Network Intrusion Detection Model Based on CNN and GRU

Teng F., Guo X., Song Y., Wang G.

Traditional aerial target tactical intention recognition is based on a single moment of reasoning, while actual battlefield target tactical intention is realized by a series of actions, so the target state reflects dynamic and temporal variation. To solve this problem, bidirectional propagation and attention mechanisms are introduced based on a gated recurrent unit (GRU) network, and bidirectional gated recurrent units with attention mechanism (BiGRU-Attention) air target tactical intention recognition model is proposed. We use a hierarchical approach to construct the air combat intention characteristic set, encode it into temporal characteristics, encapsulate the decision-maker’s experience into labels, learn the deep-level information in the air combat intention characteristic vector through a BiGRU neural network, and use the attention mechanism to adaptively assign network weights, and then place air combat characteristic information with different weights in a softmax function layer for intention recognition. Comparison with a traditional air tactical target intention recognition model and analysis of ablation experiments show that the proposed model effectively improves the tactical intention recognition of air targets.

Louk M.H., Tama B.A.

Classifier ensembles have been utilized in the industrial cybersecurity sector for many years. However, their efficacy and reliability for intrusion detection systems remain questionable in current research, owing to the particularly imbalanced data issue. The purpose of this article is to address a gap in the literature by illustrating the benefits of ensemble-based models for identifying threats and attacks in a cyber-physical power grid. We provide a framework that compares nine cost-sensitive individual and ensemble models designed specifically for handling imbalanced data, including cost-sensitive C4.5, roughly balanced bagging, random oversampling bagging, random undersampling bagging, synthetic minority oversampling bagging, random undersampling boosting, synthetic minority oversampling boosting, AdaC2, and EasyEnsemble. Each ensemble’s performance is tested against a range of benchmarked power system datasets utilizing balanced accuracy, Kappa statistics, and AUC metrics. Our findings demonstrate that EasyEnsemble outperformed significantly in comparison to its rivals across the board. Furthermore, undersampling and oversampling strategies were effective in a boosting-based ensemble but not in a bagging-based ensemble.

Yan M., Chen Y., Hu X., Cheng D., Chen Y., Du J.

Intrusion detection has been extremely important for the security of the cloud computing environment for these years. However, it is also extremely hard to prevent network systems from attacking, due to that the attacking data and normal data usually have large different density distributions, i.e, they are imbalanced. Clustering is one of the effective methods for intrusion detection. Density Peak (DPeak) is a famous clustering algorithm that maps data of arbitrary dimension onto two dimensions, and it can automatically distinguish density centers and noise. However, it is not appropriate for applying DPeak in detecting intrusion data directly. Because (1) sparse regions are difficult to be identified and (2) most points in dense regions of imbalanced data are highly possible misclassified as outliers. Hence, an improved DPeak, namely Rotation-DPeak, is proposed to overcome them according to a simple assumption: the higher density of a point p , the larger δ it should have such that p can be picked as a density peak. Then, a novel strategy is invented to select density peaks by quadratic curve, rather than by choosing points with the largest γ ( γ = ρ × δ ) or by drawing a rectangle on the decision graph. In addition, it is found that abnormal data usually leads to bad performance for intrusion detection, therefore we propose an outlier detection algorithm to identify anomaly traffic. Experiments prove that the proposed algorithm works well on imbalanced datasets, and is suitable for intrusion detection, which has a good performance in accuracy.

Zhang H., Li J., Liu X., Dong C.

A robust network intrusion detection system (NIDS) plays an important role in cyberspace security for protecting confidential systems from potential threats. In real world network, there exists complex correlations among the various types of network traffic information, which may be respectively attributed to different abnormal behaviors and should be make full utilized in NIDS. Regarding complex network traffic information, traditional learning based abnormal behavior detection methods can hardly meet the requirements of the real world network environment. Existing methods have not taken into account the impact of various modalities of data, and the mutual support among different data features. To address the concerns, this paper proposes a multi-dimensional feature fusion and stacking ensemble mechanism (MFFSEM), which can detect abnormal behaviors effectively. In order to accurately explore the connotation of traffic information, multiple basic feature datasets are established considering different aspects of traffic information such as time, space, and load. Then, considering the association and correlation among the basic feature datasets, multiple comprehensive feature datasets are set up to meet the requirements of real world abnormal behavior detection. In specific, stacking ensemble learning is conducted on multiple comprehensive feature datasets, and thus an effective multi-dimensional global anomaly detection model is accomplished. The experimental results on the dataset KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017 have shown that MFFSEM significantly outperforms the basic and meta classifiers adopted in our method. Furthermore, its detection performance is superior to other well-known ensemble approaches. • The proposed approach based on multi-dimensional feature fusion and stacking ensemble learning. • We propose a multi-dimensional data partition and feature construction strategy. • A permutation and combination strategy is proposed to provide mutual support among different data features. • The proposed approach could lead to a more robust NIDS.

Zhou X., Liang W., Shimizu S., Ma J., Jin Q.

With the increasing population of Industry 4.0, both AI and smart techniques have been applied and become hotly discussed topics in industrial cyber-physical systems (CPS). Intelligent anomaly detection for identifying cyber-physical attacks to guarantee the work efficiency and safety is still a challenging issue, especially when dealing with few labeled data for cyber-physical security protection. In this article, we propose a few-shot learning model with Siamese convolutional neural network (FSL-SCNN), to alleviate the over-fitting issue and enhance the accuracy for intelligent anomaly detection in industrial CPS. A Siamese CNN encoding network is constructed to measure distances of input samples based on their optimized feature representations. A robust cost function design including three specific losses is then proposed to enhance the efficiency of training process. An intelligent anomaly detection algorithm is developed finally. Experiment results based on a fully labeled public dataset and a few labeled dataset demonstrate that our proposed FSL-SCNN can significantly improve false alarm rate (FAR) and F1 scores when detecting intrusion signals for industrial CPS security protection.

Toldinas J., Venčkauskas A., Damaševičius R., Grigaliūnas Š., Morkevičius N., Baranauskas E.

The current rise in hacking and computer network attacks throughout the world has heightened the demand for improved intrusion detection and prevention solutions. The intrusion detection system (IDS) is critical in identifying abnormalities and assaults on the network, which have grown in size and pervasiveness. The paper proposes a novel approach for network intrusion detection using multistage deep learning image recognition. The network features are transformed into four-channel (Red, Green, Blue, and Alpha) images. The images then are used for classification to train and test the pre-trained deep learning model ResNet50. The proposed approach is evaluated using two publicly available benchmark datasets, UNSW-NB15 and BOUN Ddos. On the UNSW-NB15 dataset, the proposed approach achieves 99.8% accuracy in the detection of the generic attack. On the BOUN DDos dataset, the suggested approach achieves 99.7% accuracy in the detection of the DDos attack and 99.7% accuracy in the detection of the normal traffic.

Nguyen G.N., Viet N.H., Elhoseny M., Shankar K., Gupta B.B., El-Latif A.A.

Cyber–physical system (CPS) is the incorporation of physical processes with processing and data transmission. Cybersecurity is a primary and challenging issue in healthcare due to the legal and ethical perspective of the patient’s medical data. Therefore, the design of CPS model for healthcare applications requires special attention for ensuring data security. To resolve this issue, this paper proposes a secure intrusion, detection with blockchain based data transmission with classification model for CPS in healthcare sector. The presented model performs data acquisition process using sensor devices and intrusion detection takes place using deep belief network (DBN) model. In addition, the presented model uses a multiple share creation (MSC) model for the generation of multiple shares of the captured image, and thereby achieves privacy and security. Besides, the blockchain technology is applied for secure data transmission to the cloud server, which executes the residual network (ResNet) based classification model to identify the presence of the disease. The experimental validation of the presented model takes place using NSL-KDD 2015, CIDDS-001 and ISIC dataset. The simulation outcome pointed out the effective outcome of the presented model.

Alharbi A., Alosaimi W., Alyami H., Rauf H.T., Damaševičius R.

The need for timely identification of Distributed Denial-of-Service (DDoS) attacks in the Internet of Things (IoT) has become critical in minimizing security risks as the number of IoT devices deployed rapidly grows globally and the volume of such attacks rises to unprecedented levels. Instant detection facilitates network security by speeding up warning and disconnection from the network of infected IoT devices, thereby preventing the botnet from propagating and thereby stopping additional attacks. Several methods have been developed for detecting botnet attacks, such as Swarm Intelligence (SI) and Evolutionary Computing (EC)-based algorithms. In this study, we propose a Local-Global best Bat Algorithm for Neural Networks (LGBA-NN) to select both feature subsets and hyperparameters for efficient detection of botnet attacks, inferred from 9 commercial IoT devices infected by two botnets: Gafgyt and Mirai. The proposed Bat Algorithm (BA) adopted the local-global best-based inertia weight to update the bat’s velocity in the swarm. To tackle with swarm diversity of BA, we proposed Gaussian distribution used in the population initialization. Furthermore, the local search mechanism was followed by the Gaussian density function and local-global best function to achieve better exploration during each generation. Enhanced BA was further employed for neural network hyperparameter tuning and weight optimization to classify ten different botnet attacks with an additional one benign target class. The proposed LGBA-NN algorithm was tested on an N-BaIoT data set with extensive real traffic data with benign and malicious target classes. The performance of LGBA-NN was compared with several recent advanced approaches such as weight optimization using Particle Swarm Optimization (PSO-NN) and BA-NN. The experimental results revealed the superiority of LGBA-NN with 90% accuracy over other variants, i.e., BA-NN (85.5% accuracy) and PSO-NN (85.2% accuracy) in multi-class botnet attack detection.

Injadat M., Moubayed A., Nassif A.B., Shami A.

Cyber-security garnered significant attention due to the increased dependency of individuals and organizations on the Internet and their concern about the security and privacy of their online activities. Several previous machine learning (ML)-based network intrusion detection systems (NIDSs) have been developed to protect against malicious online behavior. This paper proposes a novel multi-stage optimized ML-based NIDS framework that reduces computational complexity while maintaining its detection performance. This work studies the impact of oversampling techniques on the models’ training sample size and determines the minimal suitable training sample size. Furthermore, it compares between two feature selection techniques, information gain and correlation-based, and explores their effect on detection performance and time complexity. Moreover, different ML hyper-parameter optimization techniques are investigated to enhance the NIDS’s performance. The performance of the proposed framework is evaluated using two recent intrusion detection datasets, the CICIDS 2017 and the UNSW-NB 2015 datasets. Experimental results show that the proposed model significantly reduces the required training sample size (up to 74%) and feature set size (up to 50%). Moreover, the model performance is enhanced with hyper-parameter optimization with detection accuracies over 99% for both datasets, outperforming recent literature works by 1-2% higher accuracy and 1-2% lower false alarm rate.

Rosay A., Riou K., Carlier F., Leroux P.

The Internet connection is becoming ubiquitous in embedded systems, making them potential victims of intrusion. Although gaining popularity in recent years, deep learning based intrusion detection systems tend to produce worse results than those using traditional machine learning algorithms. On the contrary, we propose an end-to-end methodology allowing a neural network to outperform traditional machine learning algorithms. We demonstrate high performance score on CIC-IDS2017 data set, showing an accuracy greater than 99% and a false positive rate lower than 0.5%. Our results are compared to traditional machine learning algorithms and previous studies. Then, we show that our approach can be successfully applied to CSE-CIC-IDS2018 data set, confirming that neural network can reach better scores than other machine learning algorithms. Our performance is compared to previous work on this data set. We further deployed our solution on a system-on-chip for automotive, allowing to characterize real-time performance aspect on an embedded system, both for feature extraction and inference. Finally, a discussion opens up on problems related to some attacks that are particularly difficult to detect with flow-based techniques and weaknesses found in the data sets.

Jiang Y., Jia M., Zhang B., Deng L.

Domain Generation Algorithm (DGA) domain name detection is one of the key technologies for detecting botnet C&C communications. It is well known that malicious websites can cause great harm, and from individuals to countries will be affected to varying degrees. Aiming at the problems of low detection accuracy and high complexity of traditional detection methods, this paper proposes a malicious domain name detection model (CNN-GRU-Attention). The model first used the CNN neural network to extract the spatial features of the domain name data; then used the GRU neural network to extract the temporal features of the domain name data; finally used the attention mechanism to improve the detection accuracy of the domain name. In the experiment, this article used Bigrams, LSTM artificial neural network, GRU neural network, LSTM-GRU four models to compare with the CNN-GRU-Attention model. The experimental results showed that the CNN-GRU-Attention model had better convergence and higher accuracy.

Khan M.A.

Nowadays, network attacks are the most crucial problem of modern society. All networks, from small to large, are vulnerable to network threats. An intrusion detection (ID) system is critical for mitigating and identifying malicious threats in networks. Currently, deep learning (DL) and machine learning (ML) are being applied in different domains, especially information security, for developing effective ID systems. These ID systems are capable of detecting malicious threats automatically and on time. However, malicious threats are occurring and changing continuously, so the network requires a very advanced security solution. Thus, creating an effective and smart ID system is a massive research problem. Various ID datasets are publicly available for ID research. Due to the complex nature of malicious attacks with a constantly changing attack detection mechanism, publicly existing ID datasets must be modified systematically on a regular basis. So, in this paper, a convolutional recurrent neural network (CRNN) is used to create a DL-based hybrid ID framework that predicts and classifies malicious cyberattacks in the network. In the HCRNNIDS, the convolutional neural network (CNN) performs convolution to capture local features, and the recurrent neural network (RNN) captures temporal features to improve the ID system’s performance and prediction. To assess the efficacy of the hybrid convolutional recurrent neural network intrusion detection system (HCRNNIDS), experiments were done on publicly available ID data, specifically the modern and realistic CSE-CIC-DS2018 data. The simulation outcomes prove that the proposed HCRNNIDS substantially outperforms current ID methodologies, attaining a high malicious attack detection rate accuracy of up to 97.75% for CSE-CIC-IDS2018 data with 10-fold cross-validation.

Zhou X., Hu Y., Liang W., Ma J., Jin Q.

With the increasing population of Industry 4.0, industrial big data (IBD) has become a hotly discussed topic in digital and intelligent industry field. The security problem existing in the signal processing on large scale of data stream is still a challenge issue in industrial internet of things, especially when dealing with the high-dimensional anomaly detection for intelligent industrial application. In this article, to mitigate the inconsistency between dimensionality reduction and feature retention in imbalanced IBD, we propose a variational long short-term memory (VLSTM) learning model for intelligent anomaly detection based on reconstructed feature representation. An encoder-decoder neural network associated with a variational reparameterization scheme is designed to learn the low-dimensional feature representation from high-dimensional raw data. Three loss functions are defined and quantified to constrain the reconstructed hidden variable into a more explicit and meaningful form. A lightweight estimation network is then fed with the refined feature representation to identify anomalies in IBD. Experiments using a public IBD dataset named UNSW-NB15 demonstrate that the proposed VLSTM model can efficiently cope with imbalance and high-dimensional issues, and significantly improve the accuracy and reduce the false rate in anomaly detection for IBD according to F1, area under curve (AUC), and false alarm rate (FAR).

Wang L., Han M., Li X., Zhang N., Cheng H.

This paper studies the classification of unbalanced data sets. First, this kind of data sets is briefly introduced, and then the classification methods of unbalanced data sets are analyzed in detail from different perspectives such as data sampling method, algorithm level, feature level, cost-sensitive function, and deep learning. In addition, the data sampling methods are divided into different technologies for introduction: unbalanced data set classification method based on synthetic minority over-sampling technology (SMOTE), support vector machine (SVM) technology, and k-nearest neighbor (KNN) technology, etc. Then, the advantages and disadvantages of these methods are compared. Finally, the evaluation criteria of the unbalanced data set classifier are summarized, and the future work directions are prospected and summarized.

Lv Z., Chen D., Lou R., Song H.

In order to protect industrial safety, improve the operation stability of the industrial control system, conduct the response measures for network environment attacked by the external world, and realize simulation in virtual reality environment, in this study, class and sample weighted C-support vector machine (CSWC-SVM) algorithm is first proposed using SVM. Then, the intrusion detection model of industrial control network is built based on the CSWC-SVM algorithm. Finally, KDD CUP 1999 data are introduced to carry out simulation experiments on the algorithm model constructed in this study in the virtual reality simulation environment. The results show when the penalty factor of the polynomial kernel function, radial basis kernel function, and sigmoid kernel function is 104, the average number of support vectors is 45, 46, and 37, respectively; the average training time are about 0.43, 0.45, and 0.47 s, and the average test time is about 9.7, 9.9, and 10.2 s, respectively; the average recognition accuracy is about 85.7%, 86.2%, and 86.7%, and the false positive rate is 3.8%, 2.8%, and 2.3%, respectively; the accuracy of the CSWC-SVM algorithm in different sample sizes (1000-6000) can be kept above 90%. The operation error rate of the CSWC-SVM algorithm is lower than that of C-SVM, C-SVM, and RS-SVM algorithms under different validation data sets. After dimension reduction, the classification accuracy of the CSWC-SVM algorithm is higher than that of C-SVM and WC-SVM algorithms. The weight value increases from 0 to 200, and the number of model errors on 1000, 2000, and 3000 pieces of data decreases significantly. When the weight value is 200, the number of errors drops to 0, and the classification accuracy reaches 100%. In a word, the CSWC-SVM algorithm constructed in this study performs well in response to the attack of the industrial control system in the virtual reality simulation environment, which provides practical significance for the application of virtual reality in industrial monitoring.

Bhatkar A.G., Gupta S., Patel P.

ABSTRACTAdvancements in 3GPP specifications and the extensive deployment of 5G networks have driven significant growth in the Internet of Vehicles (IoVs). This development has led to an increase in Connected and Autonomous Vehicles (CAVs), which provide capabilities such as automated navigation, ADAS, cruise control, and environmentally sustainable transportation in real‐time. Additionally, the widespread adoption of CAVs has also escalated vulnerabilities within the IoV ecosystem, exposing it to potential cyberattacks. The integration of various functional interfaces has enlarged its attack surface, thereby increasing the risk of vehicle infiltration. Researchers have proposed various Intrusion Detection Systems (IDS) to address the ongoing risk of vehicle attacks, without applying encryption and related authentication methods for intra‐and inter‐vehicular communications. However, a significant limitation of many IDSs is their dependency on characteristics specific to a particular category of vehicles, which limits their adaptability. Additionally, current IDSs frequently rely on one‐dimensional features such as traffic, time, etc., which limits their capability of detecting attacks in adverse scenarios. Moreover, incorporating machine learning algorithms into IDSs deployed in automated automobiles causes an increase in computational demands. We propose to develop a collaborative IDS specifically designed for cloud‐based vehicle environments. We aim to improve our capabilities of identifying intrusion detection and differentiate which are malicious by using multidimensional features. A customised Convolutional Neural Network (CNN), optimised through hyperparameter tuning, is also developed for detecting the malicious vehicles and enhancing the overall IDS. To address the challenge of data diversity, we integrate various vehicular datasets into a unified feature space. This integration allows a single model to efficiently perform multi‐classification tasks without frequent adjustments. Our feature space integrates dimensions such as traffic, time and so forth, levels, thereby expanding the spectrum of detectable attack scenarios. By identifying abnormal data points within this comprehensive feature framework, our system effectively identifies intrusions across a diverse range of vehicle types. As a result, our methodology supports robust intrusion detection through comprehensive multiclass vehicle classification.

Xie Q., He M., Lu Z.

IntroductionThe dynamic behavior analysis of nonlinear physical systems plays a critical role in understanding complex processes across various domains, including education, where interactive simulations of such systems can enhance conceptual learning. Traditional modeling techniques for nonlinear systems often fail to capture their high-dimensional, multi-scale, and chaotic nature due to oversimplified assumptions or reliance on linear approximations.MethodsIn this study, we present a novel framework leveraging computer vision and advanced neural architectures to analyze the dynamic behaviors of nonlinear physical systems. The proposed Physics-Informed Nonlinear Dynamics Network (PNDN) integrates data-driven embeddings with physics-based constraints, offering a robust solution for capturing intricate dynamics and ensuring adherence to physical principles.ResultsExperimental results highlight the model’s superior performance in reconstructing and predicting nonlinear system behaviors under diverse conditions, establishing its utility for real-time educational simulations.DiscussionThis approach bridges the gap between computational modeling and educational innovation, providing learners with interactive tools to explore complex physical phenomena.

Guo D., Xie Y.

This study proposes an enhanced network intrusion detection model, 1D-TCN-ResNet-BiGRU-Multi-Head Attention (TRBMA), aimed at addressing the issues of incomplete learning of temporal features and low accuracy in the classification of malicious traffic found in existing models. The TRBMA model utilizes Temporal Convolutional Networks (TCNs) to improve the ResNet18 architecture and incorporates Bidirectional Gated Recurrent Units (BiGRUs) and Multi-Head Self-Attention mechanisms to enhance the comprehensive learning of temporal features. Additionally, the ResNet network is adapted into a one-dimensional version that is more suitable for processing time-series data, while the AdamW optimizer is employed to improve the convergence speed and generalization ability during model training. Experimental results on the CIC-IDS-2017 dataset indicate that the TRBMA model achieves an accuracy of 98.66% in predicting malicious traffic types, with improvements in precision, recall, and F1-score compared to the baseline model. Furthermore, to address the challenge of low identification rates for malicious traffic types with small sample sizes in unbalanced datasets, this paper introduces TRBMA (BS-OSS), a variant of the TRBMA model that integrates Borderline SMOTE-OSS hybrid sampling. Experimental results demonstrate that this model effectively identifies malicious traffic types with small sample sizes, achieving an overall prediction accuracy of 99.88%, thereby significantly enhancing the performance of the network intrusion detection model.

Qiao Q., Hu H., Ahmad A., Wang K.

Bekele M.B., Taye Y.G., Demesa E.G.

Hakami H., Faheem M., Ahmad M.B.

Zhang S., Fu Z., An D., Yi H.

Network security situation assessment (NSSA) has become increasingly critical due to the growing frequency and sophistication of network attacks. NSSA involves analyzing network threats and security incidents to support network administrators in decision-making and the implementation of protective strategies. To address the challenges of low assessment accuracy in current NSSA methods, we propose a novel model that integrates an enhanced black-winged kite algorithm (BKA) with a cross dual-channel framework. First, we develop a cross dual-channel architecture that combines a convolutional neural network with a bidirectional long short-term memory network. This structure effectively integrates temporal and spatial features; while, an attention mechanism highlights key information, thereby improving the accuracy of traffic classification. Second, the improved BKA is employed to optimize network parameters, further enhancing the model’s overall performance. Finally, the situation value is derived from the classification results and mapped to corresponding network security situation levels, completing the NSSA process. Experimental results on the NSL-KDD dataset demonstrate that the proposed model achieves notable improvements, with an accuracy of 83.66%, a recall of 80.04%, and an F1-score of 83.13%. Moreover, the proposed assessment method offers a more robust and comprehensive evaluation of the network’s overall security status, highlighting its potential for practical application.

Kaushik S., Bhardwaj A., Almogren A., bharany S., Altameem A., Rehman A.U., Hussen S., Hamam H.

There are serious security issues with the quick growth of IoT devices, which are increasingly essential to Industry 4.0. These gadgets frequently function in challenging environments with little energy and processing power, leaving them open to cyberattacks and making it more difficult to implement intrusion detection systems (IDS) that work. In order to address this issue, this study presents a unique feature selection algorithm based on basic statistical methods and a lightweight intrusion detection system. This methodology improves performance and cuts training time by 27–63% for a variety of classifiers. By utilizing the most discriminative features, the suggested methods lower the computational overhead and improve the detection accuracy. The IDS achieved over 99.9% accuracy, precision, recall, and F1-Score on the dataset IoTID20, with consistent performance on the NSLKDD dataset.

Tang C., Xiao F.

Tang C., Xiao F.

Wu K., Xiao F., Zhang Y.

Huang J., Xiao F.

Zhang R., Wu Q., Zhou Y.

Accurately extracting network security situation elements is an important basis for improving the situational awareness of industrial Internet security. This paper proposes an industrial internet security situation element extraction algorithm based on a hybrid neural network. Firstly, the powerful local feature extraction ability of convolutional neural networks (CNNs) was used to extract the features of key situation elements, and the obtained features were flattened and then input into long short-term memory networks (LSTMs) to solve the problem of the poor time feature extraction ability of CNNs. Then, the output features of the fully connected layer were input to the backpropagation (BP) network for classification, and LSTM was used to correct the prediction residual of the BP network to optimize the parameters of each module in the model and improve the classification effect and generalization ability. Comparative experimental results show that the accuracy of the model on the KDD Cup99 dataset and SCADA2014 dataset can reach 98.03% and 98.96%, respectively. Compared with other models, the model has higher classification accuracy and can provide more effective indicator data for security situation assessment.

Dongming Y., Li R., Xiong W., Xiaotong H.

Abstract There is some interpretability in predicting deformation based on key control points [1], but mispredicting the deformation of the test model can result from missing sensor data due to physical obstruction and going outside the equipment's measuring range. In order to address the issue, this paper combines key control points to forecast the deformation in real time, introduces K-neighborhoods (KNN) to obtain the spatial topological relationship of the tested model, and integrates hybrid block-attention mechanism (CBAM) and bi-directional long and short-term memory cells (BiLSTM) to improve the linkage between multiple input features. The network has a faster convergence rate, according to experiments, and its maximum deformation prediction deviation is only 0.28 mm. In the meantime, the prediction approach uses standardization to make up for the missing control point data; this results in a corrective impact that ranges from 37.76% to 90.89%. The method proposed in this paper complements the missing sensor data while predicting the deformation in real time, which is essential for establishing an accurate dynamic prediction model and realizing comprehensive data sensing.

Çavşi Zaim H., Yolaçan E.N.

The increase in cybersecurity threats has made attack detection systems critically important. Traditional deep learning methods often require large amounts of data and struggle to understand relationships between features effectively. With their self-attention mechanism, Transformers excel in modeling complex relationships and long-term dependencies. They are also adaptable to various data types and sources, making them advantageous in large-scale attack detection scenarios. This paper introduces the FPE–Transformer framework, leveraging the strengths of the Transformer architecture. FPE–Transformer incorporates an innovative feature positional encoding mechanism that encodes the positional information of each feature separately, enabling a deeper understanding of feature relationships and more precise attack detection. Additionally, the model includes a ClassificationHead for enhanced accuracy and complex pattern recognition. The framework’s performance was validated using the NSL-KDD and CIC-IDS2017 datasets, demonstrating its superiority over traditional methods in detecting diverse attack types and improving overall performance. This study highlights FPE–Transformer’s innovative approach and ability to address key limitations of traditional deep learning methods, establishing it as a robust solution for modern attack detection challenges.