Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yufei An,F. Richard Yu,Ying He,Jianqiang Li,Jianyong Chen,Victor C.M. Leung

DOI: https://doi.org/10.1109/jiot.2024.3369852

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The rapid advancement and wide application of the Internet of Things technology (IoT) have brought unprecedented convenience to people’s production and life. A great number of devices are connected to the IoT network to provide various services for people, which also makes the IoT more vulnerable to various cyber-attacks. This paper designs a novel IoT web attack detection architecture, which combines the powerful knowledge expression ability and high interpretability of symbolic artificial intelligence (AI) with the adaptive learning ability of connectionist AI to form a closed loop of knowledge embedding and extraction, effectively improve the detection ability of web attacks. The architecture solves the “black box” feature of deep learning models and can obtain knowledge from the trained detection model and add it to the training process of the new model to improve detection capabilities. It also uses the advantages of blockchain technology to realize intelligent sharing between different detection systems, solve the problem of difficult detection model updates and training data acquisition “bottlenecks”. To better detect web attacks, we propose a semi-supervised learning method based on an interpretable convolutional neural network (CNN) to reduce misjudgments during self-training and improve detection accuracy. Additionally, we propose a new feature method to extract the features of web logs in IoT devices, which can help the system to detect web attacks in IoT more quickly and accurately. Simulation results on two different datasets show that the proposed architecture and method can effectively detect web attacks in IoT and reduce the false positive rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Weiping Ding,Mohamed Abdel-Basset,Reda Mohamed

DOI: https://doi.org/10.1016/j.ins.2023.03.052

IF: 8.1

2023-01-01

Information Sciences

Abstract:Our daily lives have been profoundly changed over the past few years owing to the growing presence of the Internet of Things (IoT). Importantly, IoT makes our lives more convenient, simpler, and more efficient; however, gadgets are vulnerable to a wide variety of cyberattacks due to the lack of robust security mechanisms and hardware security support. This paper presents an alternative deep learning model known as DeepAK-IoT to detect cyberattacks against IoT devices. DeepAK-IoT uses three blocks as its foundation: the residual-based-spatial representation (RSR) block, the temporal representation block (TRB), and the detection block (DB). The RSR block uses five residual blocks to extract a feature representation from the output of the preceding layer. The four convolutional layers are connected in parallel with a skip connection within each block to avoid vanishing or exploding gradients. Then, the second block uses the extracted spatial representation to learn a temporal representation to detect cyber threats. The final block decides how to classify the input record. We evaluated the accuracy and generalization ability of DeepAK-IoT using three well-known public datasets: TON-IoT, Edge-IIoTset, and UNSW-NB15. The proposed model was compared to three state-of-the-art deep learning models to demonstrate its effectiveness in detecting cyber threats in IoT systems. According to the experimental results, DeepAKIoT was found to be a powerful alternative model for managing cyber threats in IoT networks, as it provided 90.57% accuracy for TON IoT, 94.96% for Edge-IIoTset, and 98.41% for UNSW NB15.

Abdelouahid Derhab,Arwa Aldweesh,Ahmed Z. Emam,Farrukh Aslam Khan

DOI: https://doi.org/10.1155/2020/6689134

2020-12-22

Wireless Communications and Mobile Computing

Abstract:In the era of the Internet of Things (IoT), connected objects produce an enormous amount of data traffic that feed big data analytics, which could be used in discovering unseen patterns and identifying anomalous traffic. In this paper, we identify five key design principles that should be considered when developing a deep learning-based intrusion detection system (IDS) for the IoT. Based on these principles, we design and implement Temporal Convolution Neural Network (TCNN), a deep learning framework for intrusion detection systems in IoT, which combines Convolution Neural Network (CNN) with causal convolution. TCNN is combined with Synthetic Minority Oversampling Technique-Nominal Continuous (SMOTE-NC) to handle unbalanced dataset. It is also combined with efficient feature engineering techniques, which consist of feature space reduction and feature transformation. TCNN is evaluated on Bot-IoT dataset and compared with two common machine learning algorithms, i.e., Logistic Regression (LR) and Random Forest (RF), and two deep learning techniques, i.e., LSTM and CNN. Experimental results show that TCNN achieves a good trade-off between effectiveness and efficiency. It outperforms the state-of-the-art deep learning IDSs that are tested on Bot-IoT dataset and records an accuracy of 99.9986% for multiclass traffic detection, and shows a very close performance to CNN with respect to the training time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Congqi Shen,Geyang Xiao,Shaofeng Yao,Boyang Zhou,Zhongxia Pan,Hong Zhang

DOI: https://doi.org/10.1109/spac53836.2021.9539933

2021-01-01

Abstract:Current Industrial Internet faces serious threats where attackers propagate malicious flows, resulting in communication failures in the Industrial Internet. In this work, we propose a practical and novel method to detect malicious traffic attack in real time with high accuracy. Our primary idea is to capture network flow, extract adequate network flow features, construct a long short-term memory (LSTM) based deep learning model, and identify the property of the corresponding network flow. Whether the network suffers attack or not is then determined according to the detection results. The corresponding prototype is also implemented in the Industrial Internet which is equipped with Software Defined Networking (SDN). Experimental results validate that the proposed method is effective in defending against malicious traffic attack in real-world network.

Shiyu Wang,Wenxiang Xu,Yiwen Liu

DOI: https://doi.org/10.1016/j.comnet.2023.109982

IF: 5.493

2023-08-14

Computer Networks

Abstract:The Internet of Things (IoT), as the information carrier of the Internet and telecommunications networks, is a new network technology comprising physical entities embedded with electronic components, software and sensors, and characterized by strong complexity and openness. With the massive amount of data, the occurrence of network intrusion is also increasingly frequent, involving industrial control systems, IoT devices, mobile security, cloud services, and telecommunications services. With the diversification and intelligence of cyberattack behaviors, traditional intrusion detection systems (IDSs) face problems—such as insufficient feature extraction and inaccurate model classification—when faced with high-dimensional features and nonlinear massive data. Due to their powerful data representation learning ability, deep learning methods save substantial time in processing high-dimensional and complex intrusion data. On this basis, we propose an intrusion detection model using ResNet, Transformer and BiLSTM (Res-TranBiLSTM) that takes into account both the spatial and temporal features of network traffic. We use the Synthetic Minor Overriding Technique (SMOTE) – Edited Nearest Neighbor (ENN) method to alleviate the degree of data imbalance. In addition, we respectively establish a spatial feature extraction model based on ResNet and a temporal feature extraction model based on Transformer and BiLSTM to extract spatial features and temporal features parallelly. Finally, spatiotemporal features are included to achieve attack detection and classification. Further, simulation experiments are conducted using the public data sets NSL-KDD and CIC-IDS2017. The experiments are implemented using Python programming language and Pytorch framework. The results reveal that the performance of our proposed model is better than that of other models, with accuracy reaching 90.99%, 99.15% and 99.56%, on NSL-KDD dataset, CIC-IDS2017 dataset and MQTTset dataset, respectively. It increased the detection accuracy by about 1%-10% on NSL-KDD dataset and about 0.2%-10% on CIC-IDS2017 dataset, and about 1%-10% on MQTTset dataset. These results demonstrate that this method is effective in constructing and optimizing large-scale IDS in the IoT environment.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Sami Yaras,Murat Dener

DOI: https://doi.org/10.3390/electronics13061053

IF: 2.9

2024-03-13

Electronics

Abstract:The most significant threat that networks established in IoT may encounter is cyber attacks. The most commonly encountered attacks among these threats are DDoS attacks. After attacks, the communication traffic of the network can be disrupted, and the energy of sensor nodes can quickly deplete. Therefore, the detection of occurring attacks is of great importance. Considering numerous sensor nodes in the established network, analyzing the network traffic data through traditional methods can become impossible. Analyzing this network traffic in a big data environment is necessary. This study aims to analyze the obtained network traffic dataset in a big data environment and detect attacks in the network using a deep learning algorithm. This study is conducted using PySpark with Apache Spark in the Google Colaboratory (Colab) environment. Keras and Scikit-Learn libraries are utilized in the study. 'CICIoT2023' and 'TON_IoT' datasets are used for training and testing the model. The features in the datasets are reduced using the correlation method, ensuring the inclusion of significant features in the tests. A hybrid deep learning algorithm is designed using one-dimensional CNN and LSTM. The developed method was compared with ten machine learning and deep learning algorithms. The model's performance was evaluated using accuracy, precision, recall, and F1 parameters. Following the study, an accuracy rate of 99.995% for binary classification and 99.96% for multiclassification is achieved in the 'CICIoT2023' dataset. In the 'TON_IoT' dataset, a binary classification success rate of 98.75% is reached.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ling Xing,Kun Wang,Honghai Wu,Huahong Ma,Xiaohui Zhang

DOI: https://doi.org/10.3390/s23094399

IF: 3.9

2023-04-30

Sensors

Abstract:The problems with network security that the Internet of Vehicles (IoV) faces are becoming more noticeable as it continues to evolve. Deep learning-based intrusion detection techniques can assist the IoV in preventing network threats. However, previous methods usually employ a single deep learning model to extract temporal or spatial features, or extract spatial features first and then temporal features in a serial manner. These methods usually have the problem of insufficient extraction of spatio-temporal features of the IoV, which affects the performance of intrusion detection and leads to a high false-positive rate. To solve the above problems, this paper proposes an intrusion detection method for IoV based on parallel analysis of spatio-temporal features (PA-STF). First, we built an optimal subset of features based on feature correlations of IoV traffic. Then, we used the temporal convolutional network (TCN) and long short-term memory (LSTM) to extract spatio-temporal features in the IoV traffic in a parallel manner. Finally, we fused the spatio-temporal features extracted in parallel based on the self-attention mechanism and used a multilayer perceptron to detect attacks in the Internet of Vehicles. The experimental results show that the PA-STF method reduces the false-positive rate by 1.95% and 1.57% on the NSL-KDD and UNSW-NB15 datasets, respectively, with the accuracy and F1 score also being superior.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence

Peifeng Liang,Lina Yang,Zenggang Xiong,Xuemin Zhang,Gang Liu

DOI: https://doi.org/10.1109/jiot.2024.3369034

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) technology and systems have penetrated every aspect of our lives and generated enormous economic benefits. At the same time, research on the data security of IoT systems has been one of the key topics in IoT fields. Network attacks and intrusions have become the main threats to the data security of the IoTs, which have become the main obstacles to the development and application of the IoTs. In this article, we propose an intrusions and attack detection model to ensure the data security of IoT systems by using the Transformer model and multiwavelets learning. Based on the architecture of IoT systems, we first proposed a multi-level intrusion detection model to detect attack data in the cloud layer and edge terminal layer. In this detection model, a Transformer model and discrete wavelet transform (DWT) based approach is proposed to ensure the effectiveness and accuracy of the model. To extract and make full use of frequency information of traffic data in an IoT network, we embed DWT technique and multiwavelets learning into the Transformer model to propose a novel DWT-based Transformer architecture, which achieves outstanding performance in detecting intrusion actions. Simulating on IoT system in laboratory environment, the proposed security prediction model achieves pretty good performance in predicting intrusion actions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rongrong Jiang,Zhengqiu Weng,Lili Shi,Erxuan Weng,Hongmei Li,Weiqiang Wang,Tiantian Zhu,Wuzhao Li

DOI: https://doi.org/10.1002/cpe.8258

2024-08-17

Concurrency and Computation Practice and Experience

Abstract:Summary With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

computer science, theory & methods, software engineering

Zhendong Wang,Hui Chen,Shuxin Yang,Xiao Luo,Dahai Li,Junling Wang

DOI: https://doi.org/10.7717/peerj-cs.1569

2023-09-22

Abstract:Intrusion detection ensures that IoT can protect itself against malicious intrusions in extensive and intricate network traffic data. In recent years, deep learning has been extensively and effectively employed in IoT intrusion detection. However, the limited computing power and storage space of IoT devices restrict the feasibility of deploying resource-intensive intrusion detection systems on them. This article introduces the DL-BiLSTM lightweight IoT intrusion detection model. By combining deep neural networks (DNNs) and bidirectional long short-term memory networks (BiLSTMs), the model enables nonlinear and bidirectional long-distance feature extraction of complex network information. This capability allows the system to capture complex patterns and behaviors related to cyber-attacks, thus enhancing detection performance. To address the resource constraints of IoT devices, the model utilizes the incremental principal component analysis (IPCA) algorithm for feature dimensionality reduction. Additionally, dynamic quantization is employed to trim the specified cell structure of the model, thereby reducing the computational burden on IoT devices while preserving accurate detection capability. The experimental results on the benchmark datasets CIC IDS2017, N-BaIoT, and CICIoT2023 demonstrate that DL-BiLSTM surpasses traditional deep learning models and cutting-edge detection techniques in terms of detection performance, while maintaining a lower model complexity.

Prabhat Kumar,Govind P. Gupta,Rakesh Tripathi

DOI: https://doi.org/10.1007/s13369-020-05181-3

IF: 2.807

2021-01-11

Arabian Journal for Science and Engineering

Abstract:With simple connectivity and fast-growing demand of smart devices and networks, IoT has become more prone to cyber attacks. In order to detect and prevent cyber attacks in IoT networks, intrusion detection system (IDS) plays a crucial role. However, most of the existing IDS have dimensionality curse that reduces overall IoT systems efficiency. Hence, it is important to remove repetitive and irrelevant features while designing effective IDS. Motivated from aforementioned challenges, this paper presents an intelligent cyber attack detection system for IoT network using a novel hybrid feature reduced approach. This technique first performs feature ranking using correlation coefficient, random forest mean decrease accuracy and gain ratio to obtain three different feature sets. Then, features are combined using a suitably designed mechanism (AND operation), to obtain single optimized feature set. Finally, the obtained reduced feature set is fed to three well-known machine learning algorithms such as random forest, K-nearest neighbor and XGBoost for detection of cyber attacks. The efficiency of the proposed cyber attack detection framework is evaluated using NSL-KDD and two latest IoT-based datasets namely, BoT-IoT and DS2OS. Performance of the proposed framework is evaluated and compared with some recent state-of-the-art techniques found in literature, in terms of accuracy, detection rate (DR), precision and F1 score. Performance analysis using these three datasets shows that the proposed model has achieved DR up to 90%–100%, for most of the attack vectors that has close similarity to normal behaviors and accuracy above 99%.

multidisciplinary sciences

Sidra Abbas,Shtwai Alsubai,Stephen Ojo,Gabriel Avelino Sampedro,Ahmad Almadhor,Abdullah Al Hejaili,Imen Bouazzi,Abbas, Sidra,Ojo, Stephen,Sampedro, Gabriel Avelino

DOI: https://doi.org/10.1007/s11227-024-05993-2

IF: 3.3

2024-03-10

The Journal of Supercomputing

Abstract:The rapid growth of Internet of Things (IoT) devices has changed human interactions with the environment. IoT networks require specialized defense strategies distinct from traditional corporate contexts. Security measures such as anti-malware software, firewalls, authentication protocols, and encryption techniques are established but face limitations against evolving attack strategies. Therefore, this study proposes an intrusion detection approach for a realistic IoT environment, employing various variants of deep learning models such as deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs). The research tested three variants for each model: DNN1, DNN2, DNN3, CNN1, CNN2, CNN3, RNN1, RNN2, RNN3 . All these variants are customized and tuned differently to analyze the efficacy of the suggested methodology. Likewise, notable observation highlights the significance of aligning training and validation accuracy curves that indicate controlled overfitting, validating the model's reliability in accurately predicting intrusion and benign network traffic in IoT settings. Results reveal that RNN1 achieves the best results: accuracy of 98.61%, precision of 98.55%, recall of 98.61%, and F1-score of 98.57% compared with other DNN and CNN architectures and benchmark papers. This study advances intrusion detection within IoT networks through a comprehensive evaluation of deep learning models and inspires ongoing research to enhance intrusion detection systems' resilience in dynamic IoT environments.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Xiuzhang Yang,Guojun Peng,Dongni Zhang,Yangqi Lv

DOI: https://doi.org/10.1155/2022/4748528

IF: 1.968

2022-04-26

Security and Communication Networks

Abstract:Nowadays, the intrusion detection system (IDS) plays a crucial role in the Internet of Things (IoT) networks, which could effectively protect sensitive data from various attacks. However, the existing works have not considered multiview features fusion and failed to capture the semantic relationships among the anomalous requests. They are not robust and cannot detect the attack types in real-time. This paper proposes a lightweight intrusion detection system based on deep learning and knowledge graph. First, our system extracts semantic relationships and key features by knowledge graph and statistical analysis. Then, IoT network requests are converted into word vectors through multiview feature fusion and feature alignment. Finally, an attention-based CNN-BiLSTM model is designed to identify malicious request attacks, which can capture long-distance dependence and contextual semantic information. Experiment results show that the proposed model significantly outperforms the existing solution in the robustness of the model. Moreover, it can select more critical features for IDS to achieve better accuracy and lower the false alarm rate. Compared with the state-of-the-art systems, the proposed IDS achieves a higher detection accuracy of 90.01%. In addition, our system can detect various stealthy attack types (including DoS, Probe, R2L, and U2L) and extract semantic relationships among features.

computer science, information systems,telecommunications

Shuaike Dong,Zhou Li,Di Tang,Jiongyi Chen,Menghan Sun,Kehuan Zhang

DOI: https://doi.org/10.48550/arXiv.1909.00104

2019-08-31

Abstract:The IoT (Internet of Things) technology has been widely adopted in recent years and has profoundly changed the people's daily lives. However, in the meantime, such a fast-growing technology has also introduced new privacy issues, which need to be better understood and measured. In this work, we look into how private information can be leaked from network traffic generated in the smart home network. Although researchers have proposed techniques to infer IoT device types or user behaviors under clean experiment setup, the effectiveness of such approaches become questionable in the complex but realistic network environment, where common techniques like Network Address and Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic analysis using traditional methods (e.g., through classical machine-learning models) is much less effective under those settings, as the features picked manually are not distinctive any more. In this work, we propose a traffic analysis framework based on sequence-learning techniques like LSTM and leveraged the temporal relations between packets for the attack of device identification. We evaluated it under different environment settings (e.g., pure-IoT and noisy environment with multiple non-IoT devices). The results showed our framework was able to differentiate device types with a high accuracy. This result suggests IoT network communications pose prominent challenges to users' privacy, even when they are protected by encryption and morphed by the network gateway. As such, new privacy protection methods on IoT traffic need to be developed towards mitigating this new issue.

Cryptography and Security

Khawlah Harahsheh,Rami Al-Naimat,Chung-Hao Chen

DOI: https://doi.org/10.3390/electronics13091678

IF: 2.9

2024-04-27

Electronics

Abstract:The rapid evolution of technology has given rise to a connected world where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While the IoT offers incredible convenience and efficiency, it presents a significant challenge to cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques, particularly those encompassing supervised classification techniques, offer a systematic approach to training models using labeled datasets. These techniques enable intrusion detection systems (IDSs) to discern patterns indicative of potential attacks amidst the vast amounts of IoT data. Our investigation delves into various aspects of supervised classification, including feature selection, model training, and evaluation methodologies, to comprehensively evaluate their impact on attack detection effectiveness. The key features selected to improve IDS efficiency and reduce dataset size, thereby decreasing the time required for attack detection, are drawn from the extensive network dataset. This paper introduces an enhanced feature selection method designed to reduce the computational overhead on IoT resources while simultaneously strengthening intrusion detection capabilities within the IoT environment. The experimental results based on the InSDN dataset demonstrate that our proposed methodology achieves the highest accuracy with the fewest number of features and has a low computational cost. Specifically, we attain a 99.99% accuracy with 11 features and a computational time of 0.8599 s.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chunlai Du,Yanhui Guo,Yuhang Zhang

DOI: https://doi.org/10.3390/electronics13142685

IF: 2.9

2024-07-10

Electronics

Abstract:With the rapid expansion and ubiquitous presence of the Internet of Things (IoT), the proliferation of IoT devices has reached unprecedented levels, heightening concerns about IoT security. Intrusion detection based on deep learning has become a crucial approach for safeguarding IoT ecosystems. However, challenges remain in IoT intrusion detection research, including inadequate feature representation at the classifier level and poor correlation among extracted traffic features, leading to diminished classification accuracy. To address these issues, we propose a novel transformer-based IoT intrusion detection model, MBConv-ViT (MobileNet Convolution and Vision Transformer), which enhances the correlation of extracted features by fusing local and global features. By leveraging the high correlation of traffic flow, our model can identify subtle differences in IoT traffic flow, thereby achieving precise classification of attack traffic. Experiments based on the open datasets TON-IoT and Bot-IoT demonstrate that the accuracy of the MBConv-ViT model, respectively, 97.14% and 99.99%, is more effective than several existing typical models.

engineering, electrical & electronic,computer science, information systems,physics, applied

Noor Wali Khan,Mohammed S Alshehri,Muazzam A Khan,Sultan Almakdi,Naghmeh Moradpoor,Abdulwahab Alazeb,Safi Ullah,Naila Naz,Jawad Ahmad

DOI: https://doi.org/10.3934/mbe.2023602

2023-06-13

Abstract:The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.

Dawit Dejene Bikila,Jan Čapek

DOI: https://doi.org/10.1016/j.future.2024.107630

IF: 7.307

2024-12-03

Future Generation Computer Systems

Abstract:The number of Internet of Things (IoT) device connections is increasing rapidly as IoT applications are vital in any operation. IoT must maintain safe internet access that withstands various malicious attacks for instance Recon, Mirai, Distributed Denial of Service (DDoS), and Spoofing which has gained much attention. Intelligently changing and zero-day attacks are emerging every day. This highlights the need for intelligent security solutions tailored specifically to this technology. Various Machine Learning (ML) based approaches have been utilized for intrusion detection to tackle IoT attacks. However, the flaws of current attack detection and feature extraction techniques result in low detection accuracy. Thus, it hindered their real-world applications and highlighted the need for a lightweight and computationally robust model trained and assessed on a recent datasets. Therefore, this work proposed an attack detection model trained and validated using the CICIoT2023 and CICIDS2017 datasets. Initially, data preprocessing is done then features are extracted by using an unsupervised Elastic Deep Autoencoder (EDA) with optimum hyperparameters. Further, the Extreme Gradient Boosting (XGBoost) binary classifier is tuned by the Grey Wolf Optimizer (GWO) and fed extracted feature sets to classify attacks. The results of the experiments show the effectiveness of our model with a higher detection accuracy in both datasets. Finally, the performance comparison confirmed that the results of the proposed work is competitive with other state-of-the-art method in securing IoT infrastructures.

computer science, theory & methods