IDS-INT:Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

A network intrusion detection system is critical for cyber security against llegitimate attacks.In terms of feature perspectives,network traffic may include a variety of elements such as attack reference,attack type,a subcategory of attack,host information,malicious scripts,etc.In terms of network perspectives,network traffic may contain an imbalanced number of harmful attacks when compared to normal traffic.It is challenging to identify a specific attack due to complex features and data imbalance issues.To address these issues,this paper proposes an Intrusion Detection System using transformer-based transfer learning for Imbalanced Network Traffic(IDS-INT).IDS-INT uses transformer-based transfer learning to learn feature interactions in both network feature representation and imbalanced data.First,detailed information about each type of attack is gathered from network interaction descriptions,which include network nodes,attack type,reference,host information,etc.Second,the transformer-based transfer learning approach is developed to learn detailed feature representation using their semantic anchors.Third,the Synthetic Minority Oversampling Technique(SMOTE)is implemented to balance abnormal traffic and detect minority attacks.Fourth,the Convolution Neural Network(CNN)model is designed to extract deep features from the balanced network traffic.Finally,the hybrid approach of the CNN-Long Short-Term Memory(CNN-LSTM)model is developed to detect different types of attacks from the deep features.Detailed experiments are conducted to test the proposed approach using three standard datasets,i.e.,UNsWNB15,CIC-IDS2017,and NSL-KDD.An explainable AI approach is implemented to interpret the proposed method and develop a trustable model.

Artificial Immune Detection for Network Intrusion Data Based on Quantitative Matching Method

Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods.This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method.The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements.Then,to improve the accuracy of similarity calculation,a quantitative matching method is proposed.The model uses mathematical methods to train and evolve immune elements,increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions.The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection,overcoming the disadvantages of traditional methods.The experiment results show that the proposed model can detect intrusions effectively.It has a detection rate of more than 99.6%on average and a false alarm rate of 0.0264%.It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance.

Feature extraction for machine learning-based intrusion detection in IoT networks

A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.

Anomaly-Based Intrusion DetectionModel Using Deep Learning for IoT Networks

The rapid growth of Internet of Things(IoT)devices has brought numerous benefits to the interconnected world.However,the ubiquitous nature of IoT networks exposes them to various security threats,including anomaly intrusion attacks.In addition,IoT devices generate a high volume of unstructured data.Traditional intrusion detection systems often struggle to cope with the unique characteristics of IoT networks,such as resource constraints and heterogeneous data sources.Given the unpredictable nature of network technologies and diverse intrusion methods,conventional machine-learning approaches seem to lack efficiency.Across numerous research domains,deep learning techniques have demonstrated their capability to precisely detect anomalies.This study designs and enhances a novel anomaly-based intrusion detection system(AIDS)for IoT networks.Firstly,a Sparse Autoencoder(SAE)is applied to reduce the high dimension and get a significant data representation by calculating the reconstructed error.Secondly,the Convolutional Neural Network(CNN)technique is employed to create a binary classification approach.The proposed SAE-CNN approach is validated using the Bot-IoT dataset.The proposed models exceed the performance of the existing deep learning approach in the literature with an accuracy of 99.9%,precision of 99.9%,recall of 100%,F1 of 99.9%,False Positive Rate(FPR)of 0.0003,and True Positive Rate(TPR)of 0.9992.In addition,alternative metrics,such as training and testing durations,indicated that SAE-CNN performs better.

CNN Channel Attention Intrusion Detection SystemUsing NSL-KDD Dataset

Intrusion detection systems(IDS)are essential in the field of cybersecurity because they protect networks from a wide range of online threats.The goal of this research is to meet the urgent need for small-footprint,highly-adaptable Network Intrusion Detection Systems(NIDS)that can identify anomalies.The NSL-KDD dataset is used in the study;it is a sizable collection comprising 43 variables with the label’s“attack”and“level.”It proposes a novel approach to intrusion detection based on the combination of channel attention and convolutional neural networks(CNN).Furthermore,this dataset makes it easier to conduct a thorough assessment of the suggested intrusion detection strategy.Furthermore,maintaining operating efficiency while improving detection accuracy is the primary goal of this work.Moreover,typical NIDS examines both risky and typical behavior using a variety of techniques.On the NSL-KDD dataset,our CNN-based approach achieves an astounding 99.728%accuracy rate when paired with channel attention.Compared to previous approaches such as ensemble learning,CNN,RBM(Boltzmann machine),ANN,hybrid auto-encoders with CNN,MCNN,and ANN,and adaptive algorithms,our solution significantly improves intrusion detection performance.Moreover,the results highlight the effectiveness of our suggested method in improving intrusion detection precision,signifying a noteworthy advancement in this field.Subsequent efforts will focus on strengthening and expanding our approach in order to counteract growing cyberthreats and adjust to changing network circumstances.

Intrusion Detection Model Using Chaotic MAP for Network Coding Enabled Mobile Small Cells

Wireless Network security management is difficult because of the ever-increasing number of wireless network malfunctions,vulnerabilities,and assaults.Complex security systems,such as Intrusion Detection Systems(IDS),are essential due to the limitations of simpler security measures,such as cryptography and firewalls.Due to their compact nature and low energy reserves,wireless networks present a significant challenge for security procedures.The features of small cells can cause threats to the network.Network Coding(NC)enabled small cells are vulnerable to various types of attacks.Avoiding attacks and performing secure“peer”to“peer”data transmission is a challenging task in small cells.Due to the low power and memory requirements of the proposed model,it is well suited to use with constrained small cells.An attacker cannot change the contents of data and generate a new Hashed Homomorphic Message Authentication Code(HHMAC)hash between transmissions since the HMAC function is generated using the shared secret.In this research,a chaotic sequence mapping based low overhead 1D Improved Logistic Map is used to secure“peer”to“peer”data transmission model using lightweight H-MAC(1D-LM-P2P-LHHMAC)is proposed with accurate intrusion detection.The proposed model is evaluated with the traditional models by considering various evaluation metrics like Vector Set Generation Accuracy Levels,Key Pair Generation Time Levels,Chaotic Map Accuracy Levels,Intrusion Detection Accuracy Levels,and the results represent that the proposed model performance in chaotic map accuracy level is 98%and intrusion detection is 98.2%.The proposed model is compared with the traditional models and the results represent that the proposed model secure data transmission levels are high.

Network Intrusion Traffic Detection Based on Feature Extraction

With the increasing dimensionality of network traffic,extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems(IDS).However,both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features,resulting in an analysis that is not an optimal set.Therefore,in order to extract more representative traffic features as well as to improve the accuracy of traffic identification,this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T^(2) and a multilayer convolutional bidirectional long short-term memory(MSC_BiLSTM)classifier model for network traffic intrusion detection.This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory(BiLSTM)network,which fully considers the influence between the before and after features.The network traffic is first characteristically downscaled by principal component analysis(PCA),and then the downscaled principal components are used as input to Hotelling’s T^(2) to compare the differences between groups.For datasets with outliers,Hotelling’s T^(2) can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers.Finally,a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data.The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision,recall and F1-score juxtaposed with the prevailing techniques.The results show that the intrusion detection accuracy,precision,and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%,95.97%,and 90.22%.

Augmenting IoT Intrusion Detection System Performance Using Deep Neural Network

Due to their low power consumption and limited computing power,Internet of Things(IoT)devices are difficult to secure.Moreover,the rapid growth of IoT devices in homes increases the risk of cyber-attacks.Intrusion detection systems(IDS)are commonly employed to prevent cyberattacks.These systems detect incoming attacks and instantly notify users to allow for the implementation of appropriate countermeasures.Attempts have been made in the past to detect new attacks using machine learning and deep learning techniques,however,these efforts have been unsuccessful.In this paper,we propose two deep learning models to automatically detect various types of intrusion attacks in IoT networks.Specifically,we experimentally evaluate the use of two Convolutional Neural Networks(CNN)to detect nine distinct types of attacks listed in the NF-UNSW-NB15-v2 dataset.To accomplish this goal,the network stream data were initially converted to twodimensional images,which were then used to train the neural network models.We also propose two baseline models to demonstrate the performance of the proposed models.Generally,both models achieve high accuracy in detecting the majority of these nine attacks.

Internet of Things Intrusion Detection System Based on Convolutional Neural Network

In recent years, the Internet of Things (IoT) technology has developedby leaps and bounds. However, the large and heterogeneous networkstructure of IoT brings high management costs. In particular, the low costof IoT devices exposes them to more serious security concerns. First, aconvolutional neural network intrusion detection system for IoT devices isproposed. After cleaning and preprocessing the NSL-KDD dataset, this paperuses feature engineering methods to select appropriate features. Then, basedon the combination of DCNN and machine learning, this paper designs acloud-based loss function, which adopts a regularization method to preventoverfitting. The model consists of one input layer, two convolutional layers,two pooling layers and three fully connected layers and one output layer.Finally, a framework that can fully consider the user’s privacy protection isproposed. The framework can only exchange model parameters or intermediateresults without exchanging local individuals or sample data. This paperfurther builds a global model based on virtual fusion data, so as to achievea balance between data privacy protection and data sharing computing. Theperformance indicators such as accuracy, precision, recall, F1 score, and AUCof the model are verified by simulation. The results show that the model ishelpful in solving the problem that the IoT intrusion detection system cannotachieve high precision and low cost at the same time.

Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network

Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.

A Novel MegaBAT Optimized Intelligent Intrusion Detection System in Wireless Sensor Networks

Wireless Sensor Network(WSN),whichfinds as one of the major components of modern electronic and wireless systems.A WSN consists of numerous sensor nodes for the discovery of sensor networks to leverage features like data sensing,data processing,and communication.In thefield of medical health care,these network plays a very vital role in transmitting highly sensitive data from different geographic regions and collecting this information by the respective network.But the fear of different attacks on health care data typically increases day by day.In a very short period,these attacks may cause adversarial effects to the WSN nodes.Furthermore,the existing Intrusion Detection System(IDS)suffers from the drawbacks of limited resources,low detection rate,and high computational overhead and also increases the false alarm rates in detecting the different attacks.Given the above-mentioned problems,this paper proposes the novel MegaBAT optimized Long Short Term Memory(MBOLT)-IDS for WSNs for the effective detection of different attacks.In the proposed framework,hyperpara-meters of deep Long Short-Term Memory(LSTM)were optimized by the meta-heuristic megabat algorithm to obtain a low computational overhead and high performance.The experimentations have been carried out using(Wireless Sensor NetworkDetection System)WSN-DS datasets and performance metrics such as accuracy,recall,precision,specificity,and F1-score are calculated and compared with the other existing intelligent IDS.The proposed framework provides outstanding results in detecting the black hole,gray hole,scheduling,flooding attacks and significantly reduces the time complexity,which makes this system suitable for resource-constraint WSNs.

Development of a Platform to Explore Network Intrusion Detection System (NIDS) for Cybersecurity

Cybersecurity is increasing its significance in recent years due to the overwhelming use of devices which require the use of internet. This raises the importance of having cybersecurity training for the upcoming generations as hackers continue to upgrade their methodologies and techniques to obtain important information such as personal identification, credit card numbers etcetera. This paper describes the development of a platform for students to learn how to setup and use a Network Intrusion Detection System in a virtual environment. In this environment, the administrator of a specific system can monitor and detect their network for any malicious activity. We will discuss in this paper the network configuration setup via virtualization technology followed by having a Network Intrusion Detection System installed in one of the virtual machines port mirrored to monitor the whole network. In the virtual network, a virtual machine will be assigned as an attacker to simulate cyber-attacks allowing the Network Intrusion Detection System to detect the Internet Protocol (IP) address from the source of malicious activity provider. In addition, students will have the opportunity to learn how to write basic rules for the Network Intrusion Detection System which are algorithms used to detect cyber malicious movements.

A Time Series Intrusion Detection Method Based on SSAE,TCN and Bi-LSTM

In the fast-evolving landscape of digital networks,the incidence of network intrusions has escalated alarmingly.Simultaneously,the crucial role of time series data in intrusion detection remains largely underappreciated,with most systems failing to capture the time-bound nuances of network traffic.This leads to compromised detection accuracy and overlooked temporal patterns.Addressing this gap,we introduce a novel SSAE-TCN-BiLSTM(STL)model that integrates time series analysis,significantly enhancing detection capabilities.Our approach reduces feature dimensionalitywith a Stacked Sparse Autoencoder(SSAE)and extracts temporally relevant features through a Temporal Convolutional Network(TCN)and Bidirectional Long Short-term Memory Network(Bi-LSTM).By meticulously adjusting time steps,we underscore the significance of temporal data in bolstering detection accuracy.On the UNSW-NB15 dataset,ourmodel achieved an F1-score of 99.49%,Accuracy of 99.43%,Precision of 99.38%,Recall of 99.60%,and an inference time of 4.24 s.For the CICDS2017 dataset,we recorded an F1-score of 99.53%,Accuracy of 99.62%,Precision of 99.27%,Recall of 99.79%,and an inference time of 5.72 s.These findings not only confirm the STL model’s superior performance but also its operational efficiency,underpinning its significance in real-world cybersecurity scenarios where rapid response is paramount.Our contribution represents a significant advance in cybersecurity,proposing a model that excels in accuracy and adaptability to the dynamic nature of network traffic,setting a new benchmark for intrusion detection systems.

A New Industrial Intrusion Detection Method Based on CNN-BiLSTM

Nowadays,with the rapid development of industrial Internet technology,on the one hand,advanced industrial control systems(ICS)have improved industrial production efficiency.However,there are more and more cyber-attacks targeting industrial control systems.To ensure the security of industrial networks,intrusion detection systems have been widely used in industrial control systems,and deep neural networks have always been an effective method for identifying cyber attacks.Current intrusion detection methods still suffer from low accuracy and a high false alarm rate.Therefore,it is important to build a more efficient intrusion detection model.This paper proposes a hybrid deep learning intrusion detection method based on convolutional neural networks and bidirectional long short-term memory neural networks(CNN-BiLSTM).To address the issue of imbalanced data within the dataset and improve the model’s detection capabilities,the Synthetic Minority Over-sampling Technique-Edited Nearest Neighbors(SMOTE-ENN)algorithm is applied in the preprocessing phase.This algorithm is employed to generate synthetic instances for the minority class,simultaneously mitigating the impact of noise in the majority class.This approach aims to create a more equitable distribution of classes,thereby enhancing the model’s ability to effectively identify patterns in both minority and majority classes.In the experimental phase,the detection performance of the method is verified using two data sets.Experimental results show that the accuracy rate on the CICIDS-2017 data set reaches 97.7%.On the natural gas pipeline dataset collected by Lan Turnipseed from Mississippi State University in the United States,the accuracy rate also reaches 85.5%.

Lightweight Intrusion Detection Using Reservoir Computing

The blockchain-empowered Internet of Vehicles(IoV)enables various services and achieves data security and privacy,significantly advancing modern vehicle systems.However,the increased frequency of data transmission and complex network connections among nodes also make them more susceptible to adversarial attacks.As a result,an efficient intrusion detection system(IDS)becomes crucial for securing the IoV environment.Existing IDSs based on convolutional neural networks(CNN)often suffer from high training time and storage requirements.In this paper,we propose a lightweight IDS solution to protect IoV against both intra-vehicle and external threats.Our approach achieves superior performance,as demonstrated by key metrics such as accuracy and precision.Specifically,our method achieves accuracy rates ranging from 99.08% to 100% on the Car-Hacking dataset,with a remarkably short training time.

Fusion of Spiral Convolution-LSTM for Intrusion Detection Modeling

Aiming at the problems of low accuracy and slow convergence speed of current intrusion detection models,SpiralConvolution is combined with Long Short-Term Memory Network to construct a new intrusion detection model.The dataset is first preprocessed using solo thermal encoding and normalization functions.Then the spiral convolution-Long Short-Term Memory Network model is constructed,which consists of spiral convolution,a two-layer long short-term memory network,and a classifier.It is shown through experiments that the model is characterized by high accuracy,small model computation,and fast convergence speed relative to previous deep learning models.The model uses a new neural network to achieve fast and accurate network traffic intrusion detection.The model in this paper achieves 0.9706 and 0.8432 accuracy rates on the NSL-KDD dataset and the UNSWNB-15 dataset under five classifications and ten classes,respectively.

Intrusion Detection System with Customized Machine Learning Techniques for NSL-KDD Dataset

Modern networks are at risk from a variety of threats as a result of the enormous growth in internet-based traffic.By consuming time and resources,intrusive traffic hampers the efficient operation of network infrastructure.An effective strategy for preventing,detecting,and mitigating intrusion incidents will increase productivity.A crucial element of secure network traffic is Intrusion Detection System(IDS).An IDS system may be host-based or network-based to monitor intrusive network activity.Finding unusual internet traffic has become a severe security risk for intelligent devices.These systems are negatively impacted by several attacks,which are slowing computation.In addition,networked communication anomalies and breaches must be detected using Machine Learning(ML).This paper uses the NSL-KDD data set to propose a novel IDS based on Artificial Neural Networks(ANNs).As a result,the ML model generalizes sufficiently to perform well on untried data.The NSL-KDD dataset shall be utilized for both training and testing.In this paper,we present a custom ANN model architecture using the Keras open-source software package.The specific arrangement of nodes and layers,along with the activation functions,enhances the model’s ability to capture intricate patterns in network data.The performance of the ANN is carefully tested and evaluated,resulting in the identification of a maximum detection accuracy of 97.5%.We thoroughly compared our suggested model to industry-recognized benchmark methods,such as decision classifier combinations and ML classifiers like k-Nearest Neighbors(KNN),Deep Learning(DL),Support Vector Machine(SVM),Long Short-Term Memory(LSTM),Deep Neural Network(DNN),and ANN.It is encouraging to see that our model consistently outperformed each of these tried-and-true techniques in all evaluations.This result underlines the effectiveness of the suggested methodology by demonstrating the ANN’s capacity to accurately assess the effectiveness of the developed strategy in identifying and categorizing instances of network intrusion.

Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances,Challenges and Future Directions

Software-Defined Networking(SDN)enables flexibility in developing security tools that can effectively and efficiently analyze and detect malicious network traffic for detecting intrusions.Recently Machine Learning(ML)techniques have attracted lots of attention from researchers and industry for developing intrusion detection systems(IDSs)considering logically centralized control and global view of the network provided by SDN.Many IDSs have developed using advances in machine learning and deep learning.This study presents a comprehensive review of recent work ofML-based IDS in context to SDN.It presents a comprehensive study of the existing review papers in the field.It is followed by introducing intrusion detection,ML techniques and their types.Specifically,we present a systematic study of recent works,discuss ongoing research challenges for effective implementation of ML-based intrusion detection in SDN,and promising future works in this field.

An Enhanced Intelligent Intrusion Detection System to Secure E-Commerce Communication Systems

Information and communication technologies are spreading rapidly due to their fast proliferation in many fields.The number of Internet users has led to a spike in cyber-attack incidents.E-commerce applications,such as online banking,marketing,trading,and other online businesses,play an integral role in our lives.Network Intrusion Detection System(NIDS)is essential to protect the network from unauthorized access and against other cyber-attacks.The existing NIDS systems are based on the Backward Oracle Matching(BOM)algorithm,which minimizes the false alarm rate and causes of high packet drop ratio.This paper discussed the existing NIDS systems and different used pattern-matching techniques regarding their weaknesses and limitations.To address the existing system issues,this paper proposes an enhanced version of the BOM algorithm by using multiple pattern-matching methods for the NIDS system to improve the network performance.The proposed solution is tested in simulation with existing solutions using the Snort and NSL-KDD datasets.The experimental results indicated that the proposed solution performed better than the existing solutions and achieved a 5.17%detection rate and a 0.22%lower false alarm rate than the existing solution.

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.