CL2ES-KDBC:A Novel Covariance Embedded Selection Based on Kernel Distributed Bayes Classifier for Detection of Cyber-Attacks in IoT Systems

The Internet of Things(IoT)is a growing technology that allows the sharing of data with other devices across wireless networks.Specifically,IoT systems are vulnerable to cyberattacks due to its opennes The proposed work intends to implement a new security framework for detecting the most specific and harmful intrusions in IoT networks.In this framework,a Covariance Linear Learning Embedding Selection(CL2ES)methodology is used at first to extract the features highly associated with the IoT intrusions.Then,the Kernel Distributed Bayes Classifier(KDBC)is created to forecast attacks based on the probability distribution value precisely.In addition,a unique Mongolian Gazellas Optimization(MGO)algorithm is used to optimize the weight value for the learning of the classifier.The effectiveness of the proposed CL2ES-KDBC framework has been assessed using several IoT cyber-attack datasets,The obtained results are then compared with current classification methods regarding accuracy(97%),precision(96.5%),and other factors.Computational analysis of the CL2ES-KDBC system on IoT intrusion datasets is performed,which provides valuable insight into its performance,efficiency,and suitability for securing IoT networks.

Unknown DDoS Attack Detection with Fuzzy C-Means Clustering and Spatial Location Constraint Prototype Loss

Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.

A New Hybrid Approach Using GWO and MFO Algorithms to Detect Network Attack

This paper addresses the urgent need to detect network security attacks,which have increased significantly in recent years,with high accuracy and avoid the adverse effects of these attacks.The intrusion detection system should respond seamlessly to attack patterns and approaches.The use of metaheuristic algorithms in attack detection can produce near-optimal solutions with low computational costs.To achieve better performance of these algorithms and further improve the results,hybridization of algorithms can be used,which leads to more successful results.Nowadays,many studies are conducted on this topic.In this study,a new hybrid approach using Gray Wolf Optimizer(GWO)and Moth-Flame Optimization(MFO)algorithms was developed and applied to widely used data sets such as NSL-KDD,UNSW-NB15,and CIC IDS 2017,as well as various benchmark functions.The ease of hybridization of the GWO algorithm,its simplicity,its ability to perform global optimal search,and the success of the MFO algorithm in obtaining the best solution suggested that an effective solution would be obtained by combining these two algorithms.For these reasons,the developed hybrid algorithm aims to achieve better results by using the good aspects of both the GWO algorithm and the MFO algorithm.In reviewing the results,it was found that a high level of success was achieved in the benchmark functions.It achieved better results in 12 of the 13 benchmark functions compared.In addition,the success rates obtained according to the evaluation criteria in the different data sets are also remarkable.Comparing the 97.4%,98.3%,and 99.2% classification accuracy results obtained in the NSL-KDD,UNSW-NB15,and CIC IDS 2017 data sets with the studies in the literature,they seem to be quite successful.

An Erebus Attack Detection Method Oriented to Blockchain Network Layer

Recently,the Erebus attack has proved to be a security threat to the blockchain network layer,and the existing research has faced challenges in detecting the Erebus attack on the blockchain network layer.The cloud-based active defense and one-sidedness detection strategies are the hindrances in detecting Erebus attacks.This study designs a detection approach by establishing a ReliefF_WMRmR-based two-stage feature selection algorithm and a deep learning-based multimodal classification detection model for Erebus attacks and responding to security threats to the blockchain network layer.The goal is to improve the performance of Erebus attack detection methods,by combining the traffic behavior with the routing status based on multimodal deep feature learning.The traffic behavior and routing status were first defined and used to describe the attack characteristics at diverse stages of s leak monitoring,hidden traffic overlay,and transaction identity forgery.The goal is to clarify how an Erebus attack affects the routing transfer and traffic state on the blockchain network layer.Consequently,detecting objects is expected to become more relevant and sensitive.A two-stage feature selection algorithm was designed based on ReliefF and weighted maximum relevance minimum redundancy(ReliefF_WMRmR)to alleviate the overfitting of the training model caused by redundant information and noise in multiple source features of the routing status and traffic behavior.The ReliefF algorithm was introduced to select strong correlations and highly informative features of the labeled data.According to WMRmR,a feature selection framework was defined to eliminate weakly correlated features,eliminate redundant information,and reduce the detection overhead of the model.A multimodal deep learning model was constructed based on the multilayer perceptron(MLP)to settle the high false alarm rates incurred by multisource data.Using this model,isolated inputs and deep learning were conducted on the selected routing status and traffic behavior.Redundant intermodal information was removed because of the complementarity of the multimodal network,which was followed by feature fusion and output feature representation to boost classification detection precision.The experimental results demonstrate that the proposed method can detect features,such as traffic data,at key link nodes and route messages in a real blockchain network environment.Additionally,the model can detect Erebus attacks effectively.This study provides novelty to the existing Erebus attack detection by increasing the accuracy detection by 1.05%,the recall rate by 2.01%,and the F1-score by 2.43%.

A Novel Framework for DDoS Attacks Detection Using Hybrid LSTM Techniques

The recent development of cloud computing offers various services on demand for organization and individual users,such as storage,shared computing space,networking,etc.Although Cloud Computing provides various advantages for users,it remains vulnerable to many types of attacks that attract cyber criminals.Distributed Denial of Service(DDoS)is the most common type of attack on cloud computing.Consequently,Cloud computing professionals and security experts have focused on the growth of preventive processes towards DDoS attacks.Since DDoS attacks have become increasingly widespread,it becomes difficult for some DDoS attack methods based on individual network flow features to distinguish various types of DDoS attacks.Further,the monitoring pattern of traffic changes and accurate detection of DDoS attacks are most important and urgent.In this research work,DDoS attack detection methods based on deep belief network feature extraction and Hybrid Long Short-Term Memory(LSTM)model have been proposed with NSL-KDD dataset.In Hybrid LSTM method,the Particle Swarm Optimization(PSO)technique,which is combined to optimize the weights of the LSTM neural network,reduces the prediction error.This deep belief network method is used to extract the features of IP packets,and it identifies DDoS attacks based on PSO-LSTM model.Moreover,it accurately predicts normal network traffic and detects anomalies resulting from DDoS attacks.The proposed PSO-LSTM architecture outperforms the classification techniques including standard Support Vector Machine(SVM)and LSTM in terms of attack detection performance along with the results of the measurement of accuracy,recall,f-measure,precision.

Enhancing Healthcare Data Security and Disease Detection Using Crossover-Based Multilayer Perceptron in Smart Healthcare Systems

The healthcare data requires accurate disease detection analysis,real-timemonitoring,and advancements to ensure proper treatment for patients.Consequently,Machine Learning methods are widely utilized in Smart Healthcare Systems(SHS)to extract valuable features fromheterogeneous and high-dimensional healthcare data for predicting various diseases and monitoring patient activities.These methods are employed across different domains that are susceptible to adversarial attacks,necessitating careful consideration.Hence,this paper proposes a crossover-based Multilayer Perceptron(CMLP)model.The collected samples are pre-processed and fed into the crossover-based multilayer perceptron neural network to detect adversarial attacks on themedical records of patients.Once an attack is detected,healthcare professionals are promptly alerted to prevent data leakage.The paper utilizes two datasets,namely the synthetic dataset and the University of Queensland Vital Signs(UQVS)dataset,from which numerous samples are collected.Experimental results are conducted to evaluate the performance of the proposed CMLP model,utilizing various performancemeasures such as Recall,Precision,Accuracy,and F1-score to predict patient activities.Comparing the proposed method with existing approaches,it achieves the highest accuracy,precision,recall,and F1-score.Specifically,the proposedmethod achieves a precision of 93%,an accuracy of 97%,an F1-score of 92%,and a recall of 92%.

Posture Detection of Heart Disease Using Multi-Head Attention Vision Hybrid(MHAVH)Model

Cardiovascular disease is the leading cause of death globally.This disease causes loss of heart muscles and is also responsible for the death of heart cells,sometimes damaging their functionality.A person’s life may depend on receiving timely assistance as soon as possible.Thus,minimizing the death ratio can be achieved by early detection of heart attack(HA)symptoms.In the United States alone,an estimated 610,000 people die fromheart attacks each year,accounting for one in every four fatalities.However,by identifying and reporting heart attack symptoms early on,it is possible to reduce damage and save many lives significantly.Our objective is to devise an algorithm aimed at helping individuals,particularly elderly individuals living independently,to safeguard their lives.To address these challenges,we employ deep learning techniques.We have utilized a vision transformer(ViT)to address this problem.However,it has a significant overhead cost due to its memory consumption and computational complexity because of scaling dot-product attention.Also,since transformer performance typically relies on large-scale or adequate data,adapting ViT for smaller datasets is more challenging.In response,we propose a three-in-one steam model,theMulti-Head Attention Vision Hybrid(MHAVH).Thismodel integrates a real-time posture recognition framework to identify chest pain postures indicative of heart attacks using transfer learning techniques,such as ResNet-50 and VGG-16,renowned for their robust feature extraction capabilities.By incorporatingmultiple heads into the vision transformer to generate additional metrics and enhance heart-detection capabilities,we leverage a 2019 posture-based dataset comprising RGB images,a novel creation by the author that marks the first dataset tailored for posture-based heart attack detection.Given the limited online data availability,we segmented this dataset into gender categories(male and female)and conducted testing on both segmented and original datasets.The training accuracy of our model reached an impressive 99.77%.Upon testing,the accuracy for male and female datasets was recorded at 92.87%and 75.47%,respectively.The combined dataset accuracy is 93.96%,showcasing a commendable performance overall.Our proposed approach demonstrates versatility in accommodating small and large datasets,offering promising prospects for real-world applications.

FEW-NNN: A Fuzzy Entropy Weighted Natural Nearest Neighbor Method for Flow-Based Network Traffic Attack Detection

Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.

TDOA-based Sybil attack detection scheme for wireless sensor networks

As wireless sensor networks （WSN） are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node with multiple non-existent identities （ID） will cause harmful effects on decision-making or resource allocation in these applications. In this paper, we present an efficient and lightweight solution for Sybil attack detection based on the time difference of arrival （TDOA） between the source node and beacon nodes. This solution can detect the existence of Sybil attacks, and locate the Sybil nodes. We demonstrate efficiency of the solution through experiments. The experiments show that this solution can detect all Sybil attack cases without missing.

Anti-D Chain:A Lightweight DDoS Attack Detection Scheme Based on Heterogeneous Ensemble Learning in Blockchain

With rapid development of blockchain technology,blockchain and its security theory research and practical application have become crucial.At present,a new DDoS attack has arisen,and it is the DDoS attack in blockchain network.The attack is harmful for blockchain technology and many application scenarios.However,the traditional and existing DDoS attack detection and defense means mainly come from the centralized tactics and solution.Aiming at the above problem,the paper proposes the virtual reality parallel anti-DDoS chain design philosophy and distributed anti-D Chain detection framework based on hybrid ensemble learning.Here,Ada Boost and Random Forest are used as our ensemble learning strategy,and some different lightweight classifiers are integrated into the same ensemble learning algorithm,such as CART and ID3.Our detection framework in blockchain scene has much stronger generalization performance,universality and complementarity to identify accurately the onslaught features for DDoS attack in P2P network.Extensive experimental results confirm that our distributed heterogeneous anti-D chain detection method has better performance in six important indicators(such as Precision,Recall,F-Score,True Positive Rate,False Positive Rate,and ROC curve).

An Efficient Impersonation Attack Detection Method in Fog Computing

Fog computing paradigm extends computing,communication,storage,and network resources to the network’s edge.As the fog layer is located between cloud and end-users,it can provide more convenience and timely services to end-users.However,in fog computing(FC),attackers can behave as real fog nodes or end-users to provide malicious services in the network.The attacker acts as an impersonator to impersonate other legitimate users.Therefore,in this work,we present a detection technique to secure the FC environment.First,we model a physical layer key generation based on wireless channel characteristics.To generate the secret keys between the legitimate users and avoid impersonators,we then consider a Double Sarsa technique to identify the impersonators at the receiver end.We compare our proposed Double Sarsa technique with the other two methods to validate our work,i.e.,Sarsa and Q-learning.The simulation results demonstrate that the method based on Double Sarsa outperforms Sarsa and Q-learning approaches in terms of false alarm rate(FAR),miss detection rate(MDR),and average error rate(AER).

An Optimal Hybrid Learning Approach for Attack Detection in Linear Networked Control Systems

A novel learning-based attack detection and estimation scheme is proposed for linear networked control systems(NCS),wherein the attacks on the communication network in the feedback loop are expected to increase network induced delays and packet losses,thus changing the physical system dynamics.First,the network traffic flow is modeled as a linear system with uncertain state matrix and an optimal Q-learning based control scheme over finite-horizon is utilized to stabilize the flow.Next,an adaptive observer is proposed to generate the detection residual,which is subsequently used to determine the onset of an attack when it exceeds a predefined threshold,followed by an estimation scheme for the signal injected by the attacker.A stochastic linear system after incorporating network-induced random delays and packet losses is considered as the uncertain physical system dynamics.The attack detection scheme at the physical system uses the magnitude of the state vector to detect attacks both on the sensor and the actuator.The maximum tolerable delay that the physical system can tolerate due to networked induced delays and packet losses is also derived.Simulations have been performed to demonstrate the effectiveness of the proposed schemes.

DDoS Attack Detection via Multi-Scale Convolutional Neural Network

Distributed Denial-of-Service(DDoS)has caused great damage to the network in the big data environment.Existing methods are characterized by low computational efficiency,high false alarm rate and high false alarm rate.In this paper,we propose a DDoS attack detection method based on network flow grayscale matrix feature via multi-scale convolutional neural network(CNN).According to the different characteristics of the attack flow and the normal flow in the IP protocol,the seven-tuple is defined to describe the network flow characteristics and converted into a grayscale feature by binary.Based on the network flow grayscale matrix feature(GMF),the convolution kernel of different spatial scales is used to improve the accuracy of feature segmentation,global features and local features of the network flow are extracted.A DDoS attack classifier based on multi-scale convolution neural network is constructed.Experiments show that compared with correlation methods,this method can improve the robustness of the classifier,reduce the false alarm rate and the missing alarm rate.

Anomaly Detection Based on Data-Mining for Routing Attacks in Wireless Sensor Networks

With the increasing deployment of wireless sensordevices and networks,security becomes a criticalchallenge for sensor networks.In this paper,a schemeusing data mining is proposed for routing anomalydetection in wireless sensor networks.The schemeuses the Apriori algorithm to extract traffic patternsfrom both routing table and network traffic packetsand subsequently the K-means cluster algorithmadaptively generates a detection model.Through thecombination of these two algorithms,routing attackscan be detected effectively and automatically.Themain advantage of the proposed approach is that it isable to detect new attacks that have not previouslybeen seen.Moreover,the proposed detection schemeis based on no priori knowledge and then can beapplied to a wide range of different sensor networksfor a variety of routing attacks.

RP-NBSR: A Novel Network Attack Detection Model Based on Machine Learning

The rapid progress of the Internet has exposed networks to an increasednumber of threats. Intrusion detection technology can effectively protect networksecurity against malicious attacks. In this paper, we propose a ReliefF-P-NaiveBayes and softmax regression (RP-NBSR) model based on machine learningfor network attack detection to improve the false detection rate and F1 score ofunknown intrusion behavior. In the proposed model, the Pearson correlation coef-ficient is introduced to compensate for deficiencies in correlation analysis betweenfeatures by the ReliefF feature selection algorithm, and a ReliefF-Pearson correlation coefficient (ReliefF-P) algorithm is proposed. Then, the Relief-P algorithm isused to preprocess the UNSW-NB15 dataset to remove irrelevant features andobtain a new feature subset. Finally, naïve Bayes and softmax regression (NBSR)classifier is constructed by cascading the naïve Bayes classifier and softmaxregression classifier, and an attack detection model based on RP-NBSR is established. The experimental results on the UNSW-NB15 dataset show that the attackdetection model based on RP-NBSR has a lower false detection rate and higherF1 score than other detection models.

A Novel Shilling Attack Detection Model Based on Particle Filter and Gravitation

With the rapid development of e-commerce, the security issues of collaborative filtering recommender systems have been widely investigated. Malicious users can benefit from injecting a great quantities of fake profiles into recommender systems to manipulate recommendation results. As one of the most important attack methods in recommender systems, the shilling attack has been paid considerable attention, especially to its model and the way to detect it. Among them, the loose version of Group Shilling Attack Generation Algorithm (GSAGenl) has outstanding performance. It can be immune to some PCC (Pearson Correlation Coefficient)-based detectors due to the nature of anti-Pearson correlation. In order to overcome the vulnerabilities caused by GSAGenl, a gravitation-based detection model (GBDM) is presented, integrated with a sophisticated gravitational detector and a decider. And meanwhile two new basic attributes and a particle filter algorithm are used for tracking prediction. And then, whether an attack occurs can be judged according to the law of universal gravitation in decision-making. The detection performances of GBDM, HHT-SVM, UnRAP, AP-UnRAP Semi-SAD,SVM-TIA and PCA-P are compared and evaluated. And simulation results show the effectiveness and availability of GBDM.

Dynamic Threshold-Based Approach to Detect Low-Rate DDoS Attacks on Software-Defined Networking Controller

The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.

DDoS Attack Detection Scheme Based on Entropy and PSO-BP Neural Network in SDN

SDN (Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a difficult point and focus of SDN security research. Based on the characteristics of SDN, a DDoS attack detection method combining generalized entropy and PSOBP neural network is proposed. The traffic is pre-detected by the generalized entropy method deployed on the switch, and the detection result is divided into normal and abnormal. Locate the switch that issued the abnormal alarm. The controller uses the PSO-BP neural network to detect whether a DDoS attack occurs by further extracting the flow features of the abnormal switch. Experiments show that compared with other methods, the detection accurate rate is guaranteed while the CPU load of the controller is reduced, and the detection capability is better.

An Ensemble Detection Method for Shilling Attacks Based on Features of Automatic Extraction

Faced with the evolving attacks in recommender systems, many detection features have been proposed by human engineering and used in supervised or unsupervised detection methods. However, the detection features extracted by human engineering are usually aimed at some specific types of attacks. To further detect other new types of attacks, the traditional methods have to re-extract detection features with high knowledge cost. To address these limitations, the method for automatic extraction of robust features is proposed and then an Adaboost-based detection method is presented. Firstly, to obtain robust representation with prior knowledge, unlike uniform corruption rate in traditional mLDA(marginalized Linear Denoising Autoencoder), different corruption rates for items are calculated according to the ratings’ distribution. Secondly, the ratings sparsity is used to weight the mapping matrix to extract low-dimensional representation. Moreover, the uniform corruption rate is also set to the next layer in mSLDA(marginalized Stacked Linear Denoising Autoencoder) to extract the stable and robust user features. Finally, under the robust feature space, an Adaboost-based detection method is proposed to alleviate the imbalanced classification problem. Experimental results on the Netflix and Amazon review datasets indicate that the proposed method can effectively detect various attacks.

SIMAD:Secure Intelligent Method for IoT-Fog Environments Attacks Detection

The Internet of Thing IoT paradigm has emerged in numerous domains and it has achieved an exponential progress.Nevertheless,alongside this advancement,IoT networks are facing an ever-increasing rate of security risks because of the continuous and rapid changes in network environments.In order to overcome these security challenges,the fog system has delivered a powerful environment that provides additional resources for a more improved data security.However,because of the emerging of various breaches,several attacks are ceaselessly emerging in IoT and Fog environment.Consequently,the new emerging applications in IoT-Fog environment still require novel,distributed,and intelligent security models,controls,and decisions.In addition,the ever-evolving hacking techniques and methods and the expanded risks surfaces have demonstrated the importance of attacks detection systems.This proves that even advanced solutions face difficulties in discovering and recognizing these small variations of attacks.In fact,to address the above problems,Artificial Intelligence(AI)methods could be applied on the millions of terabytes of collected information to enhance and optimize the processes of IoT and fog systems.In this respect,this research is designed to adopt a new security scheme supported by an advanced machine learning algorithm to ensure an intelligent distributed attacks detection and a monitoring process that detects malicious attacks and updates threats signature databases in IoTFog environments.We evaluated the performance of our distributed approach with the application of certain machine learningmechanisms.The experiments show that the proposed scheme,applied with the Random Forest(RF)is more efficient and provides better accuracy(99.50%),better scalability,and lower false alert rates.In this regard,the distribution character of our method brings about faster detection and better learning.