Anandkumar Balasubramaniam, Seung Yeob Nam^*

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.077582 - 09 April 2026

Abstract The increasing connectivity of modern vehicles exposes the in-vehicle controller area network (CAN) bus to various cyberattacks, including denial-of-service, fuzzy injection, and spoofing attacks. Existing machine learning and deep learning intrusion detection systems (IDS) often rely on labeled data, struggle with class imbalance, lack interpretability, and fail to generalize well across different datasets. This paper proposes a lightweight and interpretable IDS framework based on non-negative matrix factorization (NMF) to address these limitations. Our contributions include: (i) evaluating NMF as both a standalone unsupervised detector and an interpretable feature extractor (NMF-W) for classical, unsupervised, and deep… More >

Lan Xiong, Liang Wan^*, Jingxia Ren

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.076986 - 09 April 2026

Abstract The semantic complexity of large-scale malicious payloads in modern network traffic severely limits the robustness and generalization of existing Intrusion Detection Systems (IDS). This limitation presents a major challenge to network security. This paper proposes a dual-branch intrusion detection method called CPS-IDS. This method fuses deep semantic features with statistical features. The first branch uses the DeBERTav2 module. It performs deep semantic modeling on the session payload. This branch also incorporates a Time Encoder. The Time Encoder models the temporal behavior of the packet arrival interval time series. A Cross-Attention mechanism achieves the joint modeling… More >

Chung-Wei Kuo^1,2,*, Cheng-Xuan Wu¹

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.076767 - 09 April 2026

Abstract The rapid proliferation of the Internet of Things (IoT) has not only reshaped the digital ecosystem but also significantly widened the attack surface, leading to a surge in network traffic and diverse security threats. Deploying effective defense mechanisms in such environments is challenging, as conventional Intrusion Detection Systems (IDS) often struggle to balance computational efficiency with the reliable detection of low-frequency, high-impact threats, particularly within the tight resource constraints of edge devices. To address these limitations, we propose a lightweight, high-efficiency IDS framework specifically optimized for edge-based IoT applications, incorporating Mutual Information (MI)-based feature selection… More >

Malik Al-Essa^1,*, Mohammad Qatawneh^2,1, Ahmad Sami Al-Shamayleh³, Orieb Abualghanam¹, Wesam Almobaideen^4,1

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.076608 - 09 April 2026

Abstract Machine Learning (ML) intrusion detection systems (IDS) are vulnerable to manipulations: small, protocol-valid manipulations can push samples across brittle decision boundaries. We study two complementary remedies that reshape the learner in distinct ways. Adversarial Training (AT) exposes the model to worst-case, in-threat perturbations during learning to thicken local margins; Counterfactual Augmentation (CF-Aug) adds near-boundary exemplars that are explicitly constrained to be feasible, causally consistent, and operationally meaningful for defenders. The main goal of this work is to investigate and compare how AT and CF-Aug can reshape the decision surface of the IDS. eXplainable Artificial Intelligence More >

Abdulaziz A. Alsulami^1,*, Badraddin Alturki², Ahmad J. Tayeb², Rayan A. Alsemmeari², Raed Alsini¹

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.076413 - 09 April 2026

Abstract Intrusion Detection Systems (IDS) play a critical role in protecting networked environments from cyberattacks. They have become increasingly important in smart environments such as the Internet of Things (IoT) systems. However, IDS for IoT networks face critical challenges due to hardware constraints, including limited computational resources and storage capacity, which lead to high feature dimensionality, prediction uncertainty, and increased processing cost. These factors make many conventional detection approaches unsuitable for real-time IoT deployment. To address these challenges, this paper proposes an adaptive intrusion detection framework that intelligently balances detection accuracy and computational efficiency. The proposed… More >

Sarmad Dheyaa Azeez¹, Muhammad Ilyas^2,*, Saadaldeen Rashid Ahmed^3,4

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.074930 - 09 April 2026

Abstract The rapid evolution of 5G-enabled Software Defined Networks (SDNs) has transformed modern communication systems by enabling ultra-low latency, massive connectivity, and high throughput. However, the increased complexity of traffic flows and the rise of sophisticated cyber-attacks such as Distributed Denial of Service (DDoS), Botnets, Fake Base Stations, and Zero-Day exploits have made intrusion detection a critical challenge. Traditional Intrusion Detection System (IDS) approaches often suffer from poor gen-eralization, high false positives, and lack of interpretability, making them unsuitable for dynamic 5G environments. This paper presents a novel Graph Neural Network (GNN) with Multi-Head Attention (MHA)… More >

Lixing Tan^1,2, Liusiyu Chen¹, Yang Wang¹, Zhenyu Song^1,*, Zenan Lu^1,3,*

CMC-Computers, Materials & Continua, Vol.87, No.2, 2026, DOI:10.32604/cmc.2026.075959 - 12 March 2026

Abstract Anomaly detection is a vibrant research direction in controller area networks, which provides the fundamental real-time data transmission underpinning in-vehicle data interaction for the internet of vehicles. However, existing unsupervised learning methods suffer from insufficient temporal and spatial constraints on shallow features, resulting in fragmented feature representations that compromise model stability and accuracy. To improve the extraction of valuable features, this paper investigates the influence of clustering constraints on shallow feature convergence paths at the model level and further proposes an end-to-end intrusion detection system based on efficient deep embedded subspace clustering (EDESC-IDS). Following the… More >

Faisal Albalwy^1,*, Muhannad Almohaimeed²

CMC-Computers, Materials & Continua, Vol.87, No.2, 2026, DOI:10.32604/cmc.2025.075098 - 12 March 2026

Abstract Intrusion detection in Internet of Things (IoT) environments presents challenges due to heterogeneous devices, diverse attack vectors, and highly imbalanced datasets. Existing research on the ToN-IoT dataset has largely emphasized binary classification and single-model pipelines, which often show strong performance but limited generalizability, probabilistic reliability, and operational interpretability. This study proposes a stacked ensemble deep learning framework that integrates random forest, extreme gradient boosting, and a deep neural network as base learners, with CatBoost as the meta-learner. On the ToN-IoT Linux process dataset, the model achieved near-perfect discrimination (macro area under the curve = 0.998),… More >

Wajdan Al Malwi¹, Fatima Asiri¹, Nazik Alturki², Noha Alnazzawi³, Dimitrios Kasimatis⁴, Nikolaos Pitropakis^5,*

CMC-Computers, Materials & Continua, Vol.87, No.2, 2026, DOI:10.32604/cmc.2026.074274 - 12 March 2026

Abstract The expansion of 5G-enabled Internet of Things (IoT) networks, while enabling transformative applications, significantly increases the attack surface and necessitates security solutions that extend beyond traditional intrusion detection. Existing intrusion detection systems (IDSs) mainly operate in an open-loop manner, excelling at classification but lacking the ability for autonomous, safety-aware remediation. This gap is particularly critical in 5G environments, where manual intervention is too slow and naive automation can lead to severe service disruptions. To address this issue, we propose a novel Self-Healing Intrusion Detection System (SH-IDS) framework that develops a closed-loop cyber defense mechanism. The… More >

Mohammad Alshinwan¹, Radwan M. Batyha^1,2, Walaa Alayed^3,*, Saad Said Alqahtany⁴, Suhaila Abuowaida⁵, Hamza A. Mashagba⁶, Azlan B. Abd Aziz^6,*, Samir Salem Al-Bawri⁷

CMC-Computers, Materials & Continua, Vol.87, No.2, 2026, DOI:10.32604/cmc.2026.072806 - 12 March 2026

Abstract Safeguarding modern networks from cyber intrusions has become increasingly challenging as attackers continually refine their evasion tactics. Although numerous machine-learning-based intrusion detection systems (IDS) have been developed, their effectiveness is often constrained by high dimensionality and redundant features that degrade both accuracy and efficiency. This study introduces a hybrid feature-selection framework that integrates the exploration capability of Prairie Dog Optimization (PDO) with the exploitation behavior of Ant Colony Optimization (ACO). The proposed PDO–ACO algorithm identifies a concise yet discriminative subset of features from the NSL-KDD dataset and evaluates them using a Support Vector Machine (SVM) More >