Ernest Ntizikira,Lei Wang,Jenhui Chen,Kiran Saleem

DOI: https://doi.org/10.1016/j.comcom.2023.11.023

IF: 5.047

2024-01-01

Computer Communications

Abstract:The Internet of Things (IoT) has gained popularity with interconnected devices and diverse network applications, leading to increased vulnerability of sensitive data to security threats. Many researchers have focused on intrusion detection without considering prevention mechanisms. To overcome these issues, we propose the honeypot and blockchain-based intrusion detection and prevention (HB-IDP) model, in which edge computing is introduced to reduce the latency during communication. Initially, three-fold authentication is performed for entities (users, devices, and gateway) to ensure legitimacy using the camellia encryption algorithm (CEA), which provides secret keys. The proposed datasets (i.e., UNSW-NB15 and BoT-IoT) are pre-processed at the gateway using min–max normalization to reduce redundancy and complexity during feature extraction and classification. Signature-based intrusion detection is performed on the pre-processed data, with known attacks classified into three classes (normal, malicious, and suspicious) using the improved isolation forest (IIF) algorithm. Suspicious data are forwarded for anomaly detection to the edge level; here, a honeypot is deployed to attract the attacker’s patterns. Ensemble learning technique, including multi-layer perceptron (MLP), general adversarial network (GAN), and lightweight convolutional neural Network (LCNN), is applied to classify suspicious packet behaviors. Once intrusions are detected, the proposed work prevents future intrusions by generating reports, which are then encrypted by the CEA algorithm and provided to legitimate users. All transactions (i.e., key generation, report generation, and attacker patterns) are stored in the blockchain. The HB-IDP model’s performance and effectiveness were evaluated using network simulator 3.26 (NS-3.26), showcasing its superiority over existing approaches.

Ruoyu Li,Qing Li,Jianer Zhou,Yong Jiang

DOI: https://doi.org/10.1109/jiot.2021.3122148

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) has entered a stage of rapid development and increasing deployment. Meanwhile, these low-power devices typically cannot support complex security mechanisms and, thus, are highly susceptible to malware. This article proposes ADRIoT, an anomaly detection framework for IoT networks, which leverages edge computing to uncover potential threats. An edge is empowered with an anomaly detection module, which consists of a traffic capturer, a traffic preprocessor, and a collection of anomaly detectors dedicated to each type of device. Each detector is constructed by an LSTM autoencoder in an unsupervised manner that requires no labeled attack data and is able to handle emerging zero-day attacks. When a device connects to the edge, the edge will fetch the corresponding detector from the cloud and execute it locally. Another problem is the resource constraint of a single edge device like a home router hinders the deployment of such a detection module. To mitigate this problem, we design a multiedge collaborative mechanism that integrates the resource of multiple edges in a local network to increase the overall load capacity. The evaluation demonstrates that ADRIoT can detect various IoT-based attacks effectively and efficiently, showing that ADRIoT can feasibly help build a more secure IoT environment.

Laisen Nie,Yixuan Wu,Xiaojie Wang,Lei Guo,Guoyin Wang,Xinbo Gao,Shengtao Li

DOI: https://doi.org/10.1109/tcss.2021.3063538

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:The Social Internet of Things (SIoT) now penetrates our daily lives. As a strategy to alleviate the escalation of resource congestion, collaborative edge computing (CEC) has become a new paradigm for solving the needs of the Internet of Things (IoT). CEC can provide computing, storage, and network connection resources for remote devices. Because the edge network is closer to the connected devices, it involves a large amount of users’ privacy. This also makes edge networks face more and more security issues, such as Denial-of-Service (DoS) attacks, unauthorized access, packet sniffing, and man-in-the-middle attacks. To combat these issues and enhance the security of edge networks, we propose a deep learning-based intrusion detection algorithm. Based on the generative adversarial network (GAN), we designed a powerful intrusion detection method. Our intrusion detection method includes three phases. First, we use the feature selection module to process the collaborative edge network traffic. Second, a deep learning architecture based on GAN is designed for intrusion detection aiming at a single attack. Finally, we propose a new intrusion detection model by combining several intrusion detection models that aim at a single attack. Intrusion detection aiming at multiple attacks is realized through the designed GAN-based deep learning architecture. Besides, we provide a comprehensive evaluation to verify the effectiveness of the proposed method.

Run Yang,Hui He,Yixiao Xu,Bangzhou Xin,Yulong Wang,Yue Qu,Weizhe Zhang

DOI: https://doi.org/10.1016/j.comnet.2023.109724

IF: 5.493

2023-01-01

Computer Networks

Abstract:The Internet of Things (IoT) is increasingly utilized in daily life and industrial production, particularly in critical infrastructures. IoT cybersecurity has an effect on people’s safety, national security, and economic growth. However, the traditional cloud-based centralized intrusion detection methods cannot satisfy the demands for data privacy, network load, and timely response. In this article, we proposed an efficient intrusion detection method based on cloud–edge collaboration. The approach can reduce computational workload to speed up model training, prevent data privacy leakage, enrich training data, and detect attacks unknown to local edge devices. Specifically, stacked sparse autoencoder (SSAE) is first utilized for data dimensionality reduction to overcome the bottleneck of resource constraints on edge devices. Second, considering the long-term serial characteristics of IoT traffic data, the temporal convolutional network (TCN) model is employed to detect attack; Finally, the cloud–edge collaboration architecture based on federated learning is used to coordinate multi-party training intrusion detection models. It fills the gap of missed detection by intrusion detection models due to data silos. Experiments show that our method reduced the training time, storage and memory required for the model training process by more than 50%, respectively, but the detection accuracy is close to centralized trained models. The model trained based on cloud–edge collaboration can identify attacks unknown to local edge devices.

Shibo He,Jiming Chen,Yuanchao Shu,Xianbin Cui,Kun Shi,Chunjuan Wei,Zhiguo Shi

DOI: https://doi.org/10.1109/twc.2021.3089039

IF: 10.4

2021-01-01

IEEE Transactions on Wireless Communications

Abstract:Information barrier coverage has been widely adopted to prevent unauthorized invasion of important areas in Internet of Things. As sensors are typically placed outdoors, they are susceptible to getting faulty. Previous works assumed that faulty sensors are easy to recognize, e.g., they may stop functioning or output apparently deviant sensory data. In practice, there exist multiple types of fault that sensors may have during operation. It is, thereby, difficult to recognize faulty sensors as well as their invalid output and attain accurate intrusion detection. We, in this paper, propose a novel fault-tolerant intrusion detection algorithm (TrusDet) based on trust management to address this challenging issue. TrusDet comprises of three steps: i) sensor-level detection, ii) sink-level decision by collective voting, and iii) trust management and fault determination. In the Step i) and ii), TrusDet divides the surveillance area into a set of fine-grained subareas and exploits temporal and spatial correlation of sensory output among sensors in different subareas to yield a more accurate and robust performance of information barrier coverage. In the Step iii), TrusDet builds a trust management based framework to determine the confidence level of sensors being faulty. We implement TrusDet on HC-SR501 infrared sensors, and design hardware and software to build a practical detection system. Extensive experimental results and simulation results validate the information coverage model and demonstrate that TrusDet has a very low false alarm rate.

Duo Zhong,Bojing Li,Xiang Chen,Chenchen Liu

2024-08-08

Abstract:The increasing prevalence of adversarial attacks on Artificial Intelligence (AI) systems has created a need for innovative security measures. However, the current methods of defending against these attacks often come with a high computing cost and require back-end processing, making real-time defense challenging. Fortunately, there have been remarkable advancements in edge-computing, which make it easier to deploy neural networks on edge devices. Building upon these advancements, we propose an edge framework design to enable universal and efficient detection of adversarial attacks. This framework incorporates an attention-based adversarial detection methodology and a lightweight detection network formation, making it suitable for a wide range of neural networks and can be deployed on edge devices. To assess the effectiveness of our proposed framework, we conducted evaluations on five neural networks. The results indicate an impressive 97.43% F-score can be achieved, demonstrating the framework's proficiency in detecting adversarial attacks. Moreover, our proposed framework also exhibits significantly reduced computing complexity and cost in comparison to previous detection methods. This aspect is particularly beneficial as it ensures that the defense mechanism can be efficiently implemented in real-time on-edge devices.

Cryptography and Security,Artificial Intelligence

Xiang Cheng,Jiale Zhang,Yaofeng Tu,Bing Chen

DOI: https://doi.org/10.1002/CPE.6001

2022-01-01

Concurrency and Computation: Practice and Experience

Abstract:With the development of the Internet of Things (IoT) technology, various attacks and threats have emerged. The advanced persistent threat (APT) refers to a class of advanced multiple-steps attacks among diverse attack activities, which brings severe threats to the IoT systems ascribe to its pertinence, concealment, and permeability. However, the existing technologies and methods fail to timely recognize the APT attack activities (especially the zero-day exploits) in a comprehensive scope. To address this problem, we propose a novel method of cyber situation perception for IoT systems, which based on zero-day attack activity recognition within APT (CSPAPTM). Moreover, we also design an edge computing framework for applying CSPAPTM to the typical IoT systems. Specifically, we first provide a cyber situation perception ontology construction module for describing the APT attack activities. Then, a malicious C&C DNS mining method (MCCDRM) is proposed to control the APT malicious activity correlation analysis trigger, which can effectively decrease the computing overhead. Finally, we propose a zero-day attack activity recognition method within APT (ZDAARA), which acts on system call instances to recognize the malicious activities, which cannot be detected by IDS. A relatively mature access control mechanism PO-SAAC is also applied to our method. Through the coalescent of these methods, CSPAPTM can accomplish the cyber situation perception effectively by the zero-day attack activities recognition in the IoT systems. The exhaustive experimental results demonstrate that the two kernel modules, that is, MCCDRM and ZDAARA in our CSPAPTM, can achieve both higherF(1)score and acceptable false positive rate.

Ibbad Hafeez,Markku Antikainen,Aaron Yi Ding,Sasu Tarkoma

DOI: https://doi.org/10.1109/tnsm.2020.2966951

2020-03-01

IEEE Transactions on Network and Service Management

Abstract:IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks—without requiring explicit attack signatures or sophisticated hardware.

Xiaoheng Deng,Bin Chen,Xuechen Chen,Xinjun Pei,Shaohua Wan,Sotirios K. Goudos

DOI: https://doi.org/10.1109/tii.2023.3245681

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Things (IoT) mainly consists of a large number of Internet-connected devices. The proliferation of untrusted third-party IoT applications has led to an increase in IoT-based malware attacks. In addition, it is infeasible for the IoT devices to support the sophisticated detection systems due to the restricted resources. Edge computing is considered to be promising. It provides solutions to the data security and privacy leakage brought by untrusted third-party IoT applications. In this article, an intelligent trusted and secure edge computing (ITEC) system is proposed for IoT malware detection. In this system, a signature-based preidentification mechanism is built for matching and identifying the malicious behaviors of untrusted third-party IoT applications. A delay strategy is then embedded into the risk detection engine in order to “buy time” for threat analysis and rate-limit the impact of suspicious third-party IoT applications in the system. We conduct extensive experiments to verify the effectiveness of the ITEC system and show that we can achieve accuracies of up to 98.52%.

Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of Internet of Things (IoT) devices leads to vulnerabilities easily, which can be exploited by criminals to launch Distributed Denial-of-Service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the IoT makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale, and more stealthy that brings greater challenges for the DDoS detection. In this article, we conduct our research based on the edge side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the soft actor–critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public data set and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of IoT devices leads to vulnerabilities easily, which can be exploited by criminals to launch distributed denial of service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the Internet of Things (IoT) makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale and more stealthy that brings greater challenges for the DDoS detection. In this paper, we conduct our research based on the edge-side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the Soft Actor-Critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public dataset and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ziaur Rahman,Xun Yi Ibrahim Khalil

DOI: https://doi.org/10.48550/arXiv.2201.12727

2022-01-30

Cryptography and Security

Abstract:Industry 4.0 is all about doing things in a concurrent, secure, and fine-grained manner. IoT edge-sensors and their associated data play a predominant role in today's industry ecosystem. Breaching data or forging source devices after injecting advanced persistent threats (APT) damages the industry owners' money and loss of operators' lives. The existing challenges include APT injection attacks targeting vulnerable edge devices, insecure data transportation, trust inconsistencies among stakeholders, incompliant data storing mechanisms, etc. Edge-servers often suffer because of their lightweight computation capacity to stamp out unauthorized data or instructions, which in essence, makes them exposed to attackers. When attackers target edge servers while transporting data using traditional PKI-rendered trusts, consortium blockchain (CBC) offers proven techniques to transfer and maintain those sensitive data securely. With the recent improvement of edge machine learning, edge devices can filter malicious data at their end which largely motivates us to institute a Blockchain and AI aligned APT detection system. The unique contributions of the paper include efficient APT detection at the edge and transparent recording of the detection history in an immutable blockchain ledger. In line with that, the certificateless data transfer mechanism boost trust among collaborators and ensure an economical and sustainable mechanism after eliminating existing certificate authority. Finally, the edge-compliant storage technique facilitates efficient predictive maintenance. The respective experimental outcomes reveal that the proposed technique outperforms the other competing systems and models.

Xiaoheng Deng,Bin Chen,Xuechen Chen,Xinjun Pei,Shaohua Wan,Sotirios K. Goudos

DOI: https://doi.org/10.1109/tii.2023.3245681

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Things (IoT) mainly consists of a large number of Internet-connected devices. The proliferation of untrusted third-party IoT applications has led to an increase in IoT-based malware attacks. In addition, it is infeasible for the IoT devices to support the sophisticated detection systems due to the restricted resources. Edge computing is considered to be promising. It provides solutions to the data security and privacy leakage brought by untrusted third-party IoT applications. In this article, an intelligent trusted and secure edge computing (ITEC) system is proposed for IoT malware detection. In this system, a signature-based preidentification mechanism is built for matching and identifying the malicious behaviors of untrusted third-party IoT applications. A delay strategy is then embedded into the risk detection engine in order to “buy time” for threat analysis and rate-limit the impact of suspicious third-party IoT applications in the system. We conduct extensive experiments to verify the effectiveness of the ITEC system and show that we can achieve accuracies of up to 98.52%.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yixuan Wu,Laisen Nie,Shupeng Wang,Zhaolong Ning,Shengtao Li

DOI: https://doi.org/10.1109/jiot.2021.3112159

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the rapid advance of Internet of Things (IoT), it is difficult for cloud-centric computing to meet the requirements of low latency and ease of use. As an open and distributed system, edge computing integrates computing, networking, storage, and applications. It provides intelligent services on the edge of an IoT. The edge network is composed of various wireless and wired networks, and the computing and storage resources of edge nodes are limited. These conditions make the edge network expose to a variety of cyber attacks. Additionally, it is difficult for an IoT edge node to support large-scale network data collection and detection for IoT security. Although big data-enabled intrusion detection algorithms can ensure the high accuracy of intrusion detection systems, it is stressful for resource-limited edge nodes to implement those algorithms in IoT. Motivated by these challenges, we propose an intelligent intrusion detection algorithm implemented by big data mining based on a fuzzy rough set, generative adversarial network (GAN), and convolutional neural network (CNN). In our method, we first propose a fuzzy rough set-based algorithm to perform feature selection for big data via IoT. Then, we take advantage of the efficient feature extraction capabilities of CNN for implementing intrusion detection based on selected features. Furthermore, after combining CNN and GAN, we propose an intelligent algorithm to realize intrusion detection in a variety of scenarios. Finally, the proposed method is compared with existing methods for evaluation. Simulation results show that our method has up to 4% higher accuracy than existing methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chandra Prabha Kaliappan,Kanmani Palaniappan,Devipriya Ananthavadivel,Ushasukhanya Subramanian

DOI: https://doi.org/10.1007/s12083-024-01684-0

IF: 3.488

2024-06-02

Peer-to-Peer Networking and Applications

Abstract:Over the years, the Internet of Things (IoT) devices have shown rapid proliferation and development in various domains. However, the widespread adoption of smart devices significantly ameliorates the possibility of several security challenges. To address these challenges, this research presents an advanced AI-enhanced trust framework for IoT Intrusion detection to safeguard IoT environments from any potential intrusion attempts. The proposed framework integrates cutting-edge AI techniques for intrusion detection which identifies the anomalies based on the device behavior and responds dynamically to emerging threats. Initially, a robust Intrusion Detection System (IDS) is developed based on an Isolation Forest (IF) algorithm and Autoencoders (AE) to promptly identify anomalies in real-time. Then, behavioral Modeling is performed by employing Long Short-Term Memory (LSTM) and Convolutional Neural Networks (CNNs) for precise behavioral understanding of IoT devices. Additionally, the Bayesian Network is used to perform adaptive trust assessment and the Reinforcement Learning based Proximal Policy Optimization (PPO) for providing dynamic responses to the detected anomalies. The proposed framework is practically implemented and evaluated using IoTID20 and N-BaIoT datasets, and compared with baseline intrusion detection methods including, CNN-TSODE, cuLSTMGRU, ELETL-IDS, Fed-Inforce-Fusion, and Conv-LSTM. The results demonstrate that the proposed framework achieves high efficiency and outperformed other baseline methods by obtaining a detection accuracy of 98.25%, recall of 96.8%, and precision of 97.45%. Overall, the proposed AI-Enhanced Trust Framework offers a promising solution by identifying the intrusion endeavors effectively and contributing toward the attainment of secure and trustworthy IoT ecosystems.

computer science, information systems,telecommunications

Phani Lanka,Khushi Gupta,Cihan Varol

DOI: https://doi.org/10.3390/electronics13132465

IF: 2.9

2024-06-25

Electronics

Abstract:Security adversaries are rampant on the Internet, constantly seeking vulnerabilities to exploit. The sheer proliferation of these sophisticated threats necessitates innovative and swift defensive measures to protect the vulnerable infrastructure. Tools such as honeypots effectively determine adversary behavior and safeguard critical organizational systems. However, it takes a significant amount of time to analyze these attacks on the honeypots, and by the time actionable intelligence is gathered from the attacker's tactics, techniques, and procedures (TTPs), it is often too late to prevent potential damage to the organization's critical systems. This paper contributes to the advancement of cybersecurity practices by presenting a cutting-edge methodology, capitalizing on the synergy between artificial intelligence and threat analysis to combat evolving cyber threats. The current research articulates a novel strategy, outlining a method to analyze large volumes of attacker data from honeypots utilizing large language models (LLMs) to assimilate TTPs and apply this knowledge to identify real-time anomalies in regular user activity. The effectiveness of this model is tested in real-world scenarios, demonstrating a notable reduction in response time for detecting malicious activities in critical infrastructure. Moreover, we delve into the proposed framework's practical implementation considerations and scalability, underscoring its adaptability in diverse organizational contexts.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiangyu Kong,Yizhi Zhou,Yilei Xiao,Xuezhou Ye,Heng Qi,Xiulong Liu

DOI: https://doi.org/10.1109/jiot.2024.3416746

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The rapid proliferation of Internet of Things (IoT) devices has brought about unprecedented convenience to people's daily lives. However, this growth has also created opportunities for hackers to launch large-scale botnet attacks using these devices. As a result, it is critical to deploy real-time traffic classifiers on edge gateways to detect network intrusions and improve near-source protection capabilities. To this end, we propose iDetector, a novel real-time intrusion detection solution for IoT networks that is simple in structure and easy to reproduce. iDetector samples network conversations in real-time using a sliding sampling window and generates traffic samples that integrate multiple features. This allows the samples to accurately capture the patterns of each type of traffic. We propose the nonlinear feature transformation (NFT) algorithm based on the prior distribution of traffic features to increase the information entropy of the samples and thereby improve the classification performance. To enable deployment on edge gateways, we propose EdgeNet, a lightweight deep neural network model that utilizes depthwise separable convolution and self-attention mechanism to enhance classification performance while reducing the number of model parameters. Experimental evaluations show that our solution outperforms state-of-the-art deep learning-based solutions in terms of classification performance and has faster classification speed on resource-constrained edge gateways.

Han Qiu,Tian Dong,Tianwei Zhang,Jialiang Lu,Gerard Memmi,Meikang Qiu

DOI: https://doi.org/10.1109/jiot.2020.3048038

IF: 10.6

2021-07-01

IEEE Internet of Things Journal

Abstract:Deep learning (DL) has gained popularity in network intrusion detection, due to its strong capability of recognizing subtle differences between normal and malicious network activities. Although a variety of methods have been designed to leverage DL models for security protection, whether these systems are vulnerable to adversarial examples (AEs) is unknown. In this article, we design a novel adversarial attack against DL-based network intrusion detection systems (NIDSs) in the Internet-of-Things environment, with only black-box accesses to the DL model in such NIDS. We introduce two techniques: 1) model extraction is adopted to replicate the black-box model with a small amount of training data and 2) a saliency map is then used to disclose the impact of each packet attribute on the detection results, and the most critical features. This enables us to efficiently generate AEs using conventional methods. With these tehniques, we successfully compromise one state-of-the-art NIDS, Kitsune: the adversary only needs to modify less than 0.005% of bytes in the malicious packets to achieve an average 94.31% attack success rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jafar A. Alzubi,Omar A. Alzubi,Issa Qiqieh,Ashish Singh

DOI: https://doi.org/10.1109/tce.2024.3350231

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The demand for medical sensors in the Smart Healthcare System (SHS) creates an intelligent Internet of Medical Things (IoMT) system. This system plays an important role in detecting the vital parameters of the human body. However, security and privacy issues in terms of network vulnerability have arisen due to the transmission of data and lack of control over the data. The Intrusion Detection System (IDS) is one of the security solutions to identify various threats and vulnerabilities in the consumable edge-centric IoMT industry. Several IDS techniques have been developed in previous years. However, a real-time and highly accurate attack detection system in the edge-centric IoMT industry is needed. This paper proposes a blended deep learning framework that leverages the strengths and capabilities of different deep learning architectures. The proposed model combined Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) to recognize the latest intruders accurately and defend the healthcare data. The major outcome of the proposed framework is to detect different attacks during data transmission at the edge of the network with high accuracy and efficiency. The proposed model was analyzed on the CSE-CIC-IDS 2018 systematic dataset containing two distinct classes of profiles. The experimental results demonstrate that the proposed framework’s accuracy is higher than the existing approach.

telecommunications,engineering, electrical & electronic

Farhan Ullah,Leonardo Mostarda,Diletta Cacciagrano,Mohammed J.F. Alenazi,Chien-Ming Chen,Saru Kumari

DOI: https://doi.org/10.1109/tce.2024.3511615

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Modern consumer electronics that integrate the concept of connected personal medical devices are known as Smart Healthcare Systems (SHS). The SHS utilized healthcare devices and edge computing for data capture, transmission via smart devices, analysis, and the delivery of healthcare services. Cyberattacks on consumer medical devices in the healthcare sector are becoming increasingly common. Technological frameworks like edge computing can act as an intermediary layer between the cloud and SHS, reducing the burden and enhancing data security and privacy. In this study, we proposed a novel edge intelligence approach for improving medical device security that employs Federated Learning (FL) and network traffic adversarial examples. First, we generated a distinctive dataset using image-based features extracted from network traffic bytes. Secondly, due to the intermittent behavior of clients, the dataset received from each client may be imbalanced, which can negatively affect performance. Third, adversarial examples are generated to assess the robustness of datasets, utilizing four distinct types of adversarial attack methods that introduce perturbations into the input data. Finally, the cooperative FL architecture ensured data security, privacy, and edge intelligence. The proposed method is analyzed using two standard datasets, CICIoMT2024 and Edge-IIoT, achieving 97.45% and 96.7% detection accuracy, respectively.