Nethma Kalpani · Nureka Rodrigo · Dilmi Seneviratne · Subhash Ariyadasa · Janaka Senanayake
Iran Journal of Computer Science
Traditional Network Intrusion Detection Systems (NIDS) face significant challenges in identifying novel cyberattacks, primarily due to the inherent limitations of signature-based and anomaly-based detection methods. This study proposes an innovative Ensemble Learning (EL) framework that integrates Deep Learning (DL) and Reinforcement Learning (RL) to enhance the capabilities of NIDS. The framework utilizes DL models, specifically convolutional neural networks (CNNs), for effective pattern recognition in network traffic, while incorporating RL agents, particularly Deep Q-Networks (DQNs), to facilitate adaptive threat detection. A key contribution of this work is the implementation of a stacking ensemble technique employing a metaclassifier to combine the outputs of the DL and RL models, thereby improving detection accuracy and reducing false-positive rates. The framework is evaluated using the CIC-IDS2017 and CSE-CIC-IDS2018 datasets. Experimental results show that the EL-based NIDS outperforms individual DL and RL models, achieving an F1 score of 0.95, a notable improvement over baseline approaches. This research presents a practical solution to develop resilient NIDS capable of adapting to emerging cyber threats, thereby strengthening network security and mitigating the impact of cybercrime.
Nethma Kalpani · Nureka Rodrigo
Journal of Reliable Intelligent Environments
The convergence of cyber-physical systems, the Industrial Internet of Things (IIoT), and edge computing in Industry 4.0 has dramatically expanded the attack surfaces of industrial networks, making traditional intrusion detection systems (IDS) increasingly inadequate. While artificial intelligence (AI) and machine learning (ML) offer promising solutions, existing surveys often lack a specific focus on Industry 4.0 and a critical evaluation of the deployment feasibility. This systematic literature review (SLR) addresses these gaps through a PRISMA-guided analysis of AI-driven IDS research published between 2020 and 2025. From more than 8,000 studies, 22 high-quality papers were selected for detailed evaluation, revealing a pronounced shift towards edge-enabled detection architectures, hybrid AI models balancing accuracy and interpretability, and the integration of explainable AI (XAI) to strengthen operator trust. Key challenges persist, including reliance on synthetic datasets, limited validation in operational environments, computational demands unsuitable for resource-constrained edge devices, and integration issues with legacy operational technology (OT). The review's contributions include a unified taxonomy mapping AI techniques to Industry 4.0 threats, a comparative analysis highlighting emerging trends such as federated learning and digital twins, and a research roadmap that emphasises lightweight models, realistic industrial datasets, and proactive autonomous response mechanisms. This SLR bridges the gap between academic innovation and practical deployment, supporting secure, intelligent manufacturing ecosystems.
Nethma Kalpani · Nureka Rodrigo · Dilmi Seneviratne · Subhash Ariyadasa · Janaka Senanayake
Iran Journal of Computer Science
This study investigates the effectiveness of Ensemble Learning (EL) techniques by integrating reproducible Deep Learning (DL) and Reinforcement Learning (RL) models to enhance network intrusion detection. Through a systematic review of the literature, the most effective DL and RL models from 2020 to 2024 were identified based on their F1 scores and reproducibility, focusing on recent advancements in network intrusion detection. A structured normalisation and evaluation process allowed for an objective comparison of model performances. The best performing DL and RL models were subsequently integrated using a stacking ensemble technique, chosen for its ability to combine the complementary strengths of the DL and RL models. Experimental validation in a benchmark dataset confirmed the high accuracy and robust detection capabilities of the model, outperforming the individual DL and RL models to detect network intrusions in multiple classes. This research demonstrates the potential of ensemble methods for advancing Intrusion Detection Systems (IDSs), offering a scalable and effective solution for dynamic cybersecurity environments.
Nethma Kalpani · Nureka Rodrigo · Dilmi Seneviratne · Subhash Ariyadasa · Janaka Senanayake
2025 International Research Conference on Smart Computing and Systems Engineering (SCSE)
This study investigates the effectiveness of Ensemble Learning (EL) techniques by integrating reproducible Deep Learning (DL) and Reinforcement Learning (RL) models to enhance network intrusion detection. Through a systematic review of the literature, the most effective DL and RL models from 2020 to 2024 were identified based on their F1 scores and reproducibility, focusing on recent advancements in network intrusion detection. A structured normalisation and evaluation process allowed for an objective comparison of model performances. The best performing DL and RL models were subsequently integrated using a stacking ensemble technique, chosen for its ability to combine the complementary strengths of the DL and RL models. Experimental validation in a benchmark dataset confirmed the high accuracy and robust detection capabilities of the model, outperforming the individual DL and RL models to detect network intrusions in multiple classes. This research demonstrates the potential of ensemble methods for advancing Intrusion Detection Systems (IDSs), offering a scalable and effective solution for dynamic cybersecurity environments.
Nethma Kalpani · Nureka Rodrigo
14th Annual International Research Conference (AiRC2025)
Modern intrusion detection systems (IDS) are increasingly challenged by the complexity of contemporary cyberattacks, which often unfold in multiple stages and leverage relationships between various network entities. Traditional IDS approaches, which rely on flat, tabular data representations, struggle to capture the behavioural context and temporal sequences vital for detecting such sophisticated threats. This limitation persists even when using rich public datasets like CSE-CIC-IDS2018, CIC-IDS2017, and CIC-DDoS2019, as existing tools typically convert these datasets into basic graph structures without modelling the nuanced interactions or attack progressions that occur over time. To address this critical gap, our research introduces a behaviour-aware graph modelling framework for intrusion detection, utilising Neo4j to transform IDS data into semantically enriched property graphs. Our methodology captures not only static connections between entities such as IP addresses, ports, and protocols, but also behavioural features within graph relationships. By developing custom Cypher queries and behaviour-driven graph traversal techniques, the system enables the identification of complex, multi-stage attack patterns that are often missed by conventional detection methods. An interactive web interface further enhances analyst engagement, supporting intuitive visualisation and exploration of attack pathways. This approach significantly advances the state of intrusion detection by improving both detection accuracy and interpretability, while offering a modular and extensible schema that can be adapted to additional datasets and real-time monitoring. Ultimately, our work bridges the gap between raw network logs and actionable behavioural analysis, providing a scalable and explainable solution that empowers analysts to understand, trace, and respond to advanced cyber threats as they evolve.
Nethma Kalpani · Nureka Rodrigo
14th Annual International Research Conference (AiRC2025)
The rapid digital transformation associated with Industry 4.0 has fundamentally reshaped industrial operations by integrating cyber-physical systems, the Industrial Internet of Things (IIoT), and edge computing, thereby enhancing efficiency while simultaneously introducing unprecedented cybersecurity challenges. This systematic literature review aims to provide a comprehensive synthesis of recent advances in artificial intelligence (AI) driven intrusion detection systems (IDS) specifically tailored for Industry 4.0 environments. The primary objective is to identify and critically evaluate state of the art AI-based IDS approaches, assess their effectiveness in addressing the unique security demands of interconnected industrial systems, and highlight prevailing gaps and future research directions. Employing the PRISMA methodology, the study systematically filtered an initial corpus of over 8,000 records to 22 high-quality articles published between 2020 and 2025, ensuring rigour and transparency. The analysis reveals key trends, including the increasing adoption of edge-enabled detection methods, the integration of explainable AI (XAI) to enhance trust and transparency, and the implementation of privacy-preserving techniques such as federated learning. Despite these advancements, the review identifies persistent challenges, notably the reliance on synthetic or outdated datasets, resource constraints at the edge, and limited validation in real-world industrial settings, all of which impede the practical deployment of current solutions. The findings offer a holistic perspective on the strengths and limitations of contemporary AI-driven IDS, providing actionable insights for researchers and practitioners striving to develop robust, adaptive, and scalable security frameworks for modern industrial networks. In conclusion, this review not only maps the current landscape of AI-based intrusion detection in Industry 4.0 but also outlines critical challenges and future directions. This serves as a valuable resource to guide the development of next-generation IDS capable of meeting the stringent demands of industrial cybersecurity.