With the continuous expansion of data exchange, the threat of cybercrime and network invasions is also on the rise. This project aims to address these concerns by investigating an innovative approach: an Attentive Transformer Deep Learning Algorithm for Intrusion Detection of IoT Systems using Automatic Xplainable Feature Selection. The primary focus of this project is to develop an effective Intrusion Detection System (IDS) using the aforementioned algorithm. To accomplish this, carefully curated datasets have been utilized, which have been created through a meticulous process involving data extraction from the University of New Brunswick repository. This repository houses the datasets used in this research and can be accessed publically in order to replicate the findings of this research.

Intruder Detection Systems Market size is set to expand from $ 4.95 Billion in 2023 to $ 8.33 Billion by 2032, with an anticipated CAGR of around 5.3% from 2024 to 2032.

The Intrusion Detection System (IDS) Software market is experiencing robust growth, driven by the escalating need for robust cybersecurity solutions across diverse sectors. The market's expansion is fueled by factors such as increasing cyberattacks, the growing adoption of cloud-based infrastructure, and the stringent regulatory compliance requirements mandating enhanced security measures. The rising adoption of IoT devices and the expanding attack surface they create are also significant contributors to market growth. Furthermore, the increasing sophistication of cyber threats demands advanced IDS solutions capable of detecting and responding to a wider range of attacks, fostering market expansion. We estimate the 2025 market size to be approximately $15 billion, reflecting strong growth from previous years. Considering a conservative compound annual growth rate (CAGR) of 12% over the forecast period (2025-2033), the market is poised to reach a significant value by 2033. The market is segmented by deployment type (on-premises and cloud-based) and target user (large enterprises and SMEs). Cloud-based solutions are gaining traction due to their scalability, cost-effectiveness, and ease of management. Large enterprises dominate the market due to their higher budgets and greater vulnerability to sophisticated cyberattacks. However, the increasing cyber security awareness amongst SMEs is driving growth within this segment. Geographic analysis shows that North America and Europe currently hold significant market share, largely due to higher technological adoption rates and robust cybersecurity infrastructure. However, growth in Asia-Pacific and other regions is expected to accelerate driven by increasing digitalization and rising cyber threats in these areas. Restraints to market growth include the high cost of implementing and maintaining sophisticated IDS systems, along with the need for skilled professionals to manage these solutions effectively. However, the increasing frequency and severity of cyberattacks are likely to outweigh these limitations, further driving market expansion in the coming years.

The Intrusion Detection and Prevention System Market size is expected to reach a valuation of USD 9.06 billion in 2033 growing at a CAGR of 6.5%. The Intrusion Detection and Prevention System market research report classifies market by share, trend, demand, forecast and based on segmentation.

Security is the main challenge in Supervisory Control and Data Acquisition (SCADA) systems since SCADA systems must be connected to heterogeneous networks to save costs. SCADA devices such as RTUs have limited resources, so a small-scale cyber attack on a computer network will have a major impact on the SCADA system. This study discusses the SCADA system with the IEC 60870-5-104 protocol which is widely used in the power plant industry. A physical testbed is built to simulate the electrical distribution process. The SCADA system in the distribution section is more vulnerable than other parts because it is located directly in the community environment so that many holes can be entered by attackers. The purpose of this study is to obtain relevant datasets in the SCADA system. The simulation carried out in this study is a normal communication between the HMI and the RTU, then attacked to disrupt the communication. The attack activities carried out are port scan, brute force and DoS. DoS attacks carried out are ICMP flood, Syn flood, and IEC 104 flood. IEC 104 flood attack is a modified attack to attack RTU where RTU is flooded with an unknown typeid ASDU (Application Service Data Unit). Attacks are carried out using Kali Linux operating system. All scenarios are recorded and saved in pcap. To prove that there is attack data traffic on the IDS dataset Snort and Suricata are used to detect it. In this study, there are also intrusion detection performance results from Snort and Suricata

The global intrusion prevention detection system (IPDS) market is projected to reach a value of USD 22.8 billion by 2033, exhibiting a CAGR of 10.5% during the forecast period (2025-2033). The rising need for network and data protection against cyber threats is a primary driver of this growth. Key market players include Cisco, IBM, Check Point, and HP. The market is segmented based on type (network intrusion detection solution, host-based intrusion detection solution), application (finance, government, IT and telecom, health, utilities), and region (North America, South America, Europe, Middle East & Africa, Asia Pacific). The increasing adoption of cloud computing, virtualization, and IoT devices has created new avenues for cybercriminals to exploit vulnerabilities and compromise systems. This has led to a growing demand for IPDS solutions that can provide real-time protection against sophisticated attacks. Additionally, government regulations and industry standards mandating the implementation of intrusion detection systems are driving the adoption of IPDS in various sectors. However, factors such as the high cost of implementation, operational complexity, and the availability of alternative security solutions may restrain the market's growth to some extent.

Accuracy Analysis of Intrusion Detection System

Article Information

The work involved in developing the dataset and benchmarking its use of machine learning is set out in the article ‘IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things’. DOI: 10.1109/ACCESS.2024.3437214.

Please do cite the aforementioned article when using this dataset.

Abstract

The increasing importance of securing the Internet of Medical Things (IoMT) due to its vulnerabilities to cyber-attacks highlights the need for an effective intrusion detection system (IDS). In this study, our main objective was to develop a Machine Learning Model for the IoMT to enhance the security of medical devices and protect patients’ private data. To address this issue, we built a scenario that utilised the Internet of Things (IoT) and IoMT devices to simulate real-world attacks. We collected and cleaned data, pre-processed it, and provided it into our machine-learning model to detect intrusions in the network. Our results revealed significant improvements in all performance metrics, indicating robustness and reproducibility in real-world scenarios. This research has implications in the context of IoMT and cybersecurity, as it helps mitigate vulnerabilities and lowers the number of breaches occurring with the rapid growth of IoMT devices. The use of machine learning algorithms for intrusion detection systems is essential, and our study provides valuable insights and a road map for future research and the deployment of such systems in live environments. By implementing our findings, we can contribute to a safer and more secure IoMT ecosystem, safeguarding patient privacy and ensuring the integrity of medical data.

ZIP Folder Content

The ZIP folder comprises two main components: Captures and Datasets. Within the captures folder, we have included all the captures used in this project. These captures are organized into separate folders corresponding to the type of network analysis: BLE or IP-Based. Similarly, the datasets folder follows a similar organizational approach. It contains datasets categorized by type: BLE, IP-Based Packet, and IP-Based Flows.

To cater to diverse analytical needs, the datasets are provided in two formats: CSV (Comma-Separated Values) and pickle. The CSV format facilitates seamless integration with various data analysis tools, while the pickle format preserves the intricate structures and relationships within the dataset.

This organization enables researchers to easily locate and utilize the specific captures and datasets they require, based on their preferred network analysis type or dataset type. The availability of different formats further enhances the flexibility and usability of the provided data.

Datasets' Content

Within this dataset, three sub-datasets are available, namely BLE, IP-Based Packet, and IP-Based Flows. Below is a table of the features selected for each dataset and consequently used in the evaluation model within the provided work.

Identified Key Features Within Bluetooth Dataset

Feature	Meaning
btle.advertising_header	BLE Advertising Packet Header
btle.advertising_header.ch_sel	BLE Advertising Channel Selection Algorithm
btle.advertising_header.length	BLE Advertising Length
btle.advertising_header.pdu_type	BLE Advertising PDU Type
btle.advertising_header.randomized_rx	BLE Advertising Rx Address
btle.advertising_header.randomized_tx	BLE Advertising Tx Address
btle.advertising_header.rfu.1	Reserved For Future 1
btle.advertising_header.rfu.2	Reserved For Future 2
btle.advertising_header.rfu.3	Reserved For Future 3
btle.advertising_header.rfu.4	Reserved For Future 4
btle.control.instant	Instant Value Within a BLE Control Packet
btle.crc.incorrect	Incorrect CRC
btle.extended_advertising	Advertiser Data Information
btle.extended_advertising.did	Advertiser Data Identifier
btle.extended_advertising.sid	Advertiser Set Identifier
btle.length	BLE Length
frame.cap_len	Frame Length Stored Into the Capture File
frame.interface_id	Interface ID
frame.len	Frame Length Wire
nordic_ble.board_id	Board ID
nordic_ble.channel	Channel Index
nordic_ble.crcok	Indicates if CRC is Correct
nordic_ble.flags	Flags
nordic_ble.packet_counter	Packet Counter
nordic_ble.packet_time	Packet time (start to end)
nordic_ble.phy	PHY
nordic_ble.protover	Protocol Version

Identified Key Features Within IP-Based Packets Dataset

Feature	Meaning
http.content_length	Length of content in an HTTP response
http.request	HTTP request being made
http.response.code	Sequential number of an HTTP response
http.response_number	Sequential number of an HTTP response
http.time	Time taken for an HTTP transaction
tcp.analysis.initial_rtt	Initial round-trip time for TCP connection
tcp.connection.fin	TCP connection termination with a FIN flag
tcp.connection.syn	TCP connection initiation with SYN flag
tcp.connection.synack	TCP connection establishment with SYN-ACK flags
tcp.flags.cwr	Congestion Window Reduced flag in TCP
tcp.flags.ecn	Explicit Congestion Notification flag in TCP
tcp.flags.fin	FIN flag in TCP
tcp.flags.ns	Nonce Sum flag in TCP
tcp.flags.res	Reserved flags in TCP
tcp.flags.syn	SYN flag in TCP
tcp.flags.urg	Urgent flag in TCP
tcp.urgent_pointer	Pointer to urgent data in TCP
ip.frag_offset	Fragment offset in IP packets
eth.dst.ig	Ethernet destination is in the internal network group
eth.src.ig	Ethernet source is in the internal network group
eth.src.lg	Ethernet source is in the local network group
eth.src_not_group	Ethernet source is not in any network group
arp.isannouncement	Indicates if an ARP message is an announcement

Identified Key Features Within IP-Based Flows Dataset

Feature	Meaning
proto	Transport layer protocol of the connection
service	Identification of an application protocol
orig_bytes	Originator payload bytes
resp_bytes	Responder payload bytes
history	Connection state history
orig_pkts	Originator sent packets
resp_pkts	Responder sent packets
flow_duration	Length of the flow in seconds
fwd_pkts_tot	Forward packets total
bwd_pkts_tot	Backward packets total
fwd_data_pkts_tot	Forward data packets total
bwd_data_pkts_tot	Backward data packets total
fwd_pkts_per_sec	Forward packets per second
bwd_pkts_per_sec	Backward packets per second
flow_pkts_per_sec	Flow packets per second
fwd_header_size	Forward header bytes
bwd_header_size	Backward header bytes
fwd_pkts_payload	Forward payload bytes
bwd_pkts_payload	Backward payload bytes
flow_pkts_payload	Flow payload bytes
fwd_iat	Forward inter-arrival time
bwd_iat	Backward inter-arrival time
flow_iat	Flow inter-arrival time
active	Flow active duration

According to Cognitive Market Research, the global Perimeter Intrusion Detection Systems market size is USD 25.1 billion in 2024 and will expand at a compound annual growth rate (CAGR) of 15.2% from 2024 to 2031. Market Dynamics of Perimeter Intrusion Detection Systems Market

Key Drivers for Perimeter Intrusion Detection Systems Market

The proliferation of smart city infrastructures- In addition to providing real-time feedback to identify the need for maintenance, smart buildings can also provide space management or structural health monitoring. Furthermore, the market growth is being driven by the following factors: growing sophistication in cross-border infiltration, digitalization, volatile geopolitics, an increase in the number of unlawful intrusions, and a greater emphasis on perimeter protection by the government. Additionally, the market is being driven by the rising population, the development of digital infrastructures globalization, economic growth, rapid urbanization, the demand for efficient resource utilization management, public safety concerns, and the emerging demand for a society with efficient energy utilization. Furthermore, market expansion is anticipated to be spurred by the increasing prevalence of nanotechnology, big data analytics, artificial intelligence (A.I.), Internet of Things (IoT), machine learning (ML), cloud computing, cognitive computing, and open data.
Rising number of security System video surveillance installations is anticipated to drive the Perimeter Intrusion Detection Systems market's expansion in the years ahead.

Key Restraints for Perimeter Intrusion Detection Systems Market

The incorporation of new technologies into existing systems may poses a serious threat to the Perimeter Intrusion Detection Systems industry.
The market also faces significant difficulties related to installation and maintenance are expensive for SMEs.

Introduction of the Perimeter Intrusion Detection Systems Market

A perimeter intrusion detection system (PIDS) is employed to identify, monitor, and trace an unauthorized physical intruder who is attempting to infiltrate a secured area. It consists of active infrared or microwave systems, cables, and sensors that are either embedded underground or mounted on a fence. Additionally, it features audio alarm verification, which enables operators to respond promptly and effectively. Furthermore, it assists in the analysis of threats, the management of risks, the protection of assets, critical infrastructure, and borders, and the assurance of personnel safety. In recent years, a multi-layered approach has garnered traction, which employs a combination of video analytics to characterize intruders and ground-based sensors to detect potential intrusions. As a result, PDIS is extensively employed in a variety of locations, including military bases, government agencies, critical infrastructure, correctional institutions, petrochemical sites, airports, and storage yards, on a global scale.

DATASET

This dataset is part of the research work titled "A dataset to train intrusion detection systems based on machine learning models for electrical substations". The dataset has been meticulously curated to support the development and evaluation of machine learning models tailored for detecting cyber intrusions in the context of electrical substations. It is intended to facilitate research and advancements in cybersecurity for critical infrastructure, specifically focusing on real-world scenarios within electrical substation environments. We encourage its use for experimentation and benchmarking in related areas of study.

The following sections list the content of the dataset generated.

Data

raw

iec6180

attack-free-data

capture61850-attackfree.pcap (from real substation)

capture61850-attackfree_PTP.pcap

capture61850-attackfree_normalfault.pcap

attack-data

capture61850-floodattack_withfault.pcap

capture61850-floodattack_withoutfault.pcap

capture61850-fuzzyattack_withfault.pcap

capture61850-fuzzyattack_withoutfault.pcap

capture61850-replay.pcap

capture61850-ptpattack.pcap

iec104

attack-free-data

capture104-attackfree.pcap (from real substation)

attack-data

capture104-dosattack.pcap

capture104-floodattack.pcap

capture104-fuzzyattack.pcap

capture104-iec104starvationattack.pcap

capture104-mitmattack.pcap

capture104-ntpddosattack.pcap

capture104-portscanattack.pcap

processed

iec6180

attack-free-data

capture61850-attackfree.csv

capture61850-attackfree_PTP.csv

capture61850-attackfree_normalfault.csv

attack-data

capture61850-floodattack_withfault.csv

capture61850-floodattack_withoutfault.csv

capture61850-fuzzyattack_withfault.csv

capture61850-fuzzyattack_withoutfault.csv

capture61850-replay.csv

capture61850-ptpattack.csv

headers_iec61850[all].txt

iec104

attack-free-data

capture104-attackfree.csv

attack-data

capture104-dosattack.csv

capture104-floodattack.csv

capture104-fuzzyattack.csv

capture104-iec104starvationattack.csv

capture104-mitmattack.csv

capture104-ntpddosattack.csv

capture104-portscanattack.csv

headers_iec104[all].txt

Description

file type: it may be captured61850 or captured104 depending on whether it contains network captures of the protocol IEC61850 or IEC104.

attack: attack free (attackfree) or attack name is added to the file name.

function: optionally, if there are some details about functionality captured (normalfault) or specific protocol capture (PTP).

file extension: the type can be PCAP (network capture) or CSV (flow file).

Results

results

test1-iec104

model-test1-iec104.pkl

test1-iec104.log

test1-iec61850

model-test1-iec61850.pkl

test1-iec61850.log

test2-iec61850

model-test2-iec61850.pkl

test2-iec61850.log

Description

The outcomes of different test executions are available as follows:

test1-iec104: IEC 104 protocol for all attacks and attack free scenario

test1-iec61850: IEC 61850 protocol for fuzzy attack with fault injection and attack free scenario

test2-iec61850: IEC 61850 protocol for fuzzy attack normal operation and attack free scenario

Each test consists of the model results in Python pickle format (with a .pkl extension) and a detailed description of the execution conditions in an output log file (with a .log extension).

Source Code

Tools to process network captures from IEC61850 and IEC104 can be found at github repository.

The dataset has been introduced by the below-mentioned researches: E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, A. A. Ghorbani. "CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment," Sensor (2023) – (submitted to Journal of Sensors). The present data contains different kinds of IoT intrusions. The categories of the IoT intrusions enlisted in the data are as follows: DDoS Brute Force Spoofing DoS Recon Web-based Mirai

There are several subcategories are present in the data for each kind of intrusion types in the IoT. The dataset contains 1191264 instances of network for intrusions and 47 features of each of the intrusions. The dataset can be used to prepare the predictive model through which different kind of intrusive attacks can be detected. The data is also suitable for designing the IDS system.

Although ubiquitous in modern vehicles, Controller Area Networks (CANs) lack basic security properties and are easily exploitable. A rapidly growing field of CAN security research has emerged that seeks to detect intrusions or anomalies on CANs. Producing vehicular CAN data with a variety of intrusions is a difficult task for most researchers as it requires expensive assets and deep expertise. To illuminate this task, we introduce the first comprehensive guide to the existing open CAN intrusion detection system (IDS) datasets. We categorize attacks on CANs including fabrication (adding frames, e.g., flooding or targeting and ID), suspension (removing an ID’s frames), and masquerade attacks (spoofed frames sent in lieu of suspended ones). We provide a quality analysis of each dataset; an enumeration of each datasets’ attacks, benefits, and drawbacks; categorization as real vs. simulated CAN data and real vs. simulated attacks; whether the data is raw CAN data or signal-translated; number of vehicles/CANs; quantity in terms of time; and finally a suggested use case of each dataset. State-of-the-art public CAN IDS datasets are limited to real fabrication (simple message injection) attacks and simulated attacks often in synthetic data, lacking fidelity. In general, the physical effects of attacks on the vehicle are not verified in the available datasets. Only one dataset provides signal-translated data but is missing a corresponding “raw” binary version. This issue pigeon-holes CAN IDS research into testing on limited and often inappropriate data (usually with attacks that are too easily detectable to truly test the method). The scarcity of appropriate data has stymied comparability and reproducibility of results for researchers. As our primary contribution, we present the Real ORNL Automotive Dynamometer (ROAD) CAN IDS dataset, consisting of over 3.5 hours of one vehicle’s CAN data. ROAD contains ambient data recorded during a diverse set of activities, and attacks of increasing stealth with multiple variants and instances of real (i.e. non-simulated) fuzzing, fabrication, unique advanced attacks, and simulated masquerade attacks. To facilitate a benchmark for CAN IDS methods that require signal-translated inputs, we also provide the signal time series format for many of the CAN captures. Our contributions aim to facilitate appropriate benchmarking and needed comparability in the CAN IDS research field.

The global intrusion detection & protection system market has been valued at US$ 6.8 billion in 2024, as revealed in the updated Fact.MR research report. Market revenue has been forecasted to increase at a CAGR of 11% and reach US$ 19.2 billion by the end of 2034.

Report Attribute	Detail
Intrusion Detection & Protection System Market Size (2024E)	US$ 6.8 Billion
Forecasted Market Value (2034F)	US$ 19.2 Billion
Global Market Growth Rate (2024 to 2034)	11% CAGR
Japan Market Growth Rate (2024 to 2034)	12.5% CAGR
Market Share of BFSI Sector (2034F)	25%
North America Market Share (2034F)	24.6%
Key Companies Profiled	CheckPoint Security Software Market; IBM; Trustwave; Cisco Systems; SourceFire; Juniper Networks Inc.; Symantec Corporation; McAfee; Palo Alto Networks; Trend Micro; Fortinet; TippingPoint.

Country-wise Insights

Attribute	United States
Market Value (2024E)	US$ 769 Million
Growth Rate (2024 to 2034)	10.9% CAGR
Projected Value (2034F)	US$ 2.2 Billion

Attribute	China
Market Value (2024E)	US$ 762 Million
Growth Rate (2024 to 2034)	12% CAGR
Projected Value (2034F)	US$ 2.4 Billion

Attribute	Japan
Market Value (2024E)	US$ 450 Million
Growth Rate (2024 to 2034)	12.5% CAGR
Projected Value (2034F)	US$ 1.5 Billion

Category-wise Insights

Attribute	Small & Medium Enterprises
Segment Value (2024E)	US$ 4.9 Billion
Growth Rate (2024 to 2034)	10.4% CAGR
Projected Value (2034F)	US$ 13.1 Billion

Attribute	BFSI
Segment Value (2024E)	US$ 1.9 Billion
Growth Rate (2024 to 2034)	9.7% CAGR
Projected Value (2034F)	US$ 4.8 Billion

Stay updated with Market Research Intellect's Physical Intrusion Detection And Prevention Systems Market Report, valued at USD 5.98 billion in 2024, projected to reach USD 10.23 billion by 2033 with a CAGR of 7.4% (2026-2033).

The Perimeter Intrusion Detection System Market size is expected to reach a valuation of USD 44.67 billion in 2033 growing at a CAGR of 8.50%. The Perimeter Intrusion Detection System Market research report classifies market by share, trend, demand, forecast and based on segmentation.

Perimeter Intrusion Detection Systems Market valued at $13.26 B in 2023, and is projected to $USD 44.08 B by 2032, at a CAGR of 14.28% from 2023 to 2032.

Learn more about Market Research Intellect's Intrusion Detection SystemIntrusion Prevention System (IDSIPS) Market Report, valued at USD 4.5 billion in 2024, and set to grow to USD 9.2 billion by 2033 with a CAGR of 8.9% (2026-2033).

Dive into Market Research Intellect's Intrusion Detection Systems Market Report, valued at USD 5.5 billion in 2024, and forecast to reach USD 9.2 billion by 2033, growing at a CAGR of 7.3% from 2026 to 2033.

The global intrusion detection system (IDS) software market size was valued at USD 12.2 billion in 2022 and is expected to expand at a compound annual growth rate (CAGR) of 13.3% from 2023 to 2030. The rising number of cyber-attacks, increasing adoption of cloud-based services, and stringent government regulations are driving the market growth. Key factors driving the market growth include the increasing sophistication of cyber threats, the growing adoption of cloud computing, and the increasing demand for real-time threat detection and response. The market is also expected to benefit from the growing adoption of artificial intelligence (AI) and machine learning (ML) in IDS software, which can help to improve the accuracy and efficiency of threat detection. Additionally, the market is expected to be driven by the increasing demand for IDS software from small and medium-sized businesses (SMBs).

Global Perimeter Intrusion Detection System market size is expected to reach $44.98 billion by 2029 at 18.3%, segmented as by hardware, intrusion detection sensors, access control systems, surveillance cameras, fencing and barriers, alarm systems