Anandkumar Balasubramaniam, Seung Yeob Nam^*

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.077582 - 09 April 2026

Abstract The increasing connectivity of modern vehicles exposes the in-vehicle controller area network (CAN) bus to various cyberattacks, including denial-of-service, fuzzy injection, and spoofing attacks. Existing machine learning and deep learning intrusion detection systems (IDS) often rely on labeled data, struggle with class imbalance, lack interpretability, and fail to generalize well across different datasets. This paper proposes a lightweight and interpretable IDS framework based on non-negative matrix factorization (NMF) to address these limitations. Our contributions include: (i) evaluating NMF as both a standalone unsupervised detector and an interpretable feature extractor (NMF-W) for classical, unsupervised, and deep… More >

Chung-Wei Kuo^1,2,*, Cheng-Xuan Wu¹

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.076767 - 09 April 2026

Abstract The rapid proliferation of the Internet of Things (IoT) has not only reshaped the digital ecosystem but also significantly widened the attack surface, leading to a surge in network traffic and diverse security threats. Deploying effective defense mechanisms in such environments is challenging, as conventional Intrusion Detection Systems (IDS) often struggle to balance computational efficiency with the reliable detection of low-frequency, high-impact threats, particularly within the tight resource constraints of edge devices. To address these limitations, we propose a lightweight, high-efficiency IDS framework specifically optimized for edge-based IoT applications, incorporating Mutual Information (MI)-based feature selection… More >

Malik Al-Essa^1,*, Mohammad Qatawneh^2,1, Ahmad Sami Al-Shamayleh³, Orieb Abualghanam¹, Wesam Almobaideen^4,1

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.076608 - 09 April 2026

Abstract Machine Learning (ML) intrusion detection systems (IDS) are vulnerable to manipulations: small, protocol-valid manipulations can push samples across brittle decision boundaries. We study two complementary remedies that reshape the learner in distinct ways. Adversarial Training (AT) exposes the model to worst-case, in-threat perturbations during learning to thicken local margins; Counterfactual Augmentation (CF-Aug) adds near-boundary exemplars that are explicitly constrained to be feasible, causally consistent, and operationally meaningful for defenders. The main goal of this work is to investigate and compare how AT and CF-Aug can reshape the decision surface of the IDS. eXplainable Artificial Intelligence More >

Sarmad Dheyaa Azeez¹, Muhammad Ilyas^2,*, Saadaldeen Rashid Ahmed^3,4

CMC-Computers, Materials & Continua, Vol.87, No.3, 2026, DOI:10.32604/cmc.2026.074930 - 09 April 2026

Abstract The rapid evolution of 5G-enabled Software Defined Networks (SDNs) has transformed modern communication systems by enabling ultra-low latency, massive connectivity, and high throughput. However, the increased complexity of traffic flows and the rise of sophisticated cyber-attacks such as Distributed Denial of Service (DDoS), Botnets, Fake Base Stations, and Zero-Day exploits have made intrusion detection a critical challenge. Traditional Intrusion Detection System (IDS) approaches often suffer from poor gen-eralization, high false positives, and lack of interpretability, making them unsuitable for dynamic 5G environments. This paper presents a novel Graph Neural Network (GNN) with Multi-Head Attention (MHA)… More >

Lixing Tan^1,2, Liusiyu Chen¹, Yang Wang¹, Zhenyu Song^1,*, Zenan Lu^1,3,*

CMC-Computers, Materials & Continua, Vol.87, No.2, 2026, DOI:10.32604/cmc.2026.075959 - 12 March 2026

Abstract Anomaly detection is a vibrant research direction in controller area networks, which provides the fundamental real-time data transmission underpinning in-vehicle data interaction for the internet of vehicles. However, existing unsupervised learning methods suffer from insufficient temporal and spatial constraints on shallow features, resulting in fragmented feature representations that compromise model stability and accuracy. To improve the extraction of valuable features, this paper investigates the influence of clustering constraints on shallow feature convergence paths at the model level and further proposes an end-to-end intrusion detection system based on efficient deep embedded subspace clustering (EDESC-IDS). Following the… More >

Mohammad Alshinwan¹, Radwan M. Batyha^1,2, Walaa Alayed^3,*, Saad Said Alqahtany⁴, Suhaila Abuowaida⁵, Hamza A. Mashagba⁶, Azlan B. Abd Aziz^6,*, Samir Salem Al-Bawri⁷

CMC-Computers, Materials & Continua, Vol.87, No.2, 2026, DOI:10.32604/cmc.2026.072806 - 12 March 2026

Abstract Safeguarding modern networks from cyber intrusions has become increasingly challenging as attackers continually refine their evasion tactics. Although numerous machine-learning-based intrusion detection systems (IDS) have been developed, their effectiveness is often constrained by high dimensionality and redundant features that degrade both accuracy and efficiency. This study introduces a hybrid feature-selection framework that integrates the exploration capability of Prairie Dog Optimization (PDO) with the exploitation behavior of Ant Colony Optimization (ACO). The proposed PDO–ACO algorithm identifies a concise yet discriminative subset of features from the NSL-KDD dataset and evaluates them using a Support Vector Machine (SVM) More >

Isam Bahaa Aldallal¹, Abdullahi Abdu Ibrahim^1,*, Saadaldeen Rashid Ahmed^2,3

CMC-Computers, Materials & Continua, Vol.87, No.1, 2026, DOI:10.32604/cmc.2025.075212 - 10 February 2026

Abstract The rapid growth of IoT networks necessitates efficient Intrusion Detection Systems (IDS) capable of addressing dynamic security threats under constrained resource environments. This paper proposes a hybrid IDS for IoT networks, integrating Support Vector Machine (SVM) and Genetic Algorithm (GA) for feature selection and parameter optimization. The GA reduces the feature set from 41 to 7, achieving a 30% reduction in overhead while maintaining an attack detection rate of 98.79%. Evaluated on the NSL-KDD dataset, the system demonstrates an accuracy of 97.36%, a recall of 98.42%, and an F1-score of 96.67%, with a low false More >

Noura Mohammed Alaskar¹, Muzammil Hussain², Saif Jasim Almheiri¹, Atta-ur-Rahman³, Adnan Khan^4,5,6, Khan M. Adnan^7,*

CMC-Computers, Materials & Continua, Vol.87, No.1, 2026, DOI:10.32604/cmc.2025.074041 - 10 February 2026

Abstract The increasing number of interconnected devices and the incorporation of smart technology into contemporary healthcare systems have significantly raised the attack surface of cyber threats. The early detection of threats is both necessary and complex, yet these interconnected healthcare settings generate enormous amounts of heterogeneous data. Traditional Intrusion Detection Systems (IDS), which are generally centralized and machine learning-based, often fail to address the rapidly changing nature of cyberattacks and are challenged by ethical concerns related to patient data privacy. Moreover, traditional AI-driven IDS usually face challenges in handling large-scale, heterogeneous healthcare data while ensuring data… More >

Qasem Abu Al-Haija^1,*, Shahad Al Tamimi²

CMC-Computers, Materials & Continua, Vol.87, No.1, 2026, DOI:10.32604/cmc.2025.073540 - 10 February 2026

Abstract Adversarial Reinforcement Learning (ARL) models for intelligent devices and Network Intrusion Detection Systems (NIDS) improve system resilience against sophisticated cyber-attacks. As a core component of ARL, Adversarial Training (AT) enables NIDS agents to discover and prevent new attack paths by exposing them to competing examples, thereby increasing detection accuracy, reducing False Positives (FPs), and enhancing network security. To develop robust decision-making capabilities for real-world network disruptions and hostile activity, NIDS agents are trained in adversarial scenarios to monitor the current state and notify management of any abnormal or malicious activity. The accuracy and timeliness of… More >

Kirubavathi Ganapathiyappan¹, Chahana Ravikumar¹, Raghul Alagunachimuthu Ranganayaki¹, Ayman Altameem², Ateeq Ur Rehman^3,*, Ahmad Almogren^4,*

CMC-Computers, Materials & Continua, Vol.87, No.1, 2026, DOI:10.32604/cmc.2025.072840 - 10 February 2026

Abstract Android smartphones have become an integral part of our daily lives, becoming targets for ransomware attacks. Such attacks encrypt user information and ask for payment to recover it. Conventional detection mechanisms, such as signature-based and heuristic techniques, often fail to detect new and polymorphic ransomware samples. To address this challenge, we employed various ensemble classifiers, such as Random Forest, Gradient Boosting, Bagging, and AutoML models. We aimed to showcase how AutoML can automate processes such as model selection, feature engineering, and hyperparameter optimization, to minimize manual effort while ensuring or enhancing performance compared to traditional… More >