Tong Wu, Dawei Zhou, Qingyu Ou^*, Fang Luo

CMC-Computers, Materials & Continua, Vol.86, No.3, 2026, DOI:10.32604/cmc.2025.073482 - 12 January 2026

Abstract The increasing interconnection of modern industrial control systems (ICSs) with the Internet has enhanced operational efficiency, but also made these systems more vulnerable to cyberattacks. This heightened exposure has driven a growing need for robust ICS security measures. Among the key defences, intrusion detection technology is critical in identifying threats to ICS networks. This paper provides an overview of the distinctive characteristics of ICS network security, highlighting standard attack methods. It then examines various intrusion detection methods, including those based on misuse detection, anomaly detection, machine learning, and specialised requirements. This paper concludes by exploring More >

Hanaa Nafea¹, Awais Qasim², Sana Abdul Sattar², Adeel Munawar³, Muhammad Nadeem Ali⁴, Byung-Seo Kim^4,*

CMC-Computers, Materials & Continua, Vol.86, No.3, 2026, DOI:10.32604/cmc.2025.072281 - 12 January 2026

Abstract The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats, making intrusion detection a critical aspect of ensuring their secure operation. Traditional intrusion detection systems have limitations in terms of centralized architecture, lack of transparency, and vulnerability to single points of failure. This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems. This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signature-based intrusion detection system. The introduced More >

Haohui Su¹, Xuan Zhang^1,*, Lvjun Zheng¹, Xiaojie Shen², Hua Liao¹

CMC-Computers, Materials & Continua, Vol.86, No.3, 2026, DOI:10.32604/cmc.2025.072093 - 12 January 2026

Abstract Distributed Denial-of-Service (DDoS) attacks pose severe threats to Industrial Control Networks (ICNs), where service disruption can cause significant economic losses and operational risks. Existing signature-based methods are ineffective against novel attacks, and traditional machine learning models struggle to capture the complex temporal dependencies and dynamic traffic patterns inherent in ICN environments. To address these challenges, this study proposes a deep feature-driven hybrid framework that integrates Transformer, BiLSTM, and KNN to achieve accurate and robust DDoS detection. The Transformer component extracts global temporal dependencies from network traffic flows, while BiLSTM captures fine-grained sequential dynamics. The learned… More >

Abeer Alnuaim^*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-33, 2026, DOI:10.32604/cmc.2025.069110 - 10 November 2025

Abstract The rapid digitalization of urban infrastructure has made smart cities increasingly vulnerable to sophisticated cyber threats. In the evolving landscape of cybersecurity, the efficacy of Intrusion Detection Systems (IDS) is increasingly measured by technical performance, operational usability, and adaptability. This study introduces and rigorously evaluates a Human-Computer Interaction (HCI)-Integrated IDS with the utilization of Convolutional Neural Network (CNN), CNN-Long Short Term Memory (LSTM), and Random Forest (RF) against both a Baseline Machine Learning (ML) and a Traditional IDS model, through an extensive experimental framework encompassing many performance metrics, including detection latency, accuracy, alert prioritization, classification… More >

Amjad Rehman^1,*, Tanzila Saba¹, Mona M. Jamjoom², Shaha Al-Otaibi³, Muhammad I. Khan¹

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-15, 2026, DOI:10.32604/cmc.2025.068958 - 10 November 2025

Abstract Modern intrusion detection systems (MIDS) face persistent challenges in coping with the rapid evolution of cyber threats, high-volume network traffic, and imbalanced datasets. Traditional models often lack the robustness and explainability required to detect novel and sophisticated attacks effectively. This study introduces an advanced, explainable machine learning framework for multi-class IDS using the KDD99 and IDS datasets, which reflects real-world network behavior through a blend of normal and diverse attack classes. The methodology begins with sophisticated data preprocessing, incorporating both RobustScaler and QuantileTransformer to address outliers and skewed feature distributions, ensuring standardized and model-ready inputs.… More >

Jaeho Shin¹, Jaekwang Kim^2,*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-26, 2026, DOI:10.32604/cmc.2025.068767 - 10 November 2025

Abstract Network attacks have become a critical issue in the internet security domain. Artificial intelligence technology-based detection methodologies have attracted attention; however, recent studies have struggled to adapt to changing attack patterns and complex network environments. In addition, it is difficult to explain the detection results logically using artificial intelligence. We propose a method for classifying network attacks using graph models to explain the detection results. First, we reconstruct the network packet data into a graphical structure. We then use a graph model to predict network attacks using edge classification. To explain the prediction results, we… More >

Misbah Anwer^1,*, Ghufran Ahmed¹, Maha Abdelhaq², Raed Alsaqour³, Shahid Hussain⁴, Adnan Akhunzada^5,*

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-15, 2026, DOI:10.32604/cmc.2025.068673 - 10 November 2025

Abstract The exponential growth of the Internet of Things (IoT) has introduced significant security challenges, with zero-day attacks emerging as one of the most critical and challenging threats. Traditional Machine Learning (ML) and Deep Learning (DL) techniques have demonstrated promising early detection capabilities. However, their effectiveness is limited when handling the vast volumes of IoT-generated data due to scalability constraints, high computational costs, and the costly time-intensive process of data labeling. To address these challenges, this study proposes a Federated Learning (FL) framework that leverages collaborative and hybrid supervised learning to enhance cyber threat detection in… More >

Wanwei Huang^1,*, Huicong Yu¹, Jiawei Ren², Kun Wang³, Yanbu Guo¹, Lifeng Jin⁴

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-24, 2026, DOI:10.32604/cmc.2025.068493 - 10 November 2025

Abstract Existing feature selection methods for intrusion detection systems in the Industrial Internet of Things often suffer from local optimality and high computational complexity. These challenges hinder traditional IDS from effectively extracting features while maintaining detection accuracy. This paper proposes an industrial Internet of Things intrusion detection feature selection algorithm based on an improved whale optimization algorithm (GSLDWOA). The aim is to address the problems that feature selection algorithms under high-dimensional data are prone to, such as local optimality, long detection time, and reduced accuracy. First, the initial population’s diversity is increased using the Gaussian Mutation More >

Zheng Zhang^1,2, Jie Hao², Liquan Chen^1,*, Tianhao Hou², Yanan Liu²

CMC-Computers, Materials & Continua, Vol.86, No.1, pp. 1-22, 2026, DOI:10.32604/cmc.2025.068372 - 10 November 2025

Abstract With the increasing severity of network security threats, Network Intrusion Detection (NID) has become a key technology to ensure network security. To address the problem of low detection rate of traditional intrusion detection models, this paper proposes a Dual-Attention model for NID, which combines Convolutional Neural Network (CNN) and Bidirectional Long Short-Term Memory (BiLSTM) to design two modules: the FocusConV and the TempoNet module. The FocusConV module, which automatically adjusts and weights CNN extracted local features, focuses on local features that are more important for intrusion detection. The TempoNet module focuses on global information, identifies… More >

Gan Zhu¹, Yongtao Yu^2,*, Xiaofan Deng¹, Yuanchen Dai³, Zhenyuan Li³

CMES-Computer Modeling in Engineering & Sciences, Vol.145, No.3, pp. 4317-4348, 2025, DOI:10.32604/cmes.2025.074349 - 23 December 2025

Abstract Existing deep learning Network Intrusion Detection Systems (NIDS) struggle to simultaneously capture fine-grained, multi-scale features and long-range temporal dependencies. To address this gap, this paper introduces TransNeSt, a hybrid architecture integrating a ResNeSt block (using split-attention for multi-scale feature representation) with a Transformer encoder (using self-attention for global temporal modeling). This integration of multi-scale and temporal attention was validated on four benchmarks: NSL-KDD, UNSW-NB15, CIC-IDS2017, and CICIOT2023. TransNeSt consistently outperformed its individual components and several state-of-the-art models, demonstrating significant quantitative gains. The model achieved high efficacy across all datasets, with F1-Scores of 99.04% (NSL-KDD), 91.92% More >