Md Arafatur Rahman,A. Taufiq Asyhari,L. S. Leong,G. B. Satrya,M. Hai Tao,M. F. Zolkipli

DOI: https://doi.org/10.1016/j.scs.2020.102324

IF: 11.7

2020-01-01

Sustainable Cities and Society

Abstract:Given a scale expansion of Internet of Things for sustainable resource management in smart cities, proper design of an intrusion detection system (IDS) is critical to safeguard the future network infrastructure from intruders. With the growth of connected things, the most-widely used centralized (cloud-based) IDS often suffers from high latency and network overhead, thereby resulting in unresponsiveness to attacks and slow detection of malicious users. In this paper, we address the limitation of centralized IDS for resource-constrained devices by proposing two methods, namely semi-distributed and distributed, that combine well-performing feature extraction and selection and exploit potential fog-edge coordinated analytics. In order to distribute the computational tasks, we individually develop parallel machine-learning models corresponding to a partitioned attack dataset. In the semi-distributed case, the parallel models, running on the edge side, are applied for side-by-side feature selections, which are then followed by a single multi-layer perceptron classification running on the fog side. In the distributed case, the parallel models individually perform both the feature selection and multi-layer perceptron classification after which the outputs are combined by a coordinating edge or fog for final decision making. Based on the comparative study of existing works, the numerical results demonstrate the promise of the proposed methods, giving a comparable detection accuracy to the superior centralized IDS as well as exemplify their inherent trade-offs between the accuracy and building time performance.

Yazeed Alotaibi,Mohammad Ilyas

DOI: https://doi.org/10.3390/s23125568

2023-06-14

Abstract:The Internet of Things (IoT) comprises a network of interconnected nodes constantly communicating, exchanging, and transferring data over various network protocols. Studies have shown that these protocols pose a severe threat (Cyber-attacks) to the security of data transmitted due to their ease of exploitation. In this research, we aim to contribute to the literature by improving the Intrusion Detection System (IDS) detection efficiency. In order to improve the efficiency of the IDS, a binary classification of normal and abnormal IoT traffic is constructed to enhance the IDS performance. Our method employs various supervised ML algorithms and ensemble classifiers. The proposed model was trained on TON-IoT network traffic datasets. Four of the trained ML-supervised models have achieved the highest accurate outcomes; Random Forest, Decision Tree, Logistic Regression, and K-Nearest Neighbor. These four classifiers are fed to two ensemble approaches: voting and stacking. The ensemble approaches were evaluated using the evaluation metrics and compared for their efficacy on this classification problem. The accuracy of the ensemble classifiers was higher than that of the individual models. This improvement can be attributed to ensemble learning strategies that leverage diverse learning mechanisms with varying capabilities. By combining these strategies, we were able to enhance the reliability of our predictions while reducing the occurrence of classification errors. The experimental results show that the framework can improve the efficiency of the Intrusion Detection System, achieving an accuracy rate of 0.9863.

Chaimae Hazman,Azidine Guezzaz,Said Benkirane,Mourade Azrour

DOI: https://doi.org/10.26599/tst.2023.9010033

2024-02-13

Tsinghua Science & Technology

Abstract:Cyberattacks against highly integrated Internet of Things (IoT) servers, apps, and telecoms infrastructure are rapidly increasing when issues produced by IoT networks go unnoticed for an extended period. IoT interface attacks must be evaluated in real-time for effective safety and security measures. This study implements a smart intrusion detection system (IDS) designed for IoT threats, and interoperability with IoT connectivity standards is offered by the identity solution. An IDS is a common type of network security technology that has recently received increasing interest in the research community. The system has already piqued the curiosity of scientific and industrial communities to identify intrusions. Several IDSs based on machine learning (ML) and deep learning (DL) have been proposed. This study introduces IDS-SIoDL, a novel IDS for IoT-based smart cities that integrates long shortterm memory (LSTM) and feature engineering. This model is tested using tensor processing unit (TPU) on the enhanced BoT-IoT, Edge-IIoT, and NSL-KDD datasets. Compared with current IDSs, the obtained results provide good assessment features, such as accuracy, recall, and precision, with approximately 0.9990 recording time and calculating times of approximately 600 and 6 ms for training and classification, respectively.

computer science, information systems,engineering, electrical & electronic, software engineering

Afrah Gueriani,Hamza Kheddar,Ahmed Cherif Mazari

2024-05-29

Abstract:Protecting Internet of things (IoT) devices against cyber attacks is imperative owing to inherent security vulnerabilities. These vulnerabilities can include a spectrum of sophisticated attacks that pose significant damage to both individuals and organizations. Employing robust security measures like intrusion detection systems (IDSs) is essential to solve these problems and protect IoT systems from such attacks. In this context, our proposed IDS model consists on a combination of convolutional neural network (CNN) and long short-term memory (LSTM) deep learning (DL) models. This fusion facilitates the detection and classification of IoT traffic into binary categories, benign and malicious activities by leveraging the spatial feature extraction capabilities of CNN for pattern recognition and the sequential memory retention of LSTM for discerning complex temporal dependencies in achieving enhanced accuracy and efficiency. In assessing the performance of our proposed model, the authors employed the new CICIoT2023 dataset for both training and final testing, while further validating the model's performance through a conclusive testing phase utilizing the CICIDS2017 dataset. Our proposed model achieves an accuracy rate of 98.42%, accompanied by a minimal loss of 0.0275. False positive rate(FPR) is equally important, reaching 9.17% with an F1-score of 98.57%. These results demonstrate the effectiveness of our proposed CNN-LSTM IDS model in fortifying IoT environments against potential cyber threats.

Cryptography and Security,Artificial Intelligence

Abdulaziz Aldaej,Imdad Ullah,Tariq Ahamed Ahanger,Mohammed Atiquzzaman

DOI: https://doi.org/10.1038/s41598-024-62435-y

IF: 4.6

2024-05-24

Scientific Reports

Abstract:Internet of Things (IoT) technology has revolutionized modern industrial sectors. Moreover, IoT technology has been incorporated within several vital domains of applicability. However, security is overlooked due to the limited resources of IoT devices. Intrusion detection methods are crucial for detecting attacks and responding adequately to every IoT attack. Conspicuously, the current study outlines a two-stage procedure for the determination and identification of intrusions. In the first stage, a binary classifier termed an Extra Tree (E-Tree) is used to analyze the flow of IoT data traffic within the network. In the second stage, an Ensemble Technique (ET) comprising of E-Tree, Deep Neural Network (DNN), and Random Forest (RF) examines the invasive events that have been identified. The proposed approach is validated for performance analysis. Specifically, Bot-IoT, CICIDS2018, NSL-KDD, and IoTID20 dataset were used for an in-depth performance assessment. Experimental results showed that the suggested strategy was more effective than existing machine learning methods. Specifically, the proposed technique registered enhanced statistical measures of accuracy, normalized accuracy, recall measure, and stability.

multidisciplinary sciences

Edeh Michael Onyema,Surjeet Dalal,Carlos Andrés Tavera Romero,Bijeta Seth,Praise Young,Mohd Anas Wajid

DOI: https://doi.org/10.1186/s13677-022-00305-6

2022-08-14

Journal of Cloud Computing

Abstract:The Internet of things (IoT) is an important technology that is highly beneficial in establishing smart items, connections and cities. However, there are worries regarding security and privacy vulnerabilities in IoT in which some emerge from numerous sources, including cyberattacks, unsecured networks, data, connections or communication. This paper provides an ensemble intrusion strategy based on Cyborg Intelligence (machine learning and biological intelligence) framework to boost security of IoT enabled networks utilized for network traffic of smart cities. To do this, multiple algorithms such Random Forest, Bayesian network (BN), C5.0, CART and Artificial Neural Network were investigated to determine their usefulness in identifying threats and attacks-botnets in IoT networks based on cyborg intelligence using the KDDcup99 dataset. The results reveal that the AdaBoost ensemble learning based on Cyborg Intelligence Intrusion Detection framework facilitates dissimilar network characteristics with the capacity to swiftly identify different botnet assaults efficiently. The suggested framework has obtained good accuracy, detection rate and a decreased false positive rate in comparison to other standard methodologies. The conclusion of this study would be a valuable complement to the efforts toward protecting IoT-powered networks and the accomplishment of safer smart cities.

Md Mamunur Rashid,Joarder Kamruzzaman,Mohammad Mehedi Hassan,Tasadduq Imam,Steven Gordon

DOI: https://doi.org/10.3390/ijerph17249347

2020-12-14

Abstract:In recent years, the widespread deployment of the Internet of Things (IoT) applications has contributed to the development of smart cities. A smart city utilizes IoT-enabled technologies, communications and applications to maximize operational efficiency and enhance both the service providers' quality of services and people's wellbeing and quality of life. With the growth of smart city networks, however, comes the increased risk of cybersecurity threats and attacks. IoT devices within a smart city network are connected to sensors linked to large cloud servers and are exposed to malicious attacks and threats. Thus, it is important to devise approaches to prevent such attacks and protect IoT devices from failure. In this paper, we explore an attack and anomaly detection technique based on machine learning algorithms (LR, SVM, DT, RF, ANN and KNN) to defend against and mitigate IoT cybersecurity threats in a smart city. Contrary to existing works that have focused on single classifiers, we also explore ensemble methods such as bagging, boosting and stacking to enhance the performance of the detection system. Additionally, we consider an integration of feature selection, cross-validation and multi-class classification for the discussed domain, which has not been well considered in the existing literature. Experimental results with the recent attack dataset demonstrate that the proposed technique can effectively identify cyberattacks and the stacking ensemble model outperforms comparable models in terms of accuracy, precision, recall and F1-Score, implying the promise of stacking in this domain.

Rafika Saadouni,Amina Khacha,Z. Aliouat,Yasmine Harbi

DOI: https://doi.org/10.1109/ISIA55826.2022.9993487

2022-11-29

Abstract:The internet of things (IoT) is expected to offer a significant impact on the industry domain leading to the concept of industrial IoT (IIoT). The IIoT comprises machine-to-machine (M2M) and communication technologies with data automation and exchange to improve product quality and decrease pro-duction costs. As a consequence, a large amount of data is collected and smartly processed to provide optimal industrial operations. This growing deployment enables adversaries to con-duct potential and destructive cyber-attacks to accomplish their malicious goals. Therefore, intelligent decision-making actions for cyber-attack detection in IIoT are sorely required. To address this challenge, we propose an intrusion detection system (IDS) using deep learning models. Specifically, the proposed system is based on the combination of convolutional neural network (CNN) and long short-term memory (LSTM) that are excellent techniques for intrusion detection and classification due to their ability in classifying main characteristics and their effectiveness in performing faster computations. We adopt the most recent dataset named Edge-IIoTset that contains a real traffic network of IoT and IIoT applications. The proposed model is evaluated in terms of accuracy, precision, false positive rate, and detection cost within binary and multi-class classifications. The obtained results show that our CNN-LSTM model provides better performance and robustness in cyber security intrusion detection for IIoT applications compared to LSTM and traditional machine learning models. Moreover, it outperforms two recent related models in terms of accuracy rate.

Engineering,Computer Science

Ramesh Kumar, M.

DOI: https://doi.org/10.1007/s12083-024-01721-y

IF: 3.488

2024-06-08

Peer-to-Peer Networking and Applications

Abstract:Intrusion Detection System (IDS) is designed being help and safeguard IoT networks from potential threats. Distributed Denial of Service (DDoS) assaults are a pernicious kind of cyber-attacks causing server disruptions in modern cyber-security world. Detecting unauthorized and suspicious activities by observing data traffic flows is crucial for enhanced network security. So, this research paper proposes an innovative solution to IoT environment by designing effective intrusion detection module. It benefits from the working principle of different modules that are operated for data dimensionality reduction, feature optimization and deep classification to maximize network security by identifying normal and malicious traffic flows. The detection process commences with data pre-processing steps such as null set removal and redundant feature elimination that provide a clear and concise representation of the data. Next, we employ the Random Subset Feature Selection (RSFS) technique to minimize dimension of preprocessed information by eliminating duplicate or redundant features. The selected feature subsets are then used as the initial search space for the Mutation Boosted Golden Jackal Optimization (MBGJO) algorithm. It helps to predict optimal attributes that contribute most effectively to detection of different attack classes. Finally, the Light Gradient Boosting Machine (LGBM) algorithm is used to train the ideal feature set and detect various attack classes in the CIC-DDoS2019 dataset. By employing this algorithm, we ensure that our detection system remains scalable and capable of handling diverse attack scenarios. Experimental findings demonstrate that our IDS attains an impressive accuracy of 99.7%. Moreover, it surpasses other state-of-the-art mechanisms with regard to scalability and security. Our intrusion detection system thus provides an effective solution for safeguarding IoT networks against potential threats.

computer science, information systems,telecommunications

Kamal Bella,Azidine Guezzaz,Said Benkirane,Mourade Azrour,Yasser Fouad,Mbadiwe S. Benyeogor,Nisreen Innab

DOI: https://doi.org/10.7717/peerj-cs.2290

2024-09-09

PeerJ Computer Science

Abstract:The adoption and integration of the Internet of Things (IoT) have become essential for the advancement of many industries, unlocking purposeful connections between objects. However, the surge in IoT adoption and integration has also made it a prime target for malicious attacks. Consequently, ensuring the security of IoT systems and ecosystems has emerged as a crucial research area. Notably, advancements in addressing these security threats include the implementation of intrusion detection systems (IDS), garnering considerable attention within the research community. In this study, and in aim to enhance network anomaly detection, we present a novel intrusion detection approach: the Deep Neural Decision Forest-based IDS (DNDF-IDS). The DNDF-IDS incorporates an improved decision forest model coupled with neural networks to achieve heightened accuracy (ACC). Employing four distinct feature selection methods separately, namely principal component analysis (PCA), LASSO regression (LR), SelectKBest, and Random Forest Feature Importance (RFFI), our objective is to streamline training and prediction processes, enhance overall performance, and identify the most correlated features. Evaluation of our model on three diverse datasets (NSL-KDD, CICIDS2017, and UNSW-NB15) reveals impressive ACC values ranging from 94.09% to 98.84%, depending on the dataset and the feature selection method. Notably, our model achieves a remarkable prediction time of 0.1 ms per record. Comparative analyses with other recent random forest and Convolutional Neural Networks (CNN) based models indicate that our DNDF-IDS performs similarly or even outperforms them in certain instances, particularly when utilizing the top 10 features. One key advantage of our novel model lies in its ability to make accurate predictions with only a few features, showcasing an efficient utilization of computational resources.

computer science, information systems, artificial intelligence, theory & methods

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence

D. Selvapandian,R. Santhosh

DOI: https://doi.org/10.1007/s10515-021-00298-7

IF: 1.677

2021-09-21

Automated Software Engineering

Abstract:The possibility of connecting billions of smart end devices in the Internet of Things (IoT) provides wide range of services to the user. But, the unlimited connectivity of devices in IoT brings security issues when it is connected to wireless networks. Integrating cloud with IoT networks gains more attention as it reduces the sensor node resource limitations. However, the network complexity, open broadcast characteristics of IoT networks are vulnerable to attacks. To ensure network security and reliable operations, Intrusion Detection Systems (IDS) are widely preferred. IDS identifies the anomalies effectively in complex network environments and ensures the security of the network. Traditional intrusion detection systems based on neural networks consume long training time and low classification accuracy. Recently, deep learning methods are widely used in various image and signal processing, security applications. This research work presents a deep learning-based intrusion detection system for multi-cloud IoT environment to overcome the limitations of neural network-based intrusion detection models. The proposed intrusion detection model improves the detection accuracy by improving the training efficiency. Experimental evaluation of proposed model using NSL-KDD dataset provides improved performance than conventional techniques attaining 97.51% of detection rate, 96.28% of detection accuracy, and 94.41% of precision.

Abdul Qaddos,Muhammad Usman Yaseen,Ahmad Sami Al-Shamayleh,Muhammad Imran,Adnan Akhunzada,Salman Z. Alharthi

DOI: https://doi.org/10.1038/s41598-024-72049-z

IF: 4.6

2024-09-21

Scientific Reports

Abstract:The emerging expanding scope of the Internet of Things (IoT) necessitates robust intrusion detection systems (IDS) to mitigate security risks effectively. However, existing approaches often struggle with adaptability to emerging threats and fail to account for IoT-specific complexities. To address these challenges, this study proposes a novel approach by hybridizing convolutional neural network (CNN) and gated recurrent unit (GRU) architectures tailored for IoT intrusion detection. This hybrid model excels in capturing intricate features and learning relational aspects crucial in IoT security. Moreover, we integrate the feature-weighted synthetic minority oversampling technique (FW-SMOTE) to handle imbalanced datasets, which commonly afflict intrusion detection tasks. Validation using the IoTID20 dataset, designed to emulate IoT environments, yields exceptional results with 99.60% accuracy in attack detection, surpassing existing benchmarks. Additionally, evaluation on the network domain dataset, UNSW-NB15, demonstrates robust performance with 99.16% accuracy, highlighting the model's applicability across diverse datasets. This innovative approach not only addresses current limitations in IoT intrusion detection but also establishes new benchmarks in terms of accuracy and adaptability. The findings underscore its potential as a versatile and effective solution for safeguarding IoT ecosystems against evolving security threats.

multidisciplinary sciences

Nitu Dash,Sujata Chakravarty,Amiya Kumar Rath

DOI: https://doi.org/10.11591/ijece.v14i5.pp5874-5883

2024-10-01

International Journal of Electrical and Computer Engineering (IJECE)

Abstract:The internet of things (IoT) greatly impacts daily life by enabling efficient data exchange between objects and servers. However, cyber-attacks pose a serious threat to IoT devices. Intrusion detection systems (IDS) are vital for safeguarding networks, and machine learning methods are increasingly used to enhance security. Continuous improvement in accuracy and performance is crucial for effective IoT security. Deep learning not only outshines traditional machine learning methods but also holds untapped potential in fortifying IDS systems. This paper introduces an innovative deep learning framework tailored for anomaly detection within IoT networks, leveraging bidirectional long short-term memory (BiLSTM) and gated recurrent unit (GRU) architectures. The hyper parameters of the proposed model are optimized using the JAYA optimization technique. These models are validated using IoT-23 and MQTTset datasets. Several performance metrics including accuracy, precision, recall, f-score, true negative rate (TNR), false positive rate (FPR), and false negative rate (FNR), have been selected to assess the effectiveness of the suggested model. The empirical results are scrutinized and juxtaposed with prevailing approaches in the realm of intrusion detection for IoT. Notably, the proposed method emerges as showcasing superior accuracy when contrasted with existing methods.

Muhammad Bisri Musthafa,Samsul Huda,Yuta Kodera,Md Arshad Ali,Shunsuke Araki,Jedidah Mwaura,Yasuyuki Nogami

DOI: https://doi.org/10.3390/s24134293

2024-07-01

Abstract:Internet of Things (IoT) devices are leading to advancements in innovation, efficiency, and sustainability across various industries. However, as the number of connected IoT devices increases, the risk of intrusion becomes a major concern in IoT security. To prevent intrusions, it is crucial to implement intrusion detection systems (IDSs) that can detect and prevent such attacks. IDSs are a critical component of cybersecurity infrastructure. They are designed to detect and respond to malicious activities within a network or system. Traditional IDS methods rely on predefined signatures or rules to identify known threats, but these techniques may struggle to detect novel or sophisticated attacks. The implementation of IDSs with machine learning (ML) and deep learning (DL) techniques has been proposed to improve IDSs' ability to detect attacks. This will enhance overall cybersecurity posture and resilience. However, ML and DL techniques face several issues that may impact the models' performance and effectiveness, such as overfitting and the effects of unimportant features on finding meaningful patterns. To ensure better performance and reliability of machine learning models in IDSs when dealing with new and unseen threats, the models need to be optimized. This can be done by addressing overfitting and implementing feature selection. In this paper, we propose a scheme to optimize IoT intrusion detection by using class balancing and feature selection for preprocessing. We evaluated the experiment on the UNSW-NB15 dataset and the NSL-KD dataset by implementing two different ensemble models: one using a support vector machine (SVM) with bagging and another using long short-term memory (LSTM) with stacking. The results of the performance and the confusion matrix show that the LSTM stacking with analysis of variance (ANOVA) feature selection model is a superior model for classifying network attacks. It has remarkable accuracies of 96.92% and 99.77% and overfitting values of 0.33% and 0.04% on the two datasets, respectively. The model's ROC is also shaped with a sharp bend, with AUC values of 0.9665 and 0.9971 for the UNSW-NB15 dataset and the NSL-KD dataset, respectively.

Noor Wali Khan,Mohammed S Alshehri,Muazzam A Khan,Sultan Almakdi,Naghmeh Moradpoor,Abdulwahab Alazeb,Safi Ullah,Naila Naz,Jawad Ahmad

DOI: https://doi.org/10.3934/mbe.2023602

2023-06-13

Abstract:The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.

Muhammad Zawad Mahmud,Samiha Islam,Shahran Rahman Alve,Al Jubayer Pial

2024-12-04

Abstract:An application of software known as an Intrusion Detection System (IDS) employs machine algorithms to identify network intrusions. Selective logging, safeguarding privacy, reputation-based defense against numerous attacks, and dynamic response to threats are a few of the problems that intrusion identification is used to solve. The biological system known as IoT has seen a rapid increase in high dimensionality and information traffic. Self-protective mechanisms like intrusion detection systems (IDSs) are essential for defending against a variety of attacks. On the other hand, the functional and physical diversity of IoT IDS systems causes significant issues. These attributes make it troublesome and unrealistic to completely use all IoT elements and properties for IDS self-security. For peculiarity-based IDS, this study proposes and implements a novel component selection and extraction strategy (our strategy). A five-ML algorithm model-based IDS for machine learning-based networks with proper hyperparamater tuning is presented in this paper by examining how the most popular feature selection methods and classifiers are combined, such as K-Nearest Neighbors (KNN) Classifier, Decision Tree (DT) Classifier, Random Forest (RF) Classifier, Gradient Boosting Classifier, and Ada Boost Classifier. The Random Forest (RF) classifier had the highest accuracy of 99.39%. The K-Nearest Neighbor (KNN) classifier exhibited the lowest performance among the evaluated models, achieving an accuracy of 94.84%. This study's models have a significantly higher performance rate than those used in previous studies, indicating that they are more reliable.

Cryptography and Security,Machine Learning

KG Raghavendra Narayan,Srijanee Mookherji,Vanga Odelu,Rajendra Prasath,Anish Chand Turlapaty,Ashok Kumar Das

2023-08-02

Abstract:With rapid technological growth, security attacks are drastically increasing. In many crucial Internet-of-Things (IoT) applications such as healthcare and defense, the early detection of security attacks plays a significant role in protecting huge resources. An intrusion detection system is used to address this problem. The signature-based approaches fail to detect zero-day attacks. So anomaly-based detection particularly AI tools, are becoming popular. In addition, the imbalanced dataset leads to biased results. In Machine Learning (ML) models, F1 score is an important metric to measure the accuracy of class-level correct predictions. The model may fail to detect the target samples if the F1 is considerably low. It will lead to unrecoverable consequences in sensitive applications such as healthcare and defense. So, any improvement in the F1 score has significant impact on the resource protection. In this paper, we present a framework for ML-based intrusion detection system for an imbalanced dataset. In this study, the most recent dataset, namely CICIoT2023 is considered. The random forest (RF) algorithm is used in the proposed framework. The proposed approach improves 3.72%, 3.75% and 4.69% in precision, recall and F1 score, respectively, with the existing method. Additionally, for unsaturated classes (i.e., classes with F1 score < 0.99), F1 score improved significantly by 7.9%. As a result, the proposed approach is more suitable for IoT security applications for efficient detection of intrusion and is useful in further studies.

Cryptography and Security

Jingyi Zhu,Xiufeng Liu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109113

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

D. Jayalatchumy,Rajakumar Ramalingam,Aravind Balakrishnan,Mejdl Safran,Sultan Alfarhood

DOI: https://doi.org/10.1109/access.2024.3372859

IF: 3.9

2024-03-09

IEEE Access

Abstract:Network intrusion detection in the Internet of Things (IoT) framework has posed considerable challenges in recent decades. A wide variety of machine-learning approaches are introduced in network intrusion detection. The existing methodologies commonly lack consistency in achieving optimal performance across various multi-class categorization tasks. The present study elucidates implementing a unique intrusion system with the primary objective of enriching the efficacy of network intrusion detection. In the initial phase, it is imperative to employ data-denoising methodologies to effectively tackle the issue of data imbalance. In the next step, the enhanced Crow search algorithm is used to determine the most significant features that aid in better classifying intrusion attacks. In the final phase, the ensemble classifier takes the selected features as input to categorize the standard and invader labels. The present work introduces an ensemble mechanism that comprises four distinct classifiers. The assessment of the proposed approach is validated on two denoised datasets, specifically NSL-KDD and UNSW-NB15. The experimental outcomes demonstrate that the formulated approach achieves exceptional accuracy of 99.4% and 99.2% for the NSL-KDD and UNSW-NB15 datasets, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic