Abstract
The increasing frequency and sophistication of cyber-attacks pose significant threats to organizational entities and critical national infrastructure, leading to substantial financial and operational consequences. Detecting such attacks early and accurately remains a complex endeavour, compounded by challenges in intrusion detection system (IDS) design, the exploitation of zero-day attacks, and issues of reliability and resiliency in physical systems. This research addresses these challenges through a two-fold approach: firstly, implementing input data fusion from diverse and heterogeneous sources, and secondly, fusing classifiers from multiple deep learning (DL)-based algorithms. The success of machine learning (ML) and DL models for IDS relies on meticulous data collection and classifier selection. The paper underscores the limitations of relying on single datasets and ML/DL algorithms, emphasizing potential biases and training restrictions. Rigorous experiments were conducted to identify optimal DL architectures, ensuring the creation of models that exhibit robust generalization on new traffic instances, leading to trusted and unbiased results. The study demonstrates the efficacy of the proposed models through comprehensive evaluations and metrics. Results indicate that the fusion of data and classifiers significantly improves model generalization. The paper also outlines key challenges and future trends in data fusion, emphasizing its role in enhancing IDS performance for securing critical infrastructure.
Similar content being viewed by others
Data availability
Enquiries about data availability should be directed to the authors.
References
Karie, N. M., Sahri, N. M., Haskell-Dowland P.: IoT threat detection advances, challenges and future directions, Presented at the 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT), 22–29. https://doi.org/10.1109/ETSecIoT50046.2020.00009(2020)
Internet Crime Complaint Center (IC3) Annual Reports. https://www.ic3.gov/Home/AnnualReports(2022) Accessed 26 Mar 2022
Cisco annual internet report White paper, Cisco https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html(2018–2023) Accessed 10 Aug 2020
Sharma, P.K., Park, J.H., Young-Sik, J., Park, J.H.: SHSec: SDN based secure smart home network architecture for internet of things. Mobile. Netw. Appl. 24(3), 913–924 (2019). https://doi.org/10.1007/s11036-018-1147-3
A trust-based fuzzy neural network for smart data fusion in internet of things–Science Direct https://www.sciencedirect.com/science/article/abs/pii/S0045790620307539 (2022) Acessed 09 Apr 2022
Ardeshir Goshtasby, A., Nikolov, S.: Image fusion: advances in the state of the art. Inform. Fus. 8(2), 114–118 (2007). https://doi.org/10.1016/j.inffus.2006.04.001
Data fusion with Gaussian processes for estimation of environmental hazard events— Xiong—2021—Environmetrics—Wiley Online Library. https://doi.org/10.1002/env.2660(2022) ccessed 09 Apr 2022.
Li, M., Wang, F., Jia, X., Li, W., Li, T., Rui, G.: Multi-source data fusion for economic data analysis. Neural Comput. Appl. 33(10), 4729–4739 (2021). https://doi.org/10.1007/s00521-020-05531-0
Multi-Sensor Fusion in Automated Driving: A Survey IEEE Journals and Magazine IEEE Xplore https://ieeexplore.ieee.org/document/8943388 (2022) Accessed 09 Apr 2022.
Khaleghi, B., Khamis, A., Karray, F.O., Razavi, S.N.: Multisensor data fusion: a review of the state-of-the-art. Inform. Fus. 14(1), 28–44 (2013). https://doi.org/10.1016/j.inffus.2011.08.001
Khan, I.A., et al.: A privacy-conserving framework based intrusion detection method for detecting and recognizing malicious behaviours in cyber-physical power networks. Appl. Intell. 51(10), 7306–7321 (2021). https://doi.org/10.1007/s10489-021-02222-8
Elejla, O.E., Anbar, M., Belaton, B., Alijla, B.O.: Flow-based IDS for ICMPv6-based DDoS attacks detection. Arab. J. Sci. Eng. 43(12), 7757–7775 (2018). https://doi.org/10.1007/s13369-018-3149-7
Magán-Carrión R., Urda D., Díaz-Cano I., Dorronsoro B.: Improving the reliability of network intrusion detection systems through dataset integration, arXiv:2112.02080, (2021) Accessed 16 Mar 2022
Khan, I.A., Moustafa, N., Pi, D., Sallam, K.M., Zomaya, A.Y., Li, B.: A new explainable deep learning framework for cyber threat discovery in industrial IoT networks. IEEE Int. Things J. 9(13), 11604–11613 (2022). https://doi.org/10.1109/JIOT.2021.3130156
Ng, W., Minasny, B., Mendes, W.S., Demattê, J.A.M.: Estimation of effective calibration sample size using visible near infrared spectroscopy: deep learning vs machine learning. Soil Discuss.https://doi.org/10.5194/soil-2019-48 (2019)
Anjum, N., Latif, Z., Lee, C., Shoukat, I.A., Iqbal, U.: MIND: a multi-source data fusion scheme for intrusion detection in networks. Sensors (2021). https://doi.org/10.3390/s21144941
Binbusayyis, A., Vaiyapuri, T.: Identifying and benchmarking key features for cyber intrusion detection: an ensemble approach. IEEE Access 7, 106495–106513 (2019). https://doi.org/10.1109/ACCESS.2019.2929487
Kim, A., Park, M., Lee, D.H.: AI-IDS: application of deep learning to real-time web intrusion detection. IEEE Access 8, 70245–70261 (2020). https://doi.org/10.1109/ACCESS.2020.2986882
Otoum, Y., Liu, D., Nayak, A.: DL-IDS: a deep learning–based intrusion detection framework for securing IoT. Trans. Emerg. Telecommun. Technol 33(3), e3803 (2022). https://doi.org/10.1002/ett.3803
Al-Qatf, M., Lasheng, Y., Al-Habib, M., Al-Sabahi, K.: Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6, 52843–52856 (2018). https://doi.org/10.1109/ACCESS.2018.2869577
Kasongo, S.M., Sun, Y.: A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access 7, 38597–38607 (2019). https://doi.org/10.1109/ACCESS.2019.2905633
Ferrag, M.A., Shu, L., Djallel, H., Choo, K.-K.R.: Deep learning-based intrusion detection for distributed denial of service attack in agriculture 4.0. Electronics (2021). https://doi.org/10.3390/electronics10111257
Ahmad, Z., Khan, A.S., Shiang, C.W., Abdullah, J., Ahmad, F.: Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol (2020). https://doi.org/10.1002/ett.4150
Kreibich, C., Crowcroft, J.: Honeycomb: creating intrusion detection signatures using honeypots. SIGCOMM Comput. Commun. Rev. 34(1), 51–56 (2004). https://doi.org/10.1145/972374.972384
Xu, X., Li, J., Yang, Y., Shen, F.: Toward effective intrusion detection using log-cosh conditional variational autoencoder. IEEE Int. Things J. 8(8), 6187–6196 (2021). https://doi.org/10.1109/JIOT.2020.3034621
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Jemili, F.: Towards data fusion-based big data analytics for intrusion detection. J. Inform. Telecommun. 7(4), 409–436 (2023). https://doi.org/10.1080/24751839.2023.2214976
Ayantayo, A., et al.: Network intrusion detection using feature fusion with deep learning. J Big Data 10(1), 167 (2023). https://doi.org/10.1186/s40537-023-00834-0
Khan, I.A., et al.: Fed-inforce-fusion: a federated reinforcement-based fusion model for security and privacy protection of IoMT networks against cyber-attacks. Inform Fus 101, 102002 (2024). https://doi.org/10.1016/j.inffus.2023.102002
Khan, I.A., Keshk, M., Pi, D., Khan, N., Hussain, Y., Soliman, H.: Enhancing IIoT networks protection: a robust security model for attack detection in internet industrial control systems. Ad Hoc Netw. 134, 102930 (2022). https://doi.org/10.1016/j.adhoc.2022.102930
Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418
Marir, N., Wang, H., Feng, G., Li, B., Jia, M.: Distributed abnormal behavior detection approach based on deep belief network and ensemble SVM using spark. IEEE Access 6, 59657–59671 (2018). https://doi.org/10.1109/ACCESS.2018.2875045
Sahu, A., et al.: Multi-source data fusion for cyberattack detection in power systems. IEEE Access 9, 119118–119138 (2021). https://doi.org/10.1109/ACCESS.2021.3106873
Sallam, A. A., Kabir M. N., Alginahi Y. M., Jamal A., Esmeel T. K.: IDS for improving DDoS attack recognition based on attack profiles and network traffic features, In 2020 16th IEEE International Colloquium on Signal Processing Its Applications (CSPA), https://doi.org/10.1109/CSPA48992.2020.9068679. (2020)
Alqahtani, H., Sarker, I.H., Kalim, A., Minhaz Hossain, SMd., Ikhlaq, S., Hossain, S.: Cyber intrusion detection using machine learning classification techniques. In: Chaubey, N., Parikh, S., Amin, K. (eds.) computing science, communication and security. Springer, Singapore (2020)
Karatas, G., Demir, O., Sahingoz, O.K.: Increasing the performance of machine learning-based idss on an imbalanced and up-to-date dataset. IEEE Access 8, 32150–32162 (2020). https://doi.org/10.1109/ACCESS.2020.2973219
Khan, M., Ghazal, T., Lee, S.-W., Rehman, A.: Data fusion-based machine learning architecture for intrusion detection. Comput. Mater. Continua 70(2), 3399–3413 (2021)
Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018). https://doi.org/10.1109/TETCI.2017.2772792
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecur 2(1), 20 (2019). https://doi.org/10.1186/s42400-019-0038-7
Bahng H., Chun S., Yun S., Choo J., Oh SJ.: Learning De-biased Representations with Biased Representations, In Proceedings of the 37th International Conference on Machine Learning, PMLR, https://proceedings.mlr.press/v119/bahng20a.html (2022) Accessed 09 Apr 2022
Sharafaldin, I., Habibi Lashkari, A., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp (2018). https://doi.org/10.5220/0006639801080116
Moustafa N., Slay J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), In 2015 Military Communications and Information Systems Conference (MilCIS), https://doi.org/10.1109/MilCIS.2015.7348942 (2015)
Koroniotis N., Moustafa N., Sitnikova E., Turnbull B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset, http://arXiv.org/1811.00701 (2018) Accessed 22 Oct 2020
Vacas I., Medeiros I., Neves N.: Detecting Network Threats using OSINT Knowledge-Based IDS, In 2018 14th European Dependable Computing Conference (EDCC), https://doi.org/10.1109/EDCC.2018.00031. (2018)
Sharafaldin, I., Habibi Lashkari, A., Ghorbani, A., Ghorbani, A.A.: A detailed analysis of the CICIDS2017 data set, in information systems security and privacy. In: Mori, P., Furnell, S., Camp, O. (eds.) In Communications in Computer and Information Science. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25109-3_9
Ali, R., et al.: GUDM: automatic generation of unified datasets for learning and reasoning in healthcare. Sensors (2015). https://doi.org/10.3390/s150715772
Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019). https://doi.org/10.1109/MCOM.2019.1800819
Dietterich T. G.: Ensemble methods in machine learning, In Multiple Classifier Systems, In lecture notes in computer science. Springer, Berlin https://doi.org/10.1007/3-540-45014-9_1 (2000)
Dong X., Kedziora DJ., Musial K., Gabrys B.: Automated deep learning: neural architecture search is not the end, arXiv:2112.09245 (2022) Accessed 09 Apr 2022
Wang, S., Dehghanian, P., Li, L.: Power grid online surveillance through PMU-embedded convolutional neural networks. IEEE Trans. Ind. Appl. 56(2), 1146–1155 (2020). https://doi.org/10.1109/TIA.2019.2958786
LeCun, Y., Bengio, Y.: Convolutional networks for images, speech, and time series, In The handbook of brain theory and neural networks, pp. 255–258. MIT Press, Cambridge (1998)
Li L., Doroslovački M., LoewMH.: Discriminant Analysis Deep Neural Networks, In 2019 53rd Annual Conference on Information Sciences and Systems (CISS), https://doi.org/10.1109/CISS.2019.8692803 (2019)
Scarpa, G., Gargiulo, M., Mazza, A., Gaetano, R.: A CNN-based fusion method for feature extraction from sentinel data. Remote Sensing (2018). https://doi.org/10.3390/rs10020236
Jogin, M., Madhulika, M.S., Divya, G.D., Meghana, R.K. and Apoorva, S.: Feature Extraction using Convolution Neural Networks (CNN) and Deep Learning, In 2018 3rd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), https://doi.org/10.1109/RTEICT42901.2018.9012507 (2018)
Shams, E.A., Rizaner, A., Ulusoy, A.H.: A novel context-aware feature extraction method for convolutional neural network-based intrusion detection systems. Neural Comput. & Applic. 33(20), 13647–13665 (2021). https://doi.org/10.1007/s00521-021-05994-9
Min, E., Long, J., Liu, Q., Cui, J., Chen, W.: TR-IDS: anomaly-based intrusion detection through text-convolutional neural network and random forest. Security and Communication Networks 2018, e4943509 (2018). https://doi.org/10.1155/2018/4943509
Jourabloo, A., Liu, X.: Pose-invariant face alignment via CNN-based dense 3D model fitting. Int. J. Comput. Vis. 124(2), 187–203 (2017). https://doi.org/10.1007/s11263-017-1012-z
Nguyen, H.D., Tran, K.P., Thomassey, S., Hamad, M.: Forecasting and anomaly detection approaches using LSTM and LSTM autoencoder techniques with the applications in supply chain management. Int. J. Inf. Manage. 57, 102282 (2021). https://doi.org/10.1016/j.ijinfomgt.2020.102282
Collin, A.S., De Vleeschouwer, C.: Improved anomaly detection by training an autoencoder with skip connections on images corrupted with Stain-shaped noise,” In 2020 25th International Conference on Pattern Recognition (ICPR), https://doi.org/10.1109/ICPR48806.2021.9412842. (2021)
Cheng, Z., Wang, S., Zhang, P., Wang, S., Liu, X., Zhu, E.: Improved autoencoder for unsupervised anomaly detection. Int. J. Intell. Syst. 36(12), 7103–7125 (2021). https://doi.org/10.1002/int.22582
Shen, Y., Zheng, K., Wu, C., Zhang, M., Niu, X., Yang, Y.: An ensemble method based on selection using bat algorithm for intrusion detection. Comput. J. 61(4), 526–538 (2018). https://doi.org/10.1093/comjnl/bxx101
Feng, Z., Xu, C., Tao, D.: Self-supervised representation learning from multi-domain data, 2019 IEEE/CVF International Conference on Computer Vision (ICCV), https://doi.org/10.1109/ICCV.2019.00334. (2019)
Breiman, L.: Bagging predictors. Mach. Learn. 24(2), 123–140 (1996). https://doi.org/10.1007/BF00058655
Breiman, L.: Random Forests. Mach. Learn. 45(1), 5–32 (2001). https://doi.org/10.1023/A:1010933404324
Freund, Y., Schapire, R.E.: Experiments with a new boosting algorithm, In Proceedings of the Thirteenth International Conference on International Conference on Machine Learning, in ICML’96. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., pp. 148–156 (1996)
Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997). https://doi.org/10.1006/jcss.1997.1504
Bartlett, P., Freund, Y., Lee, W.S., Schapire, R.E.: Boosting the margin: a new explanation for the effectiveness of voting methods. Ann. Stat. 26(5), 1651–1686 (1998). https://doi.org/10.1214/aos/1024691352
Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5(2), 197–227 (1990). https://doi.org/10.1007/BF00116037
Parmanto, B., Munro, P., Doyle, H.: Improving committee diagnosis with resampling techniques, In Proceedings of the 8th International Conference on Neural Information Processing Systems, in NIPS’95. Cambridge, MA, USA: MIT Press, pp. 882–888. (1995)
Wang, W., Du, X., Wang, N.: Building a cloud IDS using an efficient feature selection method and SVM. IEEE Access 7, 1345–1354 (2019). https://doi.org/10.1109/ACCESS.2018.2883142
Yulianto, A., Sukarno, P., Suwastika, N.A.: Improving adaboost-based intrusion detection system (IDS) performance on CIC IDS 2017 dataset. J. Phys. Conf. Ser. (2019). https://doi.org/10.1088/1742-6596/1192/1/012018
Fitni, Q.R.S., Ramli, K.: Implementation of ensemble learning and feature selection for performance improvements in anomaly-based intrusion detection systems,” In 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT), https://doi.org/10.1109/IAICT50021.2020.9172014. (2020)
Shahriar, M.H., Haque, N.I., Rahman, M.A., Alonso, M.: G-IDS: Generative Adversarial Networks Assisted Intrusion Detection System,” In 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), https://doi.org/10.1109/COMPSAC48688.2020.0-218 (2020)
Hospedales, T.M., Gong, S., Xiang, T.: Finding rare classes: active learning with generative and discriminative models. IEEE Trans. Knowl. Data Eng. 25(2), 374–386 (2013). https://doi.org/10.1109/TKDE.2011.231
He, H., Garcia, E.A.: Learning from imbalanced data. IEEE Trans. Knowl. Data Eng. 21(9), 1263–1284 (2009). https://doi.org/10.1109/TKDE.2008.239
Shurman, M., Khrais, R., Yateem, A.R.: DoS and DDoS attack detection using deep learning and IDS. Int. Arab J. Inform. Technol. 17, 655–661 (2020). https://doi.org/10.34028/iajit/17/4A/10
Varghese, J.E., Muniyal, B.: An efficient IDS framework for DDoS attacks in SDN environment. IEEE Access 9, 69680–69699 (2021). https://doi.org/10.1109/ACCESS.2021.3078065
Alshamy, R., Ghurab, M., Othman, S., Alshami, F.: Intrusion detection model for imbalanced dataset using SMOTE and random forest algorithm. In: Abdullah, N., Manickam, S., Anbar, M. (eds.) Advances in cyber security. Springer, Berlin (2021)
Wang, J.H., Septian, T.W.: Combining oversampling with recurrent neural networks for intrusion detection. In database systems for advanced applications, DASFAA 2021 International Workshops. C. S. Jensen, E.-P. Lim, D.-N. Yang, C.-H. Chang, J. Xu, W.-C. Peng, J.-W. Huang, C.-Y. Shen. Springer. Cham (2021)
Mergendahl, S. Li, J.: Rapid: Robust and adaptive detection of distributed denial-of-service traffic from the internet of things, In 2020 IEEE Conference on Communications and Network Security (CNS), https://doi.org/10.1109/CNS48642.2020.9162278. (2020)
Bîrlog, I., Borcan, D., Covrig, G.: Internet of things hardware and software. Inform. Econom. 24(2), 54–62 (2020). https://doi.org/10.24818/issn14531305/24.2.2020.05
Ferrag, M.A., Maglaras, L., Ahmim, A., Derdour, M., Janicke, H.: RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks, future internet. Basel 12(3), 44 (2020). https://doi.org/10.3390/fi12030044
Samy, A., Yu, H., Zhang, H.: Fog-based attack detection framework for internet of things using deep learning. IEEE Access 8, 74571–74585 (2020). https://doi.org/10.1109/ACCESS.2020.2988854
Roopak, M., Tian, G.Y., Chambers, J.: Chambers Deep Learning Models for Cyber Security in IoT Networks, Presented at the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), https://doi.org/10.1109/CCWC.2019.8666588. (2019)
Roopak, M., Tian, G.Y. and Chambers, J.: An Intrusion Detection System Against DDoS Attacks in IoT Networks, In 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), https://doi.org/10.1109/CCWC47524.2020.9031206. (2020)
Hong, Z., Chen, W., Huang, H., Guo, S., Zheng, Z.: Multi-hop cooperative computation offloading for industrial IoT–edge–cloud computing environments. IEEE Trans. Parallel Distrib. Syst. 30(12), 2759–2774 (2019). https://doi.org/10.1109/TPDS.2019.2926979
Ashi, Z., . Al-Fawa’reh, M., . Al-Fayoumi, M.: Fog computing: security challenges and countermeasures. IJCA 175(15), 30–36 (2020). https://doi.org/10.5120/ijca2020920648
Jogin, M., Madhulika, M.S., Divya, G.D., Meghana, R.K. Apoorva, S.: An Adversarial Attack Detection Paradigm With Swarm Optimization,” In 2020 International Joint Conference on Neural Networks (IJCNN),https://doi.org/10.1109/IJCNN48605.2020.9207627. (2018)
Funding
This research did not receive any specific grant from funding agencies in the public, commercial, or not-for-profit sectors.
Author information
Authors and Affiliations
Contributions
RA: conceptualization, methodology, code contribution, software, visualization, writing-original draft. IA: conceptualization, methodology, validation, writing-review & editing.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ahmad, R., Alsmadi, I. Data fusion and network intrusion detection systems. Cluster Comput (2024). https://doi.org/10.1007/s10586-024-04365-y
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10586-024-04365-y