DEPARTMENT OF INFORMATION TECHNOLOGY

AN APPROACH TOWARDS CYBER ATTACKS DETECTION AND

PREVENTION SYSTEM THROUGH OPTIMIZED STACKED
RECURRENT NEURAL NETWORK
DOMAIN: CYBER SECURITY

DATE: 08-05-2024
BATCH NO : IT-202405 GUIDED BY :
PRESENTED BY
Mrs. G. DURGA DEVI
1. AJAY M - 113320205002 ASSISTANT PROFESSOR
2. DHANUSH M - 113320205009 DEPT. OF IT
3. KAVIBHARATHI A - 113320205019 VELAMMAL INSTITUTE OF TECHNOLOGY
CHENNAI – 601 204
 ABSTRACT

Cyber physical systems are exposed to public cloud during massive operations due to lack of

security. An Intrusion Detection System (IDS) is a security technology designed to monitor and analyse network

traffic or system activities for signs of unauthorized or malicious activities. Its primary purpose is to identify

and respond to potential security breaches or attacks in real-time or near-real-time, helping to protect computer

systems, networks, and data from unauthorized access, data exfiltration, and other malicious activities. The

proposed approach handle the cyberattacks detection through optimized stacked recurrent neural network model

with meta-heuristic model adjust the flow of network patterns. Unique discriminant feature extraction

technique (UDF) is done for dimensionality reduction. The performance of the system is analysed through

accuracy, precision, recall and F1score. The classification of massive attacks in cyber physical systems are

implemented here.
 OBJECTIVE

To develop an efficient and effective system for detecting and preventing cyber attacks in the

cyber infrastructure physical system.

 LITERATURE SURVEY
TITLE: Adaptive Bi-Recommendation and Self-Improving Network for Heterogeneous Domain
Adaptation-Assisted IoT Intrusion Detection

YEAR: 2023
DESCRIPTION:The ABRSI transfers enrich intrusion knowledge from a data-rich network intrusion
source domain to facilitate effective intrusion detection for data-scarce IoT target domains. The ABRSI achieves
fine-grained intrusion knowledge transfer via adaptive bi-recommendation matching. Matching the bi-
recommendation interests of two recommender systems (RSs) and the alignment of intrusion categories in the
shared feature space form a mutual-benefit loop. Besides, the ABRSI uses a self-improving mechanism,
autonomously improving the intrusion knowledge transfer from four ways. A hard pseudo label (PL) voting
mechanism jointly considers RS decision and label relationship information to promote more accurate hard PL
assignment. To promote diversity and target data participation during intrusion knowledge transfer, target
instances failing to be assigned with a hard PL will be assigned with a probabilistic soft PL, forming a hybrid
pseudo-labeling strategy. Meanwhile, the ABRSI also makes soft pseudo-labels globally diverse and
individually certain. Finally, an error knowledge learning mechanism is utilized to adversarially exploit factors
that causes detection ambiguity and learns through both current and previous error knowledge, preventing error
knowledge forgetfulness. Holistically, these mechanisms form the ABRSI model that boosts IoT intrusion
detection accuracy via HDA-assisted intrusion knowledge transfer.
 LITERATURE SURVEY
TITLE: Informer-Based Intrusion Detection Method for Network Attack of Integrated Energy System
YEAR: 2022
DESCRIPTION: This study of attack detection models for integrated energy systems is based on the
Informer model. Firstly, the network data characteristics of the current integrated energy system are introduced.
Secondly, the current research status of network intrusion detection is summarized. Most models ignore the
time-series features of network traffic, resulting in increased detection time and memory footprint as the series
grows, and the corresponding result accuracy will decrease. Informer reduces the input dimension of each layer
into decoder by half by improving ProbSparse self-attention mechanism and self-distillation mechanism in
encoder, thus greatly improving the above problems. And in decoder, a one-step calculation method is adopted,
which significantly improves the calculation efficiency. Finally, the experiment proves that Informer’s long-
sequence time model has a high accuracy in intrusion detection of integrated energy system, which verifies the
effectiveness and usability of this model.
 LITERATURE SURVEY
TITLE: A Machine Learning-Based Intrusion Detection System for Securing Remote Desktop Connections
to Electronic Flight Bag Servers

YEAR: 2021
DESCRIPTION: Remote desktop protocols (RDP) are commonly used for connecting and interacting
with computers remotely. In this case, a server component runs on the remote computer and shares its desktop
(i.e., screen) with the client component which runs on an end user device. In recent years, a number of
vulnerabilities have been identified in two widely used remote desktop implementations, Microsoft Remote
Desktop and RealVNC. These vulnerabilities may expose the remote server to a new attack vector. This concern
is increased when it comes to a cyber-physical system (CPS) in which a client device with a low trust level
connects to the critical system via the remote desktop server. In order to mitigate this risk, in this paper we
propose a network based intrusion detection system (NIDS) specifically designed for securing the remote
desktop connections. The propose method utilizes an innovative anomaly detection technique based on machine
learning for detecting malicious TCP packets, which can carry exploits aimed at the RDP server. An empirical
evaluation conducted on an avionic system setup consisting of a commercial tablet (Samsung Galaxy Tab)
connected through a Virtual Network Computing (VNC) remote desktop implementation to a real electronic
flight bag (EFB) server shows that the proposed method can detect malicious packets carrying real exploits
(reported in recent years) with a true positive rate of 0.863 and a false positive rate of 0.0001.
 LITERATURE SURVEY
TITLE: Immune System Based Intrusion Detection System (IS-IDS): A Proposed Model

YEAR: 2020
DESCRIPTION:This paper explores the immunological model and implements it in the domain of
intrusion detection on computer networks. The main objective of the paper is to monitor, log the network traffic
and apply detection algorithms for detecting intrusions within the network. The proposed model mimics the
natural Immune System (IS) by considering both of its layers, innate immune system and adaptive immune
system respectively. The current work proposes Statistical Modelling based Anomaly Detection (SMAD) as the
first layer of Intrusion Detection System (IDS). It works as the Innate Immune System (IIS) interface and
captures the initial traffic of a network to find out the first-hand vulnerability. The second layer, Adaptive
Immune-based Anomaly Detection (AIAD) has been considered for determining the features of the suspicious
network packets for detection of anomaly. It imitates the adaptive immune system by taking into consideration
the activation of the T-cells and the B-cells. It captures relevant features from header and payload portions for
effective detection of intrusion. Experiments have been conducted on both the real-time network traffic and the
standard datasets KDD99 and UNSW-NB15 for intrusion detection. The SMAD model yields as high as 96.04%
true positive rate and around 97% true positive rate using real-time traffic and standard data sets. Highly
suspicious traffic detected in the SMAD model is further tested for vulnerability in the AIAD model. Results
show significant true positive rate, closer to almost 99% of accurately detecting the file-based and user-based
anomalies for both the real-time traffic and standard data sets.
 LITERATURE SURVEY
TITLE: Maximum Mean Discrepancy Minimization Based Transfer Learning for Indoor WLAN Personnel
Intrusion Detection

YEAR: 2019
DESCRIPTION: Indoor personnel intrusion detection has been recognized as an active research topic
over the last decade due to the remarkably growing demand for indoor security management, elderly
monitoring, and smart home. In this circumstance, indoor wireless local area network (WLAN) personnel
intrusion detection is one of the most promising approaches by considering its advantages of the handy
accessibility of WLAN signal and convenient use of WLAN devices. Many existing studies rely on only the
offline WLAN received signal strength (RSS) data to train a heuristic model, which is, then, used for online
intrusion detection without considering the time-variant RSS property in the actual indoor environment. To
address this problem, we propose a new maximum mean discrepancy (MMD) minimisation based transfer
learning approach for indoor WLAN personnel intrusion detection. Specifically, first of all, the source and target
domains are constructed from offline labelled and online unlabelled RSS data, respectively. Second, the MMD
of marginal distributions of the RSS data in source and target domains are calculated as the difference of these
two domains. Third, the optimal transfer matrix corresponding to the minimum difference of source and target
domains (or called minimum MMD) is constructed to transfer the RSS data in these two domains into the data
in a same subspace. Finally, the classifiers used for intrusion detection are trained from these data with the
purpose of enhancing the robustness of the proposed approach.
 INTRODUCTION
In response to the critical need for robust cyber attack detection and prevention in physical cyber
infrastructure systems, this study proposes an innovative approach. By integrating optimized stacked recurrent
neural networks with meta-heuristic models and employing a Unique Discriminant Feature extraction technique,
the system aims to enhance detection accuracy and efficiency. Evaluation metrics such as accuracy, precision,
recall, and F1 score are utilized to assess system performance, with implementation facilitated through
MATLAB tools.
 EXISTING SYSTEM
In the existing system, deep learning models are directly enforced the network behaviour

dataset. The pattern of anomaly is detected through continuous iterations run over the deep learning layers. The

existing model also depend on LSTM based storage networks.

 DISADVANTAGE
 Complex architecture

 Graphical processing unit is consumed more

 PROPOSED SYSTEM
The proposed approach handle the cyber attack detection through optimized stacked

recurrent neural network model with meta-heuristic model adjust the flow of network patterns. Unique

discriminant feature extraction technique (UDF) is done for dimensionality reduction. The performance of the

system is analysed through accuracy, precision, recall and F1score. The classification of massive attacks in

cyber physical systems are implemented here.

 ADVANTAGES
 Adaptive meta heuristic algorithms are utilized
 Processing time is optimized
 Increased detection accuracy and speed
 If 50% of attack detected , it will deny the access.
ARCHITECTURE DIAGRAM
 ALGORITHM
STACKED RECURRENT NEURAL NETWORK:

A stacked recurrent neural network (RNN) is a deep learning architecture consisting of multiple

recurrent layers. Unlike traditional RNNs, which may suffer from vanishing or exploding gradient problems in

long sequences, stacked RNNs mitigate these issues by employing multiple layers of recurrent units. Each layer

captures different levels of temporal dependencies in sequential data, enabling more sophisticated modeling of

complex temporal patterns. Stacking these layers allows for hierarchical abstraction of information, facilitating

more effective learning and representation of sequential data. This architecture is particularly useful for tasks

such as time series prediction, natural language processing, and speech recognition, where capturing long-term

dependencies is crucial.
 MODULE DESCRIPTIONS

 Input Data

 Data preprocessing

 Model Training

 Evaluation

 Attack Detection
INPUT DATA:
The input data for the proposed approach consists of network traffic patterns and system logs captured
from the cyber-physical infrastructure. These data encompass a wide array of network activities, including but
not limited to packet transmission, device interactions, and system resource utilization.Each data point is
represented by a combination of features such as source and destination IP addresses, port numbers, protocol
types, timestamps, and packet payloads. Additionally, system logs provide insights into system events,
anomalies, and user activities. The dataset is annotated to indicate the presence or absence of cyber attacks,
facilitating supervised learning. Data preprocessing techniques are applied to clean, normalize, and transform
the raw input data into a format suitable for model training and evaluation.
DATA PREPROCESSING:
Prior to model training, raw data undergoes preprocessing involving cleaning, normalization, and
feature extraction. Unique Discriminant Features (UDFs) are extracted to reduce dimensionality, enhancing
model efficiency. Missing values are handled through imputation techniques. Data balancing techniques are
applied to mitigate class imbalance. Finally, data is partitioned into training, validation, and testing sets for
model evaluation and performance analysis using metrics such as accuracy, precision, recall, and F1 score.

MODEL TRAINING:
The proposed approach employs an optimized stacked recurrent neural network model combined with a
meta-heuristic model to regulate network pattern flow. Unique discriminant feature extraction technique (UDF)
reduces dimensionality. Training involves iterative optimization of model parameters using labeled data,
ensuring effective cyber attack detection in physical cyber infrastructure.
EVALUATION:
It utilizes an optimized stacked recurrent neural network model alongside a meta-heuristic model to
regulate network flow patterns for cyber attack detection in cyber physical systems. Evaluation includes
assessing accuracy, precision, recall, and F1 score metrics to gauge system performance, with implementation
conducted using MATLAB for classification of massive attacks.

ATTACK DETECTION:
Utilizing optimized stacked recurrent neural networks and meta-heuristic models, this approach
manages network flow patterns for cyber attack detection. Unique discriminant feature extraction reduces
dimensionality. Performance evaluation includes accuracy, precision, recall, and F1 score. Implementation in
MATLAB facilitates classification of massive attacks in cyber physical systems.
 RESULT AND DISCUSSION
The proposed approach demonstrates promising results in cyber attack detection
within cyber physical systems. By integrating a stacked recurrent neural network with meta-
heuristic adjustment, the system effectively captures intricate network patterns, enhancing
detection accuracy. UDF facilitates efficient dimensionality reduction, improving
computational efficiency. Implementation using MATLAB showcases the feasibility of real-
world application, validating the approach's effectiveness in bolstering cyber security
measures.
 SCREENSHOTS
TRAINING ACCURACY
 SCREENSHOTS
ATTACK CLASS
 SCREENSHOTS
OUTPUT IN SHELL
 REFERENCES
 I. Dutt, S. Borah and I. K. Maitra, "Immune System Based Intrusion Detection
System (IS-IDS): A Proposed Model," in IEEE Access, vol. 8, pp. 34929-34941,
2020, doi: 10.1109/ACCESS.2020.2973608.

 Y. Sun, L. Hou, Z. Lv and D. Peng, "Informer-Based Intrusion Detection Method

for Network Attack of Integrated Energy System," in IEEE Journal of Radio
Frequency Identification, vol. 6, pp. 748-752, 2022, doi:
10.1109/JRFID.2022.3215599.

 J. Wu, Y. Wang, H. Dai, C. Xu and K. B. Kent, "Adaptive Bi-Recommendation

and Self-Improving Network for Heterogeneous Domain Adaptation-Assisted IoT
Intrusion Detection," in IEEE Internet of Things Journal, vol. 10, no. 15, pp.
13205-13220, 1 Aug.1, 2023, doi: 10.1109/JIOT.2023.3262458.
 REFERENCES
 R. Bitton and A. Shabtai, "A Machine Learning-Based Intrusion Detection System for
Securing Remote Desktop Connections to Electronic Flight Bag Servers," in IEEE
Transactions on Dependable and Secure Computing, vol. 18, no. 3, pp. 1164-1181, 1 May-
June 2021, doi: 10.1109/TDSC.2019.2914035.

 M. Zhou, Y. Li, L. Xie and W. Nie, "Maximum Mean Discrepancy Minimization Based
Transfer Learning for Indoor WLAN Personnel Intrusion Detection," in IEEE Sensors
Letters, vol. 3, no. 8, pp. 1-4, Aug. 2019, Art no. 7500804, doi:
10.1109/LSENS.2019.2932099.

 B. Gao, B. Bu, W. Zhang and X. Li, "An Intrusion Detection Method Based on Machine
Learning and State Observer for Train-Ground Communication Systems," in IEEE
Transactions on Intelligent Transportation Systems, vol. 23, no. 7, pp. 6608-6620, July 2022,
doi: 10.1109/TITS.2021.3058553.
THANK YOU