Md Rashed Buiya,A K M Nuruzzaman Laskar,Md Rafiqul Islam,Sanjib Kumar Shil Sawalmeh,Muhammad Shoyaibur Rahman Chowdhury Roy,Reza E Rabbi Shawon Roy,Md Sumsuzoha

DOI: https://doi.org/10.32996/jcsts.2024.6.4.16

2024-10-18

Journal of Computer Science and Technology Studies

Abstract:The IoT is one of the most revolutionary technological advancements of the contemporary era, embedding networked devices into nearly every aspect of human life, from smart homes and wearables to industrial systems and healthcare applications in the U.S.A. The immediate need for better cybersecurity in the U.S.A. arises from the increasing sophistication and frequency of cyberattacks on IoT systems. Machine learning and AI have emerged as promising technologies to deal with the security challenges IoT systems pose. Unlike traditional rule-based systems, ML models learn from large datasets to identify deviations from the normal behavior pattern that signifies malicious activity. The prime objective of this research is to design, curate, evaluate, and deploy state-of-the-art machine learning models that improve the detection of cyberattacks over IoT network traffic. This research used a well-established dataset that emulates IoT network traffic consisting of benign and malicious activities. Benchmarks like the UNSW-NB15, CICIDS2017, and TON_IoT have been in extensive use by researchers in this domain because they contain a rich variety of network traffic created by various IoT devices and systems along with corresponding labels that classify normal and associated with specific types of cyberattacks: DDOS, MITM, and botnet attacks. Data preprocessing and cleaning ensured that the dataset was consistent, complete, and in a format that helps machine learning algorithms learn from it. Imputation techniques used the feature's mean/median/mode to handle missing values. In this research project, two machine learning algorithms were used in the experiment, notably, Logistic Regression and Random Forest. In this study, the machine learning algorithms used in the experiment undertaken for the current research project are Logistic Regression and Random Forest. The performance of Random Forest was superior to Logistic Regression in almost all metrics. While Logistic Regression provided a strong baseline, it struggled with detecting attacks, as evidenced by its lower recall and higher number of false negatives. This implied that Logistic Regression was less reliable in detecting cyberattacks, which could be critical in real-world cybersecurity settings. By contrast, Random Forest attained impressive accuracy and significantly diminished the number of false negatives. Its higher precision and recall demonstrate that it is better suited for detecting attacks in this dataset, offering a more reliable solution for cyberattack detection.

Alireza Seifousadati,Saeid Ghasemshirazi,Mohammad Fathian

DOI: https://doi.org/10.48550/arXiv.2110.14911

2021-10-28

Abstract:In the current world, the Internet is being used almost everywhere. With the rise of IoT technology, which is one of the most used technologies, billions of IoT devices are interconnected over the Internet. However, DoS/DDoS attacks are the most frequent and perilous threat to this growing technology. New types of DDoS attacks are highly advanced and complicated, and it is almost impossible to detect or mitigate by the existing intrusion detection systems and traditional methods. Fortunately, Big Data, Data mining, and Machine Learning technologies make it possible to detect DDoS traffic effectively. This paper suggests a DDoS detection model based on data mining and machine learning techniques. For writing this paper, the latest available Dataset, CICDDoS2019, experimented with the most popular machine learning algorithms and specified the most correlated features with predicted classes are being used. It is discovered that AdaBoost and XGBoost were extraordinarily accurate and correctly predicted the type of network traffic with 100% accuracy. Future research can be extended by enhancing the model for multiclassification of different DDoS attack types and testing hybrid algorithms and newer datasets on this model.

Cryptography and Security

Dawit Dejene Bikila,Jan Čapek

DOI: https://doi.org/10.1016/j.future.2024.107630

IF: 7.307

2024-12-03

Future Generation Computer Systems

Abstract:The number of Internet of Things (IoT) device connections is increasing rapidly as IoT applications are vital in any operation. IoT must maintain safe internet access that withstands various malicious attacks for instance Recon, Mirai, Distributed Denial of Service (DDoS), and Spoofing which has gained much attention. Intelligently changing and zero-day attacks are emerging every day. This highlights the need for intelligent security solutions tailored specifically to this technology. Various Machine Learning (ML) based approaches have been utilized for intrusion detection to tackle IoT attacks. However, the flaws of current attack detection and feature extraction techniques result in low detection accuracy. Thus, it hindered their real-world applications and highlighted the need for a lightweight and computationally robust model trained and assessed on a recent datasets. Therefore, this work proposed an attack detection model trained and validated using the CICIoT2023 and CICIDS2017 datasets. Initially, data preprocessing is done then features are extracted by using an unsupervised Elastic Deep Autoencoder (EDA) with optimum hyperparameters. Further, the Extreme Gradient Boosting (XGBoost) binary classifier is tuned by the Grey Wolf Optimizer (GWO) and fed extracted feature sets to classify attacks. The results of the experiments show the effectiveness of our model with a higher detection accuracy in both datasets. Finally, the performance comparison confirmed that the results of the proposed work is competitive with other state-of-the-art method in securing IoT infrastructures.

computer science, theory & methods

Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Ashish Koirala,Rabindra Bista,Joao C. Ferreira

DOI: https://doi.org/10.3390/fi15060210

2023-06-09

Future Internet

Abstract:The Internet of Things (IoT) shares the idea of an autonomous system responsible for transforming physical computational devices into smart ones. Contrarily, storing and operating information and maintaining its confidentiality and security is a concerning issue in the IoT. Throughout the whole operational process, considering transparency in its privacy, data protection, and disaster recovery, it needs state-of-the-art systems and methods to tackle the evolving environment. This research aims to improve the security of IoT devices by investigating the likelihood of network attacks utilizing ordinary device network data and attack network data acquired from similar statistics. To achieve this, IoT devices dedicated to smart healthcare systems were utilized, and botnet attacks were conducted on them for data generation. The collected data were then analyzed using statistical measures, such as the Pearson coefficient and entropy, to extract relevant features. Machine learning algorithms were implemented to categorize normal and attack traffic with data preprocessing techniques to increase accuracy. One of the most popular datasets, known as BoT-IoT, was cross-evaluated with the generated dataset for authentication of the generated dataset. The research provides insight into the architecture of IoT devices, the behavior of normal and attack networks on these devices, and the prospects of machine learning approaches to improve IoT device security. Overall, the study adds to the growing body of knowledge on IoT device security and emphasizes the significance of adopting sophisticated strategies for detecting and mitigating network attacks.

English Else

Sushil Shakya,Robert Abbas

2024-11-08

Abstract:This paper presents the detection of DDoS attacks in IoT networks using machine learning models. Their rapid growth has made them highly susceptible to various forms of cyberattacks, many of whose security procedures are implemented in an irregular manner. It evaluates the efficacy of different machine learning models, such as XGBoost, K-Nearest Neighbours, Stochastic Gradient Descent, and Naïve Bayes, in detecting DDoS attacks from normal network traffic. Each model has been explained on several performance metrics, such as accuracy, precision, recall, and F1-score to understand the suitability of each model in real-time detection and response against DDoS threats. This comparative analysis will, therefore, enumerate the unique strengths and weaknesses of each model with respect to the IoT environments that are dynamic and hence moving in nature. The effectiveness of these models is analyzed, showing how machine learning can greatly enhance IoT security frameworks, offering adaptive, efficient, and reliable DDoS detection capabilities. These findings have shown the potential of machine learning in addressing the pressing need for robust IoT security solutions that can mitigate modern cyber threats and assure network integrity.

Cryptography and Security,Machine Learning

Yi-Wen Chen,Jang-Ping Sheu,Yung-Ching Kuo,Nguyen Van Cuong

DOI: https://doi.org/10.1109/eucnc48522.2020.9200909

2020-01-01

Abstract:DDoS attacks often happen in cloud servers and cause a devastating problem. However, an increasing number of Internet of Things (IoT) devices makes us not ignore the influence of large-scale DDoS attacks from IoT devices. In this paper, we propose a machine learning-based on a multi-layer IoT DDoS attack detection system, including IoT devices, IoT gateways, SDN switches, and cloud servers. Firstly, we build eight smart poles with various sensors on our campus and collect sensor data as our datasets through wireless networks or wired networks. Next, we extract the features based on DDoS attack types. The feature selection can result in high accuracy DDoS attack detection in the real IoT environment. The experimental results show that our multi-layer DDoS detection system can accurately detect DDoS attacks. And the SDN controller can block venomous devices effectively according to blacklists from the results of our IoT DDoS attacks detection system.

Mohanad Sarhan,Siamak Layeghy,Marius Portmann

DOI: https://doi.org/10.48550/arXiv.2108.12732

2022-11-23

Abstract:Internet of Things (IoT) networks have become an increasingly attractive target of cyberattacks. Powerful Machine Learning (ML) models have recently been adopted to implement network intrusion detection systems to protect IoT networks. For the successful training of such ML models, selecting the right data features is crucial, maximising the detection accuracy and computational efficiency. This paper comprehensively analyses feature sets' importance and predictive power for detecting network attacks. Three feature selection algorithms: chi-square, information gain and correlation, have been utilised to identify and rank data features. The attributes are fed into two ML classifiers: deep feed-forward and random forest, to measure their attack detection performance. The experimental evaluation considered three datasets: UNSW-NB15, CSE-CIC-IDS2018, and ToN-IoT in their proprietary flow format. In addition, the respective variants in NetFlow format were also considered, i.e., NF-UNSW-NB15, NF-CSE-CIC-IDS2018, and NF-ToN-IoT. The experimental evaluation explored the marginal benefit of adding individual features. Our results show that the accuracy initially increases rapidly with adding features but converges quickly to the maximum. This demonstrates a significant potential to reduce the computational and storage cost of intrusion detection systems while maintaining near-optimal detection accuracy. This has particular relevance in IoT systems, with typically limited computational and storage resources.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Sidra Abbas,Imen Bouazzi,Stephen Ojo,Abdullah Al Hejaili,Gabriel Avelino Sampedro,Ahmad Almadhor,Michal Gregus

DOI: https://doi.org/10.7717/peerj-cs.1793

2024-01-17

PeerJ Computer Science

Abstract:The Internet of Things (IoT), considered an intriguing technology with substantial potential for tackling many societal concerns, has been developing into a significant component of the future. The foundation of IoT is the capacity to manipulate and track material objects over the Internet. The IoT network infrastructure is more vulnerable to attackers/hackers as additional features are accessible online. The complexity of cyberattacks has grown to pose a bigger threat to public and private sector organizations. They undermine Internet businesses, tarnish company branding, and restrict access to data and amenities. Enterprises and academics are contemplating using machine learning (ML) and deep learning (DL) for cyberattack avoidance because ML and DL show immense potential in several domains. Several DL teachings are implemented to extract various patterns from many annotated datasets. DL can be a helpful tool for detecting cyberattacks. Early network data segregation and detection thus become more essential than ever for mitigating cyberattacks. Numerous deep-learning model variants, including deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs), are implemented in the study to detect cyberattacks on an assortment of network traffic streams. The Canadian Institute for Cybersecurity's CICDIoT2023 dataset is utilized to test the efficacy of the proposed approach. The proposed method includes data preprocessing, robust scalar and label encoding techniques for categorical variables, and model prediction using deep learning models. The experimental results demonstrate that the RNN model achieved the highest accuracy of 96.56%. The test results indicate that the proposed approach is efficient compared to other methods for identifying cyberattacks in a realistic IoT environment.

computer science, information systems, artificial intelligence, theory & methods

Rohan Doshi,Noah Apthorpe,Nick Feamster

DOI: https://doi.org/10.1109/SPW.2018.00013

2018-04-12

Abstract:An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.

Cryptography and Security,Machine Learning

Andrew Churcher,Rehmat Ullah,Jawad Ahmad,Sadaqat ur Rehman,Fawad Masood,Mandar Gogate,Fehaid Alqahtani,Boubakr Nour,William J. Buchanan

DOI: https://doi.org/10.3390/s21020446

2021-01-10

Abstract:In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

Cryptography and Security,Machine Learning

Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Luca Arnaboldi,Charles Morisset

DOI: https://doi.org/10.1007/978-3-030-04771-9_11

2019-01-24

Abstract:Denial of service attacks are especially pertinent to the internet of things as devices have less computing power, memory and security mechanisms to defend against them. The task of mitigating these attacks must therefore be redirected from the device onto a network monitor. Network intrusion detection systems can be used as an effective and efficient technique in internet of things systems to offload computation from the devices and detect denial of service attacks before they can cause harm. However the solution of implementing a network intrusion detection system for internet of things networks is not without challenges due to the variability of these systems and specifically the difficulty in collecting data. We propose a model-hybrid approach to model the scale of the internet of things system and effectively train network intrusion detection systems. Through bespoke datasets generated by the model, the IDS is able to predict a wide spectrum of real-world attacks, and as demonstrated by an experiment construct more predictive datasets at a fraction of the time of other more standard techniques.

Cryptography and Security

Hayelom Gebrye,Yong Wang,Fagen Li

DOI: https://doi.org/10.1016/j.compeleceng.2024.109716

2024-01-01

Abstract:The growing adoption of Internet of Things (IoT) has rendered them a desirable target for cyber-attacks. One of the biggest threats to these systems is the distributed denial of service (DDoS) attack, which is a botnet-based attack. The reason for the increasing usage of machine learning and deep learning-based intrusion detection systems in IoT network security is their ability to recognize DDoS attack. Recent studies, however, shows how susceptible IoT networks are to these kinds of attacks and detection accuracy can be greatly lowered. While a majority of studies has concentrated on DDoS attack detection for deep learning, little attention has been paid to computer vision, especially image-based artificial intelligence technologies like convolutional neural network (CNN). In this study, we use an image-based dataset to evaluate the effectiveness of CNN, an effective computer vision approach, for DDoS attack detection in IoT contexts. Owing to the small size of the selected dataset and in order to improve the CNN model's detection efficiency, we implement various data augmentation techniques prior to the model's training, including scaling, rotation, and vertical and horizontal flipping. Next, we introduce an efficient CNN-based method for detection of DDoS attacks in IoT settings. Ultimately, we came to the conclusion that the statistical significance testing showed that there is a significance difference among the five models employed during the study, and the VGG19 which has higher accuracy (99.74%) and less computing cost (6020.80 s), which enables IoT devices to perform DDoS attack detection with cost-effectiveness.

Yantian Luo,Hancun Sun,Xu Chen,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.23919/jcc.fa.2022-0783.202304

2023-01-01

China Communications

Abstract:In the upcoming large-scale Internet of Things (IoT), it is increasingly challenging to defend against malicious traffic, due to the heterogeneity of IoT devices and the diversity of IoT communication protocols. In this paper, we propose a semi-supervised learning-based approach to detect malicious traffic at the access side. It overcomes the resource-bottleneck problem of traditional malicious traffic defenders which are deployed at the victim side, and also is free of labeled traffic data in model training. Specifically, we design a coarse-grained behavior model of IoT devices by self-supervised learning with unlabeled traffic data. Then, we fine-tune this model to improve its accuracy in malicious traffic detection by adopting a transfer learning method using a small amount of labeled data. Experimental results show that our method can achieve the accuracy of 99.52% and the F1-score of 99.52% with only 1% of the labeled training data based on the CICDDoS2019 dataset. Moreover, our method outperforms the state-of-the-art supervised learning-based methods in terms of accuracy, precision, recall and F1-score with 1% of the training data.

Firas Mohammed Aswad,Ali Mohammed Saleh Ahmed,Nafea Ali Majeed Alhammadi,Bashar Ahmad Khalaf,Salama A. Mostafa

DOI: https://doi.org/10.1515/jisys-2022-0155

2023-01-01

Journal of Intelligent Systems

Abstract:Abstract With the rapid growth of informatics systems’ technology in this modern age, the Internet of Things (IoT) has become more valuable and vital to everyday life in many ways. IoT applications are now more popular than they used to be due to the availability of many gadgets that work as IoT enablers, including smartwatches, smartphones, security cameras, and smart sensors. However, the insecure nature of IoT devices has led to several difficulties, one of which is distributed denial-of-service (DDoS) attacks. IoT systems have several security limitations due to their disreputability characteristics, like dynamic communication between IoT devices. The dynamic communications resulted from the limited resources of these devices, such as their data storage and processing units. Recently, many attempts have been made to develop intelligent models to protect IoT networks against DDoS attacks. The main ongoing research issue is developing a model capable of protecting the network from DDoS attacks that is sensitive to various classes of DDoS and can recognize legitimate traffic to avoid false alarms. Subsequently, this study proposes combining three deep learning algorithms, namely recurrent neural network (RNN), long short-term memory (LSTM)-RNN, and convolutional neural network (CNN), to build a bidirectional CNN-BiLSTM DDoS detection model. The RNN, CNN, LSTM, and CNN-BiLSTM are implemented and tested to determine the most effective model against DDoS attacks that can accurately detect and distinguish DDoS from legitimate traffic. The intrusion detection evaluation dataset (CICIDS2017) is used to provide more realistic detection. The CICIDS2017 dataset includes benign and up-to-date examples of typical attacks, closely matching real-world data of Packet Capture. The four models are tested and assessed using Confusion Metrix against four commonly used criteria: accuracy, precision, recall, and F -measure. The performance of the models is quite effective as they obtain an accuracy rate of around 99.00%, except for the CNN model, which achieves an accuracy of 98.82%. The CNN-BiLSTM achieves the best accuracy of 99.76% and precision of 98.90%.

Chathuranga Sampath Kalutharage,Xiaodong Liu,Christos Chrysoulas,Nikolaos Pitropakis,Pavlos Papadopoulos

DOI: https://doi.org/10.3390/computers12020032

2023-01-01

Computers

Abstract:The modern digitized world is mainly dependent on online services. The availability of online systems continues to be seriously challenged by distributed denial of service (DDoS) attacks. The challenge in mitigating attacks is not limited to identifying DDoS attacks when they happen, but also identifying the streams of attacks. However, existing attack detection methods cannot accurately and efficiently detect DDoS attacks. To this end, we propose an explainable artificial intelligence (XAI)-based novel method to identify DDoS attacks. This method detects abnormal behaviours of network traffic flows by analysing the traffic at the network layer. Moreover, it chooses the most influential features for each anomalous instance with influence weight and then sets a threshold value for each feature. Hence, this DDoS attack detection method defines security policies based on each feature threshold value for application-layer-based, volumetric-based, and transport control protocol (TCP) state-exhaustion-based features. Since the proposed method is based on layer three traffic, it can identify DDoS attacks on both Internet of Things (IoT) and traditional networks. Extensive experiments were performed on the University of Sannio, Benevento Instrution Detection System (USB-IDS) dataset, which consists of different types of DDoS attacks to test the performance of the proposed solution. The results of the comparison show that the proposed method provides greater detection accuracy and attack certainty than the state-of-the-art methods.

Jared Mathews,Prosenjit Chatterjee,Shankar Banik

DOI: https://doi.org/10.48550/arXiv.2206.14341

2022-06-29

Cryptography and Security

Abstract:The need for secure Internet of Things (IoT) devices is growing as IoT devices are becoming more integrated into vital networks. Many systems rely on these devices to remain available and provide reliable service. Denial of service attacks against IoT devices are a real threat due to the fact these low power devices are very susceptible to denial-of-service attacks. Machine learning enabled network intrusion detection systems are effective at identifying new threats, but they require a large amount of data to work well. There are many network traffic data sets but very few that focus on IoT network traffic. Within the IoT network data sets there is a lack of CoAP denial of service data. We propose a novel data set covering this gap. We develop a new data set by collecting network traffic from real CoAP denial of service attacks and compare the data on multiple different machine learning classifiers. We show that the data set is effective on many classifiers.

K. Janani,S. Ramamoorthy

DOI: https://doi.org/10.1080/09540091.2022.2149698

2022-12-12

Connection Science

Abstract:Most of the recent research has focused on the Internet of Things (IoT) and its applications. The open interface and network connectivity of the interconnected systems under the IoT network make them vulnerable to hackers. A model has been proposed to identify and classify IoT routing attacks. To generate IoT routing datasets, the Cooja simulator is used at first. The IoT routing dataset is then augmented into larger volumes using ADASYN, which is also used to solve the class imbalance problems. A deep learning hybrid model based on a Long-Short-Term Memory (LSTM) network and adaptive Mayfly Optimization Algorithm (LAMOA) was presented for the classification of IoT attacks. The adaptive MOA adjusts the weights in the various layers of the LSTM network and the Fully Connected Layer with SoftMax Classification. As part of the validation process, the proposed model was also compared with benchmark datasets NSL-KDD, BoT-IoT, and IoT-23. Using benchmark datasets, LAMOA achieved 99.94% accuracy for multiclassifications, 99.92% accuracy for binary classifications, and 98.42% accuracy for real-time datasets. Compared to other models, our proposed model significantly improves the accuracy of each attack's classification by 5–10%. GRAPHICAL

computer science, artificial intelligence, theory & methods

Ganesh Subramaniam,Huan Chen,Ravi Varadhan,Robert Archibald

DOI: https://doi.org/10.48550/arXiv.2108.08924

2021-08-19

Cryptography and Security

Abstract:Cybersecurity, security monitoring of malicious events in IP traffic, is an important field largely unexplored by statisticians. Computer scientists have made significant contributions in this area using statistical anomaly detection and other supervised learning methods to detect specific malicious events. In this research, we investigate the detection of botnet command and control (C&C) hosts in massive IP traffic. We use the NetFlow data, the industry standard for monitoring of IP traffic for exploratory analysis and extracting new features. Using statistical as well as deep learning models, we develop a statistical intrusion detection system (SIDS) to predict traffic traces identified with malicious attacks. Employing interpretative machine learning techniques, botnet traffic signatures are derived. These models successfully detected botnet C&C hosts and compromised devices. The results were validated by matching predictions to existing blacklists of published malicious IP addresses.