{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T11:31:19Z","timestamp":1781004679206,"version":"3.54.1"},"reference-count":23,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T00:00:00Z","timestamp":1752710400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union-NextGenerationEU","award":["BG-RRP-2.013-0001"],"award-info":[{"award-number":["BG-RRP-2.013-0001"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>This study introduces an enhanced Intrusion Detection System (IDS) framework for Denial-of-Service (DoS) attacks, utilizing network traffic inter-arrival time (IAT) analysis. By examining the timing between packets and other statistical features, we detected patterns of malicious activity, allowing early and effective DoS threat mitigation. We generate real DoS traffic, including normal, Internet Control Message Protocol (ICMP), Smurf attack, and Transmission Control Protocol (TCP) classes, and develop nine predictive algorithms, combining traditional machine learning and advanced deep learning techniques with optimization methods, including the synthetic minority sampling technique (SMOTE) and grid search (GS). Our findings reveal that while traditional machine learning achieved moderate accuracy, it struggled with imbalanced datasets. In contrast, Deep Neural Network (DNN) models showed significant improvements with optimization, with DNN combined with GS (DNN-GS) reaching 89% accuracy. However, we also used Recurrent Neural Networks (RNNs) combined with SMOTE and GS (RNN-SMOTE-GS), which emerged as the best-performing with a precision of 97%, demonstrating the effectiveness of combining SMOTE and GS and highlighting the critical role of advanced optimization techniques in enhancing the detection capabilities of IDS models for the accurate classification of various types of network traffic and attacks.<\/jats:p>","DOI":"10.3390\/computers14070282","type":"journal-article","created":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T10:33:47Z","timestamp":1752748427000},"page":"282","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Enhanced Detection of Intrusion Detection System in Cloud Networks Using Time-Aware and Deep Learning Techniques"],"prefix":"10.3390","volume":"14","author":[{"given":"Nima","family":"Terawi","sequence":"first","affiliation":[{"name":"Department of AI and Data Science, Arab American University, Jenin P.O. Box 240, Palestine"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6835-8338","authenticated-orcid":false,"given":"Huthaifa I.","family":"Ashqar","sequence":"additional","affiliation":[{"name":"Department of AI and Data Science, Arab American University, Jenin P.O. Box 240, Palestine"},{"name":"AI Program, Columbia University, New York, NY 10027, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8346-7148","authenticated-orcid":false,"given":"Omar","family":"Darwish","sequence":"additional","affiliation":[{"name":"Information Security and Applied Computing, Eastern Michigan University, Ypsilanti, MI 48197, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1506-7924","authenticated-orcid":false,"given":"Anas","family":"Alsobeh","sequence":"additional","affiliation":[{"name":"Information Technology, Southern Illinois University, Carbondale, IL 62901, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8538-6277","authenticated-orcid":false,"given":"Plamen","family":"Zahariev","sequence":"additional","affiliation":[{"name":"Department of Telecommunications, University of Ruse \u201cAngel Kanchev\u201d (UR), 7017 Ruse, Bulgaria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4248-8732","authenticated-orcid":false,"given":"Yahya","family":"Tashtoush","sequence":"additional","affiliation":[{"name":"Computer and Information Technology, Jordan University of Science and Technology, P.O. Box 3030, Irbid 22110, Jordan"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2025,7,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1360","DOI":"10.1109\/ACCESS.2021.3136861","article-title":"Agile approaches for cybersecurity systems, iot and intelligent transportation","volume":"10","author":"Tashtoush","year":"2021","journal-title":"IEEE Access"},{"key":"ref_2","first-page":"711","article-title":"Deep-intrusion detection system with enhanced unswnb15 dataset based on deep learning techniques","volume":"16","author":"Aleesa","year":"2021","journal-title":"J. Eng. Sci. Technol."},{"key":"ref_3","first-page":"229","article-title":"Time series similarity for detecting ddos flooding attack","volume":"51","author":"Hussain","year":"2022","journal-title":"Assiut Univ. J. Multidiscip. Sci. Res."},{"key":"ref_4","first-page":"3969","article-title":"Distributed denial of service attack detection using autoencoder and deep neural networks","volume":"37","author":"Catak","year":"2019","journal-title":"J. Intell. Fuzzy Syst."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Abu-Helo, H., and Ashqar, H. (2024). Early ransomware detection system based on network behavior. International Conference on Advanced Information Networking and Applications, Springer.","DOI":"10.1007\/978-3-031-57931-8_43"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"2215852","DOI":"10.1155\/2022\/2215852","article-title":"A deep learning-based framework for feature extraction and classification of intrusion detection in networks","volume":"2022","author":"Naveed","year":"2022","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Hamarshe, A., Ashqar, H.I., and Hamarsheh, M. (2023). Detection of ddos attacks in software defined networking using machine learning models. International Conference on Advances in Computing Research, Springer.","DOI":"10.1007\/978-3-031-33743-7_51"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Weshahi, A., Dwaik, F., Khouli, M., Ashqar, H.I., Shatnawi, A., and ElKhodr, M. (2024). Iot-enhanced malicious url detection using machine learning. International Conference on Advanced Information Networking and Applications, Springer.","DOI":"10.1007\/978-3-031-57931-8_45"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Aburbeian, A.M., and Ashqar, H.I. (2023). Credit card fraud detection using enhanced random forest classifier for imbalanced data. International Conference on Advances in Computing Research, Springer.","DOI":"10.1007\/978-3-031-33743-7_48"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.dcan.2023.03.008","article-title":"Idsint: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic","volume":"10","author":"Ullah","year":"2023","journal-title":"Digit. Commun. Netw."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.eswa.2017.12.003","article-title":"Secure and robust digital image watermarking scheme using logistic and rsa encryption","volume":"97","author":"Liu","year":"2018","journal-title":"Expert Syst. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"549","DOI":"10.1016\/j.aej.2021.06.033","article-title":"Complex methods detect anomalies in real time based on time series analysis","volume":"61","author":"Alghawli","year":"2022","journal-title":"Alex. Eng. J."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"108923","DOI":"10.1016\/j.comnet.2022.108923","article-title":"Online distributed denial of service (ddos) intrusion detection based on adaptive sliding window and morphological fractal dimension","volume":"210","author":"Baldini","year":"2022","journal-title":"Comput. Netw."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"43018","DOI":"10.1109\/ACCESS.2019.2905812","article-title":"Research on detection and defense mechanisms of dos attacks based on bp neural network and game theory","volume":"7","author":"Gao","year":"2019","journal-title":"IEEE Access"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Bouyeddou, B., Kadri, B., Harrou, F., and Sun, Y. (2020, January 26\u201327). Nonparametric kullback-leibler distance-based method for networks intrusion detection. Proceedings of the 2020 International Conference on Data Analytics for Business and Industry: Way Towards a Sustainable Economy (ICDABI), Sakheer, Bahrain.","DOI":"10.1109\/ICDABI51230.2020.9325642"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"119118","DOI":"10.1109\/ACCESS.2023.3327061","article-title":"Iot network-based intrusion detection framework: A solution to process ping floods originating from embedded devices","volume":"11","author":"Almorabea","year":"2023","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"032040","DOI":"10.1088\/1742-6596\/1237\/3\/032040","article-title":"A ddos attack detection method based on machine learning","volume":"1237","author":"Pei","year":"2019","journal-title":"J. Phys. Conf. Ser."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"70542","DOI":"10.1109\/ACCESS.2023.3292267","article-title":"Enhancing intrusion detection in iot communications through ml model generalization with a new dataset (idsai)","volume":"11","author":"Fernando","year":"2023","journal-title":"IEEE Access"},{"key":"ref_19","first-page":"479","article-title":"A detailed analysis of cicids2017 dataset for designing intrusion detection systems","volume":"7","author":"Panigrahi","year":"2018","journal-title":"Int. J. Eng. Technol."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"103166","DOI":"10.1016\/j.cose.2023.103166","article-title":"Canova: A hybrid intrusion detection framework based on automatic signal classification for can","volume":"128","author":"Nichelini","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Hakak, S., and Ghorbani, A.A. (2019, January 1\u20133). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India.","DOI":"10.1109\/CCST.2019.8888419"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Jilcha, L.A., Kim, D.-H., and Kwak, J. (2025). Temporal Decay Loss for Adaptive Log Anomaly Detection in Cloud Environments. Sensors, 25.","DOI":"10.3390\/s25092649"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Wang, Y., Wu, Y., Xu, Y., Zhang, K., and Xu, Y. (2025). Research on Network Intrusion Detection Based on Weighted Histogram Algorithm for In-Vehicle Ethernet. Sensors, 25.","DOI":"10.3390\/s25113541"}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/7\/282\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:11:05Z","timestamp":1760033465000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/7\/282"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,17]]},"references-count":23,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["computers14070282"],"URL":"https:\/\/doi.org\/10.3390\/computers14070282","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,17]]}}}