Intelligent Forensic Investigation Using Optimal Stacked Autoencoder for Critical Industrial Infrastructures

Industrial Control Systems (ICS) can be employed on the industrial processes in order to reduce the manual labor and handle the complicated industrial system processes as well as communicate effectively. Internet of Things (IoT) integrates numerous sets of sensors and devices via a data network enabling independent processes. The incorporation of the IoT in the industrial sector leads to the design of Industrial Internet of Things (IIoT), which find use in water distribution system, power plants, etc. Since the IIoT is susceptible to different kinds of attacks due to the utilization of Internet connection, an effective forensic investigation process becomes essential. This study offers the design of an intelligent forensic investigation using optimal stacked autoencoder for critical industrial infrastructures. The proposed strategy involves the design of manta ray foraging optimization (MRFO) based feature selection with optimal stacked autoencoder (OSAE) model, named MFROFS-OSAE approach. The primary objective of the MFROFS-OSAE technique is to determine the presence of abnormal events in critical industrial infrastructures. The MFROFS-OSAE approach involves several subprocesses namely data gathering, data handling, feature selection, classification, and parameter tuning. Besides, the MRFO based feature selection approach is designed for the optimal selection of feature subsets. Moreover, the OSAE based classifier is derived to detect abnormal events and the parameter tuning process is carried out via the coyote optimization algorithm (COA). The performance validation of the MFROFS-OSAE technique takes place using the benchmark dataset and the experimental results reported the betterment of the MFROFS-OSAE technique over the recent approaches interms of different measures.     

Robust Attack Detection Approach for IIoT Using Ensemble Classifier

Generally, the risks associated with malicious threats are increasing for the Internet of Things (IoT) and its related applications due to dependency on the Internet and the minimal resource availability of IoT devices. Thus, anomaly-based intrusion detection models for IoT networks are vital. Distinct detection methodologies need to be developed for the Industrial Internet of Things (IIoT) network as threat detection is a significant expectation of stakeholders. Machine learning approaches are considered to be evolving techniques that learn with experience, and such approaches have resulted in superior performance in various applications, such as pattern recognition, outlier analysis, and speech recognition. Traditional techniques and tools are not adequate to secure IIoT networks due to the use of various protocols in industrial systems and restricted possibilities of upgradation. In this paper, the objective is to develop a two-phase anomaly detection model to enhance the reliability of an IIoT network. In the first phase, SVM and Naïve Bayes, are integrated using an ensemble blending technique. K-fold cross-validation is performed while training the data with different training and testing ratios to obtain optimized training and test sets. Ensemble blending uses a random forest technique to predict class labels. An Artificial Neural Network (ANN) classifier that uses the Adam optimizer to achieve better accuracy is also used for prediction. In the second phase, both the ANN and random forest results are fed to the model’s classification unit, and the highest accuracy value is considered the final result. The proposed model is tested on standard IoT attack datasets, such as WUSTL_IIOT-2018, N_BaIoT, and Bot_IoT. The highest accuracy obtained is 99%. A comparative analysis of the proposed model using state-of-the-art ensemble techniques is performed to demonstrate the superiority of the results. The results also demonstrate that the proposed model outperforms traditional techniques and thus improves the reliability of an IIoT network.     

Enhancing Blockchain Security Using Ripple Consensus Algorithm

In the development of technology in various fields like big data analysis, data mining, big data, cloud computing, and blockchain technology, security become more constrained. Blockchain is used in providing security by encrypting the sharing of information. Blockchain is applied in the peer-to-peer (P2P) network and it has a decentralized ledger. Providing security against unauthorized breaches in the distributed network is required. To detect unauthorized breaches, there are numerous techniques were developed and those techniques are inefficient and have poor data integrity. Hence, a novel technique needs to be implemented to tackle the new breaches in the distributed network. This paper, proposed a hybrid technique of two fish with a ripple consensus algorithm (TF-RC). To improve the detection time and security, this paper uses efficient transmission of data in the distributed network. The experimental analysis of TF-RC by using the metric measures of performance in terms of latency, throughput, energy efficiency and it produced better performance.     

Attack–norm separation for detecting attack‐induced quality problems on computers and networks

Cyber attacks on computer and network systems induce system quality and reliability problems, and present a significant threat to the computer and network systems that we are heavily dependent on. Cyber attack detection involves monitoring system data and detecting the attack‐induced quality and reliability problems of computer and network systems caused by cyber attacks. Usually there are ongoing normal user activities on computer and network systems when an attack occurs. As a result, the observed system data may be a mixture of attack data and normal use data (norm data). We have established a novel attack–norm separation approach to cyber attack detection that includes norm data cancelation to improve the data quality as an important part of this approach. Aiming at demonstrating the importance of norm data cancelation, this paper presents a set of data modeling and analysis techniques developed to perform norm data cancelation before applying an existing technique of anomaly detection, the chi‐square distance monitoring (CSDM), to residual data obtained after norm data cancelation for cyber attack detection. Specifically, a Markov chain model of norm data and an artificial neural network (ANN) of norm data cancelation are developed and tested. This set of techniques is compared with using CSDM alone for cyber attack detection. The results show a significant improvement of detection performance by CSDM with norm data cancelation over CSDM alone. Copyright © 2006 John Wiley & Sons, Ltd.     

Lightweight Authentication Protocol Based on Physical Unclonable Function

In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.     

A Fused Machine Learning Approach for Intrusion Detection System

The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection.     

An Intelligent Hybrid Mutual Authentication Scheme for Industrial Internet of Thing Networks

Internet of Things (IoT) network used for industrial management is vulnerable to different security threats due to its unstructured deployment, and dynamic communication behavior. In literature various mechanisms addressed the security issue of Industrial IoT networks, but proper maintenance of the performance reliability is among the common challenges. In this paper, we proposed an intelligent mutual authentication scheme leveraging authentication aware node (AAN) and base station (BS) to identify routing attacks in Industrial IoT networks. The AAN and BS uses the communication parameter such as a route request (RREQ), node-ID, received signal strength (RSS), and round-trip time (RTT) information to identify malicious devices and routes in the deployed network. The feasibility of the proposed model is validated in the simulation environment, where OMNeT++ was used as a simulation tool. We compare the results of the proposed model with existing field-proven schemes in terms of routing attacks detection, communication cost, latency, computational cost, and throughput. The results show that our proposed scheme surpasses the previous schemes regarding these performance parameters with the attack detection rate of 97.7 %.     

Improving the Detection Rate of Rarely Appearing Intrusions in Network-Based Intrusion Detection Systems

In network-based intrusion detection practices, there are more regular instances than intrusion instances. Because there is always a statistical imbalance in the instances, it is difficult to train the intrusion detection system effectively. In this work, we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances. Our technique mitigates the statistical imbalance in these instances. We also carried out an experiment on the training model by increasing the instances, thereby increasing the attack instances step by step up to 13 levels. The experiments included not only known attacks, but also unknown new intrusions. The results are compared with the existing studies from the literature, and show an improvement in accuracy, sensitivity, and specificity over previous studies. The detection rates for the remote-to-user (R2L) and user-to-root (U2L) categories are improved significantly by adding fewer instances. The detection of many intrusions is increased from a very low to a very high detection rate. The detection of newer attacks that had not been used in training improved from 9% to 12%. This study has practical applications in network administration to protect from known and unknown attacks. If network administrators are running out of instances for some attacks, they can increase the number of instances with rarely appearing instances, thereby improving the detection of both known and unknown new attacks.     

Hyper Elliptic Curve Based Certificateless Signcryption Scheme for Secure IIoT Communications

Industrial internet of things (IIoT) is the usage of internet of things (IoT) devices and applications for the purpose of sensing, processing and communicating real-time events in the industrial system to reduce the unnecessary operational cost and enhance manufacturing and other industrial-related processes to attain more profits. However, such IoT based smart industries need internet connectivity and interoperability which makes them susceptible to numerous cyber-attacks due to the scarcity of computational resources of IoT devices and communication over insecure wireless channels. Therefore, this necessitates the design of an efficient security mechanism for IIoT environment. In this paper, we propose a hyperelliptic curve cryptography (HECC) based IIoT Certificateless Signcryption (IIoT-CS) scheme, with the aim of improving security while lowering computational and communication overhead in IIoT environment. HECC with 80-bit smaller key and parameters sizes offers similar security as elliptic curve cryptography (ECC) with 160-bit long key and parameters sizes. We assessed the IIoT-CS scheme security by applying formal and informal security evaluation techniques. We used Real or Random (RoR) model and the widely used automated validation of internet security protocols and applications (AVISPA) simulation tool for formal security analysis and proved that the IIoT-CS scheme provides resistance to various attacks. Our proposed IIoT-CS scheme is relatively less expensive compared to the current state-of-the-art in terms of computational cost and communication overhead. Furthermore, the IIoT-CS scheme is 31.25% and 51.31% more efficient in computational cost and communication overhead, respectively, compared to the most recent protocol.     

Blockchain Assisted Intrusion Detection System Using Differential Flower Pollination Model

Cyberattacks are developing gradually sophisticated, requiring effective intrusion detection systems (IDSs) for monitoring computer resources and creating reports on anomalous or suspicious actions. With the popularity of Internet of Things (IoT) technology, the security of IoT networks is developing a vital problem. Because of the huge number and varied kinds of IoT devices, it can be challenging task for protecting the IoT framework utilizing a typical IDS. The typical IDSs have their restrictions once executed to IoT networks because of resource constraints and complexity. Therefore, this paper presents a new Blockchain Assisted Intrusion Detection System using Differential Flower Pollination with Deep Learning (BAIDS-DFPDL) model in IoT Environment. The presented BAIDS-DFPDL model mainly focuses on the identification and classification of intrusions in the IoT environment. To accomplish this, the presented BAIDS-DFPDL model follows blockchain (BC) technology for effective and secure data transmission among the agents. Besides, the presented BAIDS-DFPDL model designs Differential Flower Pollination based feature selection (DFPFS) technique to elect features. Finally, sailfish optimization (SFO) with Restricted Boltzmann Machine (RBM) model is applied for effectual recognition of intrusions. The simulation results on benchmark dataset exhibit the enhanced performance of the BAIDS-DFPDL model over other models on the recognition of intrusions.     

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works     

Hybrid Grey Wolf and Dipper Throated Optimization in Network Intrusion Detection Systems

The Internet of Things (IoT) is a modern approach that enables connection with a wide variety of devices remotely. Due to the resource constraints and open nature of IoT nodes, the routing protocol for low power and lossy (RPL) networks may be vulnerable to several routing attacks. That’s why a network intrusion detection system (NIDS) is needed to guard against routing assaults on RPL-based IoT networks. The imbalance between the false and valid attacks in the training set degrades the performance of machine learning employed to detect network attacks. Therefore, we propose in this paper a novel approach to balance the dataset classes based on metaheuristic optimization applied to locality-sensitive hashing and synthetic minority oversampling technique (LSH-SMOTE). The proposed optimization approach is based on a new hybrid between the grey wolf and dipper throated optimization algorithms. To prove the effectiveness of the proposed approach, a set of experiments were conducted to evaluate the performance of NIDS for three cases, namely, detection without dataset balancing, detection with SMOTE balancing, and detection with the proposed optimized LSH-SOMTE balancing. Experimental results showed that the proposed approach outperforms the other approaches and could boost the detection accuracy. In addition, a statistical analysis is performed to study the significance and stability of the proposed approach. The conducted experiments include seven different types of attack cases in the RPL-NIDS17 dataset. Based on the proposed approach, the achieved accuracy is (98.1%), sensitivity is (97.8%), and specificity is (98.8%).     

Optimal Hybrid Deep Learning Enabled Attack Detection and Classification in IoT Environment

The Internet of Things (IoT) paradigm enables end users to access networking services amongst diverse kinds of electronic devices. IoT security mechanism is a technology that concentrates on safeguarding the devices and networks connected in the IoT environment. In recent years, False Data Injection Attacks (FDIAs) have gained considerable interest in the IoT environment. Cybercriminals compromise the devices connected to the network and inject the data. Such attacks on the IoT environment can result in a considerable loss and interrupt normal activities among the IoT network devices. The FDI attacks have been effectively overcome so far by conventional threat detection techniques. The current research article develops a Hybrid Deep Learning to Combat Sophisticated False Data Injection Attacks detection (HDL-FDIAD) for the IoT environment. The presented HDL-FDIAD model majorly recognizes the presence of FDI attacks in the IoT environment. The HDL-FDIAD model exploits the Equilibrium Optimizer-based Feature Selection (EO-FS) technique to select the optimal subset of the features. Moreover, the Long Short Term Memory with Recurrent Neural Network (LSTM-RNN) model is also utilized for the purpose of classification. At last, the Bayesian Optimization (BO) algorithm is employed as a hyperparameter optimizer in this study. To validate the enhanced performance of the HDL-FDIAD model, a wide range of simulations was conducted, and the results were investigated in detail. A comparative study was conducted between the proposed model and the existing models. The outcomes revealed that the proposed HDL-FDIAD model is superior to other models.     

Digital Twin-Based Automated Fault Diagnosis in Industrial IoT Applications

In recent years, Digital Twin (DT) has gained significant interest from academia and industry due to the advanced in information technology, communication systems, Artificial Intelligence (AI), Cloud Computing (CC), and Industrial Internet of Things (IIoT). The main concept of the DT is to provide a comprehensive tangible, and operational explanation of any element, asset, or system. However, it is an extremely dynamic taxonomy developing in complexity during the life cycle that produces a massive amount of engendered data and information. Likewise, with the development of AI, digital twins can be redefined and could be a crucial approach to aid the Internet of Things (IoT)-based DT applications for transferring the data and value onto the Internet with better decision-making. Therefore, this paper introduces an efficient DT-based fault diagnosis model based on machine learning (ML) tools. In this framework, the DT model of the machine is constructed by creating the simulation model. In the proposed framework, the Genetic algorithm (GA) is used for the optimization task to improve the classification accuracy. Furthermore, we evaluate the proposed fault diagnosis framework using performance metrics such as precision, accuracy, F-measure, and recall. The proposed framework is comprehensively examined using the triplex pump fault diagnosis. The experimental results demonstrated that the hybrid GA-ML method gives outstanding results compared to ML methods like Logistic Regression (LR), Naïve Bayes (NB), and Support Vector Machine (SVM). The suggested framework achieves the highest accuracy of 95% for the employed hybrid GA-SVM. The proposed framework will effectively help industrial operators make an appropriate decision concerning the fault analysis for IIoT applications in the context of Industry 4.0.     

Network Traffic Obfuscation System for IIoT-Cloud Control Systems

One of the latest technologies enabling remote control, operational efficiency upgrades, and real-time big-data monitoring in an industrial control system (ICS) is the IIoT-Cloud ICS, which integrates the Industrial Internet of Things (IIoT) and the cloud into the ICS. Although an ICS benefits from the application of IIoT and the cloud in terms of cost reduction, efficiency improvement, and real-time monitoring, the application of this technology to an ICS poses an unprecedented security risk by exposing its terminal devices to the outside world. An adversary can collect information regarding senders, recipients, and prime-time slots through traffic analysis and use it as a linchpin for the next attack, posing a potential threat to the ICS. To address this problem, we designed a network traffic obfuscation system (NTOS) for the IIoT-Cloud ICS, based on the requirements derived from the ICS characteristics and limitations of existing NTOS models. As a strategy to solve this problem wherein a decrease in the traffic volume facilitates traffic analysis or reduces the packet transmission speed, we proposed an NTOS based on packet scrambling, wherein a packet is split into multiple pieces before transmission, thus obfuscating network analysis. To minimize the ICS modification and downtime, the proposed NTOS was designed using an agent-based model. In addition, for the ICS network traffic analyzer to operate normally in an environment wherein the NTOS is applied, a rule-based NTOS was adopted such that the actual traffic flow is known only to the device that is aware of the rule and is blocked for attackers. The experimental results verified that the same time requested for response and level of difficulty of analysis were maintained by the application of an NTOS based on packet scrambling, even when the number of requests received by the server per second was reduced. The network traffic analyzer of the ICS can capture the packet flow by using the pre-communicated NTOS rule. In addition, by designing an NTOS using an agent-based model, the impact on the ICS was minimized such that the system could be applied with short downtime.     

A New Anti-Quantum Proxy Blind Signature for Blockchain-Enabled Internet of Things

Blockchain technology has become a research hotspot in recent years with the prominent characteristics as public, distributed and decentration. And blockchain-enabled internet of things (BIoT) has a tendency to make a revolutionary change for the internet of things (IoT) which requires distributed trustless consensus. However, the scalability and security issues become particularly important with the dramatically increasing number of IoT devices. Especially, with the development of quantum computing, many extant cryptographic algorithms applied in blockchain or BIoT systems are vulnerable to the quantum attacks. In this paper, an anti-quantum proxy blind signature scheme based on the lattice cryptography has been proposed, which can provide user anonymity and untraceability in the distributed applications of BIoT. Then, the security proof of the proposed scheme can derive that it is secure in random oracle model, and the efficiency analysis can indicate it is efficient than other similar literatures.     

Intelligent DoS Attack Detection with Congestion Control Technique for VANETs

Vehicular Ad hoc Network (VANET) has become an integral part of Intelligent Transportation Systems (ITS) in today's life. VANET is a network that can be heavily scaled up with a number of vehicles and road side units that keep fluctuating in real world. VANET is susceptible to security issues, particularly DoS attacks, owing to maximum unpredictability in location. So, effective identification and the classification of attacks have become the major requirements for secure data transmission in VANET. At the same time, congestion control is also one of the key research problems in VANET which aims at minimizing the time expended on roads and calculating travel time as well as waiting time at intersections, for a traveler. With this motivation, the current research paper presents an intelligent DoS attack detection with Congestion Control (IDoS-CC) technique for VANET. The presented IDoS-CC technique involves two-stage processes namely, Teaching and Learning Based Optimization (TLBO)-based Congestion Control (TLBO-CC) and Gated Recurrent Unit (GRU)-based DoS detection (GRU-DoSD). The goal of IDoS-CC technique is to reduce the level of congestion and detect the attacks that exist in the network. TLBO algorithm is also involved in IDoS-CC technique for optimization of the routes taken by vehicles via traffic signals and to minimize the congestion on a particular route instantaneously so as to assure minimal fuel utilization. TLBO is applied to avoid congestion on roadways. Besides, GRU-DoSD model is employed as a classification model to effectively discriminate the compromised and genuine vehicles in the network. The outcomes from a series of simulation analyses highlight the supremacy of the proposed IDoS-CC technique as it reduced the congestion and successfully identified the DoS attacks in network.     

A Hybrid Approach for Network Intrusion Detection

Due to the widespread use of the internet and smart devices, various attacks like intrusion, zero-day, Malware, and security breaches are a constant threat to any organization's network infrastructure. Thus, a Network Intrusion Detection System (NIDS) is required to detect attacks in network traffic. This paper proposes a new hybrid method for intrusion detection and attack categorization. The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization. In the first step, the dataset is preprocessed through the data transformation technique and min-max method. Secondly, the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model's performance. Next, we use various Support Vector Machine (SVM) types to detect intrusion and the Adaptive Neuro-Fuzzy System (ANFIS) to categorize probe, U2R, R2U, and DDOS attacks. The validation of the proposed method is calculated through Fine Gaussian SVM (FGSVM), which is 99.3% for the binary class. Mean Square Error (MSE) is reported as 0.084964 for training data, 0.0855203 for testing, and 0.084964 to validate multiclass categorization.     

Adversarial Active Learning for Named Entity Recognition in Cybersecurity

Owing to the continuous barrage of cyber threats, there is a massive amount of cyber threat intelligence. However, a great deal of cyber threat intelligence come from textual sources. For analysis of cyber threat intelligence, many security analysts rely on cumbersome and time-consuming manual efforts. Cybersecurity knowledge graph plays a significant role in automatics analysis of cyber threat intelligence. As the foundation for constructing cybersecurity knowledge graph, named entity recognition (NER) is required for identifying critical threat-related elements from textual cyber threat intelligence. Recently, deep neural network-based models have attained very good results in NER. However, the performance of these models relies heavily on the amount of labeled data. Since labeled data in cybersecurity is scarce, in this paper, we propose an adversarial active learning framework to effectively select the informative samples for further annotation. In addition, leveraging the long short-term memory (LSTM) network and the bidirectional LSTM (BiLSTM) network, we propose a novel NER model by introducing a dynamic attention mechanism into the BiLSTM-LSTM encoderdecoder. With the selected informative samples annotated, the proposed NER model is retrained. As a result, the performance of the NER model is incrementally enhanced with low labeling cost. Experimental results show the effectiveness of the proposed method.     

An Effective Classifier Model for Imbalanced Network Attack Data

Recently, machine learning algorithms have been used in the detection and classification of network attacks. The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98, KDD’99, NSL-KDD, UNSW-NB15, and Caida DDoS. However, these datasets have two major challenges: imbalanced data and high-dimensional data. Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets. On the other hand, having a large number of features increases the runtime load on the algorithms. A novel model is proposed in this paper to overcome these two concerns. The number of features in the model, which has been tested at CICIDS2017, is initially optimized by using genetic algorithms. This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimum time. Afterwards, a multi-layer perceptron based ensemble learning approach has been applied to improve the models’ overall performance. The experimental results show that the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset, with a high f1-score (0.91) and g-mean (0.99) value. Furthermore, it has outperformed base classifier models and voting procedures.