Rabia Khan,Noshina Tariq,Muhammad Ashraf,Farrukh Aslam Khan,Saira Shafi,Aftab Ali

DOI: https://doi.org/10.3390/s24175834

IF: 3.9

2024-09-08

Sensors

Abstract:The Internet of Things (IoT) is a significant technological advancement that allows for seamless device integration and data flow. The development of the IoT has led to the emergence of several solutions in various sectors. However, rapid popularization also has its challenges, and one of the most serious challenges is the security of the IoT. Security is a major concern, particularly routing attacks in the core network, which may cause severe damage due to information loss. Routing Protocol for Low-Power and Lossy Networks (RPL), a routing protocol used for IoT devices, is faced with selective forwarding attacks. In this paper, we present a federated learning-based detection technique for detecting selective forwarding attacks, termed FL-DSFA. A lightweight model involving the IoT Routing Attack Dataset (IRAD), which comprises Hello Flood (HF), Decreased Rank (DR), and Version Number (VN), is used in this technique to increase the detection efficiency. The attacks on IoT threaten the security of the IoT system since they mainly focus on essential elements of RPL. The components include control messages, routing topologies, repair procedures, and resources within sensor networks. Binary classification approaches have been used to assess the training efficiency of the proposed model. The training step includes the implementation of machine learning algorithms, including logistic regression (LR), K-nearest neighbors (KNN), support vector machine (SVM), and naive Bayes (NB). The comparative analysis illustrates that this study, with SVM and KNN classifiers, exhibits the highest accuracy during training and achieves the most efficient runtime performance. The proposed system demonstrates exceptional performance, achieving a prediction precision of 97.50%, an accuracy of 95%, a recall rate of 98.33%, and an F1 score of 97.01%. It outperforms the current leading research in this field, with its classification results, scalability, and enhanced privacy.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Khawlah Harahsheh,Rami Al-Naimat,Chung-Hao Chen

DOI: https://doi.org/10.3390/electronics13091678

IF: 2.9

2024-04-27

Electronics

Abstract:The rapid evolution of technology has given rise to a connected world where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While the IoT offers incredible convenience and efficiency, it presents a significant challenge to cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques, particularly those encompassing supervised classification techniques, offer a systematic approach to training models using labeled datasets. These techniques enable intrusion detection systems (IDSs) to discern patterns indicative of potential attacks amidst the vast amounts of IoT data. Our investigation delves into various aspects of supervised classification, including feature selection, model training, and evaluation methodologies, to comprehensively evaluate their impact on attack detection effectiveness. The key features selected to improve IDS efficiency and reduce dataset size, thereby decreasing the time required for attack detection, are drawn from the extensive network dataset. This paper introduces an enhanced feature selection method designed to reduce the computational overhead on IoT resources while simultaneously strengthening intrusion detection capabilities within the IoT environment. The experimental results based on the InSDN dataset demonstrate that our proposed methodology achieves the highest accuracy with the fewest number of features and has a low computational cost. Specifically, we attain a 99.99% accuracy with 11 features and a computational time of 0.8599 s.

engineering, electrical & electronic,computer science, information systems,physics, applied

Semih Cakir,Sinan Toklu,Nesibe Yalcin

DOI: https://doi.org/10.1109/access.2020.3029191

IF: 3.9

2020-01-01

IEEE Access

Abstract:Cyberattacks targeting Internet of Things (IoT), have increased significantly, over the past decade, with the spread of internet-connected smart devices and applications. Routing Protocol for Low-Power and Lossy Network (RPL) enables messages to be routed between nodes for the Wireless Sensor Network in the network layer. RPL protocol, which is sensitive and difficult to protect, is exposed to various attacks. These attacks negatively affect data transmission and cause great destruction to the topology by consuming the resources. Hello Flooding (HF) attacks against RPL cause consumption of constrained resources (memory, processing and energy) in nodes. Therefore, in this study, a Gated Recurrent Unit network model based deep learning has been proposed to predict and prevent HF attacks on RPL protocol in IoT networks. The proposed model has been compared with Support Vector Machine and Logistic Regression methods, and different power states and total energy consumptions of the nodes have been taken into consideration and experimented with. The results confirm the promised and expected performance from the model in terms of source efficiency and IoT security. In addition, attack detection has been carried out with a much lower error rate than literature studies for HF attacks from RPL flood attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shaza Dawood Ahmed Rihan,Mohammed Anbar,Basim Ahmad Alabsi

DOI: https://doi.org/10.3390/s23177342

IF: 3.9

2023-08-24

Sensors

Abstract:The Internet of Things (IoT) has transformed our interaction with technology and introduced security challenges. The growing number of IoT attacks poses a significant threat to organizations and individuals. This paper proposes an approach for detecting attacks on IoT networks using ensemble feature selection and deep learning models. Ensemble feature selection combines filter techniques such as variance threshold, mutual information, Chi-square, ANOVA, and L1-based methods. By leveraging the strengths of each technique, the ensemble is formed by the union of selected features. However, this union operation may overlook redundancy and irrelevance, potentially leading to a larger feature set. To address this, a wrapper algorithm called Recursive Feature Elimination (RFE) is applied to refine the feature selection. The impact of the selected feature set on the performance of Deep Learning (DL) models (CNN, RNN, GRU, and LSTM) is evaluated using the IoT-Botnet 2020 dataset, considering detection accuracy, precision, recall, F1-measure, and False Positive Rate (FPR). All DL models achieved the highest detection accuracy, precision, recall, and F1 measure values, ranging from 97.05% to 97.87%, 96.99% to 97.95%, 99.80% to 99.95%, and 98.45% to 98.87%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yakub Kayode Saheed,Aisha Abubakar Usman,Favour Dirwokmwa Sukat,Muftahu Abdulrahman

DOI: https://doi.org/10.3389/fcomp.2023.997159

2023-04-11

Frontiers in Computer Science

Abstract:The Internet of Things (IoT) represents a paradigm shift in which the Internet is connected to real objects in a range of areas, including home automation, industrial processes, human health, and environmental monitoring. The global market for IoT devices is booming, and it is estimated that there will be 50 billion connected devices by the end of 2025. This explosion of IoT devices, which can be expanded more easily than desktop PCs, has led to an increase in cyber-attacks involving IoT devices. To address this issue, it is necessary to create novel approaches for identifying attacks launched by hacked IoT devices. Due to the possibility that these attacks would succeed, Intrusion Detection Systems (IDS) are required. IDS' feature selection stage is widely regarded as the most essential stage. This stage is extremely time-consuming and labor-intensive. However, numerous machine learning (ML) algorithms have been proposed to enhance this stage to boost an IDS's performance. These approaches, however, did not produce desirable results in terms of accuracy and detection rate (DR). In this paper, we propose a novel hybrid Autoencoder and Modified Particle Swarm Optimization (HAEMPSO) for feature selection and deep neural network (DNN) for classification. The PSO with modification of inertia weight was utilized to optimize the parameters of DNN. The experimental analysis was performed on two realistic UNSW-NB15 and BoT-IoT datasets that are suitable for IoT environment. The findings obtained by analyzing the proposed HAEMPSO against the Generic attack in the UNSW-NB15 dataset gave an accuracy of 98.8%, and a DR of 99.9%. While the benign class revealed an accuracy of 99.9% and DR of 99.7%. In the BoT-IoT dataset, the DDoS HTTP attack revealed an accuracy of 99.22% and DR of 97.79%. While the benign class gave an accuracy of 97.54% and DR of 97.92%. In comparison with the state-of-the-art machine learning schemes, our proposed HAEMPSO-DNN achieved a competitive feat in terms of DR and accuracy.

Md Arafatur Rahman,A. Taufiq Asyhari,Ong Wei Wen,Husnul Ajra,Yussuf Ahmed,Farhat Anwar

DOI: https://doi.org/10.1007/s11042-021-10567-y

IF: 2.577

2021-03-08

Multimedia Tools and Applications

Abstract:The rapid advancement of technologies has enabled businesses to carryout their activities seamlessly and revolutionised communications across the globe. There is a significant growth in the amount and complexity of Internet of Things devices that are deployed in a wider range of environments. These devices mostly communicate through Wi-Fi networks and particularly in smart environments. Besides the benefits, these devices also introduce security challenges. In this paper, we investigate and leverage effective feature selection techniques to improve intrusion detection using machine learning methods. The proposed approach is based on a centralised intrusion detection system, which uses the deep feature abstraction, feature selection and classification to train the model for detecting the malicious and anomalous actions in the traffic. The deep feature abstraction uses deep learning techniques of artificial neural network in the form of unsupervised autoencoder to construct more features for the traffic. Based on the availability of cumulative features, the system then employs a variety of wrapper-based feature selection techniques ranging from SVM and decision tree to Naive Bayes for selecting high-ranked features, which are then combined and fed into an artificial neural network classifier for distinguishing attack and normal behaviors. The experimental results reveal the effectiveness of the proposed method on Aegean Wi-Fi Intrusion Dataset, which achieves high detection accuracy of up to 99.95%, relatively competitive to the existing machine learning works for the same dataset.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Sanket Mishra,Thangellamudi Anithakumari,Rashmi Sahay,Rajesh Kumar Shrivastava,Sachi Nandan Mohanty,Afzal Hussain Shahid

DOI: https://doi.org/10.1007/s10586-024-04792-x

2024-12-04

Cluster Computing

Abstract:The surge in Internet of Things usage has raised security breaches within the IoT ecosystem. Consequently, there is a pressing need to deploy robust Intrusion Detection Systems (IDSs) to safeguard IoT environments. This paper proposes a framework designed to establish stringent decision boundaries for effective attack detection, leveraging two prevalent datasets: CICIDS2017 and EDGE-IIOT. These datasets exhibit imbalanced class distributions and encompass numerous features with distinct characteristics. To address the class imbalance, the framework employs sampling techniques such as the synthetic minority oversampling technique with a genetic algorithm (GA-SMOTE) and with particle swarm optimization (SMOTE-PSO) along with random undersampling (RUS). The proposed framework utilizes tree-based learning algorithms, Decision Tree, Random Forest, and XGBoost, to identify cyberattacks and associated anomalies within the constrained IoT landscape. Feature selection is performed using the Boruta and WOA algorithms, and pruning algorithms are used to optimize the complexity of the model. The efficacy of the framework is evaluated using standard metrics on both workstations and Raspberry Pi boards to demonstrate its effectiveness on constrained IoT devices. The evaluation results demonstrate that the proposed model achieves a remarkable accuracy of 99.99% in identifying cyberattacks and related anomalies, exceeding the performance of existing baseline models in the CICIDS2017 dataset. It also obtains a high accuracy of 99.5% on EDGE-IIOT dataset. Furthermore, the framework shows promising results in terms of memory usage and execution time, achieving the best performance of 3.07 MB of memory usage and 4.26 s of execution time for the CICIDS2017 dataset and 1.93 MB of memory usage and 4.09 s of execution time for the EDGE-IIOT dataset when implemented on Raspberry Pi boards.

computer science, information systems, theory & methods

Noor Wali Khan,Mohammed S Alshehri,Muazzam A Khan,Sultan Almakdi,Naghmeh Moradpoor,Abdulwahab Alazeb,Safi Ullah,Naila Naz,Jawad Ahmad

DOI: https://doi.org/10.3934/mbe.2023602

2023-06-13

Abstract:The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.

Ahmed Samy,Haining Yu,Hongli Zhang

DOI: https://doi.org/10.1109/access.2020.2988854

IF: 3.9

2020-01-01

IEEE Access

Abstract:The number of cyber-attacks and data breaches has immensely increased across different enterprises, companies, and industries as a result of the exploitation of the weaknesses in securing Internet of Things (IoT) devices. The increasing number of various devices connected to IoT and their different protocols has led to growing volume of zero-day attacks. Deep learning (DL) has demonstrated its superiority in big data fields and cyber-security. Recently, DL has been used in cyber-attacks detection because of its capability of extracting and learning deep features of known attacks and detecting unknown attacks without the need for manual feature engineering. However, DL cannot be implemented on IoT devices with limited resources because it requires extensive computation, strong power and storage capabilities. This paper presents a comprehensive attack detection framework of a distributed, robust, and high detection rate to detect several IoT cyber-attacks using DL. The proposed framework implements an attack detector on fog nodes because of its distributed nature, high computational capacity and proximity to edge devices. Six DL models are compared to identify the DL model with the best performance. All DL models are evaluated using five different datasets, each of which involves various attacks. Experiments show that the long short-term memory model outperforms the five other DL models. The proposed framework is effective in terms of response time and detection accuracy and can detect several types of cyber-attacks with 99.97% detection rate and 99.96% detection accuracy in binary classification and 99.65% detection accuracy in multi-class classification.

Magdy M. Fadel,Sally M. El-Ghamrawy,Amr M. T. Ali-Eldin,Mohammed K. Hassan,Ali I. El-Desoky

DOI: https://doi.org/10.1371/journal.pone.0271436

IF: 3.7

2022-07-31

PLoS ONE

Abstract:Throughout the past few years, the Internet of Things (IoT) has grown in popularity because of its ease of use and flexibility. Cyber criminals are interested in IoT because it offers a variety of benefits for users, but it still poses many types of threats. The most common form of attack against IoT is Distributed Denial of Service (DDoS). The growth of preventive processes against DDoS attacks has prompted IoT professionals and security experts to focus on this topic. Due to the increasing prevalence of DDoS attacks, some methods for distinguishing different types of DDoS attacks based on individual network features have become hard to implement. Additionally, monitoring traffic pattern changes and detecting DDoS attacks with accuracy are urgent and necessary. In this paper, using Modified Whale Optimization Algorithm (MWOA) feature extraction and Hybrid Long Short Term Memory (LSTM), shown that DDoS attack detection methods can be developed and tested on various datasets. The MWOA technique, which is used to optimize the weights of the LSTM neural network to reduce prediction errors in the hybrid LSTM algorithm, is used. Additionally, MWOA can optimally extract IP packet features and identify DDoS attacks with the support of MWOA-LSTM model. The proposed MWOA-LSTM framework outperforms standard support vector machines (SVM) and Genetic Algorithm (GA) as well as standard methods for detecting attacks based on precision, recall and accuracy measurements.

multidisciplinary sciences

Kamal Bella,Azidine Guezzaz,Said Benkirane,Mourade Azrour,Yasser Fouad,Mbadiwe S. Benyeogor,Nisreen Innab

DOI: https://doi.org/10.7717/peerj-cs.2290

2024-09-09

PeerJ Computer Science

Abstract:The adoption and integration of the Internet of Things (IoT) have become essential for the advancement of many industries, unlocking purposeful connections between objects. However, the surge in IoT adoption and integration has also made it a prime target for malicious attacks. Consequently, ensuring the security of IoT systems and ecosystems has emerged as a crucial research area. Notably, advancements in addressing these security threats include the implementation of intrusion detection systems (IDS), garnering considerable attention within the research community. In this study, and in aim to enhance network anomaly detection, we present a novel intrusion detection approach: the Deep Neural Decision Forest-based IDS (DNDF-IDS). The DNDF-IDS incorporates an improved decision forest model coupled with neural networks to achieve heightened accuracy (ACC). Employing four distinct feature selection methods separately, namely principal component analysis (PCA), LASSO regression (LR), SelectKBest, and Random Forest Feature Importance (RFFI), our objective is to streamline training and prediction processes, enhance overall performance, and identify the most correlated features. Evaluation of our model on three diverse datasets (NSL-KDD, CICIDS2017, and UNSW-NB15) reveals impressive ACC values ranging from 94.09% to 98.84%, depending on the dataset and the feature selection method. Notably, our model achieves a remarkable prediction time of 0.1 ms per record. Comparative analyses with other recent random forest and Convolutional Neural Networks (CNN) based models indicate that our DNDF-IDS performs similarly or even outperforms them in certain instances, particularly when utilizing the top 10 features. One key advantage of our novel model lies in its ability to make accurate predictions with only a few features, showcasing an efficient utilization of computational resources.

computer science, information systems, artificial intelligence, theory & methods

Yakub Kayode Saheed,Oluwadamilare Harazeem Abdulganiyu,Taha Ait Tchakoucht

DOI: https://doi.org/10.1016/j.asoc.2024.111434

IF: 8.7

2024-02-01

Applied Soft Computing

Abstract:The emergence of smart cities is an example of how new technologies, such as the Internet of Things (IoT), have facilitated the creation of extensive interconnected and intelligent ecosystems. The widespread deployment of IoT devices has enabled the provision of constant environmental feedback, thereby facilitating the automated adaptation of associated systems. This has brought about a fundamental transformation in the way contemporary society functions. The security of emerging technologies such as IoT has become a significant challenge due to the added complexities, misconfigurations, and conflicts between modern and legacy systems. This challenge has a notable impact on the reliability and accessibility of existing infrastructure. Edge computing (EC) is a collaborative computing system that brings data processing and analysis closer to the edge of the network, where the data is generated, rather than in a centralized cloud environment. The utilization of the IoT has become more prevalent in both everyday life and the manufacturing sector, with a particular emphasis on critical infrastructure. The IoT is presently being utilized across diverse domains, including but not limited to industrial, agricultural, healthcare, and logistical sectors. The security of IoT networks has implications for the safety of individuals, the security of the nation, and economic development. Notwithstanding, conventional intrusion detection techniques that rely on centralized cloud-based systems that have been suggested in previous studies for IoT network security are insufficient to meet the requirements for data confidentiality, network capacity, and prompt responsiveness. In addition, the integration of IoT applications into smart devices has been shown to augment their functionalities. However, it is important to note that this integration also brings about potential security vulnerabilities. Furthermore, a significant number of contemporary IoT devices exhibit restricted security capabilities, rendering them vulnerable to intricate attacks and impeding the extensive integration of IoT technologies. Also, a lot of IoT network devices have been put in place that don't have hardware security measures. This means that traditional intrusion detection systems (IDS) aren't enough to protect the IoT network ecosystem. To address these issues, this research suggests the IoT-Defender framework, which combines a Modified Genetic Algorithm (MGA) model with a deep Long Short-Term Memory (LSTM) network to find cyberattacks in IoT networks. This research represents a pioneering attempt to employ the MGA for feature selection and the GA for fine-tuning the LSTM parameters within an EC framework. The parameters of the LSTM model were fine-tuned through the manipulation of the number of hidden layers, utilizing the GA fitness function. The customization of the MGA aimed to enhance its performance in selecting relevant features, optimizing the use of limited resources on IoT devices and edge nodes. The fine-tuning process involved optimizing hyperparameters, architecture, and training strategies to maximize the LSTM network's effectiveness in learning and detecting patterns in IoT network traffic. The synergy between the MGA and LSTM aimed at creating a comprehensive and efficient IDS. The feature selection by the MGA contributes to improving the LSTM’s performance by providing it with more relevant and discriminating features. In order to solve the issue of class imbalance, we utilize the focal loss function, which provides greater weights to minority classes, hence improving the model’s capacity to learn from those particular classes. The performance of the IoT-Defender model was assessed on the BoT-IoT, UNSW-NB15, and N-BaIoT datasets utilizing a Raspberry Pi IoT device. The results of our study show that the IoT-Defender model works better than other methods. This is shown by its accuracy score of 99.41%, detection rate of 99.78%, precision score of 98.50%, false alarm rate of 2.56%, mean intersection over union (mIoU) of 0.68, and training time of 81.3 seconds on BoT-IoT. The proposed IoT model is designed to be lightweight and can be installed on edge servers to detect cyber-attacks in real-time, specifically in the context of IoT security.

computer science, artificial intelligence, interdisciplinary applications

DOI: https://doi.org/10.1007/s10586-024-04564-7

2024-06-08

Cluster Computing

Abstract:The RPL routing protocol is susceptible to Selective Forwarding Attack (SFA), wherein malicious nodes selectively forward certain packets while discarding others and isolating a specific node or group of nodes from the network topology. Despite the countermeasures implemented by traditional IDS, the expansion of the IoT domain towards low-power and lossy networks requires innovative and suitable solutions to meet the distinct needs of resource-constraint devices. Dissimilarity and Adaptive Threshold-based Intrusion Detection System (DSAT-IDS), designed to mitigate SFAs targeting the routing mechanisms of RPL-based 6LoWPAN. DSAT-IDS works on the principle that the presence of an SFA node can be detected by monitoring the packet forwarding behaviour of groups of nodes instead of the individual nodes; once a group of nodes is identified with reduced packet forwarding behaviour, the individual nodes of the group can be examined to identify the SFA node, which reduces the network and detection overhead. DSAT-IDS consists of four main modules, each with sub-modules, namely, pre-detection module, sensor module, analyser module and attack handler module. DSAT-IDS optimizes network performance by reducing network overhead, employs sub-tree-based monitoring, dynamically computes threshold value based on the network environment, monitors packet forwarding behaviour and identifies the dissimilarities (θ, β, δ) in packet forwarding behaviour. The performance evaluation demonstrates that DSAT-IDS outperforms other IDSs in countering SFA, achieving TPR ranging from 99.12% to 99.99%, PDR ranging from 99.52% to 99.98%, throughput ranging from 99.1% to 99.4%, maintaining a low FPR of 1.0558%, and exhibiting an FNR spanning approximately 1.92% to 2.16%. Furthermore, the AEC ranges from 19,000 mJ to 22,300 mJ, shows notable energy efficiency and achieves high accuracy levels, ranging from 99.69% to 99.9% across diverse scenarios.

computer science, information systems, theory & methods

D. Adhimuga Sivasakthi,A. Sathiyaraj,Ramkumar Devendiran

DOI: https://doi.org/10.1007/s10586-023-04248-8

2024-01-12

Cluster Computing

Abstract:The proliferation of Internet of Things (IoT) devices has revolutionized various domains, but it has also brought forth numerous security challenges. One of the most concerning threats is the emergence of hybrid attacks, which combine multiple attack vectors to exploit vulnerabilities in IoT networks. Existing security mechanisms often struggle to effectively predict and detect these sophisticated hybrid attacks, leading to compromised system integrity and data confidentiality. In this paper, we propose robust learning approach, named HybridRobustNet (HRN), for predicting and detecting hybrid attacks over IoT networks. HRN integrates machine learning algorithms, deep neural networks, and ensemble techniques to achieve enhanced detection accuracy and resilience against evolving hybrid attack patterns. By leveraging a diverse set of features, including network traffic patterns, device behavior, and communication characteristics, HRN effectively captures the complex relationships and dependencies between various attack components. Furthermore, the proposed approach incorporates real-time adaptive learning mechanisms, enabling it to dynamically adapt to new attack strategies and mitigate false positives. To evaluate the effectiveness of HRN, extensive experiments were conducted on a realistic IoT testbed comprising heterogeneous devices and attack scenarios. The results demonstrate that HRN outperforms state-of-the-art approaches in terms of attack detection accuracy, robustness against evasion techniques, and low false positive rates. Additionally, its computational efficiency makes it suitable for deployment in resource-constrained IoT environments. The contributions of this work are twofold. Firstly, it addresses the pressing need for robust detection mechanisms against hybrid attacks, which can have severe consequences for IoT networks. Secondly, it introduces a unique and adaptive learning approach, HRN, which exhibits superior performance and adaptability in the face of emerging attack strategies. The findings presented in this article provide valuable insights into the design of effective security mechanisms for IoT networks and pave the way for future research in the field of hybrid attack detection.

computer science, information systems, theory & methods

Osama Bassam J. Rabie,Shitharth Selvarajan,Tawfiq Hasanin,Abdulrhman M. Alshareef,C. K. Yogesh,Mueen Uddin

DOI: https://doi.org/10.1038/s41598-024-51154-z

IF: 4.6

2024-01-04

Scientific Reports

Abstract:The Internet of Things (IoT) is extensively used in modern-day life, such as in smart homes, intelligent transportation, etc. However, the present security measures cannot fully protect the IoT due to its vulnerability to malicious assaults. Intrusion detection can protect IoT devices from the most harmful attacks as a security tool. Nevertheless, the time and detection efficiencies of conventional intrusion detection methods need to be more accurate. The main contribution of this paper is to develop a simple as well as intelligent security framework for protecting IoT from cyber-attacks. For this purpose, a combination of Decisive Red Fox (DRF) Optimization and Descriptive Back Propagated Radial Basis Function (DBRF) classification are developed in the proposed work. The novelty of this work is, a recently developed DRF optimization methodology incorporated with the machine learning algorithm is utilized for maximizing the security level of IoT systems. First, the data preprocessing and normalization operations are performed to generate the balanced IoT dataset for improving the detection accuracy of classification. Then, the DRF optimization algorithm is applied to optimally tune the features required for accurate intrusion detection and classification. It also supports increasing the training speed and reducing the error rate of the classifier. Moreover, the DBRF classification model is deployed to categorize the normal and attacking data flows using optimized features. Here, the proposed DRF-DBRF security model's performance is validated and tested using five different and popular IoT benchmarking datasets. Finally, the results are compared with the previous anomaly detection approaches by using various evaluation parameters.

multidisciplinary sciences

Nasr Abosata,Saba Al-Rubaye,Gokhan Inalhan

DOI: https://doi.org/10.3390/s23010321

2022-12-28

Abstract:Technological breakthroughs in the Internet of Things (IoT) easily promote smart lives for humans by connecting everything through the Internet. The de facto standardised IoT routing strategy is the routing protocol for low-power and lossy networks (RPL), which is applied in various heterogeneous IoT applications. Hence, the increase in reliance on the IoT requires focus on the security of the RPL protocol. The top defence layer is an intrusion detection system (IDS), and the heterogeneous characteristics of the IoT and variety of novel intrusions make the design of the RPL IDS significantly complex. Most existing IDS solutions are unified models and cannot detect novel RPL intrusions. Therefore, the RPL requires a customised global attack knowledge-based IDS model to identify both existing and novel intrusions in order to enhance its security. Federated transfer learning (FTL) is a trending topic that paves the way to designing a customised RPL-IoT IDS security model in a heterogeneous IoT environment. In this paper, we propose a federated-transfer-learning-assisted customised distributed IDS (FT-CID) model to detect RPL intrusion in a heterogeneous IoT. The design process of FT-CID includes three steps: dataset collection, FTL-assisted edge IDS learning, and intrusion detection. Initially, the central server initialises the FT-CID with a predefined learning model and observes the unique features of different RPL-IoTs to construct a local model. The experimental model generates an RPL-IIoT dataset with normal and abnormal traffic through simulation on the Contiki-NG OS. Secondly, the edge IDSs are trained using the local parameters and the globally shared parameters generated by the central server through federation and aggregation of different local parameters of various edges. Hence, transfer learning is exploited to update the server's and edges' local and global parameters based on relational knowledge. It also builds and customised IDS model with partial retraining through local learning based on globally shared server knowledge. Finally, the customised IDS in the FT-CID model enforces the detection of intrusions in heterogeneous IoT networks. Moreover, the FT-CID model accomplishes high RPL security by implicitly utilising the local and global parameters of different IoTs with the assistance of FTL. The FT-CID detects RPL intrusions with an accuracy of 85.52% in tests on a heterogeneous IoT network.

Jin Cao,Liwei Lin,Ruhui Ma,Haibing Guan,Mengke Tian,Yong Wang

DOI: https://doi.org/10.1093/comjnl/bxac119

2022-01-01

Abstract:With the rapid development of the Internet of Things (IoT), network security challenges are becoming more and more complex, and the scale of intrusion attacks against the network is gradually increasing. Therefore, researchers have proposed Intrusion Detection Systems and constantly designed more effective systems to defend against attacks. One issue to consider is using limited computing power to process complex network data efficiently. In this paper, we take the AWID dataset as an example, propose an efficient data processing method to mitigate the interference caused by redundant data and design a lightweight deep learning-based model to analyze and predict the data category. Finally, we achieve an overall accuracy of 99.77% and an accuracy of 97.95% for attacks on the AWID dataset, with a detection rate of 99.98% for the injection attack. Our model has low computational overhead and a fast response time after training, ensuring the feasibility of applying to edge nodes with weak computational power in the IoT.

Ruoyu Li,Qing Li,Jianer Zhou,Yong Jiang

DOI: https://doi.org/10.1109/jiot.2021.3122148

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) has entered a stage of rapid development and increasing deployment. Meanwhile, these low-power devices typically cannot support complex security mechanisms and, thus, are highly susceptible to malware. This article proposes ADRIoT, an anomaly detection framework for IoT networks, which leverages edge computing to uncover potential threats. An edge is empowered with an anomaly detection module, which consists of a traffic capturer, a traffic preprocessor, and a collection of anomaly detectors dedicated to each type of device. Each detector is constructed by an LSTM autoencoder in an unsupervised manner that requires no labeled attack data and is able to handle emerging zero-day attacks. When a device connects to the edge, the edge will fetch the corresponding detector from the cloud and execute it locally. Another problem is the resource constraint of a single edge device like a home router hinders the deployment of such a detection module. To mitigate this problem, we design a multiedge collaborative mechanism that integrates the resource of multiple edges in a local network to increase the overall load capacity. The evaluation demonstrates that ADRIoT can detect various IoT-based attacks effectively and efficiently, showing that ADRIoT can feasibly help build a more secure IoT environment.

Prabhat Kumar,Govind P. Gupta,Rakesh Tripathi

DOI: https://doi.org/10.1007/s13369-020-05181-3

IF: 2.807

2021-01-11

Arabian Journal for Science and Engineering

Abstract:With simple connectivity and fast-growing demand of smart devices and networks, IoT has become more prone to cyber attacks. In order to detect and prevent cyber attacks in IoT networks, intrusion detection system (IDS) plays a crucial role. However, most of the existing IDS have dimensionality curse that reduces overall IoT systems efficiency. Hence, it is important to remove repetitive and irrelevant features while designing effective IDS. Motivated from aforementioned challenges, this paper presents an intelligent cyber attack detection system for IoT network using a novel hybrid feature reduced approach. This technique first performs feature ranking using correlation coefficient, random forest mean decrease accuracy and gain ratio to obtain three different feature sets. Then, features are combined using a suitably designed mechanism (AND operation), to obtain single optimized feature set. Finally, the obtained reduced feature set is fed to three well-known machine learning algorithms such as random forest, K-nearest neighbor and XGBoost for detection of cyber attacks. The efficiency of the proposed cyber attack detection framework is evaluated using NSL-KDD and two latest IoT-based datasets namely, BoT-IoT and DS2OS. Performance of the proposed framework is evaluated and compared with some recent state-of-the-art techniques found in literature, in terms of accuracy, detection rate (DR), precision and F1 score. Performance analysis using these three datasets shows that the proposed model has achieved DR up to 90%–100%, for most of the attack vectors that has close similarity to normal behaviors and accuracy above 99%.

multidisciplinary sciences