Amirabas Kabiri Zamani,Amirahmad Chapnevis

DOI: https://doi.org/10.48550/arXiv.2207.04503

2022-07-11

Abstract:The rapid growth of technology has led to the creation of computing networks. The applications of the Internet of Things are becoming more and more visible with the expansion and development of sensors and the use of a series of equipment to connect to the Internet. Of course, the growth of any network will also provide some challenges. The main challenge of IoT like any other network is its security. In the field of security, there are issues such as attack detection, authentication, encryption and the so on. One of the most important attack is cyber-attacks that disrupt the network usage. One of the most important attacks on the IoT is BotNet attack. The most important challenges of this topic include very high computational complexity, lack of comparison with previous methods, lack of scalability, high execution time, lack of review of the proposed approach in terms of accuracy to detect and classify attacks and intrusions. Using intrusion detection systems for the IoT is an important step in identifying and detecting various attacks. Therefore, an algorithm that can solve these challenges has provided a near-optimal method. Using training-based models and algorithms such as Deep Dearning-Reinforcement Learning and XGBoost learning in combination (DRL-XGBoost) models can be an interesting approach to overcoming previous weaknesses. The data of this research is Bot-IoT-2018.

Cryptography and Security

Anuvelavan Subramaniam,Sureshkumar Chelladurai,Stanly Kumar Ande,Sathiyandrakumar Srinivasan

DOI: https://doi.org/10.1080/0952813x.2024.2342858

2024-07-20

Journal of Experimental & Theoretical Artificial Intelligence

Abstract:Networks connected to the Internet of Things (IoT) are often vulnerable to attacks. Several existing methods in the intrusion detection system for securing IoT have been presented with ensemble classifier, but it does not accurately classify attack, and also it takes high computation time. With intention of solving the security issues, Intrusion Detection System using Hybrid Evolutionary Lion and Balancing Composite Motion Optimisation Algorithm espoused feature selection with Ensemble Classifier (IDS-IoT-Hybrid ELOA-BCMOA-Ensemble-DT-LSVM-RF-XGBoost) is proposed for Securing IoT Network. At first, data were accumulated from the NSL-KDD data set. Afterward, data is fed to pre-processing, where it restored missing value using mean curvature flow method. At feature selection, optimum features are compiled under Hybrid Evolutionary Lion and Balancing Composite Motion Optimisation Algorithm. Based upon the optimum features, intruders of IoT data are categorised as denial-of-service (DoS), probe, remote to local attack (R2L), user to root attack (U2R), normal (no attack) with the help of Ensemble classifier. Proposed IDS-IoT-Hybrid ELOA-BCMOA-Ensemble-DT-LSVM-RF-XGBoost approach is constructed utilising Python. Then, proposed IDS-IoT-Hybrid ELOA-BCMOA-Ensemble-DT-LSVM-RF-XGBoost approach attains 21.11%, 19.58%, 24.61% and 9.52% higher accuracy; 94.47%, 93.95%, 93.08% and 90.59% lower error rate, and 62.94%, 36.69%, 64.17% and 50.97% less computation time analysed with existing models.

computer science, artificial intelligence

Dr.Priyanka Kaushik

DOI: https://doi.org/10.55938/ijgasr.v2i2.46

2023-06-30

Abstract:Detecting botnet and malware cyber-attacks is a critical task in ensuring the security of computer networks. Traditional methods for identifying such attacks often involve static rules and signatures, which can be easily evaded by attackers. Dl is a subdivision of ML, has shown promise in enhancing the accuracy of detecting botnets and malware by analyzing large amounts of network traffic data and identifying patterns that are difficult to detect with traditional methods. In order to identify abnormal traffic patterns that can be a sign of botnet or malware activity, deep learning models can be taught to learn the intricate interactions and correlations between various network traffic parameters, such as packet size, time intervals, and protocol headers. The models can also be trained to detect anomalies in network traffic, which could indicate the presence of unknown malware. The threat of malware and botnet assaults has increased in frequency with the growth of the IoT. In this research, we offer a unique LSTM and GAN-based method for identifying such attacks. We utilise our model to categorise incoming traffic as either benign or malicious using a dataset of network traffic data from various IoT devices. Our findings show how well our method works by attaining high accuracy in identifying botnet and malware cyberattacks in IoT networks. This study makes a contribution to the creation of stronger and more effective security systems for shielding IoT devices from online dangers. One of the major advantages of using deep learning for botnet and malware detection is its ability to adapt to new and previously unknown attack patterns, making it a useful tool in the fight against constantly evolving cyber threats. However, DL models require large quantity of labeled data for training, and their performance can be affected by the quality and quantity of the data used. Deep learning holds great potential for improving the accuracy and effectiveness of botnet and malware detection, and its continued development and application could lead to significant advancements in the field of cybersecurity.

Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Ashish Koirala,Rabindra Bista,Joao C. Ferreira

DOI: https://doi.org/10.3390/fi15060210

2023-06-09

Future Internet

Abstract:The Internet of Things (IoT) shares the idea of an autonomous system responsible for transforming physical computational devices into smart ones. Contrarily, storing and operating information and maintaining its confidentiality and security is a concerning issue in the IoT. Throughout the whole operational process, considering transparency in its privacy, data protection, and disaster recovery, it needs state-of-the-art systems and methods to tackle the evolving environment. This research aims to improve the security of IoT devices by investigating the likelihood of network attacks utilizing ordinary device network data and attack network data acquired from similar statistics. To achieve this, IoT devices dedicated to smart healthcare systems were utilized, and botnet attacks were conducted on them for data generation. The collected data were then analyzed using statistical measures, such as the Pearson coefficient and entropy, to extract relevant features. Machine learning algorithms were implemented to categorize normal and attack traffic with data preprocessing techniques to increase accuracy. One of the most popular datasets, known as BoT-IoT, was cross-evaluated with the generated dataset for authentication of the generated dataset. The research provides insight into the architecture of IoT devices, the behavior of normal and attack networks on these devices, and the prospects of machine learning approaches to improve IoT device security. Overall, the study adds to the growing body of knowledge on IoT device security and emphasizes the significance of adopting sophisticated strategies for detecting and mitigating network attacks.

English Else

Vijaya Bhaskar Sadu,Kumar Abhishek,Omaia Mohammed Al-Omari,Sandhya Rani Nallola,Rajeev Kumar Sharma,Mohammad Shadab Khan

DOI: https://doi.org/10.1080/0954898X.2024.2336058

2024-07-15

Network

Abstract:The Internet of Things (IoT) is a network that connects various hardware, software, data storage, and applications. These interconnected devices provide services to businesses and can potentially serve as entry points for cyber-attacks. The privacy of IoT devices is increasingly vulnerable, particularly to threats like viruses and illegal software distribution lead to the theft of critical information. Ant Colony-Optimized Artificial Neural-Adaptive Tensorflow (ACO-ANT) technique is proposed to detect malicious software illicitly disseminated through the IoT. To emphasize the significance of each token in source duplicate data, the noise data undergoes processing using tokenization and weighted attribute techniques. Deep learning (DL) methods are then employed to identify source code duplication. Also the Multi-Objective Recurrent Neural Network (M-RNN) is used to identify suspicious activities within an IoT environment. The performance of proposed technique is examined using Loss, accuracy, F measure, precision to identify its efficiency. The experimental outcomes demonstrate that the proposed method ACO-ANT on Malimg dataset provides 12.35%, 14.75%, 11.84% higher precision and 10.95%, 15.78%, 13.89% higher f-measure compared to the existing methods. Further, leveraging block chain for malware detection is a promising direction for future research the fact that could enhance the security of IoT and identify malware threats.

Shaza Dawood Ahmed Rihan,Mohammed Anbar,Basim Ahmad Alabsi

DOI: https://doi.org/10.3390/s23198191

2023-09-30

Abstract:The significant surge in Internet of Things (IoT) devices presents substantial challenges to network security. Hackers are afforded a larger attack surface to exploit as more devices become interconnected. Furthermore, the sheer volume of data these devices generate can overwhelm conventional security systems, compromising their detection capabilities. To address these challenges posed by the increasing number of interconnected IoT devices and the data overload they generate, this paper presents an approach based on meta-learning principles to identify attacks within IoT networks. The proposed approach constructs a meta-learner model by stacking the predictions of three Deep-Learning (DL) models: RNN, LSTM, and CNN. Subsequently, the identification by the meta-learner relies on various methods, namely Logistic Regression (LR), Multilayer Perceptron (MLP), Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost). To assess the effectiveness of this approach, extensive evaluations are conducted using the IoT dataset from 2020. The XGBoost model showcased outstanding performance, achieving the highest accuracy (98.75%), precision (98.30%), F1-measure (98.53%), and AUC-ROC (98.75%). On the other hand, the SVM model exhibited the highest recall (98.90%), representing a slight improvement of 0.14% over the performance achieved by XGBoost.

Alok Kumar Shukla

DOI: https://doi.org/10.1111/exsy.13290

IF: 3.3

2023-03-30

Expert Systems

Abstract:Over the last few decades, computer and internet security has become a vital area because of eye‐opening numbers of data breaches, intruders on perilous infrastructure and malware attacks that are increasing day by day. In order to monitor abnormal activities and identify unusual attacks, several security solutions have been proposed in the recent past years. To protect computer system, intrusion detection system (IDS) opens up great opportunities to determine vulnerabilities and detect anomalies in security system. For detecting new attacks or building security solutions, in this study we present a new wrapper technique for security specialists that can help to detect more complicated attacks by combining teaching learning‐based optimization with opposition learning scheme and simulated annealing method. In order to address advance attack, firstly opposition learning strategy is used to update population generation of teaching learning‐based optimization that affect the robustness of the model after that simulated annealing is integrated into the teaching learning‐based optimization. In proposed method to choose the relevant features, we have used support vector machine as a fitness function that can be helped to recognize attacks precisely. The proposed algorithm is evaluated on three popular datasets namely NSL‐KDD, ISCX 2012 and UNSW‐NB15. Experimental results show that the proposed method is superior to other existing wrapper algorithms in terms of detection rate, accuracy and false alarm rates.

computer science, artificial intelligence, theory & methods

Deepa Krishnan,Pravin Shrinath

DOI: https://doi.org/10.1007/s13369-024-08742-y

IF: 2.807

2024-02-15

Arabian Journal for Science and Engineering

Abstract:The detection of security attacks holds significant importance in IoT networks, primarily due to the escalating number of interconnected devices and the sensitive nature of the transmitted data. This paper introduces a novel methodology designed to identify both known and unknown attacks within IoT networks. For the identification of known attacks, our proposed approach employs a stacked multi-classifier trained with classwise features. To address the challenge of highly imbalanced classes without resorting to resampling, we utilize the Localized Generalized Matrix Learning Vector Quantization (LGMLVQ) approach to select the most relevant features for each class. The efficacy of this model is evaluated using the widely recognized NF-BoT-IoT dataset, demonstrating an impressive accuracy score of 99.9952%.. The proposed study also focuses on detecting unseen attacks leveraging a shallow autoencoder, employing the technique of reconstruction error thresholding. The efficiency of this approach is evaluated using benchmark datasets. namely NF-ToN-IoT and NF-CSE-CIC-IDS 2018. The model's performance on previously unseen samples is noteworthy, with an average accuracy, precision, recall and F1-Score of 93.715%, 99.955%,90.865% and 95.145%, respectively. The proposed work presents significant contributions to IoT security by proposing a comprehensive solution with demonstrated performance in detecting both known and unknown attacks in the context of imbalanced data.

multidisciplinary sciences

C. Rupa,Sumaiya Shaikh,Gautam Srivastava,T. Gadekallu

DOI: https://doi.org/10.1109/BigData55660.2022.10020355

2022-12-17

Abstract:The Internet of Things (IoT), with the ease of access of Automated Vehicles, is the most reliable technology in the 21st century making every possible thing within seconds. The people in this era are blessed with all the new technology, and new gadgets, due to which many things which used to take longer are done within nanoseconds. IoT combines computing devices, mechanical devices, digital machines, objects, and people which possess the ability to transfer data over the network with Unique identifiers (UIDs) without human intervention. Such IoT-enabled Automated Guided Vehicles (AGV) are more reliable on networks for every action. Deep learning and machine learning techniques are pivotal for the successful implementation of IoT-based applications including AGVs. A botnet refers to the attacks which come from robot Network attacks. Recently, many organizations have been compromised using this attack. Most affected devices are connected to IoT as it uses automatically generated data. The ideology of this study is to propose an intrusion prediction system which can predict botnet attacks in AGVs. In this study, N – Balo dataset is used for classification, clustering and prediction. The technique implemented in this paper may provide some roots to develop the most reliable and highly secured AGV network.

Computer Science,Environmental Science,Engineering

Md Rashed Buiya,A K M Nuruzzaman Laskar,Md Rafiqul Islam,Sanjib Kumar Shil Sawalmeh,Muhammad Shoyaibur Rahman Chowdhury Roy,Reza E Rabbi Shawon Roy,Md Sumsuzoha

DOI: https://doi.org/10.32996/jcsts.2024.6.4.16

2024-10-18

Journal of Computer Science and Technology Studies

Abstract:The IoT is one of the most revolutionary technological advancements of the contemporary era, embedding networked devices into nearly every aspect of human life, from smart homes and wearables to industrial systems and healthcare applications in the U.S.A. The immediate need for better cybersecurity in the U.S.A. arises from the increasing sophistication and frequency of cyberattacks on IoT systems. Machine learning and AI have emerged as promising technologies to deal with the security challenges IoT systems pose. Unlike traditional rule-based systems, ML models learn from large datasets to identify deviations from the normal behavior pattern that signifies malicious activity. The prime objective of this research is to design, curate, evaluate, and deploy state-of-the-art machine learning models that improve the detection of cyberattacks over IoT network traffic. This research used a well-established dataset that emulates IoT network traffic consisting of benign and malicious activities. Benchmarks like the UNSW-NB15, CICIDS2017, and TON_IoT have been in extensive use by researchers in this domain because they contain a rich variety of network traffic created by various IoT devices and systems along with corresponding labels that classify normal and associated with specific types of cyberattacks: DDOS, MITM, and botnet attacks. Data preprocessing and cleaning ensured that the dataset was consistent, complete, and in a format that helps machine learning algorithms learn from it. Imputation techniques used the feature's mean/median/mode to handle missing values. In this research project, two machine learning algorithms were used in the experiment, notably, Logistic Regression and Random Forest. In this study, the machine learning algorithms used in the experiment undertaken for the current research project are Logistic Regression and Random Forest. The performance of Random Forest was superior to Logistic Regression in almost all metrics. While Logistic Regression provided a strong baseline, it struggled with detecting attacks, as evidenced by its lower recall and higher number of false negatives. This implied that Logistic Regression was less reliable in detecting cyberattacks, which could be critical in real-world cybersecurity settings. By contrast, Random Forest attained impressive accuracy and significantly diminished the number of false negatives. Its higher precision and recall demonstrate that it is better suited for detecting attacks in this dataset, offering a more reliable solution for cyberattack detection.

N. Sakthipriya,V. Govindasamy,V. Akila,Sakthipriya, N.

DOI: https://doi.org/10.1007/s12083-024-01657-3

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:The "Internet of Things (IoT)" technology has been utilized in various industries in the past few years. As the IoT technology has diverse and small devices connected to it, IoT gadgets are vulnerable to several attacks. These networks are heterogeneous and big, making it difficult to handle the security of the overall network. The methods of upgrading these network security methods to combat different security assaults such as keylogging, denial of service, and man-in-the-middle are also difficult. Due to the network's heterogeneous nature and resource limitations, conventional high-end safety technologies are challenging to implement in IoT networks. Deep learning is an effective technique for identifying botnet attacks. However, the amount of internet activity required for this operation is typically substantial. Thus, implementing a deep learning technique in IoT devices with limited memory is practically difficult. Hence, this paper aims to decrease the dimensionality in the IoT network for efficient attack classification performance in memory constraint IoT devices using Conditional Adversarial Auto Encoder (CAAE) and generate realistic botnet traffic using CAAE to train the model. An efficient N-BaIoT Dataset are initially collected from the online datasets. The collected datasets are then given to the data cleaning process, which helps to avoid unnecessary information by refining essential data for attack detection. Further, the cleaned data is given to the CAAE, which is then incorporated for extracting efficient deep features in order to enhance the attack detection rate. Finally, the attack detection takes place with the extracted deep features, which are performed using the developed Dilated and Cascaded Recurrent Neural Network (DC-RNN) approach for accurately classifying the attacks in IoT devices. Throughout the analysis, the developed model shows 96%, 98%, 97%, and 96% in terms of accuracy, precision, F1-score, and recall. The research assessment is considered to analyze the suggested methods effectiveness by comparing it with conventional techniques.

computer science, information systems,telecommunications

Archana Manoharan,Manigandan Thathan

DOI: https://doi.org/10.1038/s41598-024-80581-1

IF: 4.6

2024-12-06

Scientific Reports

Abstract:Providing security to Internet of Medical Things (IoMT) is significant worldwide problem for future generations its implementation to be successful. The traditional security methodologies developed for IoMT struggles with the specific issues of high false positives and lower detection rate. Therefore, the proposed work aims to develop a ground-breaking intrusion detection model, named as, Group Teaching Optimized Probabilistic Deep Auto-Encoder (GTPDA) for increasing the security of IoMT networks. Here, the data transformation and normalization processes are applied to balance the dataset's properties. Then, an Intriguing Group Teaching Optimization (IGTO) algorithm is applied to choose the most correlated and essential traits from the normalized dataset for effective intrusion detection. Consequently, a Conditional Probabilistic Deep Auto-Encoder (CPDAE) model is used to more accurately classify the type of intrusion with system complexity. This study uses the BoT-IoT, Kaggle invasion dataset, and ToN-IoT open benchmarking datasets for evaluation and performance assessments. Among all, the proposed GTPDA with its various performance metrics presented, achieves an impressive 98.8% precision, 99% recall, 98.8% F1-score, and 99% accuracy, showing its significant performance in ensuring IoMT network security.

multidisciplinary sciences

S K Khaja Shareef,R Krishna Chaitanya,Srinivasulu Chennupalli,Devi Chokkakula,K V D Kiran,Udayaraju Pamula,Ramesh Vatambeti

DOI: https://doi.org/10.1038/s41598-024-67865-2

2024-07-26

Abstract:The Internet of Things (IoT) permeates various sectors, including healthcare, smart cities, and agriculture, alongside critical infrastructure management. However, its susceptibility to malware due to limited processing power and security protocols poses significant challenges. Traditional antimalware solutions fall short in combating evolving threats. To address this, the research work developed a feature selection-based classification model. At first stage, a preprocessing stage enhances dataset quality through data smoothing and consistency improvement. Feature selection via the Zebra Optimization Algorithm (ZOA) reduces dimensionality, while a classification phase integrates the Graph Attention Network (GAN), specifically the Dual-channel GAN (DGAN). DGAN incorporates Node Attention Networks and Semantic Attention Networks to capture intricate IoT device interactions and detect anomalous behaviors like botnet activity. The model's accuracy is further boosted by leveraging both structural and semantic data with the Sooty Tern Optimization Algorithm (STOA) for hyperparameter tuning. The proposed STOA-DGAN model achieves an impressive 99.87% accuracy in botnet activity classification, showcasing robustness and reliability compared to existing approaches.

Swechchha Gupta,Singh,Buddha Singh

DOI: https://doi.org/10.1016/j.cose.2024.103783

IF: 5.105

2024-02-01

Computers & Security

Abstract:In increasingly interconnected digital world, the threat of cyber-attacks and data breaches are a pervasive and growing concern. The Botnets are the most dangerous threats that launch a wide range of cyberattacks such as distributed denial of service (DDoS) attacks, sending spam emails, spreading malware, and stealing sensitive information. The identification and categorization of botnets has become a highly complex and critical process due to the massive amount of network traffic generated every second. This paper presents a multilayer botnet detection and classification framework based on explainable machine learning algorithms. The proposed approach comprises of three distinct layers: Feature Selection Layer, Botnet Detection Layer and Botnet Classification Layer. The Feature Selection Layer reduces the dataset into six essential features, that enhance the accuracy and efficiency of the framework. The botnet detection layer detects botnet activity by filtering the reduced dataset into normal packets and botnet packets. The filtered botnet packets further examined by botnet classification layer to classify the botnet packets into different types of botnets. Moreover, SHAP (SHapley Additive exPlanations) technique is utilized to provide transparency to the model's decision-making process. To evaluate the effectiveness of the proposed model, NCC-2 and CTU-13 datasets are examined. 10-fold cross-validation technique is applied to validate the experimental findings. The average accuracy achieved by proposed approach in botnet detection stands impressively at 99.98%, while the average accuracy achieved in classifying botnet families is 99.30%, exhibiting an exceptional level of performance. The comparative analysis is performed which demonstrates its superiority over existing methods in terms of accuracy, precision, recall, F1-Score.

computer science, information systems

Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qasem Abu Al-Haija,Mu’awya Al-Dala’ien

DOI: https://doi.org/10.3390/jsan11010018

2022-03-09

Journal of Sensor and Actuator Networks

Abstract:Due to the prompt expansion and development of intelligent systems and autonomous, energy-aware sensing devices, the Internet of Things (IoT) has remarkably grown and obstructed nearly all applications in our daily life. However, constraints in computation, storage, and communication capabilities of IoT devices has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for a lightweight and anomaly-based detection system that can build profiles for normal and malicious activities over IoT networks. In this paper, we propose an ensemble learning model for botnet attack detection in IoT networks called ELBA-IoT that profiles behavior features of IoT networks and uses ensemble learning to identify anomalous network traffic from compromised IoT devices. In addition, our IoT-based botnet detection approach characterizes the evaluation of three different machine learning techniques that belong to decision tree techniques (AdaBoosted, RUSBoosted, and bagged). To evaluate ELBA-IoT, we used the N-BaIoT-2021 dataset, which comprises records of both normal IoT network traffic and botnet attack traffic of infected IoT devices. The experimental results demonstrate that our proposed ELBA-IoT can detect the botnet attacks launched from the compromised IoT devices with high detection accuracy (99.6%) and low inference overhead (40 μ-seconds). We also contrast ELBA-IoT results with other state-of-the-art results and demonstrate that ELBA-IoT is superior.

Urooj Akram,Wareesa Sharif,Mobeen Shahroz,Muhammad Faheem Mushtaq,Daniel Gavilanes Aray,Ernesto Bautista Thompson,Isabel de la Torre Diez,Sirojiddin Djuraev,Imran Ashraf

DOI: https://doi.org/10.3390/s23146379

IF: 3.9

2023-07-14

Sensors

Abstract:An Internet of Things (IoT) network is prone to many ways of threatening individuals. IoT sensors are lightweight, lack complicated security protocols, and face threats to privacy and confidentiality. Hackers can attack the IoT network and access personal information and confidential data for blackmailing, and negatively manipulate data. This study aims to propose an IoT threat protection system (IoTTPS) to protect the IoT network from threats using an ensemble model RKSVM, comprising a random forest (RF), K nearest neighbor (KNN), and support vector machine (SVM) model. The software-defined networks (SDN)-based IoT network datasets such as KDD cup 99, NSL-KDD, and CICIDS are used for threat detection based on machine learning. The experimental phase is conducted by using a decision tree (DT), logistic regression (LR), Naive Bayes (NB), RF, SVM, gradient boosting machine (GBM), KNN, and the proposed ensemble RKSVM model. Furthermore, performance is optimized by adding a grid search hyperparameter optimization technique with K-Fold cross-validation. As well as the NSL-KDD dataset, two other datasets, KDD and CIC-IDS 2017, are used to validate the performance. Classification accuracies of 99.7%, 99.3%, 99.7%, and 97.8% are obtained for DoS, Probe, U2R, and R2L attacks using the proposed ensemble RKSVM model using grid search and cross-fold validation. Experimental results demonstrate the superior performance of the proposed model for IoT threat detection.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Angela Grace Famera,Raj Mani Shukla,Suman Bhunia

DOI: https://doi.org/10.48550/arXiv.2311.08621

2023-11-15

Networking and Internet Architecture

Abstract:A botnet is an army of zombified computers infected with malware and controlled by malicious actors to carry out tasks such as Distributed Denial of Service (DDoS) attacks. Billions of Internet of Things (IoT) devices are primarily targeted to be infected as bots since they are configured with weak credentials or contain common vulnerabilities. Detecting botnet propagation by monitoring the network traffic is difficult as they easily blend in with regular network traffic. The traditional machine learning (ML) based Intrusion Detection System (IDS) requires the raw data to be captured and sent to the ML processor to detect intrusion. In this research, we examine the viability of a cross-device federated intrusion detection mechanism where each device runs the ML model on its data and updates the model weights to the central coordinator. This mechanism ensures the client's data is not shared with any third party, terminating privacy leakage. The model examines each data packet separately and predicts anomalies. We evaluate our proposed mechanism on a real botnet propagation dataset called MedBIoT. Overall, the proposed method produces an average accuracy of 71%, precision 78%, recall 71%, and f1-score 68%. In addition, we also examined whether any device taking part in federated learning can employ a poisoning attack on the overall system.

Fauzia Talpur,Imtiaz Ali Korejo,Aftab Ahmed Chandio,Ali Ghulam,Mir. Sajjad Hussain Talpur

DOI: https://doi.org/10.3390/s24051672

IF: 3.9

2024-03-06

Sensors

Abstract:The escalating reliance of modern society on information and communication technology has rendered it vulnerable to an array of cyber-attacks, with distributed denial-of-service (DDoS) attacks emerging as one of the most prevalent threats. This paper delves into the intricacies of DDoS attacks, which exploit compromised machines numbering in the thousands to disrupt data services and online commercial platforms, resulting in significant downtime and financial losses. Recognizing the gravity of this issue, various detection techniques have been explored, yet the quantity and prior detection of DDoS attacks has seen a decline in recent methods. This research introduces an innovative approach by integrating evolutionary optimization algorithms and machine learning techniques. Specifically, the study proposes XGB-GA Optimization, RF-GA Optimization, and SVM-GA Optimization methods, employing Evolutionary Algorithms (EAs) Optimization with Tree-based Pipelines Optimization Tool (TPOT)-Genetic Programming. Datasets pertaining to DDoS attacks were utilized to train machine learning models based on XGB, RF, and SVM algorithms, and 10-fold cross-validation was employed. The models were further optimized using EAs, achieving remarkable accuracy scores: 99.99% with the XGB-GA method, 99.50% with RF-GA, and 99.99% with SVM-GA. Furthermore, the study employed TPOT to identify the optimal algorithm for constructing a machine learning model, with the genetic algorithm pinpointing XGB-GA as the most effective choice. This research significantly advances the field of DDoS attack detection by presenting a robust and accurate methodology, thereby enhancing the cybersecurity landscape and fortifying digital infrastructures against these pervasive threats.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation