The cyber-attacks have become more powerful and more frequent in software-defined network (SDN) and Internet of Things (IoT) environments due to which the old intrusion prevention systems (IPSs) are finding it difficult to establish an equilibrium among accuracy, speed, and resource utilization. The authors of this paper present a lightweight hybrid IPS that fuses the SHA-256 cryptographic hash matching with a decision tree fall back classifier for the real-time and accurate detection of cyber threats. The system quickly allocates network traffic by generating a hash of the chosen flow features and then comparing it with the reference sets of the benign and the malicious. In case of a mismatch, the fall-back model based on machine learning is triggered, thus allowing the threat detection to be continuous along with being adaptive. To show that the method is not limited to a certain dataset, they use two benchmark databases—NSL-KDD and CIC-IDS-2017. Research findings demonstrate that proposed system as evaluated with the CIC-IDS-2017 database excels, obtaining 97. 19 \% accuracy, 100 \% recall, and a hash matching speed of 3. 963. 11 packets/s while being able to block 133. 218 malicious packets in less than a minute. Using the NSL-KDD dataset, the proposed system achieved 96. 34 \% accuracy, 98 \% recall, and blocked 72. 047 packets at 408. 09 packets/s. The results of the experiments highlight the system’s scalability, low latency, and high recall that fit well for real-time SDN-IoT security deployments thus the system’s cross-dataset validation further strengthens its continuity and practical applicability in current network infrastructures, where fast and secure solutions are necessary.
Sarika et al. (Mon,) studied this question.