A ranked filter-based three-way clustering strategy for intrusion detection in highly secure IoT networks

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-07-03 DOI:10.1016/j.compeleceng.2025.110514

Fazal Wahab , Shengjun Ma , Xuze Liu , Yuhai Zhao , Anwar Shah , Bahar Ali

{"title":"A ranked filter-based three-way clustering strategy for intrusion detection in highly secure IoT networks","authors":"Fazal Wahab , Shengjun Ma , Xuze Liu , Yuhai Zhao , Anwar Shah , Bahar Ali","doi":"10.1016/j.compeleceng.2025.110514","DOIUrl":null,"url":null,"abstract":"<div><div>The primary issue with the current intrusion detection systems (IDS) for IoT networks is that they are based on two-way decisions, meaning that a decision must be taken regardless of the quality of the information available. This can result in inaccurate classification decisions when there is insufficient and incomplete information. Misclassifying objects can have serious consequences, especially in security-sensitive systems. Moreover, many of these approaches fail to deliver transparent and understandable results from the model, making it difficult to interpret how decisions are being made. To address these limitations, this article proposes a novel ranked filter-based three-way clustering (RF3WC) strategy for intrusion detection, which involves making decisions about acceptance, rejection, or deferment. The inclusion of the deferred decision option allows for the deferment of a specific decision in cases when sufficient information is lacking. Based on a three-way decision, this approach divides the data into three regions: malicious, non-malicious, and suspicious. The inclusion of the suspicious region can make the IDS extremely secure, more reliable, and quite confident and can significantly reduce false alerts. In addition, we employed the eXplainable Artificial Intelligence (XAI) technique to facilitate a more transparent understanding of the model’s output. Results obtained from extensive experiments using four cutting-edge datasets demonstrate that the proposed RF3WC model enhances detection accuracy and minimizes misclassification.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"127 ","pages":"Article 110514"},"PeriodicalIF":4.0000,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625004574","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The primary issue with the current intrusion detection systems (IDS) for IoT networks is that they are based on two-way decisions, meaning that a decision must be taken regardless of the quality of the information available. This can result in inaccurate classification decisions when there is insufficient and incomplete information. Misclassifying objects can have serious consequences, especially in security-sensitive systems. Moreover, many of these approaches fail to deliver transparent and understandable results from the model, making it difficult to interpret how decisions are being made. To address these limitations, this article proposes a novel ranked filter-based three-way clustering (RF3WC) strategy for intrusion detection, which involves making decisions about acceptance, rejection, or deferment. The inclusion of the deferred decision option allows for the deferment of a specific decision in cases when sufficient information is lacking. Based on a three-way decision, this approach divides the data into three regions: malicious, non-malicious, and suspicious. The inclusion of the suspicious region can make the IDS extremely secure, more reliable, and quite confident and can significantly reduce false alerts. In addition, we employed the eXplainable Artificial Intelligence (XAI) technique to facilitate a more transparent understanding of the model’s output. Results obtained from extensive experiments using four cutting-edge datasets demonstrate that the proposed RF3WC model enhances detection accuracy and minimizes misclassification.

查看原文本刊更多论文

高度安全物联网网络中基于分级过滤器的三向聚类入侵检测策略

目前用于物联网网络的入侵检测系统（IDS）的主要问题是它们基于双向决策，这意味着无论可用信息的质量如何，都必须做出决策。当信息不充分和不完整时，这可能导致不准确的分类决策。对对象进行错误分类可能会产生严重的后果，特别是在安全敏感系统中。此外，这些方法中的许多都不能从模型中提供透明和可理解的结果，使得很难解释决策是如何做出的。为了解决这些限制，本文提出了一种新的基于分级过滤器的三向聚类（RF3WC）入侵检测策略，该策略涉及对接受、拒绝或延迟做出决策。包含延迟决策选项允许在缺乏足够信息的情况下延迟特定决策。基于三向决策，该方法将数据分为三个区域：恶意、非恶意和可疑。包含可疑区域可以使IDS非常安全、更可靠、更自信，并且可以显著减少错误警报。此外，我们采用了可解释人工智能（eXplainable Artificial Intelligence， XAI）技术来促进对模型输出的更透明的理解。使用四个前沿数据集进行的大量实验结果表明，所提出的RF3WC模型提高了检测精度，并最大限度地减少了误分类。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.