Ahmadreza Montazerolghaem

Hossein Shaemi Barzoki, Amir Hossein Fathi Hafshejani, Ahmadreza Montazerolghaem

Detecting anomalies in Internet of Things (IoT) networks is a critical security challenge, often hampered by highly imbalanced and diverse network traffic datasets. Standard classifiers struggle to perform well across all traffic types. This paper proposes a hybrid detection model to address this challenge using the Bot-IoT dataset. Instead of a single complex classifier, we first employ K-Means clustering to segment the training data into three distinct traffic profile clusters. We then train and evaluate multiple baseline machine learning models, including Decision Tree, KNN, and XGBoost, on each cluster independently to identify the optimal classifier for that specific data profile. Our results show that this clusterspecific, hybrid approach, which assigns different simple models to different clusters, improves detection accuracy and provides a more robust and efficient framework for handling diverse IoT attack traffic.

Mohammad Hossein Gholamrezazadeh, AhmadReza Montazerolghaem

An Intrusion Detection System (IDS) is vital in cybersecurity, detecting unauthorized activity across networks. With attacks on network layers increasing, stronger IDSs are needed. Yet most IDSs rely on centralized detection, forcing IoT nodes to ship data to a server, adding overhead and offering no privacy guarantees. Moreover, conventional models focus solely on flagging attacks, without explaining how individual features influence those decisions. This research aims to address these dual limitations by first proposing a solution for privacy preservation and then adding explainability to the new system. We introduce an innovative framework called XAI FL-IDS, which integrates Federated Learning (FL) with Explainable AI (XAI). The XAI FL-IDS system eliminates concerns over data transfer because each node trains its data locally and only sends the necessary update parameters to the server. Additionally, all detections, both at the local node and central server levels, are scrutinized using SHapley Additive exPlanations (SHAP), providing detailed insight into the decision-making process. This system consists of a central server and 10 clients and utilizes the Edge-IIoTset dataset, which is distributed among all clients with careful attention paid to class balancing. On each client, the XGBoost model is executed on local data. The proposed method demonstrates robust efficiency and strong performance in intrusion detection, achieving an accuracy of over 99% and, at times, reaching 100%. By incorporating FL, the confidentiality of the network information on every local node is guaranteed.

Ahmadreza Montazerolghaem

Session Initiation Protocol (SIP) grows for VoIP applications, and faces challenges including security and overload. On the other hand, the new concept of Software-defined Networking (SDN) has made great changes in the networked world. SDN is the idea of separating the control plane from the network infrastructure that can bring several benefits. We used this idea to provide a new architecture for SIP networks. Moreover, for the load distribution challenge in these networks, a framework based on SDN was offered, in which the load balancing and network management can be easily done by a central controller considering the network status. Unlike the traditional methods, in this framework, there is no need to change the infrastructures like SIP servers or SIP load balancer to implement the distribution method. Also, several types of load distribution algorithms can be performed as software in the controller. We were able to achieve the desired results by simulating the three methods based on the proposed framework in Mininet.