The proliferation of IoT technologies in the maritime sector has revolutionized Maritime Transportation Systems (MTS), enabling seamless communication between smart maritime objects and associated infrastructure. However, this interconnectedness exposes MTS to cyber threats, underscoring the need for advanced security measures. Traditional CTI-based solutions often suffer from low detection rates and high false alarms, highlighting the necessity for innovative approaches. The primary objective of this paper is to develop an automated framework, DLTIF, to enhance the security of IoT-enabled MTS. DLTIF aims to address the limitations of existing CTI-based solutions by employing deep learning techniques for threat detection and identification. Specifically, the framework focuses on improving detection accuracy, reducing false alarms, and providing early warning of cyber threats. The proposed DLTIF framework demonstrates promising results, achieving up to 99% accuracy in threat detection. Through rigorous evaluation and comparison with traditional and state-of-the-art approaches, DLTIF consistently outperforms existing methods, highlighting its effectiveness in enhancing the security posture of IoT-enabled MTS. And also added CNN and ensemble methods, like CNN+LSTMand Stacking Classifier(RF+MLP+LGBM), are incorporated for boosting accuracy and robustness. Stacking Classifier\'s impressive 100% accuracy validates ensemble approaches. Additionally, a Flask-based interface streamlines user testing, with built-in authentication ensuring security and access control. This broadens project capabilities with advanced modeling techniques and user-friendly implementation.
Introduction
This work focuses on improving cybersecurity for IoT-enabled Maritime Transportation Systems (MTS), where the growing use of low-cost IoT sensors across ships, ports, and infrastructure has greatly increased efficiency but also introduced serious cyber and physical security risks.
Traditional security tools (firewalls, signature-based intrusion detection systems) are no longer sufficient because they struggle with zero-day attacks, dynamic threats, and large-scale heterogeneous IoT data. Existing machine learning approaches also suffer from low accuracy, high false alarms, and poor adaptability, while manual Cyber Threat Intelligence (CTI) collection is slow and inefficient.
To address these challenges, the study proposes a Deep Learning-driven Cyber Threat Intelligence framework (DLTIF) for maritime IoT networks. The system includes:
Deep Feature Extraction (DFE) to automatically learn hidden patterns from raw network data
CTI-driven Detection (CTIDD) to identify whether traffic is normal or malicious
CTI Attack Type Identification (CTIATI) to classify the exact type of cyber threat for faster response
The framework uses advanced models such as CNN, LSTM, BiGRU, ensemble learning (stacking classifier), and variational autoencoders, combined with traditional ML methods for comparison. A Flask-based interface is also developed for practical testing and user interaction.
Experiments on the NF-ToN-IoT dataset show strong performance, with:
High precision, recall, F1-score (87–100%)
Near-zero false alarm rate
Up to 99% accuracy using stacking ensemble models
Conclusion
The project strategically combines algorithms like LSTM-VAE and DFE-ANN for robust intrusion detection, leveraging LSTM [33] for temporal dependencies and DFE-ANN for efficient feature extraction in IoT-enabled Maritime Transportation Systems. Comprehensive metrics, including accuracy, precision, recall, and F1-score, provide a thorough assessment of model performance, ensuring a balanced understanding of binary and multi-class classification scenarios. Tailored for Maritime Transportation Systems, the project addresses the unique challenges posed by the dynamic and distributed nature of threats, enhancing security in both physical and cyber domains. The other algorithm, particularly the Stacking Classifier, demonstrates exceptional performance with a 99% accuracy rate. This accuracy was verified through rigorous testing, including the simulation of various threat scenarios with input feature values in the front-end interface. Beyond model efficacy, the project prioritizes user interaction, employing a Flask framework with SQLite for signup and signin. This user-friendly interface enhances accessibility, making the intrusion detection system practical and user-driven.
References
[1] K. Tange, M. De Donno, X. Fafoutis, and N. Dragoni, “A systematic survey of industrial Internet of Things security: Requirements and fog computing opportunities,” IEEE Commun. Surveys Tuts., vol. 22, no. 4, pp. 2489–2520, 4th Quart., 2020.
[2] P. Kumar, G. P. Gupta, and R. Tripathi, “Design of anomaly-based intrusion detection system using fog computing for IoT network,” Autom. Control Comput. Sci., vol. 55, no. 2, pp. 137–147, Mar. 2021.
[3] S. Aslam, M. P. Michaelides, and H. Herodotou, “Internet of ships: A survey on architectures, emerging applications, and challenges,” IEEE Internet Things J., vol. 7, no. 10, pp. 9714–9727, Oct. 2020.
[4] N. Moustafa, E. Adi, B. Turnbull, and J. Hu, “A new threat intelligence scheme for safeguarding industry 4.0 systems,” IEEE Access, vol. 6, pp. 32910–32924, 2018.
[5] T. Xia, M. M. Wang, J. Zhang, and L. Wang, “Maritime Internet of Things: Challenges and solutions,” IEEE Wireless Commun., vol. 27, no. 2, pp. 188–196, Apr. 2020.
[6] M. Sadiq et al., “Future greener seaports: A review of new infrastructure, challenges, and energy efficiency measures,” IEEE Access, vol. 9, pp. 75568–75587, 2021.
[7] R. Kumar, P. Kumar, R. Tripathi, G. P. Gupta, and N. Kumar, “P2SFIoV: A privacy-preservation-based secured framework for Internet of vehicles,” IEEE Trans. Intell. Transp. Syst., early access, Aug. 11, 2021, doi: 10.1109/TITS.2021.3102581.
[8] S. U. Rehman et al., “DIDDOS: An approach for detection and identification of distributed denial of service (DDoS) cyberattacks using gated recurrent units (GRU),” Future Gener. Comput. Syst., vol. 118, pp. 453–466, May 2021.
[9] T. Qiu, Z. Zhao, T. Zhang, C. Chen, and C. L. P. Chen, “Underwater Internet of Things in smart ocean: System architecture and open issues,” IEEE Trans. Ind. Informat., vol. 16, no. 7, pp. 4297–4307, Jul. 2020.
[10] M. Shafiq, Z. Tian, A. K. Bashir, X. Du, and M. Guizani, “IoT malicious traffic identification using wrapper-based feature selection mechanisms,” Comput. Secur., vol. 94, Jul. 2020, Art. no. 101863.
[11] R. M. A. Ujjan, Z. Pervez, K. Dahal, A. K. Bashir, R. Mumtaz, and J. González, “Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN,” Future Gener. Comput. Syst., vol. 111, pp. 763–779, Oct. 2020.
[12] M. K. Kagita, N. Thilakarathne, T. R. Gadekallu, P. K. R. Maddikunta, and S. Singh, “A review on cyber crimes on the Internet of Things,” 2020, arXiv:2009.05708. [Online]. Available: http://arxiv.org/abs/2009.05708
[13] P. Kumar, G. P. Gupta, and R. Tripathi, “TP2SF: A trustworthy privacypreserving secured framework for sustainable smart cities by leveraging blockchain and machine learning,” J. Syst. Archit., vol. 115, May 2021, Art. no. 101954.
[14] T. Yang, J. Chen, and N. Zhang, “AI-empowered maritime Internet of Things: A parallel-network-driven approach,” IEEE Netw., vol. 34, no. 5, pp. 54–59, Sep. 2020.
[15] V. Sharma, T. G. Tan, S. Singh, and P. K. Sharma, “Optimal and privacy-aware resource management in AIoT using osmotic computing,” IEEE Trans. Ind. Informat., early access, Aug. 6, 2021, doi: 10.1109/TII.2021.3102471.
[16] P. Kumar, G. P. Gupta, and R. Tripathi, “Toward design of an intelligent cyber attack detection system using hybrid feature reduced approach for IoT networks,” Arabian J. Sci. Eng., vol. 46, no. 4, pp. 3749–3778, Apr. 2021.
[17] M. Al-Hawawreh, N. Moustafa, S. Garg, and M. S. Hossain, “Deep learning-enabled threat intelligence scheme in the Internet of Things networks,” IEEE Trans. Netw. Sci. Eng., early access, Oct. 20, 2020, doi: 10.1109/TNSE.2020.3032415.
[18] R. Kumar, P. Kumar, R. Tripathi, G. P. Gupta, N. Kumar, and M. M. Hassan, “A privacy-preserving-based secure framework using blockchain-enabled deep-learning in cooperative intelligent transport system,” IEEE Trans. Intell. Transp. Syst., early access, Aug. 3, 2021, doi: 10.1109/TITS.2021.3098636.
[19] I. Deliu, C. Leichter, and K. Franke, “Collecting cyber threat intelligence from hacker forums via a two-stage, hybrid process using support vector machines and latent Dirichlet allocation,” in Proc. IEEE Int. Conf. Big Data (Big Data), Dec. 2018, pp. 5008–5013.
[20] S. Samtani, M. Abate, V. Benjamin, and W. Li, “Cybersecurity as an industry: A cyber threat intelligence perspective,” in The Palgrave Handbook of International Cybercrime and Cyberdeviance. Cham, Switzerland: Springer, 2020, pp. 135–154.
[21] I. Deliu, C. Leichter, and K. Franke, “Extracting cyber threat intelligence from hacker forums: Support vector machines versus convolutional neural networks,” in Proc. IEEE Int. Conf. Big Data (Big Data), Dec. 2017, pp. 3648–3656.
[22] Y. Zhou and P. Wang, “An ensemble learning approach for XSS attack detection with domain knowledge and threat intelligence,” Comput. Secur., vol. 82, pp. 261–269, May 2019.
[23] Y. Ghazi, Z. Anwar, R. Mumtaz, S. Saleem, and A. Tahir, “A supervised machine learning based approach for automatically extracting highlevel threat intelligence from unstructured sources,” in Proc. Int. Conf. Frontiers Inf. Technol. (FIT), Dec. 2018, pp. 129–134.
[24] U. Noor, Z. Anwar, A. W. Malik, S. Khan, and S. Saleem, “A machine learning framework for investigating data breaches based on semantic analysis of adversary’s attack patterns in threat intelligence repositories,” Future Gener. Comput. Syst., vol. 95, pp. 467–487, Jun. 2019.
[25] P. Kumar et al., “PPSF: A privacy-preserving and secure framework using blockchain-based machine-learning for IoT-driven smart cities,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 3, pp. 2326–2341, Jul. 2021.
[26] M. Ebrahimi, J. F. Nunamaker, and H. Chen, “Semi-supervised cyber threat identification in dark net markets: A transductive and deep learning approach,” J. Manage. Inf. Syst., vol. 37, no. 3, pp. 694–722, Jul. 2020.
[27] M. Kadoguchi, S. Hayashi, M. Hashimoto, and A. Otsuka, “Exploring the dark web for cyber threat intelligence using machine leaning,” in Proc. IEEE Int. Conf. Intell. Secur. Informat. (ISI), Jul. 2019, pp. 200–202.
[28] A. Piplai, S. Mittal, M. Abdelsalam, M. Gupta, A. Joshi, and T. Finin, “Knowledge enrichment by fusing representations for malware threat intelligence and behavior,” in Proc. IEEE Int. Conf. Intell. Secur. Informat. (ISI), Nov. 2020, pp. 1–6.
[29] G. Husari, X. Niu, B. Chu, and E. Al-Shaer, “Using entropy and mutual information to extract threat actions from cyber threat intelligence,” in Proc. IEEE Int. Conf. Intell. Secur. Informat. (ISI), Nov. 2018, pp. 1–6.
[30] Q. Li et al., “A highly efficient vehicle taillight detection approach based on deep learning,” IEEE Trans. Intell. Transp. Syst., vol. 22, no. 7, pp. 4716–4726, Jul. 2021.
[31] Y. Gao, X. Li, H. Peng, B. Fang, and P. Yu, “HinCTI: A cyber threat intelligence modeling and identification system based on heterogeneous information network,” IEEE Trans. Knowl. Data Eng., early access, Apr. 20, 2020, doi: 10.1109/TKDE.2020.2987019.
[32] P. Kumar, G. P. Gupta, and R. Tripathi, “An ensemble learning and fogcloud architecture-driven cyber-attack detection framework for IoMT networks,” Comput. Commun., vol. 166, pp. 110–124, Jan. 2021.
[33] R. Kumar, P. Kumar, R. Tripathi, G. P. Gupta, T. R. Gadekallu, and G. Srivastava, “SP2F: A secured privacy-preserving framework for smart agricultural unmanned aerial vehicles,” Comput. Netw., vol. 187, Mar. 2021, Art. no. 107819.
[34] S. Zavrak and M. Iskefiyeli, “Anomaly-based intrusion detection from network flow features using variational autoencoder,” IEEE Access, vol. 8, pp. 108346–108358, 2020.
[35] Y. Deng, L. Wang, H. Jia, X. Tong, and F. Li, “A sequence-tosequence deep learning architecture based on bidirectional GRU for type recognition and time location of combined power quality disturbance,” IEEE Trans. Ind. Informat., vol. 15, no. 8, pp. 4481–4493, Aug. 2019.
[36] S. Bhattacharya et al., “A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU,” Electronics, vol. 9, no. 2, p. 219, Jan. 2020.
[37] P. Kumar, G. P. Gupta, and R. Tripathi, “A distributed ensemble design based intrusion detection system using Fog computing to protect the Internet of Things networks,” J. Ambient Intell. Humanized Comput., vol. 12, pp. 9555–9572, Nov. 2020.
[38] N. Moustafa. (2019). Ton IoT Datasets. Accessed: Feb. 10, 2020. [Online]. Available: http://dx.doi.org/10.21227/fesz-dm97
[39] P. Kumar, R. Tripathi, and G. P. Gupta, “P2IDF: A privacy-preserving based intrusion detection framework for software defined Internet of Things-fog (SDIoT-Fog),” in Proc. Int. Conf. Distrib. Comput. Netw. New York, NY, USA: Association for Computing Machinery, 2021, pp. 37–42, doi: 10.1145/3427477.3429989.