DOI: https://doi.org/10.1007/s10922-024-09829-5

2024-06-10

Journal of Network and Systems Management

Abstract:The increasing use of intelligent devices connected to the internet has contributed to the introduction of a new paradigm: the Internet of Things (IoT). The IoT is a set of devices connected via the internet that cooperate to achieve a specific goal. Smart cities, smart airports, smart transportation, smart homes, and many applications in the medical and educational fields all use the IoT. However, one major challenge is detecting malicious intrusions on IoT networks. Intrusion Detection Systems (IDSs) should detect these types of intrusions. This work proposes an effective model for detecting malicious IoT activities using machine learning techniques. The ToN-IoT dataset, which consists of seven connected devices (subdatasets), is used to construct an IoT network. The proposed model is a multilevel classification model. The first level distinguishes between attack and normal network activities. The second level is to classify the types of detected attacks. The experimental results prove the effectiveness of the proposed model in terms of time and classification performance metrics. The proposed model and seven baseline techniques in the literature are compared. The proposed model outperformed the baseline techniques in all subdatasets except for the Garage Door dataset.

computer science, information systems,telecommunications

Barjinder Kaur,Sajjad Dadkhah,Farzaneh Shoeleh,Euclides Carlos Pinto Neto,Pulei Xiong,Shahrear Iqbal,Philippe Lamontagne,Suprio Ray,Ali A. Ghorbani

DOI: https://doi.org/10.1016/j.iot.2023.100780

IF: 5.711

2023-07-01

Internet of Things

Abstract:The evolution of mobile technologies has introduced smarter and more connected objects into our day-to-day lives. This trend, known as the Internet of Things (IoT), has applications in smart homes, smart cities, industrial automation, health monitoring systems, and has become an essential component of the communication and networking industry. However, different communication and protocol standards, weak security defaults and the difficulty of distributing updates have exacerbated cybersecurity threats to critical applications that employ IoT. To mitigate the threats and counter these attacks, a promising approach is to develop a robust intrusion detection framework specifically aimed at securing IoT. This paper presents our efforts to catalogue and compare attacks, datasets and machine learning algorithms and architectures for intrusion detection systems for IoT devices. We classify attacks aimed at IoT devices at different layers and protocols. This work also highlights potential features that can be used by machine learning-based intrusion detection systems to detect different types of attacks. We provide a comparative study of IoT datasets used for model training and identify key properties which helps in assessing their suitability in particular scenarios. Finally, we discuss our observations and propose the research directions for building a robust IoT intrusion detection system.

Muna Al-Hawawreh,Elena Sitnikova,Neda Aboutorab

DOI: https://doi.org/10.1109/jiot.2021.3102056

IF: 10.6

2022-03-01

IEEE Internet of Things Journal

Abstract:Industrial Internet of Things (IIoT) is a high-value cyber target due to the nature of the devices and connectivity protocols they deploy. They are easy to compromise and, as they are connected on a large scale with high-value data content, the compromise of any single device can extend to the whole system and disrupt critical functions. There are various security solutions that detect and mitigate intrusions. However, as they lack the capability to deal with an IIoT's co-existing heterogeneity and interoperability, developing new universal security solutions to fit its requirements is critical. This is challenging due to the scarcity of accurate data about IIoT systems' activities, connectivities, and attack behaviors. In addition, owing to their multiplatform connectivity protocols and multivendor devices, collecting and creating such data are also challenging. To tackle these issues, we propose a holistic approach for generating an appropriate intrusion data set for an IIoT called X-IIoTID, a connectivity-agnostic and device-agnostic intrusion data set for fitting the heterogeneity and interoperability of IIoT systems. It includes the behaviors of new IIoT connectivity protocols, activities of recent devices, diverse attack types and scenarios, and various attack protocols. It defines an attack taxonomy and consists of multiview features, such as network traffic, host resources, logs and alerts. X-IIoTID is evaluated using popular machine and deep learning algorithms and compared with 18 intrusion data sets to verify its novelty.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohanad Sarhan,Siamak Layeghy,Marius Portmann

DOI: https://doi.org/10.48550/arXiv.2108.12732

2022-11-23

Abstract:Internet of Things (IoT) networks have become an increasingly attractive target of cyberattacks. Powerful Machine Learning (ML) models have recently been adopted to implement network intrusion detection systems to protect IoT networks. For the successful training of such ML models, selecting the right data features is crucial, maximising the detection accuracy and computational efficiency. This paper comprehensively analyses feature sets' importance and predictive power for detecting network attacks. Three feature selection algorithms: chi-square, information gain and correlation, have been utilised to identify and rank data features. The attributes are fed into two ML classifiers: deep feed-forward and random forest, to measure their attack detection performance. The experimental evaluation considered three datasets: UNSW-NB15, CSE-CIC-IDS2018, and ToN-IoT in their proprietary flow format. In addition, the respective variants in NetFlow format were also considered, i.e., NF-UNSW-NB15, NF-CSE-CIC-IDS2018, and NF-ToN-IoT. The experimental evaluation explored the marginal benefit of adding individual features. Our results show that the accuracy initially increases rapidly with adding features but converges quickly to the maximum. This demonstrates a significant potential to reduce the computational and storage cost of intrusion detection systems while maintaining near-optimal detection accuracy. This has particular relevance in IoT systems, with typically limited computational and storage resources.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Ricardo Alejandro Manzano Sanchez,Marzia Zaman,Nishith Goel,Kshirasagar Naik,Rohit Joshi

DOI: https://doi.org/10.3390/s22207726

IF: 3.9

2022-10-13

Sensors

Abstract:In recent years, anomaly detection and machine learning for intrusion detection systems have been used to detect anomalies on Internet of Things networks. These systems rely on machine and deep learning to improve the detection accuracy. However, the robustness of the model depends on the number of datasamples available, quality of the data, and the distribution of the data classes. In the present paper, we focused specifically on the amount of data and class imbalanced since both parameters are key in IoT due to the fact that network traffic is increasing exponentially. For this reason, we propose a framework that uses a big data methodology with Hadoop–Spark to train and test multi-class and binary classification with one-vs-rest strategy for intrusion detection using the entire BoT IoT dataset. Thus, we evaluate all the algorithms available in Hadoop–Spark in terms of accuracy and processing time. In addition, since the BoT IoT dataset used is highly imbalanced, we also improve the accuracy for detecting minority classes by generating more datasamples using a Conditional Tabular Generative Adversarial Network (CTGAN). In general, our proposed model outperforms other published models including our previous model. Using our proposed methodology, the F1-score of one of the minority class, i.e., Theft attack was improved from 42% to 99%.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ashish Koirala,Rabindra Bista,Joao C. Ferreira

DOI: https://doi.org/10.3390/fi15060210

2023-06-09

Future Internet

Abstract:The Internet of Things (IoT) shares the idea of an autonomous system responsible for transforming physical computational devices into smart ones. Contrarily, storing and operating information and maintaining its confidentiality and security is a concerning issue in the IoT. Throughout the whole operational process, considering transparency in its privacy, data protection, and disaster recovery, it needs state-of-the-art systems and methods to tackle the evolving environment. This research aims to improve the security of IoT devices by investigating the likelihood of network attacks utilizing ordinary device network data and attack network data acquired from similar statistics. To achieve this, IoT devices dedicated to smart healthcare systems were utilized, and botnet attacks were conducted on them for data generation. The collected data were then analyzed using statistical measures, such as the Pearson coefficient and entropy, to extract relevant features. Machine learning algorithms were implemented to categorize normal and attack traffic with data preprocessing techniques to increase accuracy. One of the most popular datasets, known as BoT-IoT, was cross-evaluated with the generated dataset for authentication of the generated dataset. The research provides insight into the architecture of IoT devices, the behavior of normal and attack networks on these devices, and the prospects of machine learning approaches to improve IoT device security. Overall, the study adds to the growing body of knowledge on IoT device security and emphasizes the significance of adopting sophisticated strategies for detecting and mitigating network attacks.

English Else

Bassey Isong,Otshepeng Kgote,Adnan Abu-Mahfouz

DOI: https://doi.org/10.3390/electronics13122370

IF: 2.9

2024-06-18

Electronics

Abstract:The swift explosion of Internet of Things (IoT) devices has brought about a new era of interconnectivity and ease of use while simultaneously presenting significant security concerns. Intrusion Detection Systems (IDS) play a critical role in the protection of IoT ecosystems against a wide range of cyber threats. Despite research advancements, challenges persist in improving IDS detection accuracy, reducing false positives (FPs), and identifying new types of attacks. This paper presents a comprehensive analysis of recent developments in IoT, shedding light on detection methodologies, threat types, performance metrics, datasets, challenges, and future directions. We systematically analyze the existing literature from 2016 to 2023, focusing on both machine learning (ML) and non-ML IDS strategies involving signature, anomaly, specification, and hybrid models to counteract IoT-specific threats. The findings include the deployment models from edge to cloud computing and evaluating IDS performance based on measures such as accuracy, FP rates, and computational costs, utilizing various IoT benchmark datasets. The study also explores methods to enhance IDS accuracy and efficiency, including feature engineering, optimization, and cutting-edge solutions such as cryptographic and blockchain technologies. Equally, it identifies key challenges such as the resource-constrained nature of IoT devices, scalability, and privacy issues and proposes future research directions to enhance IoT-based IDS and overall ecosystem security.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jared Mathews,Prosenjit Chatterjee,Shankar Banik

DOI: https://doi.org/10.48550/arXiv.2206.14341

2022-06-29

Cryptography and Security

Abstract:The need for secure Internet of Things (IoT) devices is growing as IoT devices are becoming more integrated into vital networks. Many systems rely on these devices to remain available and provide reliable service. Denial of service attacks against IoT devices are a real threat due to the fact these low power devices are very susceptible to denial-of-service attacks. Machine learning enabled network intrusion detection systems are effective at identifying new threats, but they require a large amount of data to work well. There are many network traffic data sets but very few that focus on IoT network traffic. Within the IoT network data sets there is a lack of CoAP denial of service data. We propose a novel data set covering this gap. We develop a new data set by collecting network traffic from real CoAP denial of service attacks and compare the data on multiple different machine learning classifiers. We show that the data set is effective on many classifiers.

Vandana Choudhary,Sarvesh Tanwar

DOI: https://doi.org/10.1007/s11042-024-19066-2

IF: 2.577

2024-04-19

Multimedia Tools and Applications

Abstract:The Internet of Things (IoT) has garnered significant attention for its diverse applications, but the proliferation of devices introduces security threats. This paper addresses the need for comprehensive IoT-specific datasets to enhance research on intrusion detection systems (IDSs) and security mechanisms for IoT. Using the Cooja Simulator (Contiki-OS), we present a methodological approach for generating benign and malicious IoT-specific datasets, specifically leveraging a blackhole attack. We examine the impact of single and colluding blackhole attacks on the Routing Protocol for Low Power and Lossy Networks (RPL). Our results highlight a discernible decrease in packet delivery rate and a concurrent increase in average power consumption as malicious nodes escalate, underscoring the need to consider malicious scenarios in evaluating IoT network performance. The study provides crucial insights into compromised networks. Moreover, the generated datasets were employed for the training and assessment of various machine learning and deep learning models. Notably, the Decision Tree model outperformed other models, including Logistic Regression, Random Forest, Naïve Bayes, Support Vector Machine (SVM), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and CNN-LSTM. The Decision Tree consistently demonstrated exceptional performance, attaining a perfect score of 100% across all scenarios, setting it apart from the other models. The diverse performance exhibited by these models across different malicious scenarios emphasizes the importance of selecting appropriate models for effective intrusion detection in IoT networks. In conclusion, our study represents a valuable resource for the IoT research community, providing authentic datasets, insights into network compromise effects, and model performance evaluation. These findings not only emphasize the immediate need for robust security measures in IoT environments but also pave the way for future investigations into novel attacks and innovative mitigation strategies.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Dylan Chou,Meng Jiang

DOI: https://doi.org/10.48550/arXiv.2009.07352

2020-09-16

Abstract:Data-driven methods have been widely used in network intrusion detection (NID) systems. However, there are currently a number of challenges derived from how the datasets are being collected. Most attack classes in network intrusion datasets are considered the minority compared to normal traffic and many datasets are collected through virtual machines or other simulated environments rather than real-world networks. These challenges undermine the performance of intrusion detection machine learning models by fitting models such as random forests or support vector machines to unrepresentative "sandbox" datasets. This survey presents a carefully designed taxonomy highlighting eight main challenges and solutions and explores common datasets from 1999 to 2020. Trends are analyzed on the distribution of challenges addressed for the past decade and future directions are proposed on expanding NID into cloud-based environments, devising scalable models for larger amount of network intrusion data, and creating labeled datasets collected in real-world networks.

Cryptography and Security

Mohamed Amine Ferrag,Othmane Friha,Djallel Hamouda,Leandros Maglaras,Helge Janicke

DOI: https://doi.org/10.36227/techrxiv.18857336

2022-01-27

Abstract:In this paper, we propose a new comprehensive realistic cyber security dataset of IoT and IIoT applications, called Edge-IIoTset, which can be used by machine learning-based intrusion detection systems in two different modes, namely, centralized and federated learning. Specifically, the proposed testbed is organized into seven layers, including, Cloud Computing Layer, Network Functions Virtualization Layer, Blockchain Network Layer, Fog Computing Layer, Software-Defined Networking Layer, Edge Computing Layer, and IoT and IIoT Perception Layer. In each layer, we use new emerging technologies that satisfy the key requirements of IoT and IIoT applications, such as, ThingsBoard IoT platform, OPNFV platform, Hyperledger Sawtooth, Digital twin, ONOS SDN controller, Mosquitto MQTT brokers, Modbus TCP/IP, ...etc. The IoT data are generated from various IoT devices (more than 10 types) such as Low-cost digital sensors for sensing temperature and humidity, Ultrasonic sensor, Water level detection sensor, pH Sensor Meter, Soil Moisture sensor, Heart Rate Sensor, Flame Sensor, ...etc.). Furthermore, we identify and analyze fourteen attacks related to IoT and IIoT connectivity protocols, which are categorized into five threats, including, DoS/DDoS attacks, Information gathering, Man in the middle attacks, Injection attacks, and Malware attacks. In addition, we extract features obtained from different sources, including alerts, system resources, logs, network traffic, and propose new 61 features with high correlations from 1176 found features. After processing and analyzing the proposed realistic cyber security dataset, we provide a primary exploratory data analysis and evaluate the performance of machine learning approaches (i.e., traditional machine learning as well as deep learning) in both centralized and federated learning modes.

Joseph Rose,Matthew Swann,Gueltoum Bendiab,Stavros Shiaeles,Nicholas Kolokotronis

DOI: https://doi.org/10.1109/NetSoft51509.2021.9492685

2021-09-06

Abstract:The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.

Cryptography and Security,Artificial Intelligence

Morteza Safaei Pour,Antonio Mangino,Kurt Friday,Matthias Rathbun,Elias Bou-Harb,Farkhund Iqbal,Sagar Samtani,Jorge Crichigno,Nasir Ghani

DOI: https://doi.org/10.1016/j.cose.2019.101707

2020-04-01

Abstract:The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructures. The highly heterogeneous nature of IoT devices and their widespread deployments has led to the rise of several key security and measurement-based challenges, significantly crippling the process of collecting, analyzing and correlating IoT-centric data. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. The proposed work aims to classify and infer Internet-scale compromised IoT devices by solely observing one-way network traffic, while also uncovering, reporting and thoroughly analyzing "in the wild" IoT botnets. To prepare a relevant dataset, a novel probabilistic model is developed to cleanse unrelated traffic by removing noise samples (i.e., misconfigured network traffic). Subsequently, several shallow and deep learning models are evaluated in an effort to train an effective multi-window convolutional neural network. By leveraging active and passing measurements when generating the training dataset, the neural network aims to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is employed by scrutinizing a set of innovative and efficient network feature sets. Analyzing 3.6 TB of recently captured darknet traffic revealed a momentous 440,000 compromised IoT devices and generated evidence-based artifacts related to 350 IoT botnets. Moreover, by conducting thorough analysis of such inferred campaigns, we reveal their scanning behaviors, packet inter-arrival times, employed rates and geo-distributions. Although several campaigns exhibit significant differences in these aspects, some are more distinguishable; by being limited to specific geo-locations or by executing scans on random ports besides their core targets. While many of the inferred botnets belong to previously documented campaigns such as Hide and Seek, Hajime and Fbot, newly discovered events portray the evolving nature of such IoT threat phenomena by demonstrating growing cryptojacking capabilities or by targeting industrial control services. To motivate empirical (and operational) IoT cyber security initiatives as well as aid in reproducibility of the obtained results, we make the source codes of all the developed methods and techniques available to the research community at large.

computer science, information systems

Hanan Hindy,David Brosset,Ethan Bayne,Amar Seeam,Christos Tachtatzis,Robert Atkinson,Xavier Bellekens

DOI: https://doi.org/10.1109/ACCESS.2020.3000179

2020-06-05

Abstract:As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade's Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of real-network threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.

Cryptography and Security,Artificial Intelligence,Networking and Internet Architecture

Nadia Chaabouni,Mohamed Mosbah,Akka Zemmari,Cyrille Sauvignac,Parvez Faruki

DOI: https://doi.org/10.1109/comst.2019.2896380

2019-01-01

Abstract:Pervasive growth of Internet of Things (IoT) is visible across the globe. The 2016 Dyn cyberattack exposed the critical fault-lines among smart networks. Security of IoT has become a critical concern. The danger exposed by infested Internet-connected Things not only affects the security of IoT but also threatens the complete Internet eco-system which can possibly exploit the vulnerable Things (smart devices) deployed as botnets. Mirai malware compromised the video surveillance devices and paralyzed Internet via distributed denial of service attacks. In the recent past, security attack vectors have evolved bothways, in terms of complexity and diversity. Hence, to identify and prevent or detect novel attacks, it is important to analyze techniques in IoT context. This survey classifies the IoT security threats and challenges for IoT networks by evaluating existing defense techniques. Our main focus is on network intrusion detection systems (NIDSs); hence, this paper reviews existing NIDS implementation tools and datasets as well as free and open-source network sniffing software. Then, it surveys, analyzes, and compares state-of-the-art NIDS proposals in the IoT context in terms of architecture, detection methodologies, validation strategies, treated threats, and algorithm deployments. The review deals with both traditional and machine learning (ML) NIDS techniques and discusses future directions. In this survey, our focus is on IoT NIDS deployed via ML since learning algorithms have a good success rate in security and privacy. The survey provides a comprehensive review of NIDSs deploying different aspects of learning techniques for IoT, unlike other top surveys targeting the traditional systems. We believe that, this paper will be useful for academia and industry research, first, to identify IoT threats and challenges, second, to implement their own NIDS and finally to propose new smart techniques in IoT context considering IoT limitations. Moreover, the s-rvey will enable security individuals differentiate IoT NIDS from traditional ones.

computer science, information systems,telecommunications

Othmane Belarbi,Theodoros Spyridopoulos,Eirini Anthi,Ioannis Mavromatis,Pietro Carnelli,Aftab Khan

2023-08-05

Abstract:The vast increase of Internet of Things (IoT) technologies and the ever-evolving attack vectors have increased cyber-security risks dramatically. A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. However, this approach may violate data privacy and prohibit IDS scalability. Therefore, intrusion detection solutions in IoT ecosystems need to move towards a decentralised direction. Federated Learning (FL) has attracted significant interest in recent years due to its ability to perform collaborative learning while preserving data confidentiality and locality. Nevertheless, most FL-based IDS for IoT systems are designed under unrealistic data distribution conditions. To that end, we design an experiment representative of the real world and evaluate the performance of an FL-based IDS. For our experiments, we rely on TON-IoT, a realistic IoT network traffic dataset, associating each IP address with a single FL client. Additionally, we explore pre-training and investigate various aggregation methods to mitigate the impact of data heterogeneity. Lastly, we benchmark our approach against a centralised solution. The comparison shows that the heterogeneous nature of the data has a considerable negative impact on the model's performance when trained in a distributed manner. However, in the case of a pre-trained initial global FL model, we demonstrate a performance improvement of over 20% (F1-score) compared to a randomly initiated global model.

Cryptography and Security,Machine Learning

Stefanos Tsimenidis,Thomas Lagkas,Konstantinos Rantos

DOI: https://doi.org/10.1007/s10922-021-09621-9

2021-10-08

Journal of Network and Systems Management

Abstract:The Internet of Things (IoT) is the new paradigm of our times, where smart devices and sensors from across the globe are interconnected in a global grid, and distributed applications and services impact every area of human activity. With its huge economic impact and its pervasive influence over our lives, IoT is an attractive target for criminals, and cybersecurity becomes a top priority for the IoT ecosystem. Although cybersecurity has been the subject of research for decades, the large-scale IoT architecture and the emergence of novel threats render old strategies largely inefficient. Deep learning may provide cutting edge solutions for IoT intrusion detection, with its data-driven, anomaly-based approach and ability to detect emerging, unknown attacks. This survey offers a detailed review of deep learning models that have been proposed for IoT intrusion detection. Solutions have been classified by model in a comprehensive, structured analysis of how deep learning has been applied for IoT cybersecurity and their unique contributions to the development of effective IoT intrusion detection solutions.

computer science, information systems,telecommunications

Luca Arnaboldi,Charles Morisset

DOI: https://doi.org/10.1007/978-3-030-04771-9_11

2019-01-24

Abstract:Denial of service attacks are especially pertinent to the internet of things as devices have less computing power, memory and security mechanisms to defend against them. The task of mitigating these attacks must therefore be redirected from the device onto a network monitor. Network intrusion detection systems can be used as an effective and efficient technique in internet of things systems to offload computation from the devices and detect denial of service attacks before they can cause harm. However the solution of implementing a network intrusion detection system for internet of things networks is not without challenges due to the variability of these systems and specifically the difficulty in collecting data. We propose a model-hybrid approach to model the scale of the internet of things system and effectively train network intrusion detection systems. Through bespoke datasets generated by the model, the IDS is able to predict a wide spectrum of real-world attacks, and as demonstrated by an experiment construct more predictive datasets at a fraction of the time of other more standard techniques.

Cryptography and Security

Enrique Mármol Campos,Pablo Fernández Saura,Aurora González-Vidal,José L. Hernández-Ramos,Jorge Bernal Bernabe,Gianmarco Baldini,Antonio Skarmeta

DOI: https://doi.org/10.48550/arXiv.2108.00974

2021-08-02

Abstract:The application of Machine Learning (ML) techniques to the well-known intrusion detection systems (IDS) is key to cope with increasingly sophisticated cybersecurity attacks through an effective and efficient detection process. In the context of the Internet of Things (IoT), most ML-enabled IDS approaches use centralized approaches where IoT devices share their data with data centers for further analysis. To mitigate privacy concerns associated with centralized approaches, in recent years the use of Federated Learning (FL) has attracted a significant interest in different sectors, including healthcare and transport systems. However, the development of FL-enabled IDS for IoT is in its infancy, and still requires research efforts from various areas, in order to identify the main challenges for the deployment in real-world scenarios. In this direction, our work evaluates a FL-enabled IDS approach based on a multiclass classifier considering different data distributions for the detection of different attacks in an IoT scenario. In particular, we use three different settings that are obtained by partitioning the recent ToN\_IoT dataset according to IoT devices' IP address and types of attack. Furthermore, we evaluate the impact of different aggregation functions according to such setting by using the recent IBMFL framework as FL implementation. Additionally, we identify a set of challenges and future directions based on the existing literature and the analysis of our evaluation results.

Machine Learning,Cryptography and Security,Networking and Internet Architecture