Adaptive Mobile NIDS: A Hybrid Framework Combining

Signature and Anomaly Detection with Advanced AI for

Dynamic Threat Landscapes

Sandile A Mthiyane 224004476

2 S A Mthiyane 224004476

Introduction

The increasing connectivity and mobile device usage, network security has become a
critical concern for government, organisations and individuals in this 4 th Industrial Evo-
lution [2]. The ubiquity of mobile device such as laptops and smart mobile devices has
increased and created new vulnerabilities in network infrastructures. This on its own
making these devices targets for cybercriminals. Traditional approaches of Network
intrusion Detection Systems face significant challenges when applied to mobile envi-
ronments, yet they play a significant role in identifying and mitigating some if not most
of these threats [1].

There is a significantly amount of network intrusions that take up different form these
may include malicious ware infections, denial-of-service attacks and data breaches that
also occur in their own unique ways [3]. Each and every one of these intrusions can
range in severity, not only that but also be of financial losses. These intrusions can also
lead to compromised personal information and also damage reputations. The increased
use of mobile devices has led to them storing a lot of data including personal and sen-
sitive data, organisational or personal. Thus, the need for robust measures becomes in-
creasingly urgent [1, 2].

Network Intrusion Detection Systems are broadly categorised into two main types: Sig-
nature Based Detection and Anomaly Based Detection. The anomaly-based detection
aims to continuously analyse the normal network behaviour to identify any unique
stand-out differences that may be a signal of intrusion, while signature-based detection
relies on predetermined patterns of known attacks. Each one of these approaches having
strengths and weaknesses. Anomaly based detection usually performs amazingly at de-
tecting sophisticated attacks which are usually newer to the environment while being
prone to false alerts. Signature detection as high accuracy which is very much non-
proficient with zero-day attacks [1, 2, 3].

The aim of this research is to address the challenges of both the anomaly and signature
detection mechanisms by developing a hybrid Network Intrusion Detection System tai-
lored for mobile environments and small ones, combining the strengths of the two ap-
proaches.

• To design and implement a lightweight, efficient Network Intrusion Detection

System for resource restricted mobile environments.
• To develop a highly effective approach for integrating anomaly-based detec-
tion and signature-based detection, leveraging machine learning techniques
and domain-specific knowledge
• To evaluate the effectiveness of the proposed system in detecting both known
and unknown network intrusions on mobile device
• To create a user-friendly interface that provides real-time alerts and actionable
insights to mobile non-technical users.
Adaptive Mobile NIDS: A Hybrid Framework Combining Signature and Anomaly Detection
with Advanced AI for Dynamic Threat Landscapes

By achieving these objectives, I see to answer the following research questions:

• How can anomaly-based and signature-based detection methods be effectively
combined to improve overall detection accuracy on mobile devices?
• What machine learning techniques are most suitable for anomaly detection in
mobile network traffic, considering the constraints of mobile hardware?
• How can a Network Intrusion Detection System be optimised for performance
and battery efficiency on a mobile device without compromising detection ca-
pabilities?
• What user interface design principles effectively communicate network threats
to non-expert users?

The potential to enhance mobile network security, an increasingly critical aspect of our
digital lives. By developing a more effective Network Intrusion Detection System for
mobile platforms, I aim to contribute to the protection of sensitive data, the prevention
of financial fraud, and the overall improvement of user trust in mobile technologies.
The insights gained from this research may inform future developments in network se-
curity, particularly in the fast-changing and growing world of the Internet of Things
and 5G networks[1, 2, 3, 4, 5].

1 Literature Review

The Evolution of Network Intrusion Detection Systems

For the longest of times, dating decades back Network intrusion Detection Systems
have been one of the primary and yet critical components of cybersecurity. [5]. The
idea of analysing audit trails to identify security violations, laying the groundwork for
future Network Intrusion Detection Systems, the foundation of this concept was estab-
lished in the 1980s and 1990s.

Signature-Based Detection Approaches

Signature based detection sometimes known as misuse detection. This approach has
been the cornerstone for Network Intrusion Detection intrusion technology for the long-
est time. Signature detection works on a database of known attack patterns with their
attributes or signatures to identify malicious activities [3]. Snort and Suricate are some
widely used Network intrusion Detection Systems that are highly effective in detecting
threats with high accuracy and low false-positive rates.

Signature based systems are challenged with significant limitations like the inability to
detect zero-day attacks and the need for constant signature updates. As Gu et al. [3]
4 S A Mthiyane 224004476

points most signature-based systems struggle with novel threats that don’t match exist-
ing signatures thusly making them vulnerable to evolving threat agents.

Despite their limitations recent advancements in signature-based detections systems

have drifted towards addressing some of the limitations. These have improved signature
generation and matching algorithms. Fitni and Ramli developed automated signature
generation systems using machine learning to coherently address the challenge of rap-
idly evolving threats [6]. Signature based systems can have advanced adaptability using
modern approaches. Looking at their work on N-gram analysis and machine learning
classification algorithms.

To make the computational power associated with signature-based detection research-

ers have been exploring ways on how to optimise performance on high-speed networks.
This not only is an advantage but makes signature detection-based systems be feasible
for resource limited mobile environments [6]. Despite these advancements these chal-
lenges of keeping databases up-to-date and leads researchers to looking into combining
anomaly based and signature-based detection systems to leverage both systems’ weak-
nesses [3, 6].

2 Anomaly Based Detection Approaches

Anomaly based detection came into existence as a compliment to signature-based meth-

ods. The main aim of this approach - to identify any non-normal network behaviour
instead of relying on predefined attack patterns saved in a database. This approach alone
comes with the possible advantages of detecting zero-day attacks thus making it crucial
for research in areas of mobile and the Internet of Things environment [2, 4]
Machine learning approaches have been popular as approaches to implementing anom-
aly detection this being a huge drift from statistical methods formally used. In the case
of rapidly evolving threat agents and landscapes, machine learning approaches have
proven a huge significance in improving detection accuracy and reducing false positive
[1, 3]

Network Intrusion Detection Systems have a lot to benefit from deep learning in par-
ticular as it serves as a powerful tool for anomaly-based detection. Through recent stud-
ies the effectiveness of neural network architectures has demonstrated effectiveness in
anomaly detection. Hou et al [7] proposed a Convolutional Neural Network with self-
attention mechanism for android malware detection, this showcased the potential for
advanced deep learning techniques in mobile security contexts.
Adaptive Mobile NIDS: A Hybrid Framework Combining Signature and Anomaly Detection
with Advanced AI for Dynamic Threat Landscapes
Highlighting the applicability of deep learning techniques Ferrag et al [2] developed a
deep learning-based Network Intrusion Detection and Prevention System for the Inter-
net of Vehicles. The approach they used leverages the power of deep neural networks
to detect anomalies in complex and dynamic environments of vehicles [2].

The application of the is filled with challenges, Xu et al. [10] express the security
and privacy implications of the use of artificial intelligence in cybersecurity. This ex-
claims both the potential advantages paired with the use of such technology and the
unmitigated challenges. The issues include things like adversarial attacks on artificial
intelligence models and the need for explainable artificial intelligence in security con-
texts [10].

Unique challenges are further expressed by the forever changing nature of the Internet
of Things environments to anomaly detection. Li et al. [9] look into distributed and
privacy-sensitive contexts and how to use federated learning-based intrusion detection
to address the aforementioned challenges.

As the scientific field continues to evolve, researchers are exploring new approaches to
enhance the effectiveness of anomaly-based detection. This includes the integration of
domain knowledge with machine learning techniques, the development of robust and
adaptable models with the exploration of new model for cybersecurity applications [5,
6, 8]

3 Hybrid Detection Approaches

With the irresistible strengths of combining signature-based and anomaly detection

methods, researchers have increasingly focused on an approach that combines the two
techniques. The main goal is to leverage the high accuracy of signature-based detection
for known threats while maintaining the ability to detect new threats through anomaly-
based detection [1].

Ferrag et al. [2] have demonstrated the effectiveness of hybrid approaches in improving
overall detection accuracy and reducing false positive rates. Ferrage et al proposed an
NDIDSS that uses deep learning-based Network Intrusion Detection System for the
Internet of Vehicles, not only that but it incorporated both signature and anomaly-based
detection mechanisms. This hybrid approach allows for robust detection in complex
and always-changing environments of vehicle networks.

In mobile security, Gu et al [3] investigated machine learning-based Android Malware

detection. It was highlighted that combining signature-based methods with machine
learning significantly enhanced capabilities this was even better for sophisticated and
evolving threats. Bhuyan et al. [1] evaluated in detail the different artificial intelligence-
6 S A Mthiyane 224004476

enabled smartphone malware detection techniques including hybrid ones. The study
showed that hybrid models perform single method-based approaches. This is in cases
where both variables are concerned, known and unknown threats.

Recent research also looks into the integration of hybrid methods, Li et al [9] explored
the application of federated learning to intrusion detection. This proposed a framework
that can combined both signature and anomaly-based detection in a privacy preserving
manner. This approach makes more significance in distributed systems and Internet of
Things environments where data privacy is of paramount importance.

The combination of detection methods can help mitigate vulnerabilities to adversarial

attacks and improve the overall robustness of a system. The potential of hybrid ap-
proaches in addressing some of the security and privacy challenges associated with ar-
tificial intelligence-based intrusion systems.[10]

More sophisticated approaches are being continuously researched and explored, more
sophisticated hybrid architectures as well as the field evolves. These include hierar-
chical models that use detection methods at different stages of the analysis process.
Adaptive systems that can dynamically adjust their detection strategies based on current
threat environments [5, 7]

Complexity and computational requirements are some if not the main challenges pre-
sented by hybrid approaches despite their great potential. Further research in this area
will likely focus on optimising these hybrid models for resource limited environments
like mobile devices and the internet of Things networks [4, 6]

4 Network Intrusion Detection Systems for Mobile

Environments

The ubiquity of mobile devices has served the information technology industry with
new challenges for Network Intrusion Detection Systems implementation. Due to lim-
ited resources and the forever changing nature of mobile networks and unique threats
tailored for mobile environments, traditional Network Intrusion Detection Systems face
uncomprehend challenges [4]

A comprehensive review of mobile security threats and vulnerabilities that highlights

issues like malicious applications, Alzahrani provided leakage of data and network-
based attacks et al. [4]. The study provided insight on the need for specialised Network
Intrusion Detection System solutions tailored for mobile environments.
Adaptive Mobile NIDS: A Hybrid Framework Combining Signature and Anomaly Detection
with Advanced AI for Dynamic Threat Landscapes
To address these challenges recent research has fixated on adapting machine learning
techniques for mobile Network Intrusion Detection Systems. Bhuyan et al [1] con-
ducted a research and evaluation of artificial intelligence enable smartphone malware
detection techniques, this demonstrated the potential of machine learning approaches
overcoming the limitations of traditional Network Intrusion Detection Systems in mo-
bile environments.

With the advancement of technology cloud assisted intrusion detection systems have
unfolded as a potential solution for mobile devices. These use to their advantage dis-
tributed data collection and centralisation analysis to overcome some the main con-
straint, “limited resources” of stand-alone mobile devices. Li et al. [9] explored the
application of featured learning to intrusion detection which allows for combined model
training while maintaining privacy.

Hou et al. [7] proposed a new unseen approach using Convolutional Neural Network
with a self-attention mechanism for Android malware detection. Their method demon-
strates how advanced deep learning techniques can be effectively applied to mobile
security, achieving high detection accuracy while being lenient on mobile device re-
sources.

In context of Internet of Vehicles, which has shown a very huge growth as a subset of
mobile environments, Ferrag et al. [2] developed NDIDSS which is a deep learning-
based Network Intrusion Detection System for the Internet of Vehicles. The main high-
lighted key points of the research are the applicability of advanced Network Intrusion
Detection System techniques to emerging mobile environments alongside the im-
portance of considering the different characteristics of these environments.

Fitni and Ramli [6] explored the use of N-gram analysis and machine-learning clas-
sification algorithms for Android Malware detection. They aimed to balance detection
accuracy with computational efficiency by developing a lightweight and efficient Net-
work Intrusion Detection System. The main goal was for it to be lightweight and effec-
tive.

The scope of Mobile Intrusion Detection Systems is now expanding considering the
increasing interaction of these devices with the Internet of Things. Xu et al [10] expand
on the security and privacy implications of artificial intelligence in these connected
environments. They bring about the potential and challenges of applying advanced Net-
work intrusion Detection System techniques in complex interconnected networks.

The field of Network Intrusion Detection Systems is likely to continue innovation in

areas such as:
• Edge computing-based Network Intrusion Detection Systems to reduce la-
tency and preserve privacy [5]
• Adaptive Network Intrusion Detection Systems that can adjust to changing
network conditions and user behaviour [3]
8 S A Mthiyane 224004476

• Integration of Network Intrusion Detection Systems with other mobile secu-

rity measures for comprehensive protection [4]
• Exploration of new machine learning models such as reinforcement learning
and transfer learning for more robust and adaptive mobile Network Intrusion
Detection Systems [1, 7]

5 Machine Learning and Artificial Intelligence in Mobile

Network Intrusion Detection

By employing both, machine learning and artificial intelligence, there has been quite a
bit of a focus on mobile NIDS research lately. These modern technologies are aimed at
solving the most challenging issues of mobile networks such as limited resources, ever-
changing network conditions, and the need for real-time threat detection.

Deep learning-based frameworks have emerged as a very productive path in the direc-
tion of malware detection especially for mobile devices. In detail, Hou et al. [7] came
up with a Convolutional Neural Network with Self-Attention (CNN-SA) for Android
malware detection. Their approach achieves high detection accuracy while keeping the
computational overhead relatively low and thus, is a further proof that contemporary
AI technologies can successfully operate in mobile-environment conditions character-
ized by the limited availability of resources.

Bhuyan et al. [1] carried out an empirical study on various AI-based smartphone mal-
ware detection methods. In particular, their research presented the comparisons be-
tween different machine learning and deep learning approaches, and thus, offered some
useful conclusions about the utilization of these methods in real-world mobile security
problems. The findings of this research divulge the potential of AI-made methodologies
to substantially boost the detection competences of mobile NIDS.

Reinforcement learning has also been a successful tool in equipping NIDS to the un-
predictable behaviour of mobile environments. While not directly related to mobile
NIDS, the article by Xu et al. [10] dealing with security and privacy in AI systems
touches the issue of reinforcement learning in cybersecurity applications. It brings the
possibilities of learning the staying effective over time closer, which in turn is a great
advantage when facing the list of threats for the mobile environment.

Transfer learning techniques have been explored to address the challenge of limited
labelled data in mobile environments. Gu et al. [3] in their comprehensive survey on
machine learning-based Android malware detection, discuss the application of transfer
learning to improve detection accuracy on mobile platforms with limited training data.
Adaptive Mobile NIDS: A Hybrid Framework Combining Signature and Anomaly Detection
with Advanced AI for Dynamic Threat Landscapes
This approach leverages knowledge from larger, more diverse datasets to enhance per-
formance in specific mobile contexts.

The integration of AI techniques with federated learning has emerged as a promising

direction for mobile NIDS. Li et al. [9] surveyed federated learning-based intrusion
detection systems, highlighting their potential in preserving user privacy while enabling
collaborative model training across multiple mobile devices. This approach is particu-
larly relevant for mobile environments where data privacy is a significant concern.
In the context of emerging mobile technologies, Ferrag et al. [2] developed a deep
learning-based Network Intrusion Detection System for the Internet of Vehicles
(NDIDSS). Their work demonstrates the applicability of advanced AI techniques in
complex mobile environments, such as vehicular networks, where real-time detection
and adaptation to changing conditions are crucial.
Looking forward, several trends are shaping the future of AI in mobile NIDS:

Explainable AI: As discussed by Xu et al. [10], there's a growing need for interpret-
able AI models in security applications. This is particularly important in mobile NIDS
to build user trust and aid in forensic analysis.
Adaptive AI: Research is focusing on developing AI models that can dynamically ad-
just to changing mobile environments and emerging threats [3, 7].
Edge AI: To address latency and privacy concerns, there's increasing interest in de-
ploying AI models directly on mobile devices or edge nodes [5, 6].
Hybrid AI approaches: Combining multiple AI techniques (e.g., deep learning with
reinforcement learning) to create more robust and versatile mobile NIDS solutions [1,
2].

While AI and machine learning offer significant potential for enhancing mobile NIDS,
challenges remain in terms of model efficiency, adaptability to diverse mobile environ-
ments, and resilience against adversarial attacks [4, 10]. Addressing these challenges
will be crucial for the widespread adoption and effectiveness of AI-driven mobile NIDS
in the future.

6 Privacy and Energy Considerations in Mobile NIDS

Privacy concerns are particularly acute in mobile NIDS, given the personal nature of
data stored on smartphones. Recent research has addressed this issue by proposing pri-
vacy-preserving NIDS for mobile devices. Li et al. [9] surveyed federated learning-
based intrusion detection systems, which allow for collaborative model training while
preserving user privacy. This approach is particularly relevant for mobile environments
where data sensitivity is a significant concern.
10 S A Mthiyane 224004476

Energy efficiency is another critical consideration for mobile NIDS. The work of
Bhuyan et al. [1] on AI-enabled smartphone malware detection techniques highlights
the importance of developing energy-efficient solutions. Their empirical evaluation
considers the trade-off between detection accuracy and computational overhead, which
directly impacts battery consumption.

Hou et al. [7] proposed a Convolutional Neural Network with Self-Attention mecha-
nism (CNNSA) for Android malware detection, which achieves high accuracy while
maintaining low computational overhead. This approach demonstrates how advanced
AI techniques can be optimized for the resource-constrained environment of mobile
devices.

7 Emerging Trends and Future Directions

7.1 Several emerging trends are shaping the future of mobile NIDS research:

1. 5G Networks: The rollout of 5G networks introduces new security challenges and

opportunities for NIDS. Ferrag et al. [2] developed a deep learning-based Network In-
trusion Detection System for the Internet of Vehicles (NDIDSS), which considers the
implications of 5G technology in vehicular networks. This research highlights the need
for NIDS to adapt to the high-speed, low-latency characteristics of 5G networks.

2. Internet of Things (IoT): The increasing interconnectivity of mobile devices with

IoT ecosystems necessitates new approaches to intrusion detection. Alzahrani et al. [4]
reviewed mobile security threats and vulnerabilities, emphasizing the challenges posed
by the integration of mobile devices with IoT systems. This integration requires NIDS
solutions that can handle heterogeneous data sources and diverse attack vectors.

3. Federated Learning: To address privacy concerns and leverage distributed data,

federated learning approaches are being explored for mobile NIDS. Li et al. [9] pro-
vided a comprehensive survey on federated learning-based intrusion detection, high-
lighting its potential in preserving user privacy while enabling collaborative model
training across multiple mobile devices.

4. Explainable AI: As machine learning models become more complex, there's a grow-
ing need for explainable AI in NIDS to build user trust and aid in forensic analysis. Xu
et al. [10] discussed the importance of explainability in AI-driven security systems,
emphasizing the need for interpretable models that can provide clear reasoning for their
detection decisions.
Adaptive Mobile NIDS: A Hybrid Framework Combining Signature and Anomaly Detection
with Advanced AI for Dynamic Threat Landscapes

5. Edge Computing: The shift towards edge computing in mobile environments pre-
sents both challenges and opportunities for NIDS. Chauhan and Vermani [5] reviewed
the significance of intrusion detection systems, touching upon the potential of edge-
based NIDS to reduce latency and enhance privacy in mobile contexts.

6. Adaptive NIDS: Given the dynamic nature of mobile threats, there's increasing fo-
cus on developing adaptive NIDS that can evolve in response to new attack patterns.
Gu et al. [3] surveyed machine learning-based Android malware detection techniques,
highlighting the importance of adaptability in mobile security solutions.

7. Quantum Computing: Looking further into the future, the potential applications of
quantum computing in enhancing the speed and accuracy of NIDS are being explored.
While not specifically addressed in the provided sources, this remains an area of interest
for future mobile NIDS research.

8 Conclusion

In conclusion, the field of mobile NIDS is rapidly evolving, driven by advancements in

machine learning, the unique challenges of mobile environments, and the ever-chang-
ing landscape of cyber threats. While significant progress has been made in developing
efficient and effective intrusion detection techniques for mobile devices, as evidenced
by the works of Bhuyan et al. [1], Ferrag et al. [2], and Hou et al. [7], there remain
numerous open challenges and opportunities for future research.

The integration of advanced AI techniques, the adaptation to emerging network tech-

nologies like 5G and IoT, and the balance between security, privacy, and usability will
be critical areas of focus in the coming years. As mobile devices continue to play an
increasingly central role in our digital lives, the development of robust, efficient, and
privacy-preserving NIDS solutions will be crucial in ensuring the security of these de-
vices and the sensitive data they contain.

References
12 S A Mthiyane 224004476

References
1. Bhuyan, M. H., Sahoo, S. K., Baruah, P., & Kathing, D. K. (2022). An empirical evaluation
of AI-enabled smartphone malware detection techniques. Computers & Security, 122,
102911.
2. Ferrag, M. A., Maglaras, L., Ahmim, A., Derdour, M., & Janicke, H. (2022). NDIDSS: A
Deep Learning-Based Network Intrusion Detection System for the Internet of Vehicles.
IEEE Transactions on Intelligent Transportation Systems, 23(7), 8552-8564.
3. Gu, J., Wang, L., Wang, H., & Wang, S. (2023). A comprehensive survey on machine learn-
ing-based Android malware detection. Information Sciences, 622, 140-167.
4. Alzahrani, A., Alqahtani, A., Almushayqih, H., Alshehri, A., Alshehri, H., Katmawi, R., &
Alqahtani, S. (2023). Mobile security threats and vulnerability: An extensive review. PeerJ
Computer Science, 9, e1251.
5. Chauhan, S., & Vermani, S. (2022). Significance of intrusion detection system and its tech-
niques: A review. Materials Today: Proceedings, 62, 1244-1250.
6. Fitni, Q. R. S., & Ramli, K. (2023). Android malware detection using N-gram analysis and
machine learning classification algorithms. Computers & Security, 124, 102956.
7. Hou, Y., Liu, J., Huo, W., & Song, Y. (2023). CNNSA: Android Malware Detection Method
Based on CNN and Self-Attention Mechanism. Security and Communication Networks,
2023, 3194039.
8. Dahiya, P., & Srivastava, D. K. (2018). Network intrusion detection in big dataset using
Spark. Procedia computer science, 132, 253-262.
9. Li, R., Xiao, X., Xie, S., & Conti, M. (2022). A survey on federated learning-based intrusion
detection. ACM Computing Surveys, 55(6), 1-36.
10. Xu, Z., Ren, K., & Qin, Z. (2022). Security and privacy on artificial intelligence: Emerging
threats, current solutions, and unresolved challenges. IEEE Internet of Things Journal, 9(15),
12987-13007."