Abdulelah Al Hanif,Mohammad Ilyas

2024-08-01

Abstract:The rapid development of the Internet of Things (IoT) environment has introduced unprecedented levels of connectivity and automation. The Message Queuing Telemetry Transport (MQTT) protocol has become recognized in IoT applications due to its lightweight and efficient features; however, this simplicity also renders MQTT vulnerable to multiple attacks that can be launched against the protocol, including denial of service (DoS) and brute-force attacks. This study aims to improve the detection of intrusion DoS and brute-force attacks in an MQTT traffic intrusion detection system (IDS). Our approach utilizes the MQTT dataset for model training by employing effective feature engineering and ensemble learning techniques. Following our analysis and comparison, we identified the top 10 features demonstrating the highest effectiveness, leading to improved model accuracy. We used supervised machine learning models, including Random Forest, Decision Trees, k-Nearest Neighbors, and XGBoost, in combination with ensemble classifiers. Stacking, voting, and bagging ensembles utilize these four supervised machine-learning methods to combine models. This study's results illustrate the proposed technique's efficacy in enhancing the accuracy of detecting DoS and brute-force attacks in MQTT traffic. Stacking and voting classifiers achieved the highest accuracy of 0.9538. Our approach outperforms the most recent study that utilized the same dataset.

Networking and Internet Architecture

Muhammad Almas Khan,Muazzam A. Khan,Sana Ullah Jan,Jawad Ahmad,Sajjad Shaukat Jamal,Awais Aziz Shah,Nikolaos Pitropakis,William J. Buchanan

DOI: https://doi.org/10.3390/s21217016

IF: 3.9

2021-10-22

Sensors

Abstract:A large number of smart devices in Internet of Things (IoT) environments communicate via different messaging protocols. Message Queuing Telemetry Transport (MQTT) is a widely used publish–subscribe-based protocol for the communication of sensor or event data. The publish–subscribe strategy makes it more attractive for intruders and thus increases the number of possible attacks over MQTT. In this paper, we proposed a Deep Neural Network (DNN) for intrusion detection in the MQTT-based protocol and also compared its performance with other traditional machine learning (ML) algorithms, such as a Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbour (kNN), Decision Tree (DT), Long Short-Term Memory (LSTM), and Gated Recurrent Units (GRUs). The performance is proved using two different publicly available datasets, including (1) MQTT-IoT-IDS2020 and (2) a dataset with three different types of attacks, such as Man in the Middle (MitM), Intrusion in the network, and Denial of Services (DoS). The MQTT-IoT-IDS2020 contains three abstract-level features, including Uni-Flow, Bi-Flow, and Packet-Flow. The results for the first dataset and binary classification show that the DNN-based model achieved 99.92%, 99.75%, and 94.94% accuracies for Uni-flow, Bi-flow, and Packet-flow, respectively. However, in the case of multi-label classification, these accuracies reduced to 97.08%, 98.12%, and 90.79%, respectively. On the other hand, the proposed DNN model attains the highest accuracy of 97.13% against LSTM and GRUs for the second dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yazeed Alotaibi,Mohammad Ilyas

DOI: https://doi.org/10.3390/s23125568

2023-06-14

Abstract:The Internet of Things (IoT) comprises a network of interconnected nodes constantly communicating, exchanging, and transferring data over various network protocols. Studies have shown that these protocols pose a severe threat (Cyber-attacks) to the security of data transmitted due to their ease of exploitation. In this research, we aim to contribute to the literature by improving the Intrusion Detection System (IDS) detection efficiency. In order to improve the efficiency of the IDS, a binary classification of normal and abnormal IoT traffic is constructed to enhance the IDS performance. Our method employs various supervised ML algorithms and ensemble classifiers. The proposed model was trained on TON-IoT network traffic datasets. Four of the trained ML-supervised models have achieved the highest accurate outcomes; Random Forest, Decision Tree, Logistic Regression, and K-Nearest Neighbor. These four classifiers are fed to two ensemble approaches: voting and stacking. The ensemble approaches were evaluated using the evaluation metrics and compared for their efficacy on this classification problem. The accuracy of the ensemble classifiers was higher than that of the individual models. This improvement can be attributed to ensemble learning strategies that leverage diverse learning mechanisms with varying capabilities. By combining these strategies, we were able to enhance the reliability of our predictions while reducing the occurrence of classification errors. The experimental results show that the framework can improve the efficiency of the Intrusion Detection System, achieving an accuracy rate of 0.9863.

Rohit Singh,Krishna Pal Sharma,Lalit Kumar Awasthi

DOI: https://doi.org/10.1007/s10586-024-04519-y

2024-05-13

Cluster Computing

Abstract:The rapidly growing number of Internet of Things (IoT) devices has led to a rise in data transfers, which has raised security concerns. Due to the devices' limited processing capabilities and vulnerability to many cyber attacks, securing IoT communications is challenging. Security threats, especially Distributed Denial of Service (DDoS) attacks, take a toll on the network in the form of increased communication overhead. Hence, a centralized unit is required to detect DDoS attacks in IoT networks at the earliest. Software-Defined Networking (SDN) promises a potential solution for better network traffic management and data flow. This paper presents a machine learning-based ensemble model for the detection of DDoS attacks in IoT networks using SDN. The proposed model employs a multi-step approach utilizing various Machine Learning (ML) algorithms. The proposed Ensemble Model (EM) combines Logistic Regression (LR), k-Nearest Neighbors (KNN), Gradient Boosting (GB), Extra-tree (ET), AdaBoost, and XGBoost, with XGBoost as the final estimator classifier. Various metrics, including sensitivity, specificity, precision, accuracy, and others, derived from the confusion matrix, evaluate the proposed model's performance. The EM demonstrates superior performance during comparative analysis with state-of-the-art schemes, with a classification accuracy of 99.8%. Furthermore, the paper evaluates the model based on Receiver Operator Characteristic (ROC) curves, showing its superiority in True Positive Rates (TPR) compared to False Positive Rates (FPR). The AUC analysis supports the EM's effectiveness. Cross-validation results further validate the model's robustness, with a mean accuracy of 97.92%.

computer science, information systems, theory & methods

Ogobuchi Daniel Okey,Siti Sarah Maidin,Pablo Adasme,Renata Lopes Rosa,Muhammad Saadi,Dick Carrillo Melgarejo,Demóstenes Zegarra Rodríguez

DOI: https://doi.org/10.3390/s22197409

2022-09-29

Abstract:Following the recent advances in wireless communication leading to increased Internet of Things (IoT) systems, many security threats are currently ravaging IoT systems, causing harm to information. Considering the vast application areas of IoT systems, ensuring that cyberattacks are holistically detected to avoid harm is paramount. Machine learning (ML) algorithms have demonstrated high capacity in helping to mitigate attacks on IoT devices and other edge systems with reasonable accuracy. However, the dynamics of operation of intruders in IoT networks require more improved IDS models capable of detecting multiple attacks with a higher detection rate and lower computational resource requirement, which is one of the challenges of IoT systems. Many ensemble methods have been used with different ML classifiers, including decision trees and random forests, to propose IDS models for IoT environments. The boosting method is one of the approaches used to design an ensemble classifier. This paper proposes an efficient method for detecting cyberattacks and network intrusions based on boosted ML classifiers. Our proposed model is named BoostedEnML. First, we train six different ML classifiers (DT, RF, ET, LGBM, AD, and XGB) and obtain an ensemble using the stacking method and another with a majority voting approach. Two different datasets containing high-profile attacks, including distributed denial of service (DDoS), denial of service (DoS), botnets, infiltration, web attacks, heartbleed, portscan, and botnets, were used to train, evaluate, and test the IDS model. To ensure that we obtained a holistic and efficient model, we performed data balancing with synthetic minority oversampling technique (SMOTE) and adaptive synthetic (ADASYN) techniques; after that, we used stratified K-fold to split the data into training, validation, and testing sets. Based on the best two models, we construct our proposed BoostedEnsML model using LightGBM and XGBoost, as the combination of the two classifiers gives a lightweight yet efficient model, which is part of the target of this research. Experimental results show that BoostedEnsML outperformed existing ensemble models in terms of accuracy, precision, recall, F-score, and area under the curve (AUC), reaching 100% in each case on the selected datasets for multiclass classification.

Hector Alaiz-Moreton,Jose Aveleira-Mata,Jorge Ondicol-Garcia,Angel Luis Muñoz-Castañeda,Isaías García,Carmen Benavides

DOI: https://doi.org/10.1155/2019/6516253

2024-02-06

Abstract:The large number of sensors and actuators that make up the Internet of Things obliges these systems to use diverse technologies and protocols. This means that IoT networks are more heterogeneous than traditional networks. This gives rise to new challenges in cybersecurity to protect these systems and devices which are characterized by being connected continuously to the Internet. Intrusion detection systems (IDS) are used to protect IoT systems from the various anomalies and attacks at the network level. Intrusion Detection Systems (IDS) can be improved through machine learning techniques. Our work focuses on creating classification models that can feed an IDS using a dataset containing frames under attacks of an IoT system that uses the MQTT protocol. We have addressed two types of method for classifying the attacks, ensemble methods and deep learning models, more specifically recurrent networks with very satisfactory results.

Machine Learning,Cryptography and Security

Abdulelah Al Hanif,Mohammad Ilyas

DOI: https://doi.org/10.3390/s24061782

IF: 3.9

2024-03-10

Sensors

Abstract:The explosive growth of the domain of the Internet of things (IoT) network devices has resulted in unparalleled ease of productivity, convenience, and automation, with Message Queuing Telemetry Transport (MQTT) protocol being widely recognized as an essential communication standard in IoT environments. MQTT enables fast and lightweight communication between IoT devices to facilitate data exchange, but this flexibility also exposes MQTT to significant security vulnerabilities and challenges that demand highly robust security. This paper aims to enhance the detection efficiency of an MQTT traffic intrusion detection system (IDS). Our proposed approach includes the development of a binary balanced MQTT dataset with an effective feature engineering and machine learning framework to enhance the security of MQTT traffic. Our feature selection analysis and comparison demonstrates that selecting a 10-feature model provides the highest effectiveness, as it shows significant advantages in terms of constant accuracy and superior training and testing times across all models. The results of this study show that the framework has the capability to enhance the efficiency of an IDS for MQTT traffic, with more than 96% accuracy, precision, recall, F1-score, and ROC, and it outperformed the most recent study that used the same dataset.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rana Alasmari,Areej Abdullah Alhogail

DOI: https://doi.org/10.1109/access.2024.3367113

IF: 3.9

2024-02-28

IEEE Access

Abstract:Smart homes are becoming increasingly popular worldwide, and they are mainly based on Internet of Things (IoT) technologies to enable their functionality. However, because IoT devices have limited computing power and resources, implementing strong security measures is difficult, making the use of intrusion detection systems (IDS) an appropriate option. In this study, we propose an optimized model with high performance for intrusion detection in Message Queue Telemetry Transport protocol (MQTT)-based IoT networks for smart homes. This is done by studying 22 Machine Learning (ML) algorithms based on an extended two-stage evaluation approach that includes several aspects for optimizing and validating the performance to find the ideal model. Based on the empirical evaluation, the Generalized Linear Model (GLM) classifier with the random over-sampling technique produced the best detection performance with 100% accuracy and an f-score of 100%, outperforming previous studies. This study also investigated the influence of automatic feature engineering techniques on the performance of algorithms. With the automatic feature engineering technique, the performance increased by up to 38.9%, and the time required to classify the attacks decreased by up to 67.7%. This shows that automatic feature engineering can improve performance and reduce detection time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Nouf Saeed Alotaibi,Hassan I. Sayed Ahmed,Samah Osama M. Kamel,Ghada Farouk ElKabbany,Hassan I. Sayed Sayed Ahmed

DOI: https://doi.org/10.3390/s24051638

IF: 3.9

2024-03-03

Sensors

Abstract:The Message Queuing Telemetry Transport (MQTT) protocol stands out as one of the foremost and widely recognized messaging protocols in the field. It is often used to transfer and manage data between devices and is extensively employed for applications ranging from smart homes and industrial automation to healthcare and transportation systems. However, it lacks built-in security features, thereby making it vulnerable to many types of attacks such as man-in-the-middle (MitM), buffer overflow, pre-shared key, brute force authentication, malformed data, distributed denial-of-service (DDoS) attacks, and MQTT publish flood attacks. Traditional methods for detecting MQTT attacks, such as deep neural networks (DNNs), k-nearest neighbor (KNN), linear discriminant analysis (LDA), and fuzzy logic, may exist. The increasing prevalence of device connectivity, sensor usage, and environmental scalability become the most challenging aspects that novel detection approaches need to address. This paper presents a new solution that leverages an H2O-based distributed machine learning (ML) framework to improve the security of the MQTT protocol in networks, particularly in IoT environments. The proposed approach leverages the strengths of the H2O algorithm and architecture to enable real-time monitoring and distributed detection and classification of anomalous behavior (deviations from expected activity patterns). By harnessing H2O's algorithms, the identification and timely mitigation of potential security threats are achieved. Various H2O algorithms, including random forests, generalized linear models (GLMs), gradient boosting machine (GBM), XGBoost, and the deep learning (DL) algorithm, have been assessed to determine the most reliable algorithm in terms of detection performance. This study encompasses the development of the proposed algorithm, including implementation details and evaluation results. To assess the proposed model, various evaluation metrics such as mean squared error (MSE), root-mean-square error (RMSE), mean per class error (MCE), and log loss are employed. The results obtained indicate that the H2OXGBoost algorithm outperforms other H2O models in terms of accuracy. This research contributes to the advancement of secure IoT networks and offers a practical approach to enhancing the security of MQTT communication channels through distributed detection and classification techniques.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qasem Abu Al-Haija,Ahmad Al-Badawi

DOI: https://doi.org/10.3390/s22010241

2021-12-29

Abstract:Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%.

Qasem Abu Al-Haija,Mu’awya Al-Dala’ien

DOI: https://doi.org/10.3390/jsan11010018

2022-03-09

Journal of Sensor and Actuator Networks

Abstract:Due to the prompt expansion and development of intelligent systems and autonomous, energy-aware sensing devices, the Internet of Things (IoT) has remarkably grown and obstructed nearly all applications in our daily life. However, constraints in computation, storage, and communication capabilities of IoT devices has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for a lightweight and anomaly-based detection system that can build profiles for normal and malicious activities over IoT networks. In this paper, we propose an ensemble learning model for botnet attack detection in IoT networks called ELBA-IoT that profiles behavior features of IoT networks and uses ensemble learning to identify anomalous network traffic from compromised IoT devices. In addition, our IoT-based botnet detection approach characterizes the evaluation of three different machine learning techniques that belong to decision tree techniques (AdaBoosted, RUSBoosted, and bagged). To evaluate ELBA-IoT, we used the N-BaIoT-2021 dataset, which comprises records of both normal IoT network traffic and botnet attack traffic of infected IoT devices. The experimental results demonstrate that our proposed ELBA-IoT can detect the botnet attacks launched from the compromised IoT devices with high detection accuracy (99.6%) and low inference overhead (40 μ-seconds). We also contrast ELBA-IoT results with other state-of-the-art results and demonstrate that ELBA-IoT is superior.

Shaza Dawood Ahmed Rihan,Mohammed Anbar,Basim Ahmad Alabsi

DOI: https://doi.org/10.3390/s23177342

IF: 3.9

2023-08-24

Sensors

Abstract:The Internet of Things (IoT) has transformed our interaction with technology and introduced security challenges. The growing number of IoT attacks poses a significant threat to organizations and individuals. This paper proposes an approach for detecting attacks on IoT networks using ensemble feature selection and deep learning models. Ensemble feature selection combines filter techniques such as variance threshold, mutual information, Chi-square, ANOVA, and L1-based methods. By leveraging the strengths of each technique, the ensemble is formed by the union of selected features. However, this union operation may overlook redundancy and irrelevance, potentially leading to a larger feature set. To address this, a wrapper algorithm called Recursive Feature Elimination (RFE) is applied to refine the feature selection. The impact of the selected feature set on the performance of Deep Learning (DL) models (CNN, RNN, GRU, and LSTM) is evaluated using the IoT-Botnet 2020 dataset, considering detection accuracy, precision, recall, F1-measure, and False Positive Rate (FPR). All DL models achieved the highest detection accuracy, precision, recall, and F1 measure values, ranging from 97.05% to 97.87%, 96.99% to 97.95%, 99.80% to 99.95%, and 98.45% to 98.87%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rehab Alsulami,Batoul Alqarni,Rawan Alshomrani,Fatimah Mashat,Tahani Gazdar

DOI: https://doi.org/10.48084/etasr.6421

2023-12-05

Abstract:During the last decade, Internet of Things (IoT) devices have become widely used in smart homes, smart cities, factories, and many other areas to facilitate daily activities. As IoT devices are vulnerable to many attacks, especially if they are not frequently updated, Intrusion Detection Systems (IDSs) must be used to defend them. Many existing IDSs focus on specific types of IoT application layer protocols, such as MQTT, CoAP, and HTTP. Additionally, many existing IDSs based on machine learning are inefficient in detecting attacks in IoT applications because they use non-IoT-dedicated datasets. Therefore, there is no comprehensive IDS that can detect intrusions that specifically target IoT devices and their various application layer protocols. This paper proposes a new comprehensive IDS for IoT applications called IP-IDS, which can equivalently detect MQTT, HTTP, and CoAP-directed intrusions with high accuracy. Three different datasets were used to train the model: Bot-IoT, MQTT-IoT-IDS2020, and CoAP-DDoS. The obtained results showed that the proposed model outperformed the existing models trained on the same datasets. Additionally, the proposed DT and LSTM models reached an accuracy of 99.9%.

Álvaro Michelena,María Teresa García Ordás,José Aveleira-Mata,David Yeregui Marcos del Blanco,Míriam Timiraos Díaz,Francisco Zayas-Gato,Esteban Jove,José-Luis Casteleiro-Roca,Héctor Quintián,Héctor Alaiz-Moretón,José Luis Calvo-Rolle

DOI: https://doi.org/10.1093/jigpal/jzae013

2024-03-20

Abstract:Abstract This paper aims to enhance security in IoT device networks through a visual tool that utilizes three projection techniques, including Beta Hebbian Learning (BHL), t-distributed Stochastic Neighbor Embedding (t-SNE) and ISOMAP, in order to facilitate the identification of network attacks by human experts. This work research begins with the creation of a testing environment with IoT devices and web clients, simulating attacks over Message Queuing Telemetry Transport (MQTT) for recording all relevant traffic information. The unsupervised algorithms chosen provide a set of projections that enable human experts to visually identify most attacks in real-time, making it a powerful tool that can be implemented in IoT environments easily.

mathematics, applied,logic

Sarah Alkadi,Saad Al-Ahmadi,Mohamed Maher Ben Ismail

DOI: https://doi.org/10.3390/s24082626

IF: 3.9

2024-04-20

Sensors

Abstract:Recently, Machine Learning (ML)-based solutions have been widely adopted to tackle the wide range of security challenges that have affected the progress of the Internet of Things (IoT) in various domains. Despite the reported promising results, the ML-based Intrusion Detection System (IDS) proved to be vulnerable to adversarial examples, which pose an increasing threat. In fact, attackers employ Adversarial Machine Learning (AML) to cause severe performance degradation and thereby evade detection systems. This promoted the need for reliable defense strategies to handle performance and ensure secure networks. This work introduces RobEns, a robust ensemble framework that aims at: (i) exploiting state-of-the-art ML-based models alongside ensemble models for IDSs in the IoT network; (ii) investigating the impact of evasion AML attacks against the provided models within a black-box scenario; and (iii) evaluating the robustness of the considered models after deploying relevant defense methods. In particular, four typical AML attacks are considered to investigate six ML-based IDSs using three benchmarking datasets. Moreover, multi-class classification scenarios are designed to assess the performance of each attack type. The experiments indicated a drastic drop in detection accuracy for some attempts. To harden the IDS even further, two defense mechanisms were derived from both data-based and model-based methods. Specifically, these methods relied on feature squeezing as well as adversarial training defense strategies. They yielded promising results, enhanced robustness, and maintained standard accuracy in the presence or absence of adversaries. The obtained results proved the efficiency of the proposed framework in robustifying IDS performance within the IoT context. In particular, the accuracy reached 100% for black-box attack scenarios while preserving the accuracy in the absence of attacks as well.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mir Shahnawaz Ahmed,Shahid Mehraj Shah

DOI: https://doi.org/10.48550/arXiv.2207.07903

2022-07-16

Abstract:The Internet of Things (IoT) has altered living by controlling devices/things over the Internet. IoT has specified many smart solutions for daily problems, transforming cyber-physical systems (CPS) and other classical fields into smart regions. Most of the edge devices that make up the Internet of Things have very minimal processing power. To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks. In addition, as more and more IoT devices are added, the potential for new and unknown threats grows exponentially. For this reason, an intelligent security framework for IoT networks must be developed that can identify such threats. In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset. The system-generated labelled dataset is used to train a deep learning model to detect IoT network attacks. Additionally, the research presents a feature selection mechanism for identifying the most relevant aspects in the dataset for detecting attacks. The study shows that the suggested model is able to identify the unlabelled IoT network datasets and DBN (Deep Belief Network) outperform the other models with a detection accuracy of 97.5% and a false alarm rate of 2.3% when trained using labelled dataset supplied by the proposed approach.

Information Theory,Cryptography and Security,Machine Learning

Urooj Akram,Wareesa Sharif,Mobeen Shahroz,Muhammad Faheem Mushtaq,Daniel Gavilanes Aray,Ernesto Bautista Thompson,Isabel de la Torre Diez,Sirojiddin Djuraev,Imran Ashraf

DOI: https://doi.org/10.3390/s23146379

IF: 3.9

2023-07-14

Sensors

Abstract:An Internet of Things (IoT) network is prone to many ways of threatening individuals. IoT sensors are lightweight, lack complicated security protocols, and face threats to privacy and confidentiality. Hackers can attack the IoT network and access personal information and confidential data for blackmailing, and negatively manipulate data. This study aims to propose an IoT threat protection system (IoTTPS) to protect the IoT network from threats using an ensemble model RKSVM, comprising a random forest (RF), K nearest neighbor (KNN), and support vector machine (SVM) model. The software-defined networks (SDN)-based IoT network datasets such as KDD cup 99, NSL-KDD, and CICIDS are used for threat detection based on machine learning. The experimental phase is conducted by using a decision tree (DT), logistic regression (LR), Naive Bayes (NB), RF, SVM, gradient boosting machine (GBM), KNN, and the proposed ensemble RKSVM model. Furthermore, performance is optimized by adding a grid search hyperparameter optimization technique with K-Fold cross-validation. As well as the NSL-KDD dataset, two other datasets, KDD and CIC-IDS 2017, are used to validate the performance. Classification accuracies of 99.7%, 99.3%, 99.7%, and 97.8% are obtained for DoS, Probe, U2R, and R2L attacks using the proposed ensemble RKSVM model using grid search and cross-fold validation. Experimental results demonstrate the superior performance of the proposed model for IoT threat detection.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Muhammad Bisri Musthafa,Samsul Huda,Yuta Kodera,Md Arshad Ali,Shunsuke Araki,Jedidah Mwaura,Yasuyuki Nogami

DOI: https://doi.org/10.3390/s24134293

2024-07-01

Abstract:Internet of Things (IoT) devices are leading to advancements in innovation, efficiency, and sustainability across various industries. However, as the number of connected IoT devices increases, the risk of intrusion becomes a major concern in IoT security. To prevent intrusions, it is crucial to implement intrusion detection systems (IDSs) that can detect and prevent such attacks. IDSs are a critical component of cybersecurity infrastructure. They are designed to detect and respond to malicious activities within a network or system. Traditional IDS methods rely on predefined signatures or rules to identify known threats, but these techniques may struggle to detect novel or sophisticated attacks. The implementation of IDSs with machine learning (ML) and deep learning (DL) techniques has been proposed to improve IDSs' ability to detect attacks. This will enhance overall cybersecurity posture and resilience. However, ML and DL techniques face several issues that may impact the models' performance and effectiveness, such as overfitting and the effects of unimportant features on finding meaningful patterns. To ensure better performance and reliability of machine learning models in IDSs when dealing with new and unseen threats, the models need to be optimized. This can be done by addressing overfitting and implementing feature selection. In this paper, we propose a scheme to optimize IoT intrusion detection by using class balancing and feature selection for preprocessing. We evaluated the experiment on the UNSW-NB15 dataset and the NSL-KD dataset by implementing two different ensemble models: one using a support vector machine (SVM) with bagging and another using long short-term memory (LSTM) with stacking. The results of the performance and the confusion matrix show that the LSTM stacking with analysis of variance (ANOVA) feature selection model is a superior model for classifying network attacks. It has remarkable accuracies of 96.92% and 99.77% and overfitting values of 0.33% and 0.04% on the two datasets, respectively. The model's ROC is also shaped with a sharp bend, with AUC values of 0.9665 and 0.9971 for the UNSW-NB15 dataset and the NSL-KD dataset, respectively.

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence

Jisha JoseJ. E. JudithDepartment of Computer Science and Engineering,Noorul Islam Centre for Higher Education,Kumarakovil,India

DOI: https://doi.org/10.1080/00051144.2024.2304369

IF: 1.79

2024-02-10

Automatika

Abstract:The growing Internet of Things (IoT) landscape requires robust security; traditional rule-based systems are insufficient, driving the integration of machine learning (ML) for effective intrusion detection. This paper provides an inclusive overview of research efforts focused on harnessing ML methodologies to fortify intrusion detection within IoT. Tailored feature extraction techniques are pivotal for achieving high detection accuracy while minimizing false positives. The study employs the IoT23 dataset from Kaggle and incorporates four optimization algorithms – Particle Swarm Optimizer, Whale-Pearson optimization algorithm, Harris-Hawks Optimizer, and Support Vector Machine with Particle Swarm optimization algorithm (SVM-PSO) – for feature extraction and selection. A comparison with ML algorithms such as logistic regression, decision tree and naïve Bayes classifier highlights Harris-Hawks Optimizer as the most effective. Furthermore, ensemble methods, particularly the fusion of random forest with HHO optimization, yield an impressive accuracy of 99.97%, surpassing AdaBoost and XGBoost approaches. This paper underscores the application of diverse ensemble learning techniques to enhance intrusion detection precision and efficiency within the intricate IoT landscape, effectively tackling the challenges posed by its complex and ever-changing nature.

automation & control systems,engineering, electrical & electronic