Junchi Xing,Haifeng Zhou,Jinfan Shen,Kai Zhu,Yansong Wang,Chunming Wu,Wei Ruan

DOI: https://doi.org/10.1109/ICT.2018.8464855

2018-01-01

Abstract:Distributed Denial-of-Service (DDoS) attack has been a "nightmare" for cloud. A countermeasure is to establish an Intrusion Detection and Prevention System (IDPS) for cloud. Nevertheless, current IDPSes fail to achieve the detection and prevention in a flexible and lightweight way. In this paper, we propose a novel scheme of IDPS for overcoming the above problem, termed as Auto-scaling IDPS (AsIDPS). AsIDPS is based on Software-Defined Networking (SDN) and Docker container technologies. It first detects abnormal traffic based on the flow statistics collected in SDN switches in real-time. By the SDN controller, the abnormal traffic will be directed to the created Docker containers with Snort running on them for further detection and clean-up. Particularly, the Docker containers can be automatically scaled out or scaled down on demand. The Snort will also deliver an alert to the SDN controller if it detects attack traffic so as to perform a countermeasure if necessary. Benefitting from the flexible network management offered by SDN and the lightweight Docker container, AsIDPS is able to build a flexible and lightweight defense against DDoS attack in cloud. Based on our prototype implementation, we validate the effectiveness of AsIDPS in defending DDoS attack, and also verify its flexibility and lightweight.

Walid I. Khedr,Ameer E. Gouda,Ehab R. Mohamed

DOI: https://doi.org/10.3390/math11163552

IF: 2.4

2023-08-18

Mathematics

Abstract:Distributed Denial of Service (DDoS) and Address Resolution Protocol (ARP) attacks pose significant threats to the security of Software-Defined Internet of Things (SD-IoT) networks. The standard Software-Defined Networking (SDN) architecture faces challenges in effectively detecting, preventing, and mitigating these attacks due to its centralized control and limited intelligence. In this paper, we present P4-HLDMC, a novel collaborative secure framework that combines machine learning (ML), stateful P4, and a hierarchical logically distributed multi-controller architecture. P4-HLDMC overcomes the limitations of the standard SDN architecture, ensuring scalability, performance, and an efficient response to attacks. It comprises four modules: the multi-controller dedicated interface (MCDI) for real-time attack detection through a distributed alert channel (DAC), the MSMPF, a P4-enabled stateful multi-state matching pipeline function for analyzing IoT network traffic using nine state tables, the modified ensemble voting (MEV) algorithm with six classifiers for enhanced detection of anomalies in P4-extracted traffic patterns, and an attack mitigation process distributed among multiple controllers to effectively handle larger-scale attacks. We validate our framework using diverse test cases and real-world IoT network traffic datasets, demonstrating high detection rates, low false-alarm rates, low latency, and short detection times compared to existing methods. Our work introduces the first integrated framework combining ML, stateful P4, and SDN-based multi-controller architecture for DDoS and ARP detection in IoT networks.

mathematics

Hassen Mohammed Alsafi,Wafaa Mustafa Abduallah,Al-Sakib Khan Pathan

DOI: https://doi.org/10.48550/arXiv.1203.3323

2012-03-15

Abstract:Today, many organizations are moving their computing services towards the Cloud. This makes their computer processing available much more conveniently to users. However, it also brings new security threats and challenges about safety and reliability. In fact, Cloud Computing is an attractive and cost-saving service for buyers as it provides accessibility and reliability options for users and scalable sales for providers. In spite of being attractive, Cloud feature poses various new security threats and challenges when it comes to deploying Intrusion Detection System (IDS) in Cloud environments. Most Intrusion Detection Systems (IDSs) are designed to handle specific types of attacks. It is evident that no single technique can guarantee protection against future attacks. Hence, there is a need for an integrated scheme which can provide robust protection against a complete spectrum of threats. On the other hand, there is great need for technology that enables the network and its hosts to defend themselves with some level of intelligence in order to accurately identify and block malicious traffic and activities. In this case, it is called Intrusion prevention system (IPS). Therefore, in this paper, we emphasize on recent implementations of IDS on Cloud Computing environments in terms of security and privacy. We propose an effective and efficient model termed as the Integrated Intrusion Detection and Prevention System (IDPS) which combines both IDS and IPS in a single mechanism. Our mechanism also integrates two techniques namely, Anomaly Detection (AD) and Signature Detection (SD) that can work in cooperation to detect various numbers of attacks and stop them through the capability of IPS.

Networking and Internet Architecture,Cryptography and Security

Peyman Khordadpour,Saeed Ahmadi

DOI: https://doi.org/10.48550/arXiv.2305.16389

2023-05-26

Abstract:In recent times, I've encountered a principle known as cloud computing, a model that simplifies user access to data and computing power on a demand basis. The main objective of cloud computing is to accommodate users' growing needs by decreasing dependence on human resources, minimizing expenses, and enhancing the speed of data access. Nevertheless, preserving security and privacy in cloud computing systems pose notable challenges. This issue arises because these systems have a distributed structure, which is susceptible to unsanctioned access - a fundamental problem. In the context of cloud computing, the provision of services on demand makes them targets for common assaults like Denial of Service (DoS) attacks, which include Economic Denial of Sustainability (EDoS) and Distributed Denial of Service (DDoS). These onslaughts can be classified into three categories: bandwidth consumption attacks, specific application attacks, and connection layer attacks. Most of the studies conducted in this arena have concentrated on a singular type of attack, with the concurrent detection of multiple DoS attacks often overlooked. This article proposes a suitable method to identify four types of assaults: HTTP, Database, TCP SYN, and DNS Flood. The aim is to present a universal algorithm that performs effectively in detecting all four attacks instead of using separate algorithms for each one. In this technique, seventeen server parameters like memory usage, CPU usage, and input/output counts are extracted and monitored for changes, identifying the failure point using the CUSUM algorithm to calculate the likelihood of each attack. Subsequently, a fuzzy neural network is employed to determine the occurrence of an attack. When compared to the Snort software, the proposed method's results show a significant improvement in the average detection rate, jumping from 57% to 95%.

Cryptography and Security

Qasem Abu Al-Haija,Charles McCurry,Saleh Zein-Sabatto

DOI: https://doi.org/10.20944/preprints202011.0508.v1

2020-11-19

Abstract:With the rapid expansion of intelligent resource-constrained devices and high-speed communication technologies, Internet of Things (IoT) has earned a wide recognition as the primary standard for low-power lossy networks (LLNs). Nevertheless, IoT infrastructures are vulnerable to cyber-attacks due to the constraints in computation, storage, and communication capacity of the endpoint devices. From one side, the majority of newly developed cyber-attacks are formed by slightly mutating formerly established cyber-attacks to produce a new attack tending to be treated as a normal traffic through the IoT network. From the other side, the influence of coupling the deep learning techniques with cybersecurity field has become a recent inclination of many security applications due to their impressive performance. In this paper, we provide a comprehensive development of a new intelligent and autonomous deep learning-based detection and classification system for cyber-attacks in IoT communication networks leveraging the power of convolutional neural networks, abbreviated as (IoT-IDCS-CNN). The proposed IoT-IDCS-CNN makes use of the high-performance computing employing the robust CUDA based Nvidia GPUs and the parallel processing employing the high-speed I9-Cores based Intel CPUs. In particular, the proposed system is composed of three subsystems: Feature Engineering subsystem, Feature Learning subsystem and Traffic classification subsystem. All subsystems are developed, verified, integrated, and validated in this research. To evaluate the developed system, we employed the NSL-KDD dataset which includes all the key attacks in the IoT computing. The simulation results demonstrated more than 99.3% and 98.2% of cyber-attacks’ classification accuracy for the binary-class classifier (normal vs anomaly) and the multi-class classifier (five categories) respectively. The proposed system was validated using k-fold cross validation method and was evaluated using the confusion matrix parameters (i.e., TN, TP, FN, FP) along with other classification performance metrics including precision, recall, F1-score, and false alarm rate. The test and evaluation results of the IoT-IDCS-CNN system outperformed many recent machine-learning based IDCS systems in the same area of study.

Prabhat Kumar,Govind P. Gupta,Rakesh Tripathi

DOI: https://doi.org/10.1007/s12652-020-02696-3

IF: 3.662

2020-11-27

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the development of internet of things (IoT), capabilities of computing, networking infrastructure, storage of data and management have come very close to the edge of networks. This has accelerated the necessity of Fog computing paradigm. Due to availability of Internet, most of our business operations are integrated with IoT platform. Fog computing has enhanced the strategy of collecting and processing, huge amount of data. On the other hand, attacks and malicious activities has adverse consequences on the development of IoT, Fog, and cloud computing. This has led to development of many security models using fog computing to protect IoT network. Therefore, for dynamic and highly scalable IoT environment, a distributed architecture based intrusion detection system (IDS) is required that can distribute the existing centralized computing to local fog nodes and can efficiently detect modern IoT attacks. This paper proposes a novel distributed ensemble design based IDS using Fog computing, which combines k-nearest neighbors, XGBoost, and Gaussian naive Bayes as first-level individual learners. At second-level, the prediction results obtained from first level is used by Random Forest for final classification. Most of the existing proposals are tested using KDD99 or NSL-KDD dataset. However, these datasets are obsolete and lack modern IoT-based attacks. In this paper, UNSW-NB15 and actual IoT-based dataset namely, DS2OS are used for verifying the effectiveness of the proposed system. The experimental result revealed that the proposed distributed IDS with UNSW-NB15 can achieve higher detection rate upto 71.18% for Backdoor, 68.98% for Analysis, 92.25% for Reconnaissance and 85.42% for DoS attacks. Similarly, with DS2OS dataset, detection rate is upto 99.99% for most of the attack vectors.

computer science, information systems,telecommunications, artificial intelligence

Faten Louati,Farah Barika Ktata,Ikram Amous

DOI: https://doi.org/10.1007/s10586-024-04306-9

2024-03-10

Cluster Computing

Abstract:The growing complexity of security threats and the pervasive prevalence of cyberattacks have become more apparent in the present era, and the advent of big data, characterized by its distinctive features, has introduced layers of complexity to security tasks. Intrusion Detection Systems (IDSs) constitute a crucial line of defense, but their adaptation to the realm of big data is imperative. While traditional Machine Learning (ML)-based IDSs have been pivotal in detecting malicious patterns, they are often incapable to keep pace with the demands of expansive big data networks. This paper proposes a novel decentralized Multi-Agent Reinforcement Learning (MARL)-based IDS designed to address the specific challenges posed by big data. Our solution employs decentralized cooperative MARL, securing communicative channels throughout the detection process and concurrent data preprocessing which significantly reduces the overall processing time. Furthermore, the integration of Cloud computing and Big Data streaming techniques further facilitates real-time intrusion detection as cloud's resources allow rapid pre-process and analyse of massive data streams using powerful clusters. Likewise, Big Data streaming techniques ensure that potential intrusions are identified and addressed as they occur. Experimental results, conducted on the widely recognized NSLKDD benchmark dataset, demonstrate the superiority of our solution over other state-of-the-art approaches for big data networks, achieving an accuracy rate of 97.44%.

computer science, information systems, theory & methods

Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Soham Biswas,Md. Sarfaraj Alam Ansari

DOI: https://doi.org/10.1007/s11227-024-06021-z

IF: 3.3

2024-03-22

The Journal of Supercomputing

Abstract:The term "Internet of Things" (IoT) encompasses an entire group of gadgets that are capable of connecting to the Internet in order to gather and share data. The IoT paradigm is being pushed into computer networks by numerous highly advanced intrusions. Cloud computing greatly enhances the success of the IoT by enabling users to perform computing tasks using Internet-based services accessed through connected devices. This seamless integration of cloud technology and the IoT has become a powerful catalyst, revolutionizing the way we operate. The adoption of a distributed architecture, such as cloud computing, exposes the system to potential threats like Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. To mitigate these risks, the concept of an intrusion detection system (IDS) has been introduced within the cloud environment. Various machine learning (ML) and deep learning (DL) algorithms have been proposed and implemented to effectively detect and respond to such malicious traffic in the cloud system. For dimension reduction during the training process of those algorithms, multiple independent and hybrid techniques have been proposed. This study presents an efficient ML-based real-time IDS framework with proposed hybrid feature selection techniques. Additionally, in this study, a concise comparative analysis has been conducted using five well-known public datasets. The findings presented in this paper reveal that our proposed IDS achieved a maximum accuracy of 99.98% in identifying malicious traffic.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Abdulaziz Aldaej,Tariq Ahamed Ahanger,Imdad Ullah

DOI: https://doi.org/10.3390/s23249869

2023-12-16

Abstract:The Internet of Things (IoT) technology has seen substantial research in Deep Learning (DL) techniques to detect cyberattacks. Critical Infrastructures (CIs) must be able to quickly detect cyberattacks close to edge devices in order to prevent service interruptions. DL approaches outperform shallow machine learning techniques in attack detection, giving them a viable alternative for use in intrusion detection. However, because of the massive amount of IoT data and the computational requirements for DL models, transmission overheads prevent the successful implementation of DL models closer to the devices. As they were not trained on pertinent IoT, current Intrusion Detection Systems (IDS) either use conventional techniques or are not intended for scattered edge-cloud deployment. A new edge-cloud-based IoT IDS is suggested to address these issues. It uses distributed processing to separate the dataset into subsets appropriate to different attack classes and performs attribute selection on time-series IoT data. Next, DL is used to train an attack detection Recurrent Neural Network, which consists of a Recurrent Neural Network (RNN) and Bidirectional Long Short-Term Memory (LSTM). The high-dimensional BoT-IoT dataset, which replicates massive amounts of genuine IoT attack traffic, is used to test the proposed model. Despite an 85 percent reduction in dataset size made achievable by attribute selection approaches, the attack detection capability was kept intact. The models built utilizing the smaller dataset demonstrated a higher recall rate (98.25%), F1-measure (99.12%), accuracy (99.56%), and precision (99.45%) with no loss in class discrimination performance compared to models trained on the entire attribute set. With the smaller attribute space, neither the RNN nor the Bi-LSTM models experienced underfitting or overfitting. The proposed DL-based IoT intrusion detection solution has the capability to scale efficiently in the face of large volumes of IoT data, thus making it an ideal candidate for edge-cloud deployment.

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

Amani K. Samha,Ghalib H. Alshammri,Sasidhar Attuluri,Preetam Suman,Arvind Yadav

DOI: https://doi.org/10.1142/s0218843024500035

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. The prevalence of distributed denial of service (DDoS) flooding assaults is one of the most serious risks to cloud computing security. These types of assaults have as their primary objective the exhaustion of the system's available resources, that is, the target of the attack, in order to make the system in question unavailable to authorized users. Internet thieves often conduct flooding assaults of the kind known as DDoS, focusing primarily on the application and network levels. When the computer infrastructure is multi-mesh-geo distributed, includes multi-parallel services, and a high number of domains, it may be difficult to detect assaults. This is particularly true when a substantial number of domains are present. When there are a big number of independent administrative users using the services, the situation gets more complicated. The purpose of this body of research is to identify signs that may be utilized to detect DDoS flooding assaults; this is its main objective. As a result, throughout the course of our study, we established a composite metric that considers application, system, network, and infrastructure elements as possible indicators of the incidence of DDoS assaults. According to our research, DDoS assaults may be triggered by a combination of variables. Investigations of simulated traffic are being conducted in the cloud. High traffic may be the result of flooding assaults. The composite metric-based intrusion detection system will be the name of a one-of-a-kind intrusion detection system (IDS) that has been agreed upon ICMIDS. This system will use [math]-Means clustering and the Genetic Algorithm (GA) to detect whether an effort has been made to flood the cloud environment. CMIDS employs a multi-threshold algorithmic strategy in order to identify malicious traffic occurring on a cloud-based network. Cisco has created this technology. This strategy necessitates a comprehensive investigation of all factors, which is crucial for assuring the continuation of cloud-based computing-based activities. This monitoring system involves the development, administration, and storage of a profile database, denoted as Profile DB. This database is used for recording and using the composite metric for each virtual machine. The results of a series of tests are compared to the ISCX benchmark dataset and statistical settings. The results indicate that ICMIDS has a reasonably high detection rate and the lowest false alarm rate in the majority of situations examined during the series of tests done to validate and verify its efficacy. This was shown by the fact that ICMIDS had the lowest false alarm rate among all examined conditions.

computer science, information systems

D. Selvapandian,R. Santhosh

DOI: https://doi.org/10.1007/s10515-021-00298-7

IF: 1.677

2021-09-21

Automated Software Engineering

Abstract:The possibility of connecting billions of smart end devices in the Internet of Things (IoT) provides wide range of services to the user. But, the unlimited connectivity of devices in IoT brings security issues when it is connected to wireless networks. Integrating cloud with IoT networks gains more attention as it reduces the sensor node resource limitations. However, the network complexity, open broadcast characteristics of IoT networks are vulnerable to attacks. To ensure network security and reliable operations, Intrusion Detection Systems (IDS) are widely preferred. IDS identifies the anomalies effectively in complex network environments and ensures the security of the network. Traditional intrusion detection systems based on neural networks consume long training time and low classification accuracy. Recently, deep learning methods are widely used in various image and signal processing, security applications. This research work presents a deep learning-based intrusion detection system for multi-cloud IoT environment to overcome the limitations of neural network-based intrusion detection models. The proposed intrusion detection model improves the detection accuracy by improving the training efficiency. Experimental evaluation of proposed model using NSL-KDD dataset provides improved performance than conventional techniques attaining 97.51% of detection rate, 96.28% of detection accuracy, and 94.41% of precision.

Manohar Srinivasan,Narayanan Chidambaram Senthilkumar

DOI: https://doi.org/10.1007/s00500-023-09610-x

IF: 3.732

2024-02-07

Soft Computing

Abstract:The Internet of Things (IoT) has performed a paradigm shift in the method devices and systems interact, allowing seamless connectivity and communication. But, the enhancing interconnectedness and difficulty of IoT platforms also establish novel security problems, making intrusion detection a vital feature of IoT system security. Intrusion detection systems (IDS) role a vital play in detecting and monitoring unauthorized actions or malicious behavior in IoT networks. Typical IDS frequently depends on handcrafted rules or signatures that cannot not efficiently capture the difficult and developing nature of recent cyber threats. Deep learning (DL) methods automatically study and extract high-level representations in raw data, allowing more accurate and adaptive IDs. Most problems in emerging effectual IDSs are the presence of class imbalances in the database, but the count of normal instances far outweighs the count of intrusion samples. This paper focuses on the design of class imbalance data handling with optimal deep learning-based intrusion detection (CIDH-ODLID) techniques in IoT environments. The purpose of this study is to develop a CIDH-ODLID technique for the identification of intrusions in the IoT platform. For the class imbalance data handling process, the SMOTE approach is used in this work. In addition, the CIDH-ODLID technique employs an echo state network (ESN) approach for intrusion detection and classification. Finally, the snake optimization algorithm (SOA) was carried out for an optimum hyperparameter selection of the ESN approach. The performance validation of the CIDH-ODLID approach was performed on the benchmark database. To prove that the previously provided model performed better, a thorough simulation was run. The researchers provided a thorough comparative analysis that showed the proposed approach was better than other current procedures. It had an accuracy of 99.56%, precision of 97.50%, recall of 98.42%, and an F-score of 97.95%. The experimental outcomes exhibit the promising performance of the CIDH-ODLID technique over other models.

computer science, artificial intelligence, interdisciplinary applications

Albara Awajan

DOI: https://doi.org/10.3390/computers12020034

2023-02-05

Computers

Abstract:The impressive growth rate of the Internet of Things (IoT) has drawn the attention of cybercriminals more than ever. The growing number of cyber-attacks on IoT devices and intermediate communication media backs the claim. Attacks on IoT, if they remain undetected for an extended period, cause severe service interruption resulting in financial loss. It also imposes the threat of identity protection. Detecting intrusion on IoT devices in real-time is essential to make IoT-enabled services reliable, secure, and profitable. This paper presents a novel Deep Learning (DL)-based intrusion detection system for IoT devices. This intelligent system uses a four-layer deep Fully Connected (FC) network architecture to detect malicious traffic that may initiate attacks on connected IoT devices. The proposed system has been developed as a communication protocol-independent system to reduce deployment complexities. The proposed system demonstrates reliable performance for simulated and real intrusions during the experimental performance analysis. It detects the Blackhole, Distributed Denial of Service, Opportunistic Service, Sinkhole, and Workhole attacks with an average accuracy of 93.74%. The proposed intrusion detection system’s precision, recall, and F1-score are 93.71%, 93.82%, and 93.47%, respectively, on average. This innovative deep learning-based IDS maintains a 93.21% average detection rate which is satisfactory for improving the security of IoT networks.

Takahiro Ohtani,Ryo Yamamoto,Satoshi Ohzahata

DOI: https://doi.org/10.3390/s24103218

IF: 3.9

2024-05-19

Sensors

Abstract:The recent rapid growth in Internet of Things (IoT) technologies is enriching our daily lives but significant information security risks in IoT fields have become apparent. In fact, there have been large-scale botnet attacks that exploit undiscovered vulnerabilities, known as zero-day attacks. Several intrusion detection methods based on network traffic monitoring have been proposed to address this issue. These methods employ federated learning to share learned attack information among multiple IoT networks, aiming to improve collective detection capabilities against attacks including zero-day attacks. Although their ability to detect zero-day attacks with high precision has been confirmed, challenges such as autonomous labeling of attacks from traffic information and attack information sharing between different device types still remain. To resolve the issues, this paper proposes IDAC, a novel intrusion detection method with autonomous attack candidate labeling and federated learning-based attack candidate sharing. The labeling of attack candidates in IDAC is executed using information autonomously extracted from traffic information, and the labeling can also be applied to zero-day attacks. The federated learning-based attack candidate sharing enables candidate aggregation from multiple networks, and it executes attack determination based on the aggregated similar candidates. Performance evaluations demonstrated that IDS with IDAC within networks based on attack candidates is feasible and achieved comparable detection performance against multiple attacks including zero-day attacks compared to the existing methods while suppressing false positives in the extraction of attack candidates. In addition, the sharing of autonomously extracted attack candidates from multiple networks improves both detection performance and the required time for attack detection.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Sandeepkumar Racherla,Prathyusha Sripathi,Nuruzzaman Faruqui,Md Alamgir Kabir,Md Whaiduzzaman,Syed Aziz Shah

DOI: https://doi.org/10.1109/access.2024.3396461

IF: 3.9

2024-05-10

IEEE Access

Abstract:The Internet of Things (IoT) represents a swiftly expanding sector that is pivotal in driving the innovation of today's smart services. However, the inherent resource-constrained nature of IoT nodes poses significant challenges in embedding advanced algorithms for cybersecurity, leading to an escalation in cyberattacks against these nodes. Contemporary research in Intrusion Detection Systems (IDS) predominantly focuses on enhancing IDS performance through sophisticated algorithms, often overlooking their practical applicability. This paper introduces Deep-IDS, an innovative and practically deployable Deep Learning (DL)-based IDS. It employs a Long-Short-Term-Memory (LSTM) network comprising 64 LSTM units and is trained on the CIC-IDS2017 dataset. Its streamlined architecture renders Deep-IDS an ideal candidate for edge-server deployment, acting as a guardian between IoT nodes and the Internet against Denial of Service, Distributed Denial of Service, Brute Force, Man-in-the-Middle, and Replay Attacks. A distinctive aspect of this research is the trade-off analysis between the intrusion Detection Rate (DR) and the False Alarm Rate (FAR), facilitating the real-time performance of the Deep-IDS. The system demonstrates an exemplary detection rate of 96.8% at the 70% threshold of DR-FAR trade-off and an overall classification accuracy of 97.67%. Furthermore, Deep-IDS achieves precision, recall, and F1-scores of 97.67%, 98.17%, and 97.91%, respectively. On average, Deep-IDS requires 1.49 seconds to identify and mitigate intrusion attempts, effectively blocking malicious traffic sources. The remarkable efficacy, swift response time, innovative design, and novel defense strategy of Deep-IDS not only secure IoT nodes but also their interconnected sub-networks, thereby positioning Deep-IDS as a leading IDS for IoT-enhanced computer networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

WU Jun,WANG Chong-Jun,WANG Jun,CHEN Shi-Fu

DOI: https://doi.org/10.1109/WI-IATW.2006.61

2006-01-01

Abstract:At present, distributed intrusion detection systems are taking on more and more characteristic of distributing and intelligence. Multi-agent system (MAS), which shows its intelligence by the interaction of a group of intelligent agents, is a popular tool for building novel intrusion detection systems (IDSs). The BDI (belief-desire-intention) model is a well studied architecture of agency for intelligent agents situated in complex and dynamic environments. Traditional MAS-based distributed IDSs commonly do their detection work within a framework that employs the method of distributed data collection and hierarchical data analysis. This is a simple and strict method, but it restricts the characteristic of distributing, intelligence and real-time response badly. In this paper, we present a dynamically-created hierarchical framework, and then bring forward the basic algorithm system to support it. We introduce the opponent BDI model to our agents, and realize the detection based on multi-agent cooperation, which effectively improves the traditional distributed intrusion detection

Syed Mohamed Thameem Nizamudeen

DOI: https://doi.org/10.1186/s13677-023-00509-4

2023-09-23

Journal of Cloud Computing

Abstract:In the current era, a tremendous volume of data has been generated by using web technologies. The association between different devices and services have also been explored to wisely and widely use recent technologies. Due to the restriction in the available resources, the chance of security violation is increasing highly on the constrained devices. IoT backend with the multi-cloud infrastructure to extend the public services in terms of better scalability and reliability. Several users might access the multi-cloud resources that lead to data threats while handling user requests for IoT services. It poses a new challenge in proposing new functional elements and security schemes. This paper introduces an intelligent Intrusion Detection Framework (IDF) to detect network and application-based attacks. The proposed framework has three phases: data pre-processing, feature selection and classification. Initially, the collected datasets are pre-processed using Integer- Grading Normalization (I-GN) technique that ensures a fair-scaled data transformation process. Secondly, Opposition-based Learning- Rat Inspired Optimizer (OBL-RIO) is designed for the feature selection phase. The progressive nature of rats chooses the significant features. The fittest value ensures the stability of the features from OBL-RIO. Finally, a 2D-Array-based Convolutional Neural Network (2D-ACNN) is proposed as the binary class classifier. The input features are preserved in a 2D-array model to perform on the complex layers. It detects normal (or) abnormal traffic. The proposed framework is trained and tested on the Netflow-based datasets. The proposed framework yields 95.20% accuracy, 2.5% false positive rate and 97.24% detection rate.

Ahmad Almadhor,Ali Altalbe,Imen Bouazzi,Abdullah Al Hejaili,Natalia Kryvinska

DOI: https://doi.org/10.1038/s41598-024-76016-6

IF: 4.6

2024-10-18

Scientific Reports

Abstract:Due to the rising use of the Internet of Things (IoT), the connectivity of networks increases the risk of Distributed Denial of Service (DDoS) attacks. Decentralized systems commonly used in centralized security systems fail to adequately prevent potential cyber threats in IoT because of the issues of privacy and scaling. The method proposed in this study seeks to remedy these facts by employing Explainable Artificial Intelligence (XAI) together with Federated Deep Neural Networks (FDNNs) to detect and prevent DDoS attacks. Our approach is thus to use federated learning models that are to be trained on distributed and dissimilar sources of data without compromising on the privacy aspect. FDNNs were trained over three rounds with information from three client gadgets incorporating pre-processed datasets of various types of DDoS attacks. Additionally, for feature selection, we integrated XGBoost with SHapley Additive exPlanations (SHAP) to improve model interpretability. The proposed solution can be considered to be quite robust, privacy-preserving, and highly scalable for the detection of DDoS attacks on the IoT network. The results shown on the server side indicate that this approach accurately detects 99.78% of DDoS attacks with a precision rate as high as 99.80%, recall rate (detection rate) going up to 99.74% and F1 score reaching 99.76%. They emphasize that FL-based IDSs are strong enough to cope with cybersecurity challenges in IoT, thus offering hope for securing modern network infrastructures against ever-growing cyber threats.

multidisciplinary sciences