Abdulaziz Aldaej,Tariq Ahamed Ahanger,Imdad Ullah

DOI: https://doi.org/10.3390/s23249869

2023-12-16

Abstract:The Internet of Things (IoT) technology has seen substantial research in Deep Learning (DL) techniques to detect cyberattacks. Critical Infrastructures (CIs) must be able to quickly detect cyberattacks close to edge devices in order to prevent service interruptions. DL approaches outperform shallow machine learning techniques in attack detection, giving them a viable alternative for use in intrusion detection. However, because of the massive amount of IoT data and the computational requirements for DL models, transmission overheads prevent the successful implementation of DL models closer to the devices. As they were not trained on pertinent IoT, current Intrusion Detection Systems (IDS) either use conventional techniques or are not intended for scattered edge-cloud deployment. A new edge-cloud-based IoT IDS is suggested to address these issues. It uses distributed processing to separate the dataset into subsets appropriate to different attack classes and performs attribute selection on time-series IoT data. Next, DL is used to train an attack detection Recurrent Neural Network, which consists of a Recurrent Neural Network (RNN) and Bidirectional Long Short-Term Memory (LSTM). The high-dimensional BoT-IoT dataset, which replicates massive amounts of genuine IoT attack traffic, is used to test the proposed model. Despite an 85 percent reduction in dataset size made achievable by attribute selection approaches, the attack detection capability was kept intact. The models built utilizing the smaller dataset demonstrated a higher recall rate (98.25%), F1-measure (99.12%), accuracy (99.56%), and precision (99.45%) with no loss in class discrimination performance compared to models trained on the entire attribute set. With the smaller attribute space, neither the RNN nor the Bi-LSTM models experienced underfitting or overfitting. The proposed DL-based IoT intrusion detection solution has the capability to scale efficiently in the face of large volumes of IoT data, thus making it an ideal candidate for edge-cloud deployment.

Muneeba Nasir,Abdul Rehman Javed,Muhammad Adnan Tariq,Muhammad Asim,Thar Baker

DOI: https://doi.org/10.1007/s11227-021-04250-0

IF: 3.3

2022-01-13

The Journal of Supercomputing

Abstract:Devices belonging to the realm of edge Internet of Things (IoT) are becoming highly susceptible to intrusion attacks. The large-scale development in edge IoT, ease of availability, and affordability have drastically increased its usage in the real world. The business market revolves around producing better, innovative, and appealing products every day. However, security is often left unchecked to achieve these standards. Therefore, vulnerabilities present in these devices make them susceptible to various intrusion attacks. We devised a model named DF-IDS for detecting intrusions in IoT traffic. DF-IDS consists of two main phases: In the 1stdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$1^{st}$$end{document} phase, it comparatively selects the best features from the feature matrix using SpiderMonkey (SM), principle component analysis (PCA), information gain (IG), and correlation attribute evaluation (CAE). In the 2nddocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$2^{nd}$$end{document} phase, these features along with assigned labels are used to train a deep neural network for intrusion detection. DF-IDS achieves an accuracy of 99.23% with an F1-score of 99.27%. It shows improvement not only in accuracy but also in F1 score as compared to the other comparative models and existing studies.

Deepa Krishnan,Pravin Shrinath

DOI: https://doi.org/10.1007/s13369-024-08742-y

IF: 2.807

2024-02-15

Arabian Journal for Science and Engineering

Abstract:The detection of security attacks holds significant importance in IoT networks, primarily due to the escalating number of interconnected devices and the sensitive nature of the transmitted data. This paper introduces a novel methodology designed to identify both known and unknown attacks within IoT networks. For the identification of known attacks, our proposed approach employs a stacked multi-classifier trained with classwise features. To address the challenge of highly imbalanced classes without resorting to resampling, we utilize the Localized Generalized Matrix Learning Vector Quantization (LGMLVQ) approach to select the most relevant features for each class. The efficacy of this model is evaluated using the widely recognized NF-BoT-IoT dataset, demonstrating an impressive accuracy score of 99.9952%.. The proposed study also focuses on detecting unseen attacks leveraging a shallow autoencoder, employing the technique of reconstruction error thresholding. The efficiency of this approach is evaluated using benchmark datasets. namely NF-ToN-IoT and NF-CSE-CIC-IDS 2018. The model's performance on previously unseen samples is noteworthy, with an average accuracy, precision, recall and F1-Score of 93.715%, 99.955%,90.865% and 95.145%, respectively. The proposed work presents significant contributions to IoT security by proposing a comprehensive solution with demonstrated performance in detecting both known and unknown attacks in the context of imbalanced data.

multidisciplinary sciences

V. Kantharaju,H. Suresh,M. Niranjanamurthy,Syed Immamul Ansarullah,Farhan Amin,Amerah Alabrah

DOI: https://doi.org/10.1038/s41598-024-81535-3

IF: 4.6

2024-12-06

Scientific Reports

Abstract:The Internet of Things (IoT) consist of a network of interconnected nodes constantly communicating, exchanging, and transferring data over various network protocols. Intrusion detection systems using deep learning are a common method used for providing security in IoT. However, traditional deep learning IDS systems do not accurately classify the attack and also require high computation time. Thus, to solve this issue, herein, we propose an advance Intrusion detection framework using Self-Attention Progressive Generative Adversarial Network (SAPGAN) framework for detecting security threats in IoT networks. In our proposed framework, at first, the IoT data are gathered. Then, the data are fed to pre-processing. In pre-processing, it restored the missing value using Local least squares. Then the preprocessing output is fed to feature selection. At feature selection, the optimum features are compiled using a modified War Strategy Optimization Algorithm (WSOA). Based upon the optimum features, the intruders were categorized into two categories named Anomaly and Normal using the proposed framework. Numerous attacks are assembled, including camera-based flood, DDoS, RTSP brute force, etc. We have compared our proposed framework using state of the art model and efficiency of 23.19%, 27.55%, and 18.35% higher accuracy and 14.46%, 26.76%, and 13.65% lower computational time compared to traditional models.

multidisciplinary sciences

N. Sakthipriya,V. Govindasamy,V. Akila,Sakthipriya, N.

DOI: https://doi.org/10.1007/s12083-024-01657-3

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:The "Internet of Things (IoT)" technology has been utilized in various industries in the past few years. As the IoT technology has diverse and small devices connected to it, IoT gadgets are vulnerable to several attacks. These networks are heterogeneous and big, making it difficult to handle the security of the overall network. The methods of upgrading these network security methods to combat different security assaults such as keylogging, denial of service, and man-in-the-middle are also difficult. Due to the network's heterogeneous nature and resource limitations, conventional high-end safety technologies are challenging to implement in IoT networks. Deep learning is an effective technique for identifying botnet attacks. However, the amount of internet activity required for this operation is typically substantial. Thus, implementing a deep learning technique in IoT devices with limited memory is practically difficult. Hence, this paper aims to decrease the dimensionality in the IoT network for efficient attack classification performance in memory constraint IoT devices using Conditional Adversarial Auto Encoder (CAAE) and generate realistic botnet traffic using CAAE to train the model. An efficient N-BaIoT Dataset are initially collected from the online datasets. The collected datasets are then given to the data cleaning process, which helps to avoid unnecessary information by refining essential data for attack detection. Further, the cleaned data is given to the CAAE, which is then incorporated for extracting efficient deep features in order to enhance the attack detection rate. Finally, the attack detection takes place with the extracted deep features, which are performed using the developed Dilated and Cascaded Recurrent Neural Network (DC-RNN) approach for accurately classifying the attacks in IoT devices. Throughout the analysis, the developed model shows 96%, 98%, 97%, and 96% in terms of accuracy, precision, F1-score, and recall. The research assessment is considered to analyze the suggested methods effectiveness by comparing it with conventional techniques.

computer science, information systems,telecommunications

Geethapriya Thamilarasu,Shiven Chawla

DOI: https://doi.org/10.3390/s19091977

2019-04-27

Abstract:Cyber-attacks on the Internet of Things (IoT) are growing at an alarming rate as devices, applications, and communication networks are becoming increasingly connected and integrated. When attacks on IoT networks go undetected for longer periods, it affects availability of critical systems for end users, increases the number of data breaches and identity theft, drives up the costs and impacts the revenue. It is imperative to detect attacks on IoT systems in near real time to provide effective security and defense. In this paper, we develop an intelligent intrusion-detection system tailored to the IoT environment. Specifically, we use a deep-learning algorithm to detect malicious traffic in IoT networks. The detection solution provides security as a service and facilitates interoperability between various network communication protocols used in IoT. We evaluate our proposed detection framework using both real-network traces for providing a proof of concept, and using simulation for providing evidence of its scalability. Our experimental results confirm that the proposed intrusion-detection system can detect real-world intrusions effectively.

Albara Awajan

DOI: https://doi.org/10.3390/computers12020034

2023-02-05

Computers

Abstract:The impressive growth rate of the Internet of Things (IoT) has drawn the attention of cybercriminals more than ever. The growing number of cyber-attacks on IoT devices and intermediate communication media backs the claim. Attacks on IoT, if they remain undetected for an extended period, cause severe service interruption resulting in financial loss. It also imposes the threat of identity protection. Detecting intrusion on IoT devices in real-time is essential to make IoT-enabled services reliable, secure, and profitable. This paper presents a novel Deep Learning (DL)-based intrusion detection system for IoT devices. This intelligent system uses a four-layer deep Fully Connected (FC) network architecture to detect malicious traffic that may initiate attacks on connected IoT devices. The proposed system has been developed as a communication protocol-independent system to reduce deployment complexities. The proposed system demonstrates reliable performance for simulated and real intrusions during the experimental performance analysis. It detects the Blackhole, Distributed Denial of Service, Opportunistic Service, Sinkhole, and Workhole attacks with an average accuracy of 93.74%. The proposed intrusion detection system’s precision, recall, and F1-score are 93.71%, 93.82%, and 93.47%, respectively, on average. This innovative deep learning-based IDS maintains a 93.21% average detection rate which is satisfactory for improving the security of IoT networks.

Pakarat Musikawan,Yanika Kongsorot,Phet Aimtongkham,Chakchai So-In

DOI: https://doi.org/10.1109/access.2024.3480011

IF: 3.9

2024-10-25

IEEE Access

Abstract:In light of the flourishing proliferation of internet services, the popularity of the Internet of Things (IoT) has swiftly grown in the medical and healthcare fields, and this has been accompanied by a simultaneous escalation in the sophistication of intrusion attacks. Drawing inspiration from the accomplishments of deep learning in cyber threat detection, we propose a multigrained scanning-based deep stacking network (MGDSN) to defend against sophisticated cyberattacks on Internet of Medical Things (IoMT) networks. To address the obscured characteristics of intricate cyberattacks, the MGDSN incorporates four components. First, the feature augmentation process leverages an improved multigrained scanning technique to enhance discriminative information. Second, a deep stacking network (DSN) with a weighting mechanism is employed to generate a set of predictive results for making the final decision. Third, a meta-classifier is introduced to scrutinize the influence of the predictive results when producing the final decision and exploiting a set of meaningfully extracted features. Finally, a loss function is properly designed to take both the predictive losses of the DSN modules and the final predictive loss into account. The outstanding performance achieved by the MGDSN is confirmed through comprehensive evaluations comparing it with the state-of-the-art techniques, encompassing metrics such as the accuracy, precision, recall, F1 score, Cohen's kappa coefficient, Matthews correlation coefficient, and area under the curve achieved on the IoMT datasets. The MGDSN exhibits a notable improvement ranging from approximately 0.12%-329.21%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dr.Priyanka Kaushik

DOI: https://doi.org/10.55938/ijgasr.v2i2.46

2023-06-30

Abstract:Detecting botnet and malware cyber-attacks is a critical task in ensuring the security of computer networks. Traditional methods for identifying such attacks often involve static rules and signatures, which can be easily evaded by attackers. Dl is a subdivision of ML, has shown promise in enhancing the accuracy of detecting botnets and malware by analyzing large amounts of network traffic data and identifying patterns that are difficult to detect with traditional methods. In order to identify abnormal traffic patterns that can be a sign of botnet or malware activity, deep learning models can be taught to learn the intricate interactions and correlations between various network traffic parameters, such as packet size, time intervals, and protocol headers. The models can also be trained to detect anomalies in network traffic, which could indicate the presence of unknown malware. The threat of malware and botnet assaults has increased in frequency with the growth of the IoT. In this research, we offer a unique LSTM and GAN-based method for identifying such attacks. We utilise our model to categorise incoming traffic as either benign or malicious using a dataset of network traffic data from various IoT devices. Our findings show how well our method works by attaining high accuracy in identifying botnet and malware cyberattacks in IoT networks. This study makes a contribution to the creation of stronger and more effective security systems for shielding IoT devices from online dangers. One of the major advantages of using deep learning for botnet and malware detection is its ability to adapt to new and previously unknown attack patterns, making it a useful tool in the fight against constantly evolving cyber threats. However, DL models require large quantity of labeled data for training, and their performance can be affected by the quality and quantity of the data used. Deep learning holds great potential for improving the accuracy and effectiveness of botnet and malware detection, and its continued development and application could lead to significant advancements in the field of cybersecurity.

Sandeepkumar Racherla,Prathyusha Sripathi,Nuruzzaman Faruqui,Md Alamgir Kabir,Md Whaiduzzaman,Syed Aziz Shah

DOI: https://doi.org/10.1109/access.2024.3396461

IF: 3.9

2024-05-10

IEEE Access

Abstract:The Internet of Things (IoT) represents a swiftly expanding sector that is pivotal in driving the innovation of today's smart services. However, the inherent resource-constrained nature of IoT nodes poses significant challenges in embedding advanced algorithms for cybersecurity, leading to an escalation in cyberattacks against these nodes. Contemporary research in Intrusion Detection Systems (IDS) predominantly focuses on enhancing IDS performance through sophisticated algorithms, often overlooking their practical applicability. This paper introduces Deep-IDS, an innovative and practically deployable Deep Learning (DL)-based IDS. It employs a Long-Short-Term-Memory (LSTM) network comprising 64 LSTM units and is trained on the CIC-IDS2017 dataset. Its streamlined architecture renders Deep-IDS an ideal candidate for edge-server deployment, acting as a guardian between IoT nodes and the Internet against Denial of Service, Distributed Denial of Service, Brute Force, Man-in-the-Middle, and Replay Attacks. A distinctive aspect of this research is the trade-off analysis between the intrusion Detection Rate (DR) and the False Alarm Rate (FAR), facilitating the real-time performance of the Deep-IDS. The system demonstrates an exemplary detection rate of 96.8% at the 70% threshold of DR-FAR trade-off and an overall classification accuracy of 97.67%. Furthermore, Deep-IDS achieves precision, recall, and F1-scores of 97.67%, 98.17%, and 97.91%, respectively. On average, Deep-IDS requires 1.49 seconds to identify and mitigate intrusion attempts, effectively blocking malicious traffic sources. The remarkable efficacy, swift response time, innovative design, and novel defense strategy of Deep-IDS not only secure IoT nodes but also their interconnected sub-networks, thereby positioning Deep-IDS as a leading IDS for IoT-enhanced computer networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Guru Bhandari,Andreas Lyth,Andrii Shalaginov,Tor-Morten Grønli

DOI: https://doi.org/10.3390/electronics12020298

IF: 2.9

2023-01-07

Electronics

Abstract:Cyberattacks always remain the major threats and challenging issues in the modern digital world. With the increase in the number of internet of things (IoT) devices, security challenges in these devices, such as lack of encryption, malware, ransomware, and IoT botnets, leave the devices vulnerable to attackers that can access and manipulate the important data, threaten the system, and demand ransom. The lessons from the earlier experiences of cyberattacks demand the development of the best-practices benchmark of cybersecurity, especially in modern Smart Environments. In this study, we propose an approach with a framework to discover malware attacks by using artificial intelligence (AI) methods to cover diverse and distributed scenarios. The new method facilitates proactively tracking network traffic data to detect malware and attacks in the IoT ecosystem. Moreover, the novel approach makes Smart Environments more secure and aware of possible future threats. The performance and concurrency testing of the deep neural network (DNN) model deployed in IoT devices are computed to validate the possibility of in-production implementation. By deploying the DNN model on two selected IoT gateways, we observed very promising results, with less than 30 kb/s increase in network bandwidth on average, and just a 2% increase in CPU consumption. Similarly, we noticed minimal physical memory and power consumption, with 0.42 GB and 0.2 GB memory usage for NVIDIA Jetson and Raspberry Pi devices, respectively, and an average 13.5% increase in power consumption per device with the deployed model. The ML models were able to demonstrate nearly 93% of detection accuracy and 92% f1-score on both utilized datasets. The result of the models shows that our framework detects malware and attacks in Smart Environments accurately and efficiently.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiaoheng Deng,Xinjun Pei,Shengwei Tian,Lan Zhang

DOI: https://doi.org/10.1109/tii.2022.3216818

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The advent of 5G brought new opportunities to leapfrog beyond current industrial Internet of Things (IoT). However, the ever growing IoT has also attracted adversaries to develop new malware attacks against various IoT applications. Although deep learning-based methods are expected to combat the sophisticated malwares by exploring the latent attack patterns, such detection can be hardly supported by battery-powered end devices, like Andriod-based smartphones. Edge computing enables near-real-time analysis of IoT data by migrating AI-enabled computation-intensive tasks from resource-constrained IoT devices to nearby edge servers, However, due to varying channel conditions and the demanding latency requirements of malware detection, it is challenging to coordinate the computing task offloading among multiple users. By leveraging the computation capacity and the proximity benefits of edge computing, we propose a hierarchical security framework for IoT malware detection. Considering the complexity of AI-enabled malware detection task, we provide a delay-aware computational offloading strategy with minimum delay. Specifically, we construct a coordinated representation learning model, named by Two Stream Attention-Caps (TSA-Caps) to capture the latent behavioral patterns of evolving malware attacks. Experimental results show that our system consistently outperforms the state-of-the-art systems in detection performance on four benchmark datasets.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yakub Kayode Saheed,Oluwadamilare Harazeem Abdulganiyu,Taha Ait Tchakoucht

DOI: https://doi.org/10.1016/j.asoc.2024.111434

IF: 8.7

2024-02-01

Applied Soft Computing

Abstract:The emergence of smart cities is an example of how new technologies, such as the Internet of Things (IoT), have facilitated the creation of extensive interconnected and intelligent ecosystems. The widespread deployment of IoT devices has enabled the provision of constant environmental feedback, thereby facilitating the automated adaptation of associated systems. This has brought about a fundamental transformation in the way contemporary society functions. The security of emerging technologies such as IoT has become a significant challenge due to the added complexities, misconfigurations, and conflicts between modern and legacy systems. This challenge has a notable impact on the reliability and accessibility of existing infrastructure. Edge computing (EC) is a collaborative computing system that brings data processing and analysis closer to the edge of the network, where the data is generated, rather than in a centralized cloud environment. The utilization of the IoT has become more prevalent in both everyday life and the manufacturing sector, with a particular emphasis on critical infrastructure. The IoT is presently being utilized across diverse domains, including but not limited to industrial, agricultural, healthcare, and logistical sectors. The security of IoT networks has implications for the safety of individuals, the security of the nation, and economic development. Notwithstanding, conventional intrusion detection techniques that rely on centralized cloud-based systems that have been suggested in previous studies for IoT network security are insufficient to meet the requirements for data confidentiality, network capacity, and prompt responsiveness. In addition, the integration of IoT applications into smart devices has been shown to augment their functionalities. However, it is important to note that this integration also brings about potential security vulnerabilities. Furthermore, a significant number of contemporary IoT devices exhibit restricted security capabilities, rendering them vulnerable to intricate attacks and impeding the extensive integration of IoT technologies. Also, a lot of IoT network devices have been put in place that don't have hardware security measures. This means that traditional intrusion detection systems (IDS) aren't enough to protect the IoT network ecosystem. To address these issues, this research suggests the IoT-Defender framework, which combines a Modified Genetic Algorithm (MGA) model with a deep Long Short-Term Memory (LSTM) network to find cyberattacks in IoT networks. This research represents a pioneering attempt to employ the MGA for feature selection and the GA for fine-tuning the LSTM parameters within an EC framework. The parameters of the LSTM model were fine-tuned through the manipulation of the number of hidden layers, utilizing the GA fitness function. The customization of the MGA aimed to enhance its performance in selecting relevant features, optimizing the use of limited resources on IoT devices and edge nodes. The fine-tuning process involved optimizing hyperparameters, architecture, and training strategies to maximize the LSTM network's effectiveness in learning and detecting patterns in IoT network traffic. The synergy between the MGA and LSTM aimed at creating a comprehensive and efficient IDS. The feature selection by the MGA contributes to improving the LSTM’s performance by providing it with more relevant and discriminating features. In order to solve the issue of class imbalance, we utilize the focal loss function, which provides greater weights to minority classes, hence improving the model’s capacity to learn from those particular classes. The performance of the IoT-Defender model was assessed on the BoT-IoT, UNSW-NB15, and N-BaIoT datasets utilizing a Raspberry Pi IoT device. The results of our study show that the IoT-Defender model works better than other methods. This is shown by its accuracy score of 99.41%, detection rate of 99.78%, precision score of 98.50%, false alarm rate of 2.56%, mean intersection over union (mIoU) of 0.68, and training time of 81.3 seconds on BoT-IoT. The proposed IoT model is designed to be lightweight and can be installed on edge servers to detect cyber-attacks in real-time, specifically in the context of IoT security.

computer science, artificial intelligence, interdisciplinary applications

D. Selvapandian,R. Santhosh

DOI: https://doi.org/10.1007/s10515-021-00298-7

IF: 1.677

2021-09-21

Automated Software Engineering

Abstract:The possibility of connecting billions of smart end devices in the Internet of Things (IoT) provides wide range of services to the user. But, the unlimited connectivity of devices in IoT brings security issues when it is connected to wireless networks. Integrating cloud with IoT networks gains more attention as it reduces the sensor node resource limitations. However, the network complexity, open broadcast characteristics of IoT networks are vulnerable to attacks. To ensure network security and reliable operations, Intrusion Detection Systems (IDS) are widely preferred. IDS identifies the anomalies effectively in complex network environments and ensures the security of the network. Traditional intrusion detection systems based on neural networks consume long training time and low classification accuracy. Recently, deep learning methods are widely used in various image and signal processing, security applications. This research work presents a deep learning-based intrusion detection system for multi-cloud IoT environment to overcome the limitations of neural network-based intrusion detection models. The proposed intrusion detection model improves the detection accuracy by improving the training efficiency. Experimental evaluation of proposed model using NSL-KDD dataset provides improved performance than conventional techniques attaining 97.51% of detection rate, 96.28% of detection accuracy, and 94.41% of precision.

Mansi Sahi,Nitin Auluck,Akramul Azim,Md Al Maruf

DOI: https://doi.org/10.1002/spe.3338

2024-05-02

Software Practice and Experience

Abstract:The Internet of Things (IoT) has gained widespread importance in recent time. However, the related issues of security and privacy persist in such IoT networks. Owing to device limitations in terms of computational power and storage, standard protection approaches cannot be deployed. In this article, we propose a lightweight distributed intrusion detection system (IDS) framework, called FCAFE‐BNET (Fog based Context Aware Feature Extraction using BranchyNET). The proposed FCAFE‐BNET approach considers versatile network conditions, such as varying bandwidths and data loads, while allocating inference tasks to cloud/edge resources. FCAFE‐BNET is able to adjust to dynamic network conditions. This can be advantageous for applications with particular quality of service requirements, such as video streaming or real‐time communication, ensuring a steady and reliable performance. Early exit deep neural networks (DNNs) have been employed for faster inference generation at the edge. Often, the weights that the model learns in the initial layer may be sufficiently qualified to perform the required classification tasks. Instead of using subsequent layers of DNNs for generating the inference, we have employed the early‐exit mechanism in the DNNs. Such DNNs help to predict a wide range of testing samples through these early‐exit branches, upon crossing a threshold. This method maintains the confidence values corresponding to the inference. Employing this approach, we achieved a faster inference, with significantly high accuracy. Comparative studies exploit manual feature extraction techniques, that can potentially overlook certain valuable patterns, thus degrading classification performance. The proposed framework converts textual/tabular data into 2‐D images, allowing the DNN model to autonomously learns its own features. This conversion scheme facilitated the identification of various intrusion types, ranging from 5 to 14 different categories. FCAFE‐BNET works for both network‐based and host‐based IDS: NIDS and HIDS. Our experiments demonstrate that, in comparison with recent approaches, FCAFE‐BNET achieves a 39.12%–50.23% reduction in the total inference time on benchmark real‐world datasets, such as: NSL‐KDD, UNSW‐NB 15, ToN_IoT, and ADFA_LD.

computer science, software engineering

Mimi Cherian,Satishkumar L. Varma

DOI: https://doi.org/10.1007/s10922-023-09749-w

2023-06-18

Journal of Network and Systems Management

Abstract:The IoT network is unique due to heterogeneous IoT nodes and resource-constrained devices; the approach for securing IoT networks needs to be different from the security measures implemented for traditional network communication. In IoT networks, various security vulnerabilities are exploited by an attacker to generate a variety of DDoS attacks. In this paper, the authors propose a unique approach for securing IoT networks using an SDN-enabled framework that incorporates a dynamic counter-based approach and deep learning models. The aim is to detect and mitigate various security vulnerabilities that attackers exploit to generate DDoS attacks in IoT networks. Specifically, the proposed framework is tested using the CICDDoS2019 dataset to identify reflection attacks and exploitation attacks in TCP, UDP, and ICMP. The framework is also analyzed by varying network parameters such as the number of IoT attack nodes and payload to measure the performance of the SDN controller workload, CPU utilization, and attack detection time. The experimental results demonstrate that the proposed framework can efficiently detect and mitigate DDoS attacks while utilizing CPU resources effectively and in a shorter time compared to existing approaches.

computer science, information systems,telecommunications

Ayush Kumar,Mrinalini Shridhar,Sahithya Swaminathan,Teng Joon Lim

DOI: https://doi.org/10.1016/j.cose.2022.102693

2022-06-01

Abstract:In this work, we present an IoT botnet detection solution, EDIMA, consisting of a set of lightweight modules designed to be deployed at the edge gateway installed in home networks with the remaining modules expected to be implemented on cloud servers. EDIMA targets early detection of IoT botnets prior to the launch of an attack and includes a novel two-stage Machine Learning (ML)-based detector developed specifically for IoT bot detection at the edge gateway. The ML-based bot detector first employs supervised ML algorithms for aggregate traffic classification and subsequently Autocorrelation Function (ACF)-based tests to detect individual bots. The EDIMA architecture also comprises a malware traffic database, a policy engine, a feature extractor and a traffic parser. Performance evaluation results using our testbed setup with real-world IoT malware traffic as well as other public IoT datasets show that EDIMA achieves high bot scanning and bot-CnC traffic detection accuracies with very low false positive rates. The detection performance is also shown to be robust to an increase in the number of IoT devices connected to the edge gateway where EDIMA is deployed. Further, the runtime performance analysis of a Python implementation of EDIMA deployed on a Raspberry Pi reveals low bot detection delays and low RAM consumption. EDIMA is also shown to outperform existing detection techniques for bot scanning traffic and bot-CnC server communication.

computer science, information systems

Stefanos Tsimenidis,Thomas Lagkas,Konstantinos Rantos

DOI: https://doi.org/10.1007/s10922-021-09621-9

2021-10-08

Journal of Network and Systems Management

Abstract:The Internet of Things (IoT) is the new paradigm of our times, where smart devices and sensors from across the globe are interconnected in a global grid, and distributed applications and services impact every area of human activity. With its huge economic impact and its pervasive influence over our lives, IoT is an attractive target for criminals, and cybersecurity becomes a top priority for the IoT ecosystem. Although cybersecurity has been the subject of research for decades, the large-scale IoT architecture and the emergence of novel threats render old strategies largely inefficient. Deep learning may provide cutting edge solutions for IoT intrusion detection, with its data-driven, anomaly-based approach and ability to detect emerging, unknown attacks. This survey offers a detailed review of deep learning models that have been proposed for IoT intrusion detection. Solutions have been classified by model in a comprehensive, structured analysis of how deep learning has been applied for IoT cybersecurity and their unique contributions to the development of effective IoT intrusion detection solutions.

computer science, information systems,telecommunications

Pragati Rana,Sanjeev Chauhan,B. P. Patil

DOI: https://doi.org/10.1007/s11277-024-11002-9

IF: 2.017

2024-05-01

Wireless Personal Communications

Abstract:The Internet of things (IoT) has concerned much significance for some manufacturing sectors including clinical fields, co-ordinations following, savvy urban communities, and automobiles. Anyway as a worldview, it is sensitive to different sorts of cyber-attacks. Customary very good quality security resolutions for guarantee an IoT structure are not reasonable. This deduces clever organization-based security plans as AI arrangements ought to be made. In this work, we propose Cyber Security Threats recognition in IoT utilizing Krill Based Deep Neural Network Stacked Auto Encoders (KDNN-SAE). In our proposed approach, first, the information pre-processing measure was acted in the underlying development before isolating the dataset into two segments: preparing and test. At that point, flow-based features are extracted from the pre-processed information. By then, the properties to be utilized by the algorithms are chosen in the attribute determination utilizing the Genetic Algorithm (GA). At last, our methodology completes with the execution of the machine learning algorithm KDNN-SAE. The experimental outcome proposed accuracy of is 99.37%. Comparable to the exiting SVM which achieves 98%, K-NN which achieves 98%. The NB and RF had less Accuracy 90%, 92%.

telecommunications

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence