Hybrid-CNNTree: a convolutional neural network and decision tree fusion model for wormhole attack detection

Citation

Hussain, Muhammad Zunnurain and Mohd Hanapi, Zurina and Abdullah, Azizol and Hussin, Masnida and Ninggal, Mohd Izuan Hafez (2025) Hybrid-CNNTree: a convolutional neural network and decision tree fusion model for wormhole attack detection. IEEE Access, 13. pp. 186811-186833. ISSN 2169-3536

Abstract

Wireless Sensor Networks (WSNs) and Internet of Things (IoT) infrastructures remain critically vulnerable to wormhole attacks, which establish covert tunnels between colluding adversaries and bypass conventional cryptographic defenses. Such attacks severely degrade network availability, privacy, and routing integrity, making them one of the stealthiest and most disruptive threats in modern distributed systems. This research introduces a novel, deployment-ready intrusion detection system (IDS) that integrates audit-driven preprocessing, dataset shift analysis, and hybrid deep-machine learning architectures with conformal calibration. The proposed pipeline employs Principal Component Analysis (PCA) for dimensionality reduction, Population Stability Index (PSI) and Maximum Mean Discrepancy (MMD) for dataset shift auditing, and Correlation Alignment (CORAL) for unsupervised domain adaptation. Six classical machine learning baselines - Decision Tree (DT), Random Forest (RF), K-Nearest Neighbour (KNN), Naïve Bayes (NB), Extreme Gradient Boosting (XGBoost), and CatBoost - were benchmarked against deep learning architectures, including standalone CNNs and hybrid fusion models (CNN+DT and CNN+RF). Validation employed stratified k-fold cross-validation, bootstrap confidence intervals, and conformal prediction, reporting not only accuracy but also risk-calibrated uncertainty estimates. Experimental results on three benchmark datasets (Wormhole, UNSW-NB15, CICIDS2017) reveal that CNN+Random Forest consistently outperforms all baselines, achieving 100% training accuracy, 99.56% validation accuracy, and 99.40% testing accuracy on the Wormhole dataset, 0.922 accuracy with balanced F1=0.94 on UNSW-NB15, and near-perfect F1=0.9996 with AUC 1.0 on CICIDS2017. Transfer learning experiments demonstrated resilience under domain adaptation, with mixed training achieving 94.2% F1 on UNSW and 99.9% on CICIDS, while deep domain adaptation methods (DANN, MMD, DeepCORAL) provided additional insights into cross-dataset generalization. By embedding feature leakage audits, dataset drift quantification, and conformal calibration, this work advances IDS research toward transparent, explainable, and reproducible models suitable for real-world IoT/WSN deployment.

Download File

Text
124856.pdf - Published Version
Available under License Creative Commons Attribution.
Download (2MB)

Official URL or Download Paper: https://ieeexplore.ieee.org/document/11218881/

Additional Metadata

Item Type:	Article
Subject:	Computer Science (all)
Subject:	Materials Science (all)
Subject:	Engineering (all)
Divisions:	Faculty of Computer Science and Information Technology
DOI Number:	https://doi.org/10.1109/access.2025.3626225
Publisher:	Institute of Electrical and Electronics Engineers
Keywords:	Artificial intelligence (AI); Data analysis; Internet of things (IoT); Machine learning (ML); Network security; Wireless sensor network (WSN); Wormhole attack
Sustainable Development Goals (SDGs):	SDG 9: Industry, Innovation and Infrastructure, SDG 16: Peace, Justice and Strong Institutions, SDG 11: Sustainable Cities and Communities
Depositing User:	Ms. Nur Faseha Mohd Kadim
Date Deposited:	24 Apr 2026 03:25
Last Modified:	24 Apr 2026 03:25
Altmetrics:	http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.1109/access.2025.3626225
URI:	http://psasir.upm.edu.my/id/eprint/124856
Statistic Details:	View Download Statistic

Actions (login required)

View Item