Jiahan Dong,Tong Jin,Bowen Li,Yinan Zhong,Guangxin Guo,Xiaohu Wang,Yanjiao Chen

DOI: https://doi.org/10.1109/cyberc62439.2024.00016

2024-01-01

Abstract:The Internet of Things (IoT) has significantly expanded the scope of the Internet by enabling seamless communication between devices and the cloud. However, the rapid proliferation of IoT devices has led to a surge in cyber-attacks, such as Distributed Denial of Service (DDoS) attacks, Man-in-the-Middle (MITM) attacks, and privacy data theft. These threats underscore the urgent need for robust device identification (DI) methods. However, current DI approaches often struggle with issues related to accuracy, generalizability across different network environments, privacy concerns, and real-time performance. To address these issues, we introduce DIFORMER, a novel method that leverages network packet data and advanced deep learning techniques, specifically the attention mechanism and residual networks. DIFORMER outperforms existing methods, even in privacy-limited scenarios, and is more generalizable as it does not strictly rely on features like MAC and IP addresses. Rigorous experiments confirm DIFORMER’s effectiveness and robustness, making it a promising solution for securing IoT environments.

Kahraman Kostas,Mike Just,Michael A. Lones

2023-10-18

Abstract:Previous research on behaviour-based attack detection on networks of IoT devices has resulted in machine learning models whose ability to adapt to unseen data is limited, and often not demonstrated. In this paper we present an approach for modelling IoT network attacks that focuses on generalizability, yet also leads to better detection and performance. First, we present an improved rolling window approach for feature extraction, and introduce a multi-step feature selection process that reduces overfitting. Second, we build and test models using isolated train and test datasets, thereby avoiding common data leaks that have limited the generalizability of previous models. Third, we rigorously evaluate our methodology using a diverse portfolio of machine learning models, evaluation metrics and datasets. Finally, we build confidence in the models by using explainable AI techniques, allowing us to identify the features that underlie accurate detection of attacks.

Cryptography and Security,Artificial Intelligence,Machine Learning,Networking and Internet Architecture

Iacovos Ioannou,Prabagarane Nagaradjane,Pelin Angin,Palaniappan Balasubramanian,Karthick Jeyagopal Kavitha,Palani Murugan,Vasos Vassiliou

DOI: https://doi.org/10.1016/j.comcom.2024.02.023

IF: 5.047

2024-02-26

Computer Communications

Abstract:The increasing use of Internet of Things (IoT) gadgets in a daily rate has heightened security apprehension, particularly within the healthcare sector. In order to prevent the unauthorized disclosure of sensitive data, it is imperative for Internet of Things (IoT) systems to promptly and effectively respond to harmful activities. Nevertheless, the act of transferring data to distant cloud servers for the purpose of analysis gives rise to both temporal delays and apprehensions regarding privacy. To ensure the security of medical Internet of Things (MIoT) networks, a power-efficient Intrusion Detection System (IDS) is employed for three primary objectives that it will result in three stages of execution: (i) The objective is to categorize different types of attacks, such as Man-in-the-Middle (MitM) and Distributed Denial of Service (DDoS), by utilizing well-established machine learning (ML) techniques. This classification stage will serve to enhance the Intrusion Detection System (IDS) and the reporting system. (ii) Anomaly detection (unknown attack identification), or detection of unknown attacks, will be employed to identify previously unknown attacks. This identification stage involves retraining the ML model to enable future recognition and classification of these unknown attacks when the anomaly attack detector identifies that an unknown attack is recognized. Then, a retraining of the first stage classification model is executed due to the anomaly detection. (iii) To ensure that a remote cloud server remains current with the latest classification model changes, Federated Learning (FL) will be utilized. FL allows for collaborative model training while preserving data privacy and security. The experimental findings indicate that the Enhanced Random Forest (also called ensemble random forest) algorithm achieves a remarkable accuracy rate of 99.98% in classifying attacks. Thus, it will be our first stage classifier. Continuing, the One-Class Support Vector Machine (SVM) algorithm demonstrates a high level of accuracy, reaching 99.7% in detecting anomalies so that it will be our second stage identifier. Finally, the third-stage approach, which has as a target the overall system model updater, will be our introduced Federated Learning approach that works with the Enhanced Random Forests and identifies the ERF differences from the old model in an optimal way. The efficacy of our technique is confirmed through the implementation of experiments involving an Internet of Things (IoT) system and a Raspberry Pi MIoT gateway and with simulations that simulate the FL updating process. These experiments successfully identify known and unknown attacks with a high reliability level while limiting resource utilization and energy consumption. Future studies of this work will focus on enhancing the scalability and efficiency of our Intrusion Detection System in MIoT networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Md Mainuddin,Zhenhai Duan,Yingfei Dong,Shaeke Salman,Tania Taami

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001639

2022-12-17

Abstract:IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in this paper we develop an effective machine-learning based IoT device identification scheme, named iotID. In developing iotID, we extract 70 features of TCP flows from three complementary aspects: remote network servers and port numbers, packet-level traffic characteristics such as packet inter-arrival times, and flow-level traffic characteristics such as flow duration. Different from existing work, we take into account the imbalance nature of network traffic generated by various devices in both the learning and evaluation phases of iotID. Our performance studies based on network traffic collected on a typical smart home environment consisting of both IoT and non-IoT devices show that iotID can achieve a balanced accuracy score of above 99%.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Sajjad Hussain,Waqar Aslam,Arif Mehmood,Gyu Sang Choi,Imran Ashraf

DOI: https://doi.org/10.7717/peerj-cs.1834

2024-03-26

Abstract:Identification of the Internet of Things (IoT) devices has become an essential part of network management to secure the privacy of smart homes and offices. With its wide adoption in the current era, IoT has facilitated the modern age in many ways. However, such proliferation also has associated privacy and data security risks. In the case of smart homes and smart offices, unknown IoT devices increase vulnerabilities and chances of data theft. It is essential to identify the connected devices for secure communication. It is very difficult to maintain the list of rules when the number of connected devices increases and human involvement is necessary to check whether any intruder device has approached the network. Therefore, it is required to automate device identification using machine learning methods. In this article, we propose an accuracy boosting model (ABM) using machine learning models of random forest and extreme gradient boosting. Featuring engineering techniques are employed along with cross-validation to accurately identify IoT devices such as lights, smoke detectors, thermostat, motion sensors, baby monitors, socket, TV, security cameras, and watches. The proposed ensemble model utilizes random forest (RF) and extreme gradient boosting (XGB) as base learners with adaptive boosting. The proposed ensemble model is tested with extensive experiments involving the IoT Device Identification dataset from a public repository. Experimental results indicate a higher accuracy of 91%, precision of 93%, recall of 93%, and F1 score of 93%.

Eric Gyamfi,Anca Jurcut

DOI: https://doi.org/10.3390/s22103744

IF: 3.9

2022-05-15

Sensors

Abstract:The explosive growth of the Internet of Things (IoT) applications has imposed a dramatic increase of network data and placed a high computation complexity across various connected devices. The IoT devices capture valuable information, which allows the industries or individual users to make critical live dependent decisions. Most of these IoT devices have resource constraints such as low CPU, limited memory, and low energy storage. Hence, these devices are vulnerable to cyber-attacks due to the lack of capacity to run existing general-purpose security software. It creates an inherent risk in IoT networks. The multi-access edge computing (MEC) platform has emerged to mitigate these constraints by relocating complex computing tasks from the IoT devices to the edge. Most of the existing related works are focusing on finding the optimized security solutions to protect the IoT devices. We believe distributed solutions leveraging MEC should draw more attention. This paper presents a comprehensive review of state-of-the-art network intrusion detection systems (NIDS) and security practices for IoT networks. We have analyzed the approaches based on MEC platforms and utilizing machine learning (ML) techniques. The paper also performs a comparative analysis on the public available datasets, evaluation metrics, and deployment strategies employed in the NIDS design. Finally, we propose an NIDS framework for IoT networks leveraging MEC.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Suparna De,Maria Bermudez-Edo,Honghui Xu,Zhipeng Cai

DOI: https://doi.org/10.1109/tii.2022.3155656

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Advances in communication technologies and artificial intelligence are accelerating the paradigm of industrial Internet of Things (IIoT). With IIoT enabling continuous integration of sensors and controllers with the network, intelligent analysis of the generated Big Data is a critical requirement. Although IIoT is considered a subset of IoT, it has its own peculiarities in terms of higher levels of safety, security, and low-latency communication in an environment of critical real-time operations. Under these circumstances, discriminative deep learning (DL) algorithms are unsuitable due to their need for large amounts of labeled and balanced training data, uncertainty of inputs, etc. To overcome these issues, researchers have started using deep generative models (DGMs), which combine the flexibility of DL with the inference power of probabilistic modeling. In this article, we review the state of the art of DGMs and their applicability to IIoT, classifying the reviewed works into the IIoT application areas of anomaly detection, trust-boundary protection, network traffic prediction, and platform monitoring. Following an analysis of existing IIoT DGM implementations, we identify challenges (i.e., weak discriminative capability, insufficient interpretability, lack of generalization ability, generated data vulnerability, privacy concern, and data complexity) that need to be investigated in order to accelerate the adoption of DGMs in IIoT and also propose some potential research directions.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Ghaida Balhareth,Mohammad Ilyas

DOI: https://doi.org/10.3390/s24175712

2024-09-02

Abstract:The Internet of Medical Things (IoMTs) is a network of connected medical equipment such as pacemakers, prosthetics, and smartwatches. Utilizing the IoMT-based system, a huge amount of data is generated, offering experts a valuable resource for tasks such as prediction, real-time monitoring, and diagnosis. To do so, the patient's health data must be transferred to database storage for processing because of the limitations of the storage and computation capabilities of IoMT devices. Consequently, concerns regarding security and privacy can arise due to the limited control over the transmitted information and reliance on wireless transmission, which leaves the network vulnerable to several kinds of attacks. Motivated by this, in this study, we aim to build and improve an efficient intrusion detection system (IDS) for IoMT networks. The proposed IDS leverages tree-based machine learning classifiers combined with filter-based feature selection techniques to enhance detection accuracy and efficiency. The proposed model is used for monitoring and identifying unauthorized or malicious activities within medical devices and networks. To optimize performance and minimize computation costs, we utilize Mutual Information (MI) and XGBoost as filter-based feature selection methods. Then, to reduce the number of the chosen features selected, we apply a mathematical set (intersection) to extract the common features. The proposed method can detect intruders while data are being transferred, allowing for the accurate and efficient analysis of healthcare data at the network's edge. The system's performance is assessed using the CICIDS2017 dataset. We evaluate the proposed model in terms of accuracy, F1 score, recall, precision, true positive rate, and false positive rate. The proposed model achieves 98.79% accuracy and a low false alarm rate 0.007 FAR on the CICIDS2017 dataset according to the experimental results. While this study focuses on binary classification for intrusion detection, we are planning to build a multi-classification approach for future work which will be able to not only detect the attacks but also categorize them. Additionally, we will consider using our proposed feature selection technique for different ML classifiers and evaluate the model's performance empirically in real-world IoMT scenarios.

Tao Hou,Tao Wang,Zhuo Lu,Yao Liu,Yalin Sagduyu

2023-12-16

Abstract:With the proliferation of IoT devices, researchers have developed a variety of IoT device identification methods with the assistance of machine learning. Nevertheless, the security of these identification methods mostly depends on collected training data. In this research, we propose a novel attack strategy named IoTGAN to manipulate an IoT device's traffic such that it can evade machine learning based IoT device identification. In the development of IoTGAN, we have two major technical challenges: (i) How to obtain the discriminative model in a black-box setting, and (ii) How to add perturbations to IoT traffic through the manipulative model, so as to evade the identification while not influencing the functionality of IoT devices. To address these challenges, a neural network based substitute model is used to fit the target model in black-box settings, it works as a discriminative model in IoTGAN. A manipulative model is trained to add adversarial perturbations into the IoT device's traffic to evade the substitute model. Experimental results show that IoTGAN can successfully achieve the attack goals. We also develop efficient countermeasures to protect machine learning based IoT device identification from been undermined by IoTGAN.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Chenglong Li

DOI: https://doi.org/10.1016/j.comnet.2022.109450

2022-01-01

Abstract:IoT device identification is essential for both device asset management and security management. IoT device identification in open environments is the key to its application in real environments, where IoT and non-IoT device identification is the first and critical step. However, existing methods are either not applicable to open environments or have poor scalability and sustainability for IoT and non-IoT device identification. This paper presents EvoIoT , an IoT and non-IoT identification model designed to apply in open environments with high scalability and the ability to run sustainably and effectively. EvoIoT achieves high scalability by applying a unified model for all devices. To mine discriminative features from encrypted traffic, EvoIoT extracts original features from packet headers and judges feature importance in the entire model update process. For sustainability, EvoIoT proposes a representative device choosing method and model update method to address the concept drift caused by new types of devices. EvoIoT is the first high-performance model that systematically addresses the IoT and non-IoT device classification problem. We evaluate EvoIoT on two public datasets and a private dataset collected from a laboratory setting. The evaluation results show that EvoIoT is on average 6.27%∼48.89% more accurate than state-of-the-art methods.

Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/978-3-030-57805-3_8

2020-02-25

Abstract:The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers due to the less secure nature of the devices. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In order to address this threat, organizations often implement security policies in which only the connection of white-listed IoT devices is permitted. To monitor adherence to such policies and protect their networks, organizations must be able to identify the IoT devices connected to their networks and, more specifically, to identify connected IoT devices that are not on the white-list (unknown devices). In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network. In contrast to previous work, our approach does not require that complex feature engineering be applied on the network traffic, since we represent the communication behavior of IoT devices using small images built from the IoT devices network traffic payloads. In our experiments, we trained a multiclass classifier on a publicly available dataset, successfully identifying 10 different IoT devices and the traffic of smartphones and computers, with over 99% accuracy. We also trained multiclass classifiers to detect unauthorized IoT devices connected to the network, achieving over 99% overall average detection accuracy.

Cryptography and Security,Machine Learning,Networking and Internet Architecture,Signal Processing

Yakub Kayode Saheed,Oluwadamilare Harazeem Abdulganiyu,Taha Ait Tchakoucht

DOI: https://doi.org/10.1016/j.asoc.2024.111434

IF: 8.7

2024-02-01

Applied Soft Computing

Abstract:The emergence of smart cities is an example of how new technologies, such as the Internet of Things (IoT), have facilitated the creation of extensive interconnected and intelligent ecosystems. The widespread deployment of IoT devices has enabled the provision of constant environmental feedback, thereby facilitating the automated adaptation of associated systems. This has brought about a fundamental transformation in the way contemporary society functions. The security of emerging technologies such as IoT has become a significant challenge due to the added complexities, misconfigurations, and conflicts between modern and legacy systems. This challenge has a notable impact on the reliability and accessibility of existing infrastructure. Edge computing (EC) is a collaborative computing system that brings data processing and analysis closer to the edge of the network, where the data is generated, rather than in a centralized cloud environment. The utilization of the IoT has become more prevalent in both everyday life and the manufacturing sector, with a particular emphasis on critical infrastructure. The IoT is presently being utilized across diverse domains, including but not limited to industrial, agricultural, healthcare, and logistical sectors. The security of IoT networks has implications for the safety of individuals, the security of the nation, and economic development. Notwithstanding, conventional intrusion detection techniques that rely on centralized cloud-based systems that have been suggested in previous studies for IoT network security are insufficient to meet the requirements for data confidentiality, network capacity, and prompt responsiveness. In addition, the integration of IoT applications into smart devices has been shown to augment their functionalities. However, it is important to note that this integration also brings about potential security vulnerabilities. Furthermore, a significant number of contemporary IoT devices exhibit restricted security capabilities, rendering them vulnerable to intricate attacks and impeding the extensive integration of IoT technologies. Also, a lot of IoT network devices have been put in place that don't have hardware security measures. This means that traditional intrusion detection systems (IDS) aren't enough to protect the IoT network ecosystem. To address these issues, this research suggests the IoT-Defender framework, which combines a Modified Genetic Algorithm (MGA) model with a deep Long Short-Term Memory (LSTM) network to find cyberattacks in IoT networks. This research represents a pioneering attempt to employ the MGA for feature selection and the GA for fine-tuning the LSTM parameters within an EC framework. The parameters of the LSTM model were fine-tuned through the manipulation of the number of hidden layers, utilizing the GA fitness function. The customization of the MGA aimed to enhance its performance in selecting relevant features, optimizing the use of limited resources on IoT devices and edge nodes. The fine-tuning process involved optimizing hyperparameters, architecture, and training strategies to maximize the LSTM network's effectiveness in learning and detecting patterns in IoT network traffic. The synergy between the MGA and LSTM aimed at creating a comprehensive and efficient IDS. The feature selection by the MGA contributes to improving the LSTM’s performance by providing it with more relevant and discriminating features. In order to solve the issue of class imbalance, we utilize the focal loss function, which provides greater weights to minority classes, hence improving the model’s capacity to learn from those particular classes. The performance of the IoT-Defender model was assessed on the BoT-IoT, UNSW-NB15, and N-BaIoT datasets utilizing a Raspberry Pi IoT device. The results of our study show that the IoT-Defender model works better than other methods. This is shown by its accuracy score of 99.41%, detection rate of 99.78%, precision score of 98.50%, false alarm rate of 2.56%, mean intersection over union (mIoU) of 0.68, and training time of 81.3 seconds on BoT-IoT. The proposed IoT model is designed to be lightweight and can be installed on edge servers to detect cyber-attacks in real-time, specifically in the context of IoT security.

computer science, artificial intelligence, interdisciplinary applications

Atdhe Buja,Melinda Pacolli,Donika Bajrami,Philip Polstra,Akihiko Mutoh

DOI: https://doi.org/10.54364/aaiml.2024.42139

2024-01-01

Advances in Artificial Intelligence and Machine Learning

Abstract:The research focuses on designing a predictive model for Internet of Things (IoT) attack identification using historical IoT data from the Global Cyber Alliance’s (GCA) Automated IoT Defense Ecosystem (AIDE). This research goes into the design of an enhanced machinelearning model, to predict potential security breaches. The process involved a thorough data science lifecycle, overall data preprocessing, feature selection, and engineering. The study’s main objective is to design a model to classify IoT activities and events, distinctive among normal operations and indicators of potential cyber-attacks. The model design incorporates distinct features like command frequency, login success, geo-distance calculations, credentials tried, and protocol encodings to enhance predictive accuracy. The model uses algorithms like logistic regression and random forests to explore their efficacy in binary and multiclass classifications. The research emphasizes the critical role of the model’s capability to proactively address IoT security challenges. Offering early alerts is crucial in allowing timely countermeasures, herein strengthening IoT ecosystems against cyber threats. The model’s accuracy in predicting IoT attacks, reduces the likelihood of successful breaches, thus safeguarding sensitive data and infrastructure. Furthermore, it assists as a key tool for policymakers and security professionals, providing insight into occurring threat patterns and enabling the development of robust defense strategies.

Anahita Namvar,Chandra Thapa,Salil S. Kanhere

DOI: https://doi.org/10.48550/arXiv.2307.08955

2023-07-18

Abstract:IoT device identification is the process of recognizing and verifying connected IoT devices to the network. This is an essential process for ensuring that only authorized devices can access the network, and it is necessary for network management and maintenance. In recent years, machine learning models have been used widely for automating the process of identifying devices in the network. However, these models are vulnerable to adversarial attacks that can compromise their accuracy and effectiveness. To better secure device identification models, discretization techniques enable reduction in the sensitivity of machine learning models to adversarial attacks contributing to the stability and reliability of the model. On the other hand, Ensemble methods combine multiple heterogeneous models to reduce the impact of remaining noise or errors in the model. Therefore, in this paper, we integrate discretization techniques and ensemble methods and examine it on model robustness against adversarial attacks. In other words, we propose a discretization-based ensemble stacking technique to improve the security of our ML models. We evaluate the performance of different ML-based IoT device identification models against white box and black box attacks using a real-world dataset comprised of network traffic from 28 IoT devices. We demonstrate that the proposed method enables robustness to the models for IoT device identification.

Machine Learning,Cryptography and Security

Maryam Douiba,Said Benkirane,Azidine Guezzaz,Mourade Azrour

DOI: https://doi.org/10.1007/s11227-022-04783-y

2022-09-03

Abstract:Internet of Things (IoT) represents a massive deployment of connected, intelligent devices that communicate directly in private, public, and professional environments without human intervention. The increasing number and mobility make them more attractive to attackers. Therefore, many techniques have been integrated to secure IoT, such as authentication, availability, encryption, and data integrity. Intrusion detection systems (IDSs) are an effective security tool that can be enhanced using machine learning (ML) and deep learning (DP) algorithms. This paper presents an improved IDS using gradient boosting (GB) and decision tree (DT) through the open-source Catboost for IoT Security. The proposed model has been evaluated under the improved NSL- KDD, IoT-23, BoT-IoT, and Edge-IIoT datasets using the GPU to enhance the experimental setting. Compared with the well-existed IDS, the results prove that our approach gives good score performance metrics of ACC, recall, and precision, around 99.9% on a record detection and computation time.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Maria Balega,Waleed Farag,Xin-Wen Wu,Soundararajan Ezekiel,Zaryn Good

DOI: https://doi.org/10.3390/electronics13112148

IF: 2.9

2024-05-31

Electronics

Abstract:As the Internet of Things (IoT) continues to evolve, securing IoT networks and devices remains a continuing challenge. Anomaly detection is a crucial procedure in protecting the IoT. A promising way to perform anomaly detection in the IoT is through the use of machine learning (ML) algorithms. There is a lack of studies in the literature identifying optimal (with regard to both effectiveness and efficiency) anomaly detection models for the IoT. To fill the gap, this work thoroughly investigated the effectiveness and efficiency of IoT anomaly detection enabled by several representative machine learning models, namely Extreme Gradient Boosting (XGBoost), Support Vector Machines (SVMs), and Deep Convolutional Neural Networks (DCNNs). Identifying optimal anomaly detection models for IoT anomaly detection is challenging due to diverse IoT applications and dynamic IoT networking environments. It is of vital importance to evaluate ML-powered anomaly detection models using multiple datasets collected from different environments. We utilized three reputable datasets to benchmark the aforementioned machine learning methods, namely, IoT-23, NSL-KDD, and TON_IoT. Our results show that XGBoost outperformed both the SVM and DCNN, achieving accuracies of up to 99.98%. Moreover, XGBoost proved to be the most computationally efficient method; the model performed 717.75 times faster than the SVM and significantly faster than the DCNN in terms of training times. The research results have been further confirmed by using our real-world IoT data collected from an IoT testbed consisting of physical devices that we recently built.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/s12652-022-04415-6

2023-03-02

Abstract:Attack vectors for adversaries have increased in organizations because of the growing use of less secure IoT devices. The risk of attacks on an organization's network has also increased due to the bring your own device (BYOD) policy which permits employees to bring IoT devices onto the premises and attach them to the organization's network. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the organization's network. To monitor compliance with such policies, it has become essential to distinguish IoT devices permitted within an organization's network from non white listed (unknown) IoT devices. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network. In contrast to existing methods, the proposed approach does not require complex feature engineering of the network communication, because the 'communication behavior' of IoT devices is represented as small images which are generated from the device's network communication payload. The proposed approach is applicable for any IoT device, regardless of the protocol used for communication. As our approach relies on the network communication payload, it is also applicable for the IoT devices behind a network address translation (NAT) enabled router. In this study, we trained various classifiers on a publicly accessible dataset to identify IoT devices in different scenarios, including the identification of known and unknown IoT devices, achieving over 99% overall average detection accuracy.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Dawit Dejene Bikila,Jan Čapek

DOI: https://doi.org/10.1016/j.future.2024.107630

IF: 7.307

2024-12-03

Future Generation Computer Systems

Abstract:The number of Internet of Things (IoT) device connections is increasing rapidly as IoT applications are vital in any operation. IoT must maintain safe internet access that withstands various malicious attacks for instance Recon, Mirai, Distributed Denial of Service (DDoS), and Spoofing which has gained much attention. Intelligently changing and zero-day attacks are emerging every day. This highlights the need for intelligent security solutions tailored specifically to this technology. Various Machine Learning (ML) based approaches have been utilized for intrusion detection to tackle IoT attacks. However, the flaws of current attack detection and feature extraction techniques result in low detection accuracy. Thus, it hindered their real-world applications and highlighted the need for a lightweight and computationally robust model trained and assessed on a recent datasets. Therefore, this work proposed an attack detection model trained and validated using the CICIoT2023 and CICIDS2017 datasets. Initially, data preprocessing is done then features are extracted by using an unsupervised Elastic Deep Autoencoder (EDA) with optimum hyperparameters. Further, the Extreme Gradient Boosting (XGBoost) binary classifier is tuned by the Grey Wolf Optimizer (GWO) and fed extracted feature sets to classify attacks. The results of the experiments show the effectiveness of our model with a higher detection accuracy in both datasets. Finally, the performance comparison confirmed that the results of the proposed work is competitive with other state-of-the-art method in securing IoT infrastructures.

computer science, theory & methods

Adel Binbusayyis,Haya Alaskar,Thavavel Vaiyapuri,M Dinesh

DOI: https://doi.org/10.1007/s11227-022-04568-3

Abstract:Internet of Medical Things (IoMT) is network of interconnected medical devices (smart watches, pace makers, prosthetics, glucometer, etc.), software applications, and health systems and services. IoMT has successfully addressed many old healthcare problems. But it comes with its drawbacks essentially with patient's information privacy and security related issues that comes from IoMT architecture. Using obsolete systems can bring security vulnerabilities and draw attacker's attention emphasizing the need for effective solution to secure and protect the data traffic in IoMT network. Recently, intrusion detection system (IDS) is regarded as an essential security solution for protecting IoMT network. In the past decades, machines learning (ML) algorithms have demonstrated breakthrough results in the field of intrusion detection. Notwithstanding, to our knowledge, there is no work that investigates the power of machines learning algorithms for intrusion detection in IoMT network. This paper aims to fill this gap of knowledge investigating the application of different ML algorithms for intrusion detection in IoMT network. The investigation analysis includes ML algorithms such as K-nearest neighbor, Naïve Bayes, support vector machine, artificial neural network and decision tree. The benchmark dataset, Bot-IoT which is publicly available with comprehensive set of attacks was used to train and test the effectiveness of all ML models considered for investigation. Also, we used comprehensive set of evaluation metrics to compare the power of ML algorithms with regard to their detection accuracy for intrusion in IoMT networks. The outcome of the analysis provides a promising path to identify the best the machine learning approach can be used for building effective IDS that can safeguard IoMT network against malicious activities.