Developing network intrusion detection systems (IDS) presents significant challenges due to the evolving nature of threats and the diverse range of network applications. Existing IDSs often struggle to detect dynamic attack patterns and covert attacks, leading to misidentified network vulnerabilities and degraded system performance. These requirements must be met via dependable, scalable, effective, and adaptable IDS designs. Our IDS can recognise and classify complex network threats by combining the Deep Q-Network (DQN) algorithm with distributed agents and attention techniques.. Our proposed distributed multi-agent IDS architecture has many advantages for guiding an all-encompassing security approach, including scalability, fault tolerance, and multi-view analysis. We conducted experiments using industry-standard datasets including NSL-KDD and CICIDS2017 to determine how well our model performed. The results show that our IDS outperforms others in terms of accuracy, precision, recall, F1-score, and false-positive rate. Additionally, we evaluated our model s resistance to black-box adversarial attacks, which are commonly used to take advantage of flaws in machine learning. Under these difficult circumstances, our model performed quite well.We used a denoising autoencoder (DAE) for further model strengthening to improve the IDS s robustness. Lastly, we evaluated the effectiveness of our zero-day defenses, which are designed to mitigate attacks exploiting unknown vulnerabilities. Through our research, we have developed an advanced IDS solution that addresses the limitations of traditional approaches. Our model demonstrates superior performance, robustness against adversarial attacks, and effective zero-day defenses. By combining deep reinforcement learning, distributed agents, attention techniques, and other enhancements, we provide a reliable and comprehensive solution for network security.

As the ongoing energy transition requires more communication infrastructure in the electricity grid, this intro-duces new possible attack vectors. Current intrusion detection approaches for cyber attacks often neglect the underlying phys-ical environment, which makes it especially hard to detect data injection attacks. We follow a process-aware approach to eval-uate the communicated measurement data within the electricity system in a context-sensitive way and to detect manipulations in the communication layer of the SCADA architecture. This paper proposes a sophisticated tool for intrusion detection, which integrates power flow analysis in real-time and can be applied locally at field stations mainly at the intersection between the medium and low voltage grid. Applicability is illustrated using a simulation testbed with a typical three-node architecture and six different (attack) scenarios. Results show that the sensitivity parameter of the proposed tool can be tuned in advance such that attacks can be detected reliably.

Network intrusion detection technology has developed for more than ten years, but due to the network intrusion is complex and variable, it is impossible to determine the function of network intrusion behaviour. Combined with the research on the intrusion detection technology of the cluster system, the network security intrusion detection and mass alarms are realized. Method: This article starts with an intrusion detection system, which introduces the classification and workflow. The structure and working principle of intrusion detection system based on protocol analysis technology are analysed in detail. Results: With the help of the existing network intrusion detection in the network laboratory, the Synflood attack has successfully detected, which verified the flexibility, accuracy, and high reliability of the protocol analysis technology. Conclusion: The high-performance cluster-computing platform designed in this paper is already available. The focus of future work will strengthen the functions of the cluster-computing platform, enhancing stability, and improving and optimizing the fault tolerance mechanism.

Computer networks are increasingly vulnerable to security disruptions such as congestion, malicious access, and attacks. Intrusion Detection Systems (IDS) play a crucial role in identifying and mitigating these threats. However, many IDSs have limitations, including reduced performance in terms of scalability, configurability, and fault tolerance. In this context, we aim to enhance intrusion detection through a cooperative approach. To achieve this, we propose the implementation of ICIDS-BB (Intelligent Cooperative Intrusion Detection System based on Blockchain). This system leverages Blockchain technology to secure data exchange among collaborative components. Internally, we employ two machine learning algorithms, the decision tree and random forest, to improve attack detection.

Envisioned to be the next-generation Internet, the metaverse faces far more security challenges due to its large scale, distributed, and decentralized nature. While traditional third-party security solutions remain certain limitations such as scalability and Single Point of Failure (SPoF), numerous wearable Augmented/Virtual Reality (AR/VR) devices with increasingly computational capacity can contribute underused resource to protect the metaverse. Realizing the potential of Collaborative Intrusion Detection System (CIDS) in the metaverse context, we propose MetaCIDS, a blockchain-based Federated Learning (FL) framework that allows metaverse users to: (i) collaboratively train an adaptable CIDS model based on their collected local data with privacy protection; (ii) utilize such the FL model to detect metaverse intrusion using the locally observed network traffic; (iii) submit verifiable intrusion alerts through blockchain transactions to obtain token-based reward. Security analysis shows that MetaCIDS can tolerate up to 33\% malicious trainers during the training of FL models, while the verifiability of alerts offer resistance to Distributed Denial of Service (DDoS) attacks. Besides, experimental results illustrate the efficiency and feasibility of MetaCIDS.

This paper presents FBA-SDN, a novel Stellar Consensus Protocol (SCP)-based Federated Byzantine Agreement System (FBAS) approach to trustworthy Collaborative Intrusion Detection (CIDS) in Software-Defined Network (SDN) environments. The proposed approach employs the robustness of Byzantine Fault Tolerance (BFT) consensus mechanisms and the decentralized nature of blockchain ledgers to coordinate the Intrusion Detection System (IDS) operation securely. The federated architecture adopted in FBA-SDN facilitates collaborative analysis of low-confidence alert data, reaching system-wide consensus on potential intrusions. Additionally, the Quorum-based nature of the approach reduces the risk of a single point of failure (SPoF) while simultaneously improving upon the scalability offered by existing blockchain-based approaches. Through simulation, we demonstrate promising results concerning the efficacy of reaching rapid and reliable consensus on both binary and multi-class simulated intrusion data compared with the existing approaches.

Even with the rise of cyberattacks on high-value systems, we still do not see widespread adoption of intrusion-tolerant replication protocols, despite their long history in the research community and potential to support the needed resiliency. A key barrier is that deploying and managing intrusion-tolerant systems in practice requires substantial investment in additional physical infrastructure, as well as specialized technical expertise. In this work, we address this gap by designing a hybrid management model: while the system operator manages their application, a service provider hosts and manages the intrusion-tolerant replication service using cloud infrastructure. We develop the protocols to support this system architecture, without revealing application state, algorithms, or client information to the cloud provider, even when application servers are compromised. We implement and evaluate our approach in the context of an industrial control system and show that it meets the system s performance and resilience requirements.

Container-based virtualization has gained momentum over the past few years thanks to its lightweight nature and support for agility. However, its appealing features come at the price of a reduced isolation level compared to the traditional host-based virtualization techniques, exposing workloads to various faults, such as co-residency attacks like container escape. In this work, we propose to leverage the automated management capabilities of containerized environments to derive a Fault and Intrusion Tolerance (FIT) framework based on error detection-recovery and fault treatment. Namely, we aim at deriving a specification-based error detection mechanism at the host level to systematically and formally capture security state errors indicating breaches potentially caused by malicious containers. Although the paper focuses on security side use cases, results are logically extendable to accidental faults. Our aim is to immunize the target environments against accidental and malicious faults and preserve their core dependability and security properties.

In the face of a large number of network attacks, intrusion detection system can issue early warning, indicating the emergence of network attacks. In order to improve the traditional machine learning network intrusion detection model to identify the behavior of network attacks, improve the detection accuracy and accuracy. Convolutional neural network is used to construct intrusion detection model, which has better ability to solve complex problems and better adaptability of algorithm. In order to solve the problems such as dimension explosion caused by input data, the albino PCA algorithm is used to extract data features and reduce data dimensions. For the common problem of convolutional neural networks in intrusion detection such as overfitting, Dropout layers are added before and after the fully connected layer of CNN, and Sigmoid is selected as the intrusion classification prediction function. This reduces the overfitting, improves the robustness of the intrusion detection model, and enhances the fault tolerance and generalization ability of the model to improve the accuracy of the intrusion detection model. The effectiveness of the proposed method in intrusion detection is verified by comparison and analysis of numerical examples.

The open and shared environment makes it unavoidable to face data attacks in the context of the energy internet. Tolerance to data intrusion is of utmost importance for the security and stability of the energy internet. Existing methods for data intrusion tolerance suffer from insufficient dynamic adaptability and challenges in determining tolerance levels. To address these issues, this paper introduces a data intrusion tolerance model based on game theory. A Nash equilibrium is established by analyzing the gains and losses of both attackers and defenders through game theory. Finally, the simulation results conducted on the IEEE 14-bus node system illustrate that the model we propose offers guidance for decision-making within the energy internet, enabling the utilization of game theory to determine optimal intrusion tolerance strategies.

The innovation introduced by connectivity brings about significant changes in the industrial environment leading to the fourth industrial revolution, known as Industry 4.0. However, the integration and connectivity between industrial systems have significantly increased the risks and cyberattack surfaces. Nowadays, Virtualization is added to the security field to provide maximum protection against toxic attacks at minimum costs. Combining paradigms such as Software Defined Networking (SDN), and Network Function Virtualization (NFV) can improve virtualization performance through Openness (unified control of heterogeneous hardware and software resources), Flexibility (remote management and rapid response to changing demands), and Scalability (a faster cycle of innovative services deployment). The present paper proposes a Virtualized Security for Industry 4.0 (ViSI4.0), based on both SDN and Network Security Function Virtualisation (NSFV), to prevent attacks on Cyber-Physical System (CPS). Since industrial devices are limited in memory and processing, vNSFs are deployed as Docker containers. We conducted experiments to evaluate the performances of IIoT applications when using virtualized security services. Results showed that many real-time IIoT applications are still within their latency tolerance range. However, the additional delays introduced by virtualization have an impact on IIoT applications with very strict delays.

This paper addresses the issues of fault tolerance (FT) and intrusion detection (ID) in the Software-defined networking (SDN) environment. We design an integrated model that combines the FT-Manager as an FT mechanism and an ID-Manager, as an ID technique to collaboratively detect and mitigate threats in the SDN. The ID-Manager employs a machine learning (ML) technique to identify anomalous traffic accurately and effectively. Both techniques in the integrated model leverage the controller-switches communication for real-time network statistics collection. While the full implementation of the framework is yet to be realized, experimental evaluations have been conducted to identify the most suitable ML algorithm for ID-Manager to classify network traffic using a benchmarking dataset and various performance metrics. The principal component analysis method was utilized for feature engineering optimization, and the results indicate that the Random Forest (RF) classifier outperforms other algorithms with 99.9\% accuracy, precision, and recall. Based on these findings, the paper recommended RF as the ideal choice for ID design in the integrated model. We also stress the significance and potential benefits of the integrated model to sustain SDN network security and dependability.

With the proliferation of data in Internet-related applications, incidences of cyber security have increased manyfold. Energy management, which is one of the smart city layers, has also been experiencing cyberattacks. Furthermore, the Distributed Energy Resources (DER), which depend on different controllers to provide energy to the main physical smart grid of a smart city, is prone to cyberattacks. The increased cyber-attacks on DER systems are mainly because of its dependency on digital communication and controls as there is an increase in the number of devices owned and controlled by consumers and third parties. This paper analyzes the major cyber security and privacy challenges that might inflict, damage or compromise the DER and related controllers in smart cities. These challenges highlight that the security and privacy on the Internet of Things (IoT), big data, artificial intelligence, and smart grid, which are the building blocks of a smart city, must be addressed in the DER sector. It is observed that the security and privacy challenges in smart cities can be solved through the distributed framework, by identifying and classifying stakeholders, using appropriate model, and by incorporating fault-tolerance techniques.

Aiming at the security issues such as data leakage and tampering faced by experimental data sharing, research is conducted on data security sharing under multiple security mechanisms such as mixed encryption and secure storage on the blockchain against leakage, as well as experimental data tampering identification and recovery strategies based on an improved practical Byzantine fault-tolerant (PBFT) consensus algorithm. An integrated scheme for secure storage, sharing, and tamper resistant recovery of test data is proposed to address the contradiction between the security and sharing of sensitive data. Provide support for the security application of blockchain in experimental data management.

Envisioned to be the next-generation Internet, the metaverse faces far more security challenges due to its large scale, distributed, and decentralized nature. While traditional third-party security solutions remain certain limitations such as scalability and Single Point of Failure (SPoF), numerous wearable Augmented/Virtual Reality (AR/VR) devices with increasingly computational capacity can contribute underused resource to protect the metaverse. Realizing the potential of Collaborative Intrusion Detection System (CIDS) in the metaverse context, we propose MetaCIDS, a blockchain-based Federated Learning (FL) framework that allows metaverse users to: (i) collaboratively train an adaptable CIDS model based on their collected local data with privacy protection; (ii) utilize such the FL model to detect metaverse intrusion using the locally observed network traffic; (iii) submit verifiable intrusion alerts through blockchain transactions to obtain token-based reward. Security analysis shows that MetaCIDS can tolerate up to 33\% malicious trainers during the training of FL models, while the verifiability of alerts offer resistance to Distributed Denial of Service (DDoS) attacks. Besides, experimental results illustrate the efficiency and feasibility of MetaCIDS.

Delay Tolerant Network (DTN) is a network model designed for special environments. It is designed to be used in challenging network environments with high latency levels, bandwidth constraints, and unstable data transmission. It plays an important role in extremely special environments such as disaster rescue, maritime communication, and remote areas. Currently, research on DTN mainly focuses on innovative routing protocols, with limited research of the security issues and solutions. In response to the above problems, this paper analyzes and compares the security problems faced by delay tolerance networks and their solutions and security schemes.

Cloud computing (CC) is vulnerable to existing information technology attacks, since it extends and utilizes information technology infrastructure, applications and typical operating systems. In this manuscript, an Enhanced capsule generative adversarial network (ECGAN) with blockchain based Proof of authority consensus procedure fostered Intrusion detection (ID) system is proposed for enhancing cyber security in CC. The data are collected via NSL-KDD benchmark dataset. The input data is fed to proposed Z-Score Normalization process to eliminate the redundancy including missing values. The pre-processing output is fed to feature selection. During feature selection, extracting the optimum features on the basis of univariate ensemble feature selection (UEFS). Optimum features basis, the data are classified as normal and anomalous utilizing Enhanced capsule generative adversarial networks. Subsequently, blockchain based Proof of authority (POA) consensus process is proposed for improving the cyber security of the data in cloud computing environment. The proposed ECGAN-BC-POA-IDS method is executed in Python and the performance metrics are calculated. The proposed approach has attained 33.7\%, 25.7\%, 21.4\% improved accuracy, 24.6\%, 35.6\%, 38.9\% lower attack detection time, and 23.8\%, 18.9\%, 15.78\% lower delay than the existing methods, like Artificial Neural Network (ANN) with blockchain framework, Integrated Architecture with Byzantine Fault Tolerance consensus, and Blockchain Random Neural Network (RNN-BC) respectively.

Network intrusion detection technology has developed for more than ten years, but due to the network intrusion is complex and variable, it is impossible to determine the function of network intrusion behaviour. Combined with the research on the intrusion detection technology of the cluster system, the network security intrusion detection and mass alarms are realized. Method: This article starts with an intrusion detection system, which introduces the classification and workflow. The structure and working principle of intrusion detection system based on protocol analysis technology are analysed in detail. Results: With the help of the existing network intrusion detection in the network laboratory, the Synflood attack has successfully detected, which verified the flexibility, accuracy, and high reliability of the protocol analysis technology. Conclusion: The high-performance cluster-computing platform designed in this paper is already available. The focus of future work will strengthen the functions of the cluster-computing platform, enhancing stability, and improving and optimizing the fault tolerance mechanism.

Container-based virtualization has gained momentum over the past few years thanks to its lightweight nature and support for agility. However, its appealing features come at the price of a reduced isolation level compared to the traditional host-based virtualization techniques, exposing workloads to various faults, such as co-residency attacks like container escape. In this work, we propose to leverage the automated management capabilities of containerized environments to derive a Fault and Intrusion Tolerance (FIT) framework based on error detection-recovery and fault treatment. Namely, we aim at deriving a specification-based error detection mechanism at the host level to systematically and formally capture security state errors indicating breaches potentially caused by malicious containers. Although the paper focuses on security side use cases, results are logically extendable to accidental faults. Our aim is to immunize the target environments against accidental and malicious faults and preserve their core dependability and security properties.

The open and shared environment makes it unavoidable to face data attacks in the context of the energy internet. Tolerance to data intrusion is of utmost importance for the security and stability of the energy internet. Existing methods for data intrusion tolerance suffer from insufficient dynamic adaptability and challenges in determining tolerance levels. To address these issues, this paper introduces a data intrusion tolerance model based on game theory. A Nash equilibrium is established by analyzing the gains and losses of both attackers and defenders through game theory. Finally, the simulation results conducted on the IEEE 14-bus node system illustrate that the model we propose offers guidance for decision-making within the energy internet, enabling the utilization of game theory to determine optimal intrusion tolerance strategies.

In the face of a large number of network attacks, intrusion detection system can issue early warning, indicating the emergence of network attacks. In order to improve the traditional machine learning network intrusion detection model to identify the behavior of network attacks, improve the detection accuracy and accuracy. Convolutional neural network is used to construct intrusion detection model, which has better ability to solve complex problems and better adaptability of algorithm. In order to solve the problems such as dimension explosion caused by input data, the albino PCA algorithm is used to extract data features and reduce data dimensions. For the common problem of convolutional neural networks in intrusion detection such as overfitting, Dropout layers are added before and after the fully connected layer of CNN, and Sigmoid is selected as the intrusion classification prediction function. This reduces the overfitting, improves the robustness of the intrusion detection model, and enhances the fault tolerance and generalization ability of the model to improve the accuracy of the intrusion detection model. The effectiveness of the proposed method in intrusion detection is verified by comparison and analysis of numerical examples.

Intrusion Intolerance - Low Power Wide Area Networks (LPWAN) offer a promising wireless communications technology for Internet of Things (IoT) applications. Among various existing LPWAN technologies, Long-Range WAN (LoRaWAN) consumes minimal power and provides virtual channels for communication through spreading factors. However, LoRaWAN suffers from the interference problem among nodes connected to a gateway that uses the same spreading factor. Such interference increases data communication time, thus reducing data freshness and suitability of LoRaWAN for delay-sensitive applications. To minimize the interference problem, an optimal allocation of the spreading factor is requisite for determining the time duration of data transmission. This paper proposes a game-theoretic approach to estimate the time duration of using a spreading factor that ensures on-time data delivery with maximum network utilization. We incorporate the Age of Information (AoI) metric to capture the freshness of information as demanded by the applications. Our proposed approach is validated through simulation experiments, and its applicability is demonstrated for a crop protection system that ensures real-time monitoring and intrusion control of animals in an agricultural field. The simulation and prototype results demonstrate the impact of the number of nodes, AoI metric, and game-theoretic parameters on the performance of the IoT network.

Intrusion Intolerance - While our society accelerates its transition to the Internet of Things, billions of IoT devices are now linked to the network. While these gadgets provide enormous convenience, they generate a large amount of data that has already beyond the network’s capacity. To make matters worse, the data acquired by sensors on such IoT devices also include sensitive user data that must be appropriately treated. At the moment, the answer is to provide hub services for data storage in data centers. However, when data is housed in a centralized data center, data owners lose control of the data, since data centers are centralized solutions that rely on data owners’ faith in the service provider. In addition, edge computing enables edge devices to collect, analyze, and act closer to the data source, the challenge of data privacy near the edge is also a tough nut to crack.A large number of user information leakage both for IoT hub and edge made the system untrusted all along. Accordingly, building a decentralized IoT system near the edge and bringing real trust to the edge is indispensable and significant. To eliminate the need for a centralized data hub, we present a prototype of a unique, secure, and decentralized IoT framework called Reja, which is built on a permissioned Blockchain and an intrusion-tolerant messaging system ChiosEdge, and the critical components of ChiosEdge are reliable broadcast and BFT consensus. We evaluated the latency and throughput of Reja and its sub-module ChiosEdge.

Intrusion Intolerance - The cascaded multi-level inverter (CMI) is becoming increasingly popular for wide range of applications in power electronics dominated grid (PEDG). The increased number of semiconductors devices in these class of power converters leads to an increased need for fault detection, isolation, and selfhealing. In addition, the PEDG’s cyber and physical layers are exposed to malicious attacks. These malicious actions, if not detected and classified in a timely manner, can cause catastrophic events in power grid. The inverters’ internal failures make the anomaly detection and classification in PEDG a challenging task. The main objective of this paper is to address this challenge by implementing a recurrent neural network (RNN), specifically utilizing long short-term memory (LSTM) for detection and classification of internal failures in CMI and distinguish them from malicious activities in PEDG. The proposed anomaly classification framework is a module in the primary control layer of inverters which can provide information for intrusion detection systems in a secondary control layer of PEDG for further analysis.

Intrusion Intolerance - In the world of increasing cyber threats, a compromised protective relay can put power grid resilience at risk by irreparably damaging costly power assets or by causing significant disruptions. We present the first architecture and protocols for the substation that ensure correct protective relay operation in the face of successful relay intrusions and network attacks while meeting the required latency constraint of a quarter power cycle (4.167ms). Our architecture supports other rigid requirements, including continuous availability over a long system lifetime and seamless substation integration. We evaluate our implementation in a range of fault-free and faulty operation conditions, and provide deployment tradeoffs.