An early discovery of intrusion attack using novel optimized deep learning for internet of things

Abstract

In the past couple of years, neural networks have gained widespread use in network security analysis. This type of analysis is usually performed in a nonlinear and highly correlated manner. Due to the immense amount of data traffic, the current models are prone to false alarms and poor detection. Deep-learning models can help security researchers identify and extract data features that are related to an attack. They can also minimize the data’s dimensionality and detect intrusions. Unfortunately, the complexity of the network structure and hidden neurons of a deep-learning model can be set by error-prone procedures. In order to improve the performance of deep learning models, a new algorithm is proposed. This method combines a gradient boost regression and particle swarm optimization. The proposes a method called the Spark-DBN-SVM-GBR algorithm. The simulations conducted proposed algorithm revealed that it has a better accuracy rate than other deep learning models and the experiments conducted on the PSO-GBR algorithm revealed that it performed better than the current optimization technique when detecting unauthorized attack activities.

Keywords

Intrusion detection Apache Spark Support vector machine (SVM)particle swarm optimization and gradient boost regression

1 Introduction

One of the most critical issues that security management systems have to address is the protection of big data [1]. Due to the rapid growth of the Internet and the increasing number of sources of data, hackers have become more capable of launching attacks. This has led to the development of new tools and techniques that allow them to perform illegal activities [2]. Researchers are constantly developing new techniques and tools that can help them detect and prevent attacks before they can take over a network. One of the most important systems that is used in this field is intrusion detection. This type of security system is designed to monitor the activities of an attacker and prevent them from taking over a network [3].

An IDS is a software or hardware monitor that can analyze and detect attacks on a network. Big data analysis is often the reason why IDS techniques are not as efficient as they should be when dealing with security threats [4]. The complexity of the process involved in analyzing the data makes it difficult for the system to identify and prevent attacks. Big data analysis can be performed in a more efficient manner by using techniques and tools. This can help reduce training time and computation [5].

The IDS has various methods that it uses to detect attacks. One is the signature-based attack detection, which can identify known attacks by looking for their signatures. This method is useful in identifying attacks that are already in the database. However, it can’t detect new types of attacks as their signatures are not presented [6]. This is why anomaly-based detection is used to analyze the current activities of the users against predefined profiles. An anomaly-based detection is usually effective against zero-day attacks or unknown attacks. However, it has high false positive rates. Another type of intrusion detection is hybrid-based. This method combines two or more techniques to achieve the advantages of one method [7].

When it comes to analyzing the data collected within a network, an IDS should take into account the nature of the information. Big data is a vast amount of data that can be gathered and stored in the network. Due to the increasing number of computers and the continuous changes in the distribution of network data, it is very challenging to identify the abnormal behaviors in the data. The various formats and structures of network data make it easy to identify its nature [8]. Big data is also beneficial for analyzing network patterns since it can provide insight into the activities of the network. Due to the complexity of the data, it is very important that an IDS uses techniques such as big data to find out what is happening in the network. Unfortunately, most of the studies on the use of big data in analyzing network data have not examined the complexity of the data [9]. When it comes to analyzing the data of a network, an IDS should take into account the nature of the information. This is because the data collected and stored in a network can be very complex.

Many researchers are working on developing machine learning algorithms that can reduce the false positive rates and improve the accuracy of IDS. Unfortunately, implementing these techniques in the IDS takes a long time due to the complexity of the data. With the help of Big Data techniques, machine learning can be used to solve various computational time and speed issues. Due to the lack of deep learning frameworks that can work with big data analytics tools, the development of an in-depth learning framework for Apache Spark was very important [10]. This was done through a number of initiatives. This paper aims to introduce the various techniques that are used in the development of Spark Big Data systems for IDS. These techniques can help reduce the time it takes to perform the classification process. They can also reduce the computational time involved in developing the technology. In this research, we will introduce a new IDS classification method called Spark-DBN-SVM-GBR. This method combines the preprocessing and data standardization steps to improve the classification efficiency.

2 Literature survey

Nguyen et al. [11] - The objective of this project was to create an IDS for Spark which can be utilized in healthcare environments. The suggested model was based on a CBO algorithm and followed by a chaos theory to improve convergence rate. It was applied to various DL frameworks to achieved better detection rates. The researchers validated the proposed model used a standard dataset and utilized the Spark and Hadoop technologies to speed up the processing of the data. The results of the evaluation revealed that the model performed well and provided an optimal FS result costing 0.002345. The proposed model was able to detect 99.59% of the data and 99.21% of accuracy. The research should be noted that it could be improved by incorporating a bio-inspired classification algorithm.

Zang et al. (2021) [12] - The goal of this paper was to developed an IDS framework for VANET that uses machine learning. The system was evaluated and tested by collecting real-time data from the Mininet-Wifi emulation. The framework’s features allow for easy and secure management of data collected from a vehicle network. The IDS framework features a variety of tools that allow users to analyzed and monitor the collected data. It can also detected distributed denial of service (DoS) attacks and other suspicious activities. The system’s efficiency was evaluated and it was found to be capable of detecting these attacks with high accuracy. The paper reviews the effects of the IDS framework on the performance of the network. The findings of the evaluation revealed that it was light and can help reduced the amount of resources that the network was burdened with. It will be integrated with an SDN controller in the future to automatically detect and block malicious activities. The paper proposes the development of a Deep Learning algorithm that can improve the system’s capabilities and efficiency.

Otoum et al. (2022) [13] –Presented the security of the IoT was a vital issue that must be resolved in order to prevent it from being exploited by unauthorized users. Besides the type and communication methods used by the devices, factors such as the amount of data collected are also taken into consideration to determine its level of security. In order to address the issue of security in the IoT, we present a new generation of IDS that uses deep learning methods to identified threats. Unfortunately, existing systems cannot effectively detect attacks due to their lack of features. The new IDS is designed to combined the SMO algorithm and the SDPN to improve its recognition. The proposed DL-IDS uses a statistical model to analyze the data sets and classify them as normal or anomalous. It can also identified severe anomalies by taking into account the most relevant features. The system then uses a SDPN to categorize the data collected by analyzing it into different attack categories such as U2 R, DoS, and R2 L. In an initial evaluation, it performed well by achieving a recall, accuracy, and F1 score. To improve its performance, we will perform an evaluation with different classifiers such as Nave Bayes and DT.

Mighan et al. (2021) [14] - The paper proposes a hybrid SVM–SAE method for detecting cyber-security threats. It utilizes a stacked auto-classification network for extraction and a deep network platform for extracting features. Compared to other approaches, the deep network extraction method was more accurate at extracting features. The paper was evaluated using various tools such as Apache Spark and machine learning. We then split the collected data into two categories: SVM and SASE. The first one was for SVM, while the other was for SASE.

Jothi et al. (2021) [15] - The goal of this paper is to present a deep learning framework that can be used to analyze and monitor large datasets. The framework was developed through a real-time scenario involving the use of OMENT+IoT plugins. The evaluation of the proposed model revealed that it performed well against the other learning frameworks that were developed using different scenarios involving real-time and KDD datasets. The proposed model performed well against the various algorithms in terms of its sensitivity, specificity, and exactness. It was also able to distinguish between malicious nodes and an IoT network. In addition, it provided an overview of the countermeasures that it can implement once it is able to predict an attack. The results of the experiments revealed that the proposed models performed well against the various algorithms. They also showed that the prediction time and response time of the proposed model were better than those of the other models. The findings of the simulation revealed that the proposed model is ideal for developing secure and scalable IDS for IoT networks.

3 Proposed intrusion detection based on DBN-SVM-GBR

When it comes to accessing a computer’s network, hackers consider the status of their network. This information could be used to carry out harmful attacks. On the other hand, networks and hosts have to deal with a huge amount of data. This is why it is important that they keep track of all the details that they collect. It is also important that hosts and networks implement effective measures to prevent unauthorized access. Big data techniques can also be utilized to develop effective systems for detecting intrusions. One of the crucial factors that must be considered is the availability of such information. In this study, we present a framework that combines the optimization and deep learning capabilities. The main advantage of this system is its ability to analyze the hidden layers of a network. In addition, it can improve the structure of a network by implementing a PSO-GBR and SVM algorithm. Big data techniques could also help in reducing the false alarms that the system produces. Deep learning systems can also benefit from this approach as it can improve their performance. Currently, these systems have a low throughput due to their high complexity. With the help of big data, they can achieve a faster execution rate.

Fig. 1

Spark-DBN-SVM-GBR architecture for Intrusion Detection.

This paper presents a design-based method that can help reduce the false alarms that a system produces. The algorithm can also detect complex features and relationships between attacks. Through the use of big data techniques and the Spark processing engine, we were able to increase the speed of model training and data processing. The BigDL library was utilized to improve the performance capabilities of deep learning systems. Due to the complexity of deep learning models, they have low execution speed. This allows us to quickly detect attacks.

3.1 Dataset description

The KDD99 dataset, which is over 19 years old, is still widely used by academic researchers. The training data was processed and approximately five million connection records were created. There are 41 features in the dataset, and it has been divided into 22 attack categories.

Denial of service attack (DoS): The goal of a DoS attack is to prevent a network or machine from being accessed by its intended users. It usually involves flooding a targeted system with requests to prevent it from processing traffic.

User to root attack (U2 R): An exploit is a type of attack where hackers take over a system and provide themselves with unauthorized access to the user.

Remote to local attack (R2 L): An attacker can take over a computer or system after finding a vulnerability in a security software..

The primary goal of this attack is to steal or obtain data illegally, infect the victim with viruses, or cause damage.

Probing Attack: The initial step in an attack is referred to as scanning or discovery. It involves gathering information about a targeted system. During this process, a probe is performed to identify known vulnerabilities in software or in the custom code used for the targeted application.

3.2 Proposed Intrusion detection DBN model along with PSO-SVM-GBR

A network is equipped with an intrusion detection system to identify and prevent unauthorized access to a computer. This technology can also help prevent data from leaking or damaging. Due to its effectiveness, it has attracted increasing interest from both the private and public sectors. This type of technology can help improve the security of an organization’s information infrastructure.

In 2006, Hinton and colleagues [17] proposed the notion of deep learning. Deep neural networks are more complex and provide a better understanding of complex problems. They emphasize the importance of having a deep network’s multi-layer structure and features. On the other hand, shallow neural networks are often limited in their classification abilities. The original data is maintained even as the dimensions of the information change. Deep learning models are commonly used for analyzing complex problems, such as CNN and RBM.

The hierarchical structure of the Deep Learning algorithm’s DBN model makes it easier to process the collected data. The training phase involves training the various RBM networks and then training the weakest one on raw data. The lower layer’s output features are then used as input for the training process. The values of each layer can be acquired by training the RBM framework’s bottom-up approach. This method is repeated repeatedly with the goal of learning the various features of the data.

DBN models undergo a two-phase training process. The first phase is called the pre-training, while the second phase is known as the fine tuning phase. The first stage involves the use of the unsupervised algorithm to train the various layers of RBM. In the diagram below, the algorithm flow shows the steps involved in the training of each layer. The last layer of the RBM network is trained, which produces an output as a feature of the algorithm. The BP method ensures that errors are adjusted and sent back to the correct place. If the training goal isn’t met, the network will be retrained. The training duration of networks is also increased if they’re continuously trained. The goal is to perform network-level hierarchical learning.

The RBM is a two-layered model that has no self-feedback and symmetrical connections. In the model’s iterative process, the visible layer represents the observed data, while the hidden layer refers to the data that can be considered as a feature extraction. For convenience, it is assumed that the hidden and visible units are binary variables. $\forall i, j, v_{i} \in {0, 1}, h_{j} \in {0, 1},$ (1)

The state of the hidden unit is represented by h_j while the visible unit is represented by v_i.

The RBM’s precise iteration procedure is as follows:

In the visible layer v₁ of the network, take data and create the bias and weight values of the network.

The weight of the hidden layer neuron will be used to determine the probability of its existence.

At this point, the value of the second neuron in the visible layer is considered to be unknown. It can be reconstructed or calculated by comparing the value of the neurons with the value of the first neuron.

The bias and weight should be adjusted according to the difference between the two.

Follow the given algorithm for solving h2 and take v2 as given.

To obtain the error signal, calculate the weight. v3 and v2 again.

An increase in the number of iterations leads to a state of equilibrium, which will eventually cause the whole system to congregate.

The iterative process of training RBM is shown in the following steps. Each iteration updates the weights and offset values. After the training layer has been trained, the last RBM output is extracted and used as a feature. The goal of the program is to provide the best possible result.

When implementing the Gibbs algorithm for training RBM, there will be several sampling steps. This issue can occur due to the high data dimension. A CD algorithm is utilized to train the system, which segments it into several layers. This method then fine-tunes the parameters of the training.

In the second phase of the DBN training program, the model is fine-tuned. One of the most important factors that can be considered when it comes to achieving the weight of the RBM feature is the mapping of its feature vector. The BP network is also responsible for carrying out the error transmission. The DBN network’s error function indicates that the system has changed its weights and biases. This method can affect its efforts to achieve the ideal state. The training algorithm for this project aims to modify the network’s parameters to achieve the best result.

The number of hidden layers, number of nodes, and model iterations determine the capacity of the DB N framework to convey data attributes. Although it can do so, the parameters related its classification are not widely known. The training data set’s optimal number of hidden layers and nodes is determined by several experiments. One of the most important factors that determines the number of nodes needed for a given classification process is the number of hidden layers. A batch training method can be used to improve the efficiency of the process by randomly sampling the collected data set. The training data is then randomly selected and trained, and the network weight is continuously updated.

Large amounts of network data are required to perform well in machine learning.On the other hand, standard models can train well with small and high-dimensional datasets. A more efficient model is the SVM, which has better classification accuracy and faster running speed. The PSO algorithm is widely used in the selection of the SVM’s parameters. It can be used to analyze the collected data from the DBN platform and find the most suitable combination of parameters. The classifier trains the SVM and performs the final analysis to compare the results with those of other models.

The partition and optimization methods utilized in the PSO-SVM frameworks are designed to solve original problems while maintaining their characteristics. To avoid the emergence of random distribution of particles in the initial swarm, the algorithm’s initial position is adjusted. To optimize a given domain, divide it into equal parts and distribute the particles evenly across each subdomain. Then, through the SVM algorithm, solve the problem iteratively and get the best result.

This study aims to analyze the potential of deep learning to be used to attack various computer models. Besides this, it shows that attackers can also modify the operation of the proposed neural network by selecting its parameters, which makes it possible to alter its output. This will help in developing a better understanding of how these attacks can affect the real world. Since the design and structure of neural networks are intricate, it is crucial for researchers. Although other examples have been presented, the majority focus on these kinds of networks.

Analyzing large datasets using a sequential approach avoids breaking the neural network. Instead, GBR adds small trees with high bias to the dataset in order to focus on the document that caused the error. It performs gradient descent on an instance of space X1. $R (y_{i}) \leftarrow R (y_{i}) - α \frac{K}{R (y_{i})},$ (2)

Learning rates are computed by taking into consideration the number of times a feature has been exposed to it. The value of the negative gradient is then calculated by the prediction of regression trees. $h_{t} \approx - \underset{h \in T_{d}}{arg min} \sum_{i = 1}^{n} (h_{t} (x_{i}) - r_{i})$ (3) $Y = \sum_{i = 1}^{n} (g_{r} (y_{i}) - e_{i})$ (4)

The GBR algorithm takes into account the zero square loss condition in a given document and transforms it into its residual from its previous iteration. It is based on the standard CART algorithm. Another important factor that an algorithm should take into account when it comes to developing its algorithm is its learning rate, as it determines how many iterations it needs to complete the task.

3.3 Preliminary assumptions Hypothesis

There are three initial assumptions that are aimed at ensuring that deep learning models perform well. These include the ability to layer-by-layer process, feature transformation, and the sufficient complexity model. Deep learning techniques are typically processed by several layers. Since they lack the necessary features to make them more complex, they tend to be relatively easy to implement. The ensemble method, on the other hand, can make them more complex. This paper aims to analyze the advantages of implementing cascading structures and feature segmentation in deep learning. One of the main advantages of this approach is that it can improve the performance of the support vector machine. Another hypothesis suggests that the implementation of Spark-PSO could reduce the time it takes to detect and train models. The experiment involved converting character attributes into training models for different deep learning approaches. The results of the study can be found in the following sections.

4 Result and discussion

4.1 Dataset description

The data sets are from the KDD CUP 99 benchmark, which was used by the AIPRS to analyze intrusion detection systems in 1999. The 494,021 records in the dataset represent various classifications attributes and numerical attributes. The benchmark’s four attack types are Denial of Service, Probe, Remote to Root, and User to Root.

4.2 Algorithm implementation

The process of implementing the algorithm involves pre-processing 10% of the training data and correcting the remaining KDD CUP 99 test data. After reducing the feature dimension, the proposed model trains the data according to the reduced feature dimension. The parameters of the training model are then adjusted to get the optimal ones. The test result is then verified and the algorithm is released. In network training, insufficient training can occur if the training number is too small. Overfitting can also occur if the training number is too large. The training number was initially set at 200, and after a hundred training iterations, the cost of the network decreased flat. The number of iterations was set at 100. The learning rate, initialization threshold, and gradient boost regression algorithm were also set.

4.3 Simulation results

Due to the importance of scientific papers in today’s society, organizations have to implement suitable security measures. An intrusion detection solution is utilized to identify and monitor anomalous activities. This system can be divided into two components: the control and surveillance domains. The latter is responsible for monitoring corporate networks and various applications. Figure 2 to 11 shows the implementation results of proposed framework.

Fig. 2

Model architecture for Proposed DBN.

In this study, we present a deep learning model called Spark DBN-PSO, which is designed to classify various types of data. The architecture of the model is shown in Fig. 2. After fine-tuning the model, five RBMs are composed of (49, 128), (128, 256), (256, 128), (128, 128), and (128, 64) respectively. The outputs from these RBMs are connected to a cluster of 6 nodes, which is used for multi-class classification. Table 1.

Table 1

Model design and parameters

Parameter	Pre-training	Fine-tuning
Epochs	10	30
Learning rate	0.1	0.001
Batch size	64	128
Momentum	0.9	–
Optimiser	PSO-GBR	PSO-GBR
Loss function	–	cross-entropy
Gibbs step	1 step	–
Weight init.	Xavier initializer	–
Bias init.	Zeros (0)	–

The table above shows the architecture of the DBN that is implemented using five RBMs. After fine-tuning the system, each of these is equipped with a set of hidden and visible nodes. The output of the last RBM is then connected to a layer that has 6 nodes for multi-classification using SVM function instead of softmax.

4.4 Performance Analysis

4.4.1 Precision

Precision is a metric for how much of the test data that is flagged as an attack is truly from one of the attack types. $precision = \frac{TP}{TP + FP}$ (5)

Where TP represents the true positive value, FP indicates the false positive.

4.4.2 Recall

The percentage of attack classes accurately detected is measured by recall. $Recall = \frac{TP}{TP + FN}$ (6)

Where TP indicates the true positive value and FN indicates the false negative

4.4.3 F-Measure

The F-measure is a test accuracy metric that assesses the balance between precision and recall. $F - measure = \frac{2 * P * R}{P + R}$ (7)

Where P represents the precision and R denotes the Recall value

4.4.4 Accuracy

The ratio of accurately classified botnet attacks to the total number of botnet attacks is known as accuracy. $Accuracy (A) = \frac{I_{c} B}{TB}$ (8)

Where I_c B indicates the correctly identified botnet attack, TB denotes the total number of botnet attack. Table 2 shows the comparison analysis of different frameworks among different evaluation parameters.

Table 2

Comparison Analysis with different Parameters

Classifiers	Dataset	Precision	Recall	F-Measure	Accuracy
DBN	KDD CUP 99	92.33%	–	–	93.49%
DL RBM	KDD CUP 99	94.43%,	92.77%,	–	97.11%,
LSTM	KDD CUP 99				99.8%
DL RBM	NSL-KDD	81.95%	77.48%,		90.99%
DL RBM	UNSW-NB15	83.40%	79.19%		95.84%
RNN	NSL-KDD				83.28%
Recurrent SVM	OSINT	92.06%	93.14%	92.60%	99.69%
Bidirectional LSTM	OSINT				92.70%
Fusion of CNN and LSTM	OSINT	91.59%	92.53%	92.06%	99.59%
PROPOSED	KDD CUP 99	98.25	97.23	96.54	99.83
PROPOSED	NSL-KDD	98.69	97.54	96.78	99.02
PROPOSED	OSINT	97.35	98.02	97.93	99.77

Table 3 shows the specific types of attacks, the data set contains 41-dimension labels and 1 dimension labels. It features four attack modes: DOS, R2 L, U2 R, and probe. The training set has 21 attack categories, while the test set has 18 that were not included in it. These new intrusion attacks can be used to test the algorithm’s ability to detect unauthorized access.

Table 3

Specific types of attacks

Attacks	Type of attack in training set	Additional attack types in the test set
Dos	back, land, neptune, pod, smurf, teardrop	apache, mailbomb, udpstorm, processtable
Probe	rootkit, loadmodule, buffer_overflow	perl, httptunnel, ps, sqlattack, xterm
R2L	multihop, imap, spy, warezclient, warezmaster	sendmail, worm, snmpgetattack, snmpguess
U2L	ipsweep, nmap, portsweep, satan	saint, mscan

In order to verify the performance of different data sets, we did comparative experiments on NSL-KDD data set and KDD Cup 99 data set (Table 2). However, since these two data sets are too large, we randomly selected 5,000 pieces of data. Among them, 70% of the training data and 30% of the test data were used to compare the testing time, Accuracy of the two data sets in the different algorithms, as shown in Table 2. there is not much difference in testing time between the two data sets in the three different algorithms (all were around 50 s). Compared with different algorithm and proposed algorithm has the highest average Accuracy, which confirms the good performance of our proposed algorithm.

5 Conclusion

Intrusion detection is an important aspect of medical security. The use of deep learning techniques is very effective in detecting unauthorized access to medical data. Through the use of unsupervised learning and supervised learning, the Spark-DBN-SVM-GBR can effectively perform intrusion detection tasks on large, complex, and nonlinear data sets. The ability of the proposed technique to extract high-dimensional feature vectors and classify them efficiently makes it an ideal tool for medical security. This can be utilized to enhance the network topology by reducing the number of hidden nodes. The results of the study show that the PSO-DBN algorithm can achieve a good accuracy rate, which is higher than the accuracy of other deep learning techniques such as. It can perform various tasks such as extracting high-dimensional feature vectors and performing intrusion detection. In the future, we will investigate the performance improvement of intrusion detection using the homogeneity metric, and look into the use of feature selection schemes that are more suitable for the environment. We also plan on analyzing the performance of distributed Spark processing with varying cluster counts.

References

Chen

, Design and Protection Strategy of Distributed Intrusion Detection System in Big Data Environment, Computational Intelligence and Neuroscience, 2022.

Guo

and Wang

, Learning to upgrade internet information security and protection strategy in big data era, Computer Communications 160 (2020), 150–157.

Shafiq

, Gu

, Cheikhrouhou

, Alhakami

and Hamam

, The rise of “Internet of Things”: review and open research issues related to detection and prevention of IoT-based security attacks, Wireless Communications and Mobile Computing 2022 (2022), 1–12.

Al Jallad

, Aljnidi

and Desouki

M.S.

, Big data analysis and distributed deep learning for next-generation intrusion detection system optimization, Journal of Big Data 6(1) (2019), pp. 1–18.

Maesaroh

, Kusumaningrum

, Sintawana

, Lazirkha

D.P.

and Dinda

, Wireless Network Security Design And Analysis Using Wireless Intrusion Detection System, International Journal of Cyber and IT Service Management 2(1) (2022), 30–39.

Otoum

and Nayak

, As-ids: Anomaly and signature based ids for the internet of things, Journal of Network and Systems Management 29 (2021), pp. 1–26.

Alsoufi

M.A.

, Razak

, Siraj

M.M.

, Nafea

, Ghaleb

F.A.

, Saeed

and Nasser

, Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review, Applied Sciences 11(18) (2021), 8383.

Ahmad

, Shahid Khan

, Wai Shiang

, Abdullah

and Ahmad

, Network intrusion detection system: A systematic study of machine learning and deep learning approaches, Transactions on Emerging Telecommunications Technologies 32(1) (2021), e4150.

Abad-Segura

, Infante-Moro

, González-Zamar

M.D.

and López-Meneses

, Blockchain technology for secure accounting management: research trends analysis, Mathematics 9(14) (2021), 1631.

10.

Ram Mohan Rao

, Murali Krishna

and Siva Kumar

A.P.

, Privacy preservation techniques in big data analytics: a survey, Journal of Big Data 5 (2018), 1–12.

11.

Nguyen

P.T.

, Huynh

V.D.B.

, Vo

K.D.

, Phan

P.T.

, Elhoseny

and Le

D.N.

, Deep learning based optimal multimodal fusion framework for intrusion detection systems for healthcare data, CMC-Computers Materials & Continua 66(3) (2021), 2555–2571.

12.

Zang

and Yan

, April. Machine learning-based intrusion detection system for big data analytics in VANET. In 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring) (2021), (pp. 1-5). IEEE.

13.

Otoum

, Liu

and Nayak

, DL-IDS: a deep learning–based intrusion detection framework for securing IoT, Transactions on Emerging Telecommunications Technologies 33(3) (2022), e3803.

14.

Mighan

S.N.

and Kahani

, A novel scalable intrusion detection system based on deep learning, International Journal of Information Security 20(3) (2021), 387–403.

15.

Jothi

and Pushpalatha

, WILS-TRS—A novel optimized deep learning based intrusion detection framework for IoT networks, Personal and Ubiquitous Computing, (2021), pp. 1–17.

16.

https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

17.

Hinton

G.E.

, Osindero

and Teh

Y.W.

, A fast-learning algorithm for deep belief nets, Neural Comput 18 (2006), 1527–1554.

18.

Alom

M.Z.

, Bontupalli

V.R.

and Taha

, Intrusion detection using deep belief networks, in: Proceedings of the 2015 National Aerospace and Electronics Conference, IEEE, Piscataway, NJ, (2015), pp. 339–344.

19.

Lin

, Research on intrusion detection based on deep confidence network, Comput. Sci. Appl 08(5) (2018), 687–701.

20.

Podder

, Bharati

, Mondal

, Paul

P.K.

and Kose

, Artificial neural network for cybersecurity: A comprehensive review. 2021. arXiv preprint arXiv:2107.01185.