
at one stage thus increasing misclassification and they are not focused to detect adversary packet that increases
misclassification and false-positive rate. The comparison results show that the proposed 3LIDS-CGAN model
achieves less false positive rate compared to existing works. The false-positive rate is increased exponentially
with the increased number of malicious nodes. The proposed 3LIDS-CGAN model achieves 0.2 false-positive
rates for 10 malicious nodes which are 0.4 less than SHIDS-LSTM and 0.2 less than HIDS for the same number
of malicious nodes. Table 7 shows the numerical analysis of false positive rate and that shows the average value
of the false positive rate with respect to number of malicious nodes.
Figure 5. False-positive rate vs. # of malicious nodes
Table 7. False-positive rate (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 0.1 ± 0.014 0.2 ± 0.026 0.3 ± 0.052
4 0.1 ± 0.017 0.2 ± 0.032 0.4 ± 0.057
6 0.2 ± 0.013 0.3 ± 0.035 0.5 ± 0.051
8 0.2 ± 0.018 0.3 ± 0.033 0.6 ± 0.056
10 0.2 ± 0.011 0.4 ± 0.037 0.6 ± 0.055
0
0.1
0.2
0.3
0.4
0.5
0.6
False
positive
rate
# of malicious nodes
3LIDS-
CGAN
HIDS
SHIDS-
LSTM
2 4 6 8 10
12. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2251
4.2.3. Impact of true positive rate (TPR)
This metric is used to detect correctly classified packets from the total amount of packets. If the
system has high true positive then it will achieve high accuracy. The calculation of true positive rate is
defined as (24),
𝑇𝑃𝑅 =
𝑇𝑃
𝑇𝑃+𝐹𝑁
(24)
where TPR represents the true positive rate and TP represents true positive, FN represents false negative.
Figure 6 represents the comparison of true positive rates for both proposed and existing models with
respect to number of malicious nodes. A network with high true positive rate increases the attack detection
accuracy. The true positive rate decreases with increasing the number of malicious nodes. The comparison
results show that the proposed 3LIDS-CGAN model achieves high true positive rate compared to other
existing models because the proposed 3LIDS-CGAN model deploys firewall for detecting and avoiding
malicious packets in the first stage thus increasing true positive rate. The malicious packets are detected and
avoided in the first level of IDS and the anomalies are detected and dropped in the second level of IDS,
finally, adversary packets are detected and removed from the environment thus increasing true positive rate
and reducing misclassification. Whereas the existing method [36], hybrid IDS uses dataset to detect the
anomalies which are trained that reduce the true positive rate due to lack of ability to detect the real-time
anomalies. Table 8 illustrates the numerical analysis of true positive rate. From the numerical analysis, the
proposed 3LIDS-CGAN model achieves 0.8 true positive rates for 10 malicious nodes which are 0.27%
higher than SHIDS-LSTM model and 0.12% higher than HIDS model.
Figure 6. True positive rate vs. # of malicious nodes
Table 8. True positive rate (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 0.97 ± 0.010 0.93 ± 0.045 0.91 ± 0.057
4 0.95 ± 0.015 0.87 ± 0.048 0.84 ± 0.052
6 0.91 ± 0.013 0.82 ± 0.942 0.78 ± 0.058
8 0.88 ± 0.016 0.78 ± 0.050 0.63 ± 0.053
10 0.86 ± 0.018 0.74 ± 0.047 0.59 ± 0.060
4.2.4. Impact of F-score
This metric is used to evaluate the test accuracy. This score is calculated from the precision and
recall harmonic mean. The calculation of F-score is defined as (25),
𝐹 = 2 ×
𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛×𝑅𝑒𝑐𝑎𝑙𝑙
𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛+𝑅𝑒𝑐𝑎𝑙𝑙
(25)
Figure 7 represents the comparison of F-score with respect to number of malicious nodes for both
proposed and existing models. The F-score decreases with increasing the number of malicious nodes. The
result shows that the proposed 3LIDS-CGAN model achieves high F-score compared to existing models
because we detect harmonic mean of precision and recall accurately compared to existing work.
0
0.2
0.4
0.6
0.8
1
True
positive
rate
# of malicious nodes
3LIDS-CGAN HIDS SHIDS-LSTM
2 4 6 8 10
13. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2252
Figure 7. F-score vs. # of malicious nodes
The proposed 3LIDS-CGAN correctly classified the intrusions from the environment thus increasing
F-score value. For instance, SHIDS [36] used ISCX-UNB dataset for intrusion detection, hence it detects
only trained anomalies using of single dataset it does not detect real-time anomalies because the attack
behavior is changed frequently, but trained anomalies store only limited behavior thus leads to poor accuracy
and less F-measure value. Table 9 illustrates the numerical analysis of F-score which represent the average
value of F-score [42], [43]. The numerical analysis proved that the proposed 3LIDS-CGAN model achieves
high F-score compared to existing models. The proposed 3LIDS-CGAN achieves 97.5% of F-score which is
6% higher than SHIDS-LSTM and 4% higher than HIDS.
Table 9. F score (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 99.48 ± 0.15 96.24 ± 0.37 93.8 ± 0.58
4 99.21 ± 0.18 95.47 ± 0.36 93.25 ± 0.51
6 98.58 ± 0.16 94.82 ± 0.38 92.68 ± 0.59
8 98.16 ± 0.13 94.31 ± 0.34 92.14 ± 0.57
10 97.56 ± 0.17 93.57 ± 0.32 91.73 ± 0.54
4.2.5. Impact of accuracy
This metric is used to calculate the accuracy of the proposed 3LIDS-CGAN model. If the system has
high accuracy, it represents the system detects intrusions correctly. Accuracy is calculated as (26),
𝐴 =
𝑇𝑃+𝑇𝑁
𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁
(26)
where A represents accuracy and FP represents false positive, TN represents true negative. Figure 8
represents the comparison of accuracy for both the proposed 3LIDS-CGAN model and existing models with
respect to number of malicious nodes. The accuracy decreases with increasing the number of malicious
nodes. A network with high accuracy increases the detection rate of attacks. In the existing method [35], lack
of considering the adversaries during hybrid IDS results in low accuracy. In [36], lack detection the real-time
anomalies reduces the accuracy of attack detection. In order to overcome the aforementioned issues, firewall
is implemented that filters the incoming packets, and the malicious packets are dropped earlier which
increases the accuracy. The comparison results show that the proposed 3LIDS-CGAN achieves high accuracy
compared to other existing models. For instance [38] consider two datasets for intrusion detection still do not
detect real-time intrusion thus reducing accuracy and attack detection rate.
Figure 8. Accuracy vs. #of malicious nodes
90
92
94
96
98
100
F
score
(%)
# of malicious nodes
3LIDS-CGAN
HIDS
SHIDS-LSTM
2 4 6 8 10
90
92
94
96
98
100
Accuracy
(%)
# of malicious nodes
3LIDS-CGAN
HIDS
SHIDS-LSTM
2 4 6 8 10
14. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2253
Table 10 illustrates the numerical analysis of accuracy. From the analysis, the proposed 3LIDS-
CGAN achieves high accuracy. The 3LIDS-CGAN achieves high accuracy of about 99% for 10 malicious
nodes which are 8% higher than SHIDS-LSTM and 5% higher than HIDS model for the same number of
malicious nodes.
Table 10. Accuracy (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 99.98 ± 0.15 97 ± 0.36 93 ± 0.54
4 99.97 ± 0.18 96.54 ± 0.37 92.68 ± 0.57
6 99.84 ± 0.16 96.21 ± 0.32 92.23 ± 0.51
8 99.43 ± 0.17 95.43 ± 0.38 91.78 ± 0.59
10 99.21 ± 0.13 94.97 ± 0.34 91.84 ± 0.58
4.2.6. Impact of energy consumption
This metric is used to calculate the energy consumed by the IoT devices during intrusion detection,
which is calculated as (27),
𝐸𝐶 = 𝐼𝐸 − 𝑅𝐸 (27)
where EC represents energy consumption and 𝐼𝐸 represent initial energy and 𝑅𝐸 represent residual energy.
Figure 9 represents the comparison of energy consumption of proposed 3LIDS-CGAN model and
existing model with respect to number of malicious nodes. The energy consumption increases with increasing
the number of malicious nodes which is otherwise known as the energy consumption is directly proportional
to the number of malicious nodes. The comparative result shows that the proposed 3LIDS-CGAN model
consumes less energy compared to existing models because the proposed 3LIDS-CGAN method used
firewall to drop malicious packets at an earlier stage thus reducing energy consumption and considering only
legitimate packets as an input rather than considering all packets as an input that also reduces the energy
consumption. In [36] consider all the packets as an input thus increasing energy consumption and latency.
Hence, the proposed 3LIDS-CGAN consumes less energy. Table 11 illustrates the numerical analysis of
energy consumption which shows the average value of energy consumption with respect to number of
malicious nodes. The result shows that the proposed 3LIDS-CGAN consumes low energy consumption of
about 2.8 J for 10 malicious nodes which are 3 J less than SHIDS-LSTM and 2 J less than HIDS model for
the same number of malicious nodes.
Figure 9. Energy consumption vs., # of malicious nodes
Table 11. Energy consumption (J) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 0.8 ± 0.017 1 ± 0.027 1.6 ± 0.054
4 1.4 ± 0.019 1.9 ± 0.031 2.5 ± 0.058
6 1.9 ± 0.012 2.7 ± 0.034 3.3 ± 0.052
8 2 ± 0.018 3.5 ± 0.032 4.5 ± 0.055
10 2.8 ± 0.013 4.6 ± 0.037 5.6 ± 0.057
0
1
2
3
4
5
6
Energy
consumption
(J)
# of malicious nodes
3LIDS-CGAN HIDS SHIDS-LSTM
2 4 6 8 10
15. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2254
4.2.7. Impact of precision
This metric is used to calculate the correctly classified packets from the total amount of packets. The
calculation of precision is defined as (28),
𝑃𝑟𝑒𝑐𝑖𝑠𝑜𝑛 =
𝑇𝑃
𝑇𝑃+𝐹𝑃
(28)
Figure 10 represents the comparison of precision for both proposed and existing models with respect
to number of malicious nodes. The precision decreases with increasing the number of malicious nodes. The
comparison result shows that the proposed 3LIDS-CGAN achieves high precision compared to other existing
models. In [35] perform normalization to for detecting intrusions, if any error occurs in the process of
normalization, then the system does not detect accurate intrusions thus increasing false positive rate and
reducing true positive rate hence it also reduces precision value. In the proposed 3LIDS-CGAN model deploy
firewall instead of preprocessing, which is used to filter the incoming packets and drop the malicious packets
in the first stage thus increasing true positive rate and precision. In this way, we achieve high precision when
compared to SHIDS-LSTM and HIDS models. Table 12 illustrates the numerical analysis of precision which
provides the average value of the precision with respect to number of malicious nodes. The proposed 3LIDS-
CGAN achieves high precision of about 97.83% for 10 malicious nodes 6% higher than SHIDS-LSTM
model and 3% higher than HIDS model for same number of malicious nodes.
Figure 10. Precision vs. # of malicious nodes
Table 12. Precision (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 99.97 ± 0.16 96.48 ± 0.34 93 ± 0.57
4 99.83 ± 0.11 95.8 ± 0.37 92.68 ± 0.53
6 98.78 ± 0.19 95.17 ± 0.31 92.23 ± 0.51
8 98.36 ± 0.13 94.69 ± 0.35 91.78 ± 0.54
10 97.93 ± 0.18 94.23 ± 0.32 91.84 ± 0.58
4.2.8. Impact of recall
This metric is to calculate the percentage of actual positives in the correctly classified packets which
is calculated as (29).
𝑅𝑒𝑐𝑎𝑙𝑙 =
𝑇𝑃
𝑇𝑃+𝐹𝑁
(29)
Figure 11 represents the comparison of recall for both proposed and existing models with respect to
number of malicious nodes. The recall decreases with increasing the number of malicious nodes. The
comparison result shows that the proposed 3LIDS-CGAN model achieves high recall compared to existing
models because the existing works only detect anomaly and signature-based intrusions however, lack of
detection of the adversary packets leads to misclassification and increase false alarm rate, but the proposed
90
91
92
93
94
95
96
97
98
99
100
2 4 5 8 10
Precision
(%)
# of malicious nodes
3LIDS-CGAN HIDS SHIDS-LSTM
16. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2255
3LIDS-CGAN detect adversary packets using CGAN which detect adversary packets because it
automatically learns the adversarial environment and detects adversary packets well thus improves detection
rate and recall and reduce misclassification when compared with the existing works.
Table 13 illustrates the numerical analysis of recall that presents the average value of recall with the
corresponding malicious packets. From the numerical analysis, the proposed 3LIDS-CGAN achieves 97.895
for 10 malicious nodes which is 6% higher than SHIDS-LSTM and 4% higher than HIDS model for the same
number of malicious nodes.
4.2.9. Impact of ROC curve
ROC curve stands for receiver operating characteristics curve which shows the classification
performance at all classification thresholds. ROC curve includes true positive rate and false-positive rate. It is
graph that plots True positive rate vs. false positive rate at various classification thresholds.
Figure 12 represents the ROC curve for both proposed and existing models. The true positive value
is increased exponentially with the increasing number of false-positive rates. The figure clearly states that the
proposed 3LIDS-CGAN model achieves high true positive rate compared to SHIDS-LSTM and HIDs
models. The proposed model has high true positive rate due to detecting intrusions accurately because we
deploy firewall to drop the malicious packets in an earlier stage and perform three-level IDS. And CGAN is
also used for detecting adversary packets that only the proposed 3LIDS-CGAN achieves high true positive
range in ROC curve compared to existing models such as SHIDS-LSTM and HIDS. Whereas, the existing
methods, lack adversary and real-time anomaly detection reducing the true positive rate and increasing the
false positive rate.
Figure 11. Recall vs. # of malicious nodes
Table 13. Recall (%) analysis
No. of. Malicious nodes 3LIDS-CGAN HIDS SHIDS-LSTM
2 99.96 ± 0.18 96.36 ± 0.38 94 ± 0.52
4 99.81 ± 0.12 95.78 ± 0.33 93.67 ± 0.54
6 99.35 ± 0.13 95.26 ± 0.31 92.89 ± 0.56
8 98.47 ± 0.16 94.37 ± 0.36 92.1 ± 0.53
10 97.89 ± 0.19 93.87 ± 0.35 91.84 ± 0.51
Figure 12. True positive rate vs. false positive rate
90
92
94
96
98
100
2 4 5 8 10
Recall
(%)
# of malicious nodes
3LIDS-CGAN HIDS SHIDS-LSTM
0
0.2
0.4
0.6
0.8
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
TRUE
POSITIVE
RATE
FALSE POSITIVE RATE
3LIDS-CGAN HIDS SHIDS-LSTM
17. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2256
5. CONCLUSION
In IoT environment, security and privacy are the significant issues. In this paper, 3LIDS-CGAN
model is proposed for detecting intrusions in IoT environment. In first level IDS, firewall is deployed for
avoiding malicious packets in an earlier stage, for that firewall extracts the features of incoming traffic
patterns.
Only the suspicious packets are sent to the next level for detecting anomaly packets. In the second
level IDS, event-based semantic map is constructed for detecting anomaly extracted features the packet is
classified into normal, malicious, and suspicious using SVM and golden eagle optimization packets from the
suspicious packets which increase attack detection accuracy. In third level IDS detect adversary packets
detected which are under anomaly detection. The adversary packets look like normal packets we need to
identify, for that, we proposed CGAN which detects anomaly packets accurately that accuracy and reduces
false alarm rate. Final process is attacking type classification, after detecting intrusion the PPO is deployed to
classify the type of attacks such as Probe attack, DoS attack, DDoS attack, SQL injection attack, R2L attack,
and U2R attack. The PPO learned and stored the attack type and its behavior in the dataset by correlating the
current behavior of the current attack the PPO classifies the specific attack type which increases accuracy of
the process. In final analysis, the performance of the proposed 3LIDS-CGAN is evaluated and outperforms in
terms of attack detection rate, false-positive rate, true positive rate, F-Score, Accuracy, energy consumption,
precision, recall, and ROC curve. In future, we planned to integrate blockchain for enhancing security in IoT
environment.
REFERENCES
[1] K. Mrhar, O. Douimi, M. Abik, and N. C. Benabdellah, “Towards a semantic integration of data from learning platforms,” IAES
International Journal of Artificial Intelligence (IJ-AI), vol. 9, no. 3, pp. 535–544, Sep. 2020, doi: 10.11591/ijai.v9.i3.pp535-544.
[2] V. Kumar, A. K. Das, and D. Sinha, “UIDS: a unified intrusion detection system for IoT environment,” Evolutionary Intelligence,
vol. 14, no. 1, pp. 47–59, Mar. 2021, doi: 10.1007/s12065-019-00291-w.
[3] A. Kim, M. Park, and D. H. Lee, “AI-IDS: Application of deep learning to real-time web intrusion detection,” IEEE Access,
vol. 8, pp. 70245–70261, 2020, doi: 10.1109/ACCESS.2020.2986882.
[4] I. Dutt, S. Borah, and I. K. Maitra, “Immune system based intrusion detection system (IS-IDS): A proposed model,” IEEE Access,
vol. 8, pp. 34929–34941, 2020, doi: 10.1109/ACCESS.2020.2973608.
[5] R. A. Khamis, M. O. Shafiq, and A. Matrawy, “Investigating resistance of deep learning-based IDS against adversaries using min-
max optimization,” in ICC 2020 - 2020 IEEE International Conference on Communications (ICC), Jun. 2020, pp. 1–7, doi:
10.1109/ICC40277.2020.9149117.
[6] M. Sewak, S. K. Sahay, and H. Rathore, “DOOM: A novel adversarial-DRL-based op-code level metamorphic malware
obfuscator for the enhancement of IDS,” in Adjunct Proceedings of the 2020 ACM International Joint Conference on Pervasive
and Ubiquitous Computing and Proceedings of the 2020 ACM International Symposium on Wearable Computers, Sep. 2020,
pp. 131–134, doi: 10.1145/3410530.3414411.
[7] M. Alenezi, M. Nadeem, and R. Asif, “SQL injection attacks countermeasures assessments,” Indonesian Journal of Electrical
Engineering and Computer Science (IJEECS), vol. 21, no. 2, pp. 1121–1131, Feb. 2021, doi: 10.11591/ijeecs.v21.i2.pp1121-
1131.
[8] M. J. Babu and A. R. Reddy, “SH-IDS: Specification heuristics based intrusion detection system for IoT networks,” Wireless
Personal Communications, vol. 112, no. 3, pp. 2023–2045, Jun. 2020, doi: 10.1007/s11277-020-07137-0.
[9] A. Alhowaide, I. Alsmadi, and J. Tang, “PCA, Random-forest and Pearson correlation for dimensionality reduction in IoT IDS,”
in 2020 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), Sep. 2020, pp. 1–6, doi:
10.1109/IEMTRONICS51293.2020.9216388.
[10] G. Soni and R. Sudhakar, “A L-IDS against dropping attack to secure and improve RPL performance in WSN aided IoT,” in 2020
7th International Conference on Signal Processing and Integrated Networks (SPIN), Feb. 2020, pp. 377–383, doi:
10.1109/SPIN48934.2020.9071118.
[11] M. A. Ferrag, L. Maglaras, A. Ahmim, M. Derdour, and H. Janicke, “RDTIDS: Rules and decision tree-based intrusion detection
system for internet-of-things networks,” Future Internet, vol. 12, no. 3, pp. 44–58, Mar. 2020, doi: 10.3390/fi12030044.
[12] N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, and P. Faruki, “Network intrusion detection for IoT security based on
learning techniques,” IEEE Communications Surveys & Tutorials, vol. 21, no. 3, pp. 2671–2701, 2019, doi:
10.1109/COMST.2019.2896380.
[13] V. Morfino and S. Rampone, “Towards near-real-time intrusion detection for IoT devices using supervised learning and Apache
spark,” Electronics, vol. 9, no. 3, Mar. 2020, doi: 10.3390/electronics9030444.
[14] H. L. A. Q. B and J. Ahmad, Internet of things. Springer International Publishing, 2019.
[15] M. M. Shurman, R. M. Khrais, and A. A. Yateem, “IoT denial-of-service attack detection and prevention using hybrid IDS,” in
2019 International Arab Conference on Information Technology (ACIT), Dec. 2019, pp. 252–254, doi:
10.1109/ACIT47987.2019.8991097.
[16] K. Jiang, W. Wang, A. Wang, and H. Wu, “Network intrusion detection combined hybrid sampling with deep hierarchical
network,” IEEE Access, vol. 8, pp. 32464–32476, 2020, doi: 10.1109/ACCESS.2020.2973730.
[17] S. U. Jan, S. Ahmed, V. Shakhov, and I. Koo, “Toward a lightweight intrusion detection system for the internet of things,” IEEE
Access, vol. 7, pp. 42450–42471, 2019, doi: 10.1109/ACCESS.2019.2907965.
[18] C. Ma, X. Du, and L. Cao, “Analysis of multi-types of flow features based on hybrid neural network for improving network
anomaly detection,” IEEE Access, vol. 7, pp. 148363–148380, 2019, doi: 10.1109/ACCESS.2019.2946708.
[19] A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman and A. Alazab, “A novel ensemble of hybrid intrusion detection system for
detecting internet of things attacks,” Electronics, vol. 8, no. 11, Oct. 2019, doi: 10.3390/electronics8111210.
[20] S. P. R.M. et al., “An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT
18. Int J Elec & Comp Eng ISSN: 2088-8708
Three level intrusion detection system based on conditional generative … (Hasan Abdulameer)
2257
architecture,” Computer Communications, vol. 160, pp. 139–149, Jul. 2020, doi: 10.1016/j.comcom.2020.05.048.
[21] Y. Zhou, T. A. Mazzuchi, and S. Sarkani, “M-AdaBoost-A based ensemble system for network intrusion detection,” Expert
Systems with Applications, vol. 162, Dec. 2020, doi: 10.1016/j.eswa.2020.113864.
[22] D. Mohammad, I. Aljarrah, and M. Jarrah, “Searching surveillance video contents using convolutional neural network,”
International Journal of Electrical and Computer Engineering (IJECE), vol. 11, no. 2, pp. 1656–1665, Apr. 2021, doi:
10.11591/ijece.v11i2.pp1656-1665.
[23] W. J. Hadi, S. M. Kadhem, and A. R. Abbas, “Fast discrimination of fake video manipulation,” International Journal of Electrical
and Computer Engineering (IJECE), vol. 12, no. 3, pp. 2582–2587, Jun. 2022, doi: 10.11591/ijece.v12i3.pp2582-2587.
[24] M. Berrahal and M. Azizi, “Optimal text-to-image synthesis model for generating portrait images using generative adversarial
network techniques,” Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 25, no. 2, pp. 972–979,
Feb. 2022, doi: 10.11591/ijeecs.v25.i2.pp972-979.
[25] M. A. Zaytar and C. El Amrani, “Satellite image inpainting with deep generative adversarial neural networks,” IAES International
Journal of Artificial Intelligence (IJ-AI), vol. 10, no. 1, pp. 121–130, Mar. 2021, doi: 10.11591/ijai.v10.i1.pp121-130.
[26] H. Yang and F. Wang, “Wireless network intrusion detection based on improved convolutional neural network,” IEEE Access,
vol. 7, pp. 64366–64374, 2019, doi: 10.1109/ACCESS.2019.2917299.
[27] K. S. Gill, S. Saxena, and A. Sharma, “GTM-CSec: Game theoretic model for cloud security based on IDS and honeypot,”
Computers & Security, vol. 92, May 2020, doi: 10.1016/j.cose.2020.101732.
[28] S. Huang and K. Lei, “IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc
networks,” Ad Hoc Networks, vol. 105, Aug. 2020, doi: 10.1016/j.adhoc.2020.102177.
[29] Y. Zhang, P. Li, and X. Wang, “Intrusion detection for IoT based on improved genetic algorithm and deep belief network,” IEEE
Access, vol. 7, pp. 31711–31722, 2019, doi: 10.1109/ACCESS.2019.2903723.
[30] E. Ülker and I. M. Nur, “A new hybrid IoT-based IDS using binary gray wolf optimization (BGWO) and Naive Bayes (NB),” (in
Turkish), European Journal of Science and Technology, pp. 279–286, Oct. 2020, doi: 10.31590/ejosat.804113.
[31] J. C. S. Sicato, S. K. Singh, S. Rathore, and J. H. Park, “A comprehensive analyses of intrusion detection system for IoT
environment,” Journal of Information Processing Systems, vol. 16, no. 4, pp. 975–990, 2020, doi: 10.3745/JIPS.03.0144.
[32] A. Golrang, A. M. Golrang, S. Y. Yayilgan, and O. Elezaj, “A novel hybrid IDS based on modified NSGAII-ANN and random
forest,” Electronics, vol. 9, no. 4, Mar. 2020, doi: 10.3390/electronics9040577.
[33] P. Sun et al., “DL-IDS: Extracting features using CNN-LSTM hybrid network for intrusion detection system,” Security and
Communication Networks, vol. 2020, pp. 1–11, Aug. 2020, doi: 10.1155/2020/8890306.
[34] K. Atefi, H. Hashim, and T. Khodadadi, “A hybrid anomaly classification with deep learning (DL) and binary algorithms (BA) as
optimizer in the intrusion detection system (IDS),” in 2020 16th IEEE International Colloquium on Signal Processing & Its
Applications (CSPA), Feb. 2020, pp. 29–34, doi: 10.1109/CSPA48992.2020.9068725.
[35] A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab, “Hybrid intrusion detection system based on the stacking
ensemble of C5 decision tree classifier and one class support vector machine,” Electronics, vol. 9, no. 1, Jan. 2020, doi:
10.3390/electronics9010173.
[36] M. Khan, M. Karim, and Y. Kim, “A scalable and hybrid intrusion detection system based on the convolutional-LSTM network,”
Symmetry, vol. 11, no. 4, Apr. 2019, doi: 10.3390/sym11040583.
[37] T. Rose, K. Kifayat, S. Abbas, and M. Asim, “A hybrid anomaly-based intrusion detection system to improve time complexity in
the internet of energy environment,” Journal of Parallel and Distributed Computing, vol. 145, pp. 124–139, Nov. 2020, doi:
10.1016/j.jpdc.2020.06.012.
[38] C. A. de Souza, C. B. Westphall, R. B. Machado, J. B. M. Sobral, and G. dos S. Vieira, “Hybrid approach to intrusion detection in
fog-based IoT environments,” Computer Networks, vol. 180, Oct. 2020, doi: 10.1016/j.comnet.2020.107417.
[39] S. F. Pane, R. M. Awan, M. A. H. Siregar, and D. Majesty, “Mapping log data activity using heuristic miner algorithm in
manufacture and logistics company,” TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 19, no. 3,
pp. 781–791, Jun. 2021, doi: 10.12928/telkomnika.v19i3.18153.
[40] K. V. Kumar and J. Harikiran, “Privacy preserving human activity recognition framework using an optimized prediction
algorithm,” IAES International Journal of Artificial Intelligence (IJ-AI), vol. 11, no. 1, pp. 254–264, Mar. 2022, doi:
10.11591/ijai.v11.i1.pp254-264.
[41] T. Kim, C. Ro, and K. Suh, “Experiments on city train vibration anomaly detection Using deep learning approaches,” Indonesian
Journal of Electrical Engineering and Computer Science (IJEECS), vol. 20, no. 1, pp. 329–337, Oct. 2020, doi:
10.11591/ijeecs.v20.i1.pp329-337.
[42] M. Eskandari, Z. H. Janjua, M. Vecchio, and F. Antonelli, “Passban IDS: An intelligent anomaly-based intrusion detection system
for IoT edge devices,” IEEE Internet of Things Journal, vol. 7, no. 8, pp. 6882–6897, Aug. 2020, doi:
10.1109/JIOT.2020.2970501.
[43] G. Zhang, X. Wang, R. Li, Y. Song, J. He, and J. Lai, “Network intrusion detection based on conditional Wasserstein generative
adversarial network and cost-sensitive stacked autoencoder,” IEEE Access, vol. 8, pp. 190431–190447, 2020, doi:
10.1109/ACCESS.2020.3031892.
BIOGRAPHIES OF AUTHORS
Hasan Abdulameer received his master’s degree in Communication and Computer
Engineering from the National University of Malaysia, Selangor, Malaysia. He is currently an
Assistant Lecturer of Information Technology with Al-Hussain University College. His research
interests include computer networks, network security, IDS, and cyber security. He is a certified
ethical hacker (CEH). He can be contacted at email: hasanabdulameer@huciraq.edu.iq.
19. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 2, April 2023: 2240-2258
2258
Inam Musa received the B.Sc. degree in communication engineering and M.Sc.
degrees in computer and communication engineering from Arts, Sciences & Technology
University in Lebanon in 2010 and 2015, respectively. She has been an assistant Lecturer of
electronic communication engineering and computer science with Al-Hussain University
College, since 2015. She is currently the coordinator of electric power technique engineering
department. Her research interests include the applications of image processing and security of
communication systems. She can be contacted at email: anaam.r.majidi@gmail.com.
Noora Salim Al-Sultani received the B.Sc. degree in electrical engineering from
Babylon university, Babylon, Iraq, 2008, M.Sc. degree in electronic and communication
engineering from National Energy University, Malaysia, 2013 and Ph.D. student in National
University of Malaysia since 2021 till now, 14 research papers conference and journals. Her
research interests include internet of things applications in machine learning, 6G antenna theory,
radio spectrum utilization beyond 5G and fiber optics engineering communication. She can be
contacted at email noora.salim@wrec.uoqasim.edu.iq.