{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T01:08:14Z","timestamp":1764032894564,"version":"3.45.0"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T00:00:00Z","timestamp":1764028800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T00:00:00Z","timestamp":1764028800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>In today\u2019s interconnected world, real-time intrusion detection poses a critical challenge due to the increasing volume, complexity, and diversity of IoT network traffic. Conventional methods often struggle to meet the stringent demands for low latency and high accuracy necessary to detect and mitigate cyber-attacks in dynamic environments like IoT networks. Exposure to the open and insecure Internet exacerbates these vulnerabilities, increasing the risks of privacy breaches and catastrophic consequences, including financial losses and threats to human safety. In response, we propose a novel approach to network intrusion detection that transforms single raw TCP\/IP packet headers into binary images with maximal contrast between image components (black and white dots). It leverages the exceptional capabilities of Convolutional Neural Networks in computer vision to detect and classify network intrusions using single TCP\/IP packet headers image. Experimental evaluation using the Edge-IIoTset and MQTTset datasets demonstrates outstanding performance. In binary classification, the lightweight CNN model, with only 35 trainable parameters, achieves 100% accuracy. For multiclass classification, accuracy rates reach 97.435% with Edge-IIoTset and 100% with MQTTset, with zero false positives for normal traffic across both datasets. These results highlight the proposed method's ability to enhance IoT security while accommodating the computational constraints of IoT devices. By bypassing complex feature extraction, the method significantly reduces latency, making it highly suitable for real-time applications.<\/jats:p>","DOI":"10.1186\/s42400-025-00441-x","type":"journal-article","created":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T01:01:48Z","timestamp":1764032508000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Intrusion detection using TCP\/IP single packet header binary image for IoT networks"],"prefix":"10.1186","volume":"8","author":[{"given":"Mohamed","family":"El-Sherif","sequence":"first","affiliation":[]},{"given":"Ahmed","family":"Khattab","sequence":"additional","affiliation":[]},{"given":"Magdy","family":"El-Soudani","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,25]]},"reference":[{"key":"441_CR1","doi-asserted-by":"publisher","first-page":"100365","DOI":"10.1016\/j.iot.2021.100365","volume":"1","author":"R Ahmad","year":"2021","unstructured":"Ahmad R, Alsmadi I (2021) Machine learning approaches to IoT security: a systematic literature review. Internet of Things 1:100365","journal-title":"Internet of Things"},{"key":"441_CR2","doi-asserted-by":"publisher","first-page":"1782","DOI":"10.3390\/s24061782","volume":"24","author":"A Al Hanif","year":"2024","unstructured":"Al Hanif A, Ilyas M (2024) Effective feature engineering framework for securing MQTT protocol in IoT environments. Sensors 24:1782. https:\/\/doi.org\/10.3390\/s24061782","journal-title":"Sensors"},{"key":"441_CR3","doi-asserted-by":"publisher","unstructured":"Alfa A, Misra S, Yusuf A, Agrawal A (2023) Comparative analysis of performances of convolutional neural networks for image classification tasks. In: Advances in computational intelligence and communication technology, Springer, https:\/\/doi.org\/10.1007\/978-981-19-9876-8_15","DOI":"10.1007\/978-981-19-9876-8_15"},{"key":"441_CR4","unstructured":"Alshamrani M et al (2023) A lightweight approach to intrusion detection in encrypted IoT traffic. IEEE Internet of things journal 2023"},{"key":"441_CR5","doi-asserted-by":"publisher","first-page":"461","DOI":"10.3390\/s20020461","volume":"20","author":"A Amouri","year":"2020","unstructured":"Amouri A, Alaparthy VT, Morgera SD (2020) A machine learning based intrusion detection system for mobile Internet of Things. Sensors 20:461","journal-title":"Sensors"},{"key":"441_CR6","doi-asserted-by":"publisher","first-page":"9042","DOI":"10.1109\/JIOT.2019.2926365","volume":"6","author":"E Anthi","year":"2019","unstructured":"Anthi E, Williams L, S\u0142owin\u00b4ska M, Theodorakopoulos G, Burnap P (2019) A supervised intrusion detection system for smart home IoT devices. IEEE Internet Things J 6:9042\u20139053","journal-title":"IEEE Internet Things J"},{"key":"441_CR7","volume-title":"Handbook of image and video processing","author":"AC Bovik","year":"2005","unstructured":"Bovik AC (2005) 2.2: Basic binary image processing. In: Bovik A (ed) Handbook of image and video processing, 2nd edn. Burlington Academic Press, Oxford","edition":"2"},{"issue":"2","key":"441_CR8","doi-asserted-by":"publisher","first-page":"102361","DOI":"10.1016\/j.asej.2023.102361","volume":"15","author":"RT Elmaghraby","year":"2024","unstructured":"Elmaghraby RT, Abdel Aziem NM, Sobh MA, Bahaa-Eldin AM (2024) Encrypted network traffic classification based on machine learning. Ain Shams Eng J 15(2):102361. https:\/\/doi.org\/10.1016\/j.asej.2023.102361","journal-title":"Ain Shams Eng J"},{"key":"441_CR9","doi-asserted-by":"publisher","first-page":"40281","DOI":"10.1109\/ACCESS.2022.3165809","volume":"10","author":"MA Ferrag","year":"2022","unstructured":"Ferrag MA, Friha O, Hamouda D, Maglaras L, Janicke H (2022) Edge-IIoTset: a new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access 10:40281\u201340306","journal-title":"IEEE Access"},{"key":"441_CR10","unstructured":"Garcia L, et al (2022) Machine learning for encrypted traffic classification in resource-constrained IoT devices. ACM Trans. Cyber-Phys, Syst"},{"key":"441_CR11","doi-asserted-by":"publisher","first-page":"48890","DOI":"10.1109\/ACCESS.2022.3172432","volume":"10","author":"A Ghourabi","year":"2022","unstructured":"Ghourabi A (2022) A security model based on LightGBM and Transformer to protect healthcare systems from cyberattacks. IEEE Access 10:48890\u201348903","journal-title":"IEEE Access"},{"issue":"8","key":"441_CR12","doi-asserted-by":"publisher","first-page":"163660","DOI":"10.1109\/ACCESS.2020.3019931","volume":"2020","author":"M Haggag","year":"2020","unstructured":"Haggag M, Tantawy MM, El-Soudani MMS (2020) Implementing a deep learning model for intrusion detection on apache spark platform. IEEE Access 2020(8):163660\u2013163672","journal-title":"IEEE Access"},{"key":"441_CR13","doi-asserted-by":"publisher","first-page":"844","DOI":"10.1109\/ACCESS.2019.2928414","volume":"7","author":"C Ioannou","year":"2019","unstructured":"Ioannou C, Vassiliou V (2019) Security agent location in the internet of things. IEEE Access 7:844\u201395856","journal-title":"IEEE Access"},{"key":"441_CR14","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1109\/TSUSC.2018.2839623","volume":"4","author":"U Jayasinghe","year":"2019","unstructured":"Jayasinghe U, Lee GM, Um T-W, Shi Q (2019) Machine learning based trust computational model for IoT services. IEEE Trans Sustain Comput 4:39\u201352","journal-title":"IEEE Trans Sustain Comput"},{"key":"441_CR15","doi-asserted-by":"crossref","unstructured":"Jia W, Liu Y, Liu Y, Wang J (2020) Detection mechanism against DDoS attacks based on convolutional neural network in SINET. In: 2020 IEEE 4th Information technology, networking, electronic and automation control conference (ITNEC)","DOI":"10.1109\/ITNEC48623.2020.9084918"},{"key":"441_CR16","unstructured":"Kaur R, Aujla GS (2014) Review on: enhanced offline signature recognition using neural network and SVM. In proceedings. [Online]. Available: https:\/\/api.semanticscholar.org\/CorpusID:16329427"},{"key":"441_CR17","doi-asserted-by":"crossref","unstructured":"Khan A, Cotton C (2021) Detecting attacks on IoT devices using featureless 1D-CNN. In: 2021 IEEE international conference on cyber security and resilience (CSR)","DOI":"10.1109\/CSR51186.2021.9527910"},{"key":"441_CR18","doi-asserted-by":"crossref","unstructured":"Kim T, Suh SC, Kim H, Kim J, Kim J (2018) An encoding technique for CNN-based network anomaly detection. In: 2018 IEEE International conference on big data (Big Data)","DOI":"10.1109\/BigData.2018.8622568"},{"key":"441_CR19","doi-asserted-by":"publisher","first-page":"72714","DOI":"10.1109\/ACCESS.2018.2881998","volume":"6","author":"I Kotenko","year":"2018","unstructured":"Kotenko I, Saenko I, Branitskiy A (2018) Framework for mobile internet of things security monitoring based on big data processing and machine learning. IEEE Access 6:72714\u201372723","journal-title":"IEEE Access"},{"key":"441_CR20","doi-asserted-by":"publisher","first-page":"2042","DOI":"10.3390\/electronics10162042","volume":"10","author":"J Krupski","year":"2021","unstructured":"Krupski J, Graniszewski W, Iwanowski M (2021) Data transformation schemes for CNN-based network traffic analysis: a survey. Electronics 10:2042","journal-title":"Electronics"},{"key":"441_CR21","doi-asserted-by":"publisher","first-page":"102693","DOI":"10.1016\/j.cose.2022.102693","volume":"117","author":"A Kumar","year":"2022","unstructured":"Kumar A, Shridhar M, Swaminathan S, Lim TJ (2022) Machine learning-based early detection of IoT botnets using network-edge traffic. Comput Secur 117:102693","journal-title":"Comput Secur"},{"key":"441_CR22","doi-asserted-by":"publisher","first-page":"65520","DOI":"10.1109\/ACCESS.2020.2985089","volume":"8","author":"SJ Lee","year":"2020","unstructured":"Lee SJ, Yoo PD, Asyhari AT, Jhi Y, Chermak L, Yeun CY, Taha K (2020) Impact: impersonation attack detection via edge computing using deep autoencoder and feature abstraction. IEEE Access 8:65520\u201365529","journal-title":"IEEE Access"},{"key":"441_CR23","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1186\/s13677-024-00604-0","volume":"13","author":"M Li","year":"2024","unstructured":"Li M, Wang Q, Liao Y (2024) Target tracking using video surveillance for enabling machine vision services at the edge of marine transportation systems based on microwave remote sensing. J Cloud Comput 13:47. https:\/\/doi.org\/10.1186\/s13677-024-00604-0","journal-title":"J Cloud Comput"},{"key":"441_CR24","doi-asserted-by":"crossref","unstructured":"Li Z, Qin Z, Huang K, Yang X, Ye S (2017) Intrusion detection using convolutional neural networks for representation learning. In: Neural information processing: 24th international conference, ICONIP 2017, Guangzhou, China, Proceedings, Part V","DOI":"10.1007\/978-3-319-70139-4_87"},{"key":"441_CR25","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/4705982","author":"G Liu","year":"2020","unstructured":"Liu G, Zhang J (2020) CNID: research of network intrusion detection based on convolutional neural network. Discrete Dyn Nat Soc. https:\/\/doi.org\/10.1155\/2020\/4705982","journal-title":"Discrete Dyn Nat Soc"},{"key":"441_CR26","doi-asserted-by":"publisher","first-page":"18042","DOI":"10.1109\/ACCESS.2017.2747560","volume":"5","author":"M Lopez-Martin","year":"2017","unstructured":"Lopez-Martin M, Carro B, Sanchez-Esguevillas A, Lloret J (2017) Network traffic classifier with convolutional and recurrent neural networks for Internet of Things. IEEE Access 5:18042\u201318050","journal-title":"IEEE Access"},{"key":"441_CR27","doi-asserted-by":"publisher","first-page":"1999","DOI":"10.1007\/s00500-019-04030-2","volume":"24","author":"M Lotfollahi","year":"2020","unstructured":"Lotfollahi M, Jafari Siavoshani M, Shirali Hossein Zade R, Saberian M (2020) Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput 24:1999\u20132012","journal-title":"Soft Comput"},{"key":"441_CR28","doi-asserted-by":"publisher","unstructured":"De Lucia, Michael & Maxwell, Paul & Bastian, Nathaniel & Swami, Ananthram & Jalaian, Brian & Leslie, Nandi (2021) Machine learning raw network traffic detection. p 24. https:\/\/doi.org\/10.1117\/12.2586114","DOI":"10.1117\/12.2586114"},{"key":"441_CR29","doi-asserted-by":"crossref","unstructured":"Mamdouh M, Elrukhsi MAI, Khattab A (2018) Securing the internet of things and wireless sensor networks via machine learning: a survey. In: Proceedings of the 2018 international conference on computer and applications (ICCA), Beirut, Lebanon, pp 215\u2013218","DOI":"10.1109\/COMAPP.2018.8460440"},{"key":"441_CR30","unstructured":"Meidan Y, Bohadana M, Shabtai A, Ochoa M, Tippenhauer NO, Guarnizo JD, Elovici Y (2017) Detection of unauthorized IoT devices using machine learning techniques. arXiv preprint arXiv:1709.0464"},{"key":"441_CR31","doi-asserted-by":"crossref","unstructured":"Millar K, Cheng A, Chew HG, Lim C-C (2019) Using convolutional neural networks for classifying malicious network traffic. In: Deep learning applications for cyber security, Springer, Berlin\/Heidelberg, Germany, pp 103\u2013126","DOI":"10.1007\/978-3-030-13057-2_5"},{"key":"441_CR32","doi-asserted-by":"publisher","unstructured":"Mostafa R (2021) New quantum binary image detector (NQBID). In proceedings. ICECET 2021, pp 1\u20136. https:\/\/doi.org\/10.1109\/ICECET52533.2021.9698730","DOI":"10.1109\/ICECET52533.2021.9698730"},{"key":"441_CR33","doi-asserted-by":"crossref","unstructured":"Niyaz Q, Sun W, Javaid AY (2016) A deep learning based DDoS detection system in software-defined networking (SDN), arXiv preprint arXiv:1611.07400","DOI":"10.4108\/eai.28-12-2017.153515"},{"key":"441_CR34","doi-asserted-by":"crossref","unstructured":"Oha CV, Farouk FS, Patel PP, Meka P, Nekkanti S, Nayini B, Carvalho SX, Desai N, Patel M, Butakov S (2021) Machine learning models for malicious traffic detection in IoT networks\/IoT-23 dataset. In: Machine learning for networking: 4th international conference, MLN 2021, Virtual Event, 2021, Proceedings; 2022","DOI":"10.1007\/978-3-030-98978-1_5"},{"key":"441_CR35","doi-asserted-by":"publisher","unstructured":"Saglam S, Bayar S (2024) Hardware design of lightweight binary classification algorithms for small-size images on FPGA. IEEE access, pp 1\u20131. https:\/\/doi.org\/10.1109\/ACCESS.2024.3390564","DOI":"10.1109\/ACCESS.2024.3390564"},{"key":"441_CR36","doi-asserted-by":"publisher","first-page":"73713","DOI":"10.1109\/ACCESS.2018.2884293","volume":"6","author":"Q Shafi","year":"2018","unstructured":"Shafi Q, Basit A, Qaisar S, Koay A, Welch I (2018) Fog-assisted SDN controlled framework for enduring anomaly detection in an IoT network. IEEE Access 6:73713\u201373723","journal-title":"IEEE Access"},{"key":"441_CR37","doi-asserted-by":"publisher","first-page":"1977","DOI":"10.3390\/s19091977","volume":"1","author":"G Thamilarasu","year":"2019","unstructured":"Thamilarasu G, Chawla S (2019) Towards deep-learning-driven intrusion detection for the internet of things. Sensors 1:1977","journal-title":"Sensors"},{"key":"441_CR38","doi-asserted-by":"publisher","first-page":"321","DOI":"10.7763\/IJET.2019.V11.1169","volume":"11","author":"N Thong","year":"2019","unstructured":"Thong N, Thinh NT, Cong HT (2019) Mango sorting mechanical system uses machine vision and artificial intelligence. Int J Eng Technol 11:321\u2013327. https:\/\/doi.org\/10.7763\/IJET.2019.V11.1169","journal-title":"Int J Eng Technol"},{"key":"441_CR39","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ACCESS.2022.3176317","volume":"10","author":"I Ullah","year":"2022","unstructured":"Ullah I, Mahmoud Q (2022) Design and development of RNN-based anomaly detection model for IoT networks. IEEE Access 10:1\u20131. https:\/\/doi.org\/10.1109\/ACCESS.2022.3176317","journal-title":"IEEE Access"},{"key":"441_CR40","doi-asserted-by":"publisher","first-page":"6578","DOI":"10.3390\/s20226578","volume":"20","author":"I Vaccari","year":"2020","unstructured":"Vaccari I, Chiola G, Aiello M, Mongelli M, Cambiaso E (2020) MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20:6578. https:\/\/doi.org\/10.3390\/s20226578","journal-title":"Sensors"},{"key":"441_CR41","doi-asserted-by":"crossref","unstructured":"Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. 2017 International conference on advances in computing, communications and informatics (ICACCI), Udupi, India, pp 1222\u20131228","DOI":"10.1109\/ICACCI.2017.8126009"},{"key":"441_CR42","doi-asserted-by":"crossref","unstructured":"Wang W, Zhu M, Wang J, Zeng X, Yang Z (2017) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. IEEE International conference on intelligence and security informatics (ISI), pp 43\u201348","DOI":"10.1109\/ISI.2017.8004872"},{"key":"441_CR43","doi-asserted-by":"crossref","unstructured":"Wang W, Zhu M, Zeng X, Ye X, Sheng Y (2017) Malware traffic classification using convolutional neural network for representation learning. In: 2017 International conference on information networking (ICOIN), pp 712\u2013717","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"441_CR44","doi-asserted-by":"publisher","first-page":"7659","DOI":"10.1109\/JIOT.2019.2903312","volume":"6","author":"D Yao","year":"2019","unstructured":"Yao D, Wen M, Liang X, Fu Z, Zhang K, Yang B (2019) Energy theft detection with energy privacy preservation in the smart grid. IEEE Internet Things J 6:7659\u20137669","journal-title":"IEEE Internet Things J"},{"key":"441_CR45","doi-asserted-by":"publisher","first-page":"119904","DOI":"10.1109\/ACCESS.2019.2933165","volume":"7","author":"Y Zhang","year":"2019","unstructured":"Zhang Y, Chen X, Guo D, Song M, Teng Y, Wang X (2019) PCCN. Parallel cross convolutional neural network for abnormal network traffic flows detection in multi-class imbalanced network traffic flows. IEEE Access 7:119904\u2013119916","journal-title":"IEEE Access"},{"key":"441_CR46","doi-asserted-by":"publisher","first-page":"6822","DOI":"10.1109\/JIOT.2019.2912022","volume":"6","author":"M Zolanvari","year":"2019","unstructured":"Zolanvari M, Teixeira MA, Gupta L, Khan KM, Jain R (2019) Machine learning-based network vulnerability analysis of industrial Internet of Things. IEEE Internet Things J 6:6822\u20136834","journal-title":"IEEE Internet Things J"},{"key":"441_CR47","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-021-00462-6","author":"R Zuech","year":"2021","unstructured":"Zuech R, Hancock J, Khoshgoftaar T (2021) Investigating rarity in web attacks with ensemble learners. J Big Data. https:\/\/doi.org\/10.1186\/s40537-021-00462-6","journal-title":"J Big Data"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00441-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00441-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00441-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T01:01:52Z","timestamp":1764032512000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-025-00441-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,25]]},"references-count":47,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["441"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00441-x","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,25]]},"assertion":[{"value":"28 January 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 June 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the worker ported in this paper. And the work shown in the paper is original.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"104"}}