Deep Guard: A Novel Transformer-Based Framework for Real-Time Threat Detection in Heterogeneous Cyber Environments
DOI:
https://doi.org/10.22399/ijcesen.2394Keywords:
Deep Learning, Intrusion Detection, Transformer Networks, IoT Security, Anomaly DetectionAbstract
With evolving cyber threats in Internet of Things (IoT) and Industrial IoT (IIoT) networks, challenges with heterogeneous data and dynamic attack patterns cannot be addressed using traditional intrusion detection systems (IDS). We present DeepGuard, a novel deep learning framework for these challenges. DeepGuard enhances detection in space heterogeneous environments by utilizing a transformer architecture augmented with Adaptive Multi-Head Attention (AMHA), implements temporal encoding, and anomaly-aware learning. We propose an algorithm that varies attention mechanisms with the event entropy level, which enables the model to give more attention to underlying patterns while filtering out noise. Specifically, the temporal encoding allows the model to express inter-event dependencies among samples practically, and the anomaly-aware loss function based on the inter-event dependencies makes the detection model sensitive to uncommon attack patterns, leading to its strong generalization capability on unseen threats. We implement the framework on the TON_IoT dataset, where DeepGuard achieves 98.54% accuracy and 98.88% AUC, and outperforms existing models in the other three metrics, including accuracy, precision, and recall. This shows the model's robustness, generalizability, and applicability to work on the interface model alone online and on a large scale. It is more suited for deployment in the modern-day IoT and IIoT environments, considering the complexity of attack patterns and the imbalanced nature of the data. In the future, we plan to optimize this model for deployment on edge devices and to implement federated learning for privacy-preserving distributed training.
References
[1] Lai, T., Farid, F., Bello, A., & Sabrina, F. (2024). Ensemble learning based anomaly detection for IoT cybersecurity via Bayesian hyperparameters sensitivity analysis. Springer, 7(44), 1–18. https://doi.org/10.1186/s42400-024-00238-4
[2] Muthubalaji, S., Muniyaraj, N. K., Rao, S. P. V. S., Thandapani, K., Mohan, P. R., Somasundaram, T., & Farhaoui, Y. (2024). An intelligent big data security framework based on aefs-kenn algorithms for the detection of cyber-attacks from smart grid systems. IEEE, 7(2), 399–418. https://doi.org/10.26599/BDMA.2023.9020022
[3] Hussen, N., Elghamrawy, S. M., Salem, M., & El-Desouky, A. I. (2023). A fully streaming big data framework for cyber security based on optimized deep learning algorithm. IEEE Access, 11, 65675–65688. https://doi.org/10.1109/ACCESS.2023.3281893
[4] Sarker, I. H. (2021). Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. SN Computer Science, 2(3). https://doi.org/10.1007/s42979-021-00535-6
[5] Ferrag, M. A., Friha, O., Maglaras, L., Janicke, H., & Shu, L. (2021). Federated deep learning for cyber security in the internet of things: Concepts, applications, and experimental analysis. IEEE Access, 9, 138509–138542. https://doi.org/10.1109/ACCESS.2021.3118642
[6] Ravi, V., Chaganti, R., & Alazab, M. (2022). Deep learning feature fusion approach for an intrusion detection system in SDN-based IoT networks. IEEE Internet of Things Magazine, 5(2), 24–29. https://doi.org/10.1109/IOTM.003.2200001
[7] Wang, S., Xu, W., & Liu, Y. (2023). Res-TranBiLSTM: An intelligent approach for intrusion detection in the Internet of Things. Computer Networks, 235, 109982. https://doi.org/10.1016/j.comnet.2023.109982
[8] Fares, I. A., Abd Elaziz, M., Aseeri, A. O., Zied, H. S., & Abdellatif, A. G. (2025). TFKAN: Transformer based on Kolmogorov–Arnold networks for intrusion detection in IoT environment. Egyptian Informatics Journal, 30, 100666. https://doi.org/10.1016/j.eij.2025.100666
[9] Ragab, M., Basheri, M., Abdulkader, O. A., Alaidaros, H., Albogami, N. N., AL-Ghamdi, A. A.-M., Mousa, H., & Subahi, A. (2025). Artificial intelligence driven cyberattack detection system using integration of deep belief network with convolution network on industrial IoT. Alexandria Engineering Journal, 110, 438–450. https://doi.org/10.1016/j.aej.2024.10.009
[10] Olanrewaju-George, B., & Pranggono, B. (2025). Federated learning-based intrusion detection system for the internet of things using unsupervised and supervised deep learning models. Cybersecurity and Applications, 3, 100068. https://doi.org/10.1016/j.csa.2024.100068
[11] Chen, H., Wang, Z., Yang, S., Luo, X., He, D., & Chan, S. (2025). Intrusion detection using synaptic intelligent convolutional neural networks for dynamic Internet of Things environments. Alexandria Engineering Journal, 111, 78–91. https://doi.org/10.1016/j.aej.2024.10.014
[12] Wu, Z., Zhang, H., Wang, P., & Sun, Z. (2022). RTIDS: A robust transformer-based approach for intrusion detection system. IEEE Access, 10, 64375–64387. https://doi.org/10.1109/ACCESS.2022.3182333
[13] Sana, L., Nazir, M. M., Yang, J., Hussain, L., Chen, Y.-L., Ku, C. S., Alatiyyah, M., Alateyah, S. A., & Por, L. Y. (2024). Securing the IoT cyber environment: Enhancing intrusion anomaly detection with vision transformers. IEEE Access, 12, 82443–82468. https://doi.org/10.1109/ACCESS.2024.3404778
[14] Ferrag, M. A., Ndhlovu, M., Tihanyi, N., Cordeiro, L. C., Debbah, M., Lestable, T., & Thandi, N. S. (2024). Revolutionizing cyber threat detection with large language models: A privacy-preserving BERT-based lightweight model for IoT/IIoT devices. IEEE Access, 12, 23733–23750. https://doi.org/10.1109/ACCESS.2024.3363469
[15] Wang, Z. Q., & El Saddik, A. (2023). DTITD: An intelligent insider threat detection framework based on digital twin and self-attention based deep learning models. IEEE Access, 11, 114013–114030. https://doi.org/10.1109/ACCESS.2023.3324371
[16] Ullah, F., Ullah, S., Srivastava, G., & Lin, J. C.-W. (2024). IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic. Digital Communications and Networks, 10(1), 190–204. https://doi.org/10.1016/j.dcan.2023.03.008
[17] Ali, Z., Tiberti, W., Marotta, A., & Cassioli, D. (2024). Empowering network security: BERT transformer learning approach and MLP for intrusion detection in imbalanced network traffic. IEEE Access, 12, 137618–137633. https://doi.org/10.1109/ACCESS.2024.3465045
[18] Hnamte, V., & Hussain, J. (2023). DCNNBiLSTM: An efficient hybrid deep learning-based intrusion detection system. Telematics and Informatics Reports, 10, 100053. https://doi.org/10.1016/j.teler.2023.100053
[19] Alkhonaini, M. A., Eltahir, M. M., Alohali, M. A., Alanazi, M. H., Yafoz, A., Aljebreen, M., Alsini, R., & Khadidos, A. O. (2025). Sandpiper optimization with hybrid deep learning model for blockchain-assisted intrusion detection in IoT environment. Alexandria Engineering Journal, 112, 49–62. https://doi.org/10.1016/j.aej.2024.10.032
[20] Rajathi, C., & Rukmani, P. (2025). Hybrid learning model for intrusion detection system: A combination of parametric and non-parametric classifiers. Alexandria Engineering Journal, 112, 384–396. https://doi.org/10.1016/j.aej.2024.10.101
[21] Tsimenidis, S., Lagkas, T., & Rantos, K. (2022). Deep learning in IoT intrusion detection. Springer, 30(8), 1–40. https://doi.org/10.1007/s10922-021-09621-9
[22] Tran, M.-Q., Elsisi, M., Liu, M.-K., Vu, V. Q., Mahmoud, K., Darwish, M. M. F., Abdelaziz, A. Y., & Lehtonen, M. (2022). Reliable deep learning and IoT-based monitoring system for secure computer numerical control machines against cyber-attacks with experimental verification. IEEE Access, 10, 23186–23197. https://doi.org/10.1109/ACCESS.2022.3153471
[23] Abdalzaher, M. S., Fouda, M. M., Elsayed, H. A., & Salim, M. M. (2023). Toward secured IoT-based smart systems using machine learning. IEEE Access, 11, 20827–20841. https://doi.org/10.1109/ACCESS.2023.3250235
[24] Lopez, M. M., Shao, S., Hariri, S., & Salehi, S. (2023). Machine learning for intrusion detection: Stream classification guided by clustering for sustainable security in IoT. ACM, 691–696. https://doi.org/10.1145/3583781.3590271
[25] Hnamte, V., Nhung-Nguyen, H., Hussain, J., & Kim, Y. H. (2023). A novel two-stage deep learning model for network intrusion detection: LSTM-AE. IEEE Access, 11, 37131–37148. https://doi.org/10.1109/ACCESS.2023.3266979
[26] Du, J., Yang, K., Hu, Y., & Jiang, L. (2023). NIDS-CNNLSTM: Network intrusion detection classification model based on deep learning. IEEE Access, 11, 24808–24821. https://doi.org/10.1109/ACCESS.2023.3254915
[27] Yi, T., Chen, X., Zhu, Y., Ge, W., & Han, Z. (2023). Review on the application of deep learning in network attack detection. Journal of Network and Computer Applications, 212, 103580. https://doi.org/10.1016/j.jnca.2022.103580
[28] Kasongo, S. M. (2023). A deep learning technique for intrusion detection system using a recurrent neural networks based framework. Computer Communications, 199, 113–125. https://doi.org/10.1016/j.comcom.2022.12.010
[29] Abdelkhalek, A., & Mashaly, M. (2023). Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning. Springer, 79, 10611–10644. https://doi.org/10.1007/s11227-023-05073-x
[30] Hore, S., Ghadermazi, J., Shah, A., & Bastian, N. D. (2024). A sequential deep learning framework for a robust and resilient network intrusion detection system. Computers & Security, 144, 103928. https://doi.org/10.1016/j.cose.2024.103928
[31] Attkan, A., & Ranga, V. (2022). Cyber-physical security for IoT networks: A comprehensive review on traditional, blockchain and artificial intelligence. Springer, 8, 3559–3591. https://doi.org/10.1007/s40747-022-00667-z
[32] Markkandeyan, S., Ananth, A. D., Rajakumaran, M., Gokila, R. G., Venkatesan, R., & Lakshmi, B. (2025). Novel hybrid deep learning based cyber security threat detection model with optimization algorithm. Cybersecurity and Applications, 3, 100075. https://doi.org/10.1016/j.csa.2024.100075
[33] Gulzar, Q., & Mustafa, K. (2025). Enhancing network security in industrial IoT environments: A DeepCLG hybrid learning model for cyberattack detection. Springer, 1–20. https://doi.org/10.1007/s13042-025-02544-w
[34] Edozie, E., Shuaibu, A. N., Sadiq, B. O., & John, U. K. (2025). Artificial intelligence advances in anomaly detection for telecom networks. Springer, 58(100), 1–40. https://doi.org/10.1007/s10462-025-11108-x
[35] Gaggero, G. B., Girdinio, P., & Marchese, M. (2025). Artificial intelligence and physics-based anomaly detection in the smart grid: A survey. IEEE Access, 13, 23597–23606. https://doi.org/10.1109/ACCESS.2025.3537410
[36] Menon, V. U., Kumaravelu, V. B., Kumar, V., Rammohan, A., Chinnadurai, S., Venkatesan, R., Hai, H., & Selvaprabhu, P. (2025). AI-powered IoT: A survey on integrating artificial intelligence with IoT for enhanced security, efficiency, and smart applications. IEEE Access, 13, 50296–50339. https://doi.org/10.1109/ACCESS.2025.3551750
[37] Halgamuge, M. N., & Niyato, D. (2025). Adaptive edge security framework for dynamic IoT security policies in diverse environments. Computers & Security, 148, 104128. https://doi.org/10.1016/j.cose.2024.104128
[38] Kilincer, I. F. (2025). Explainable AI supported hybrid deep learning method for layer 2 intrusion detection. Egyptian Informatics Journal, 30, 100669. https://doi.org/10.1016/j.eij.2025.100669
[39] Dong, H., & Kotenko, I. (2025). Cybersecurity in the AI era: Analyzing the impact of machine learning on intrusion detection. Springer, 1–54. https://doi.org/10.1007/s10115-025-02366-w
[40] Alotaibi, M., Mengash, H. A., Yahya, A. E., Alqahtani, H., Alotaibi, S. R., Al-Sharafi, A. M., Khadidos, A. O., & Yafoz, A. (2025). Hybrid GWQBBA model for optimized classification of attacks in intrusion detection system. Alexandria Engineering Journal, 116, 9–19. https://doi.org/10.1016/j.aej.2024.12.057
[41] Alshamrani, M., Moustafa, N., & Tari, Z. (2020). TON_IoT telemetry datasets: A new generation of IoT and IIoT testbeds for AI-enabled cybersecurity. Future Generation Computer Systems, 115, 409–430. https://doi.org/10.1016/j.future.2020.09.011
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
