Chao Feng,Alberto Huertas Celdran,Pedro Miguel Sanchez Sanchez,Jan Kreischer,Jan von der Assen,Gerome Bovet,Gregorio Martinez Perez,Burkhard Stiller

2024-09-30

Abstract:Recent research has shown that the integration of Reinforcement Learning (RL) with Moving Target Defense (MTD) can enhance cybersecurity in Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing work is hindered by data privacy concerns associated with centralized data processing in RL, and the unsatisfactory time needed to learn right MTD techniques that are effective against a rising number of heterogeneous zero-day attacks. Thus, this work presents CyberForce, a framework that combines Federated and Reinforcement Learning (FRL) to collaboratively and privately learn suitable MTD techniques for mitigating zero-day attacks. CyberForce integrates device fingerprinting and anomaly detection to reward or penalize MTD mechanisms chosen by an FRL-based agent. The framework has been deployed and evaluated in a scenario consisting of ten physical devices of a real IoT platform affected by heterogeneous malware samples. A pool of experiments has demonstrated that CyberForce learns the MTD technique mitigating each attack faster than existing RL-based centralized approaches. In addition, when various devices are exposed to different attacks, CyberForce benefits from knowledge transfer, leading to enhanced performance and reduced learning time in comparison to recent works. Finally, different aggregation algorithms used during the agent learning process provide CyberForce with notable robustness to malicious attacks.

Cryptography and Security,Artificial Intelligence

Alberto Huertas Celdrán,Pedro Miguel Sánchez Sánchez,Miguel Azorín Castillo,Gérôme Bovet,Gregorio Martínez Pérez,Burkhard Stiller

DOI: https://doi.org/10.1007/s10207-022-00602-w

2022-07-31

International Journal of Information Security

Abstract:The number of Cyber-Physical Systems (CPS) available in industrial environments is growing mainly due to the evolution of the Internet-of-Things (IoT) paradigm. In such a context, radio frequency spectrum sensing in industrial scenarios is one of the most interesting applications of CPS due to the scarcity of the spectrum. Despite the benefits of operational platforms, IoT spectrum sensors are vulnerable to heterogeneous malware. The usage of behavioral fingerprinting and machine learning has shown merit in detecting cyberattacks. Still, there exist challenges in terms of (i) designing, deploying, and evaluating ML-based fingerprinting solutions able to detect malware attacks affecting real IoT spectrum sensors, (ii) analyzing the suitability of kernel events to create stable and precise fingerprints of spectrum sensors, and (iii) detecting recent malware samples affecting real IoT spectrum sensors of crowdsensing platforms. Thus, this work presents a detection framework that applies device behavioral fingerprinting and machine learning to detect anomalies and classify different botnets, rootkits, backdoors, ransomware and cryptojackers affecting real IoT spectrum sensors. Kernel events from CPU, memory, network, file system, scheduler, drivers, and random number generation have been analyzed, selected, and monitored to create device behavioral fingerprints. During testing, an IoT spectrum sensor of the ElectroSense platform has been infected with ten recent malware samples (two botnets, three rootkits, three backdoors, one ransomware, and one cryptojacker) to measure the detection performance of the framework in two different network configurations. Both supervised and semi-supervised approaches provided promising results when detecting and classifying malicious behaviors from the eight previous malware and seven normal behaviors. In particular, the framework obtained 0.88–0.90 true positive rate when detecting the previous malicious behaviors as unseen or zero-day attacks and 0.94–0.96 F 1-score when classifying them.

computer science, information systems, theory & methods, software engineering

Saeed Javanmardi,Meysam Ghahramani,Mohammad Shojafar,Mamoun Alazab,Antonio M. Caruso

DOI: https://doi.org/10.1016/j.cose.2024.103778

IF: 5.105

2024-02-01

Computers & Security

Abstract:The Internet of Things (IoT) has recently received a lot of attention from the information and communication technology community. It has turned out to be a crucial development for harnessing the incredible power of wireless media in the real world. The nature of IoT-Fog networks requires the use of defense techniques who are light and mobile-aware. The edge resources in such a distributed environment are open to various safety hazards. DDoS UDP flooding attacks are the most frequent threats to edge resources in IoT-Fog networks. It is crucial for sabotaging fog gateways and can overcome traditional data filtering techniques. This paper introduces M-RL, a lightweight intrusion detection system with mobility awareness that can detect DDoS UDP flooding attacks while taking into account adversarial IoT devices that engage in IP spoofing. To this end, this paper analyzes the malicious behaviors that result in anonymity against Rate Limiting and Received Signal Strength (RSS)-based approaches, combines their advantages, and addresses their vulnerabilities. We test our method in different contexts to achieve that goal, and we find that it may decrease the accuracy of the RL, RSS, and RSS-RL methods to 70%, 48.9%, and 64.3%, respectively. The outcomes demonstrate the proposed approach's resistance to software-based source address forgery, impersonation, and signal modification. It offers more than 99% accuracy and supports node mobility. In this case, the best possible accuracy of the previous methods is 77%.

computer science, information systems

Sanket Mishra,Thangellamudi Anithakumari,Rashmi Sahay,Rajesh Kumar Shrivastava,Sachi Nandan Mohanty,Afzal Hussain Shahid

DOI: https://doi.org/10.1007/s10586-024-04792-x

2024-12-04

Cluster Computing

Abstract:The surge in Internet of Things usage has raised security breaches within the IoT ecosystem. Consequently, there is a pressing need to deploy robust Intrusion Detection Systems (IDSs) to safeguard IoT environments. This paper proposes a framework designed to establish stringent decision boundaries for effective attack detection, leveraging two prevalent datasets: CICIDS2017 and EDGE-IIOT. These datasets exhibit imbalanced class distributions and encompass numerous features with distinct characteristics. To address the class imbalance, the framework employs sampling techniques such as the synthetic minority oversampling technique with a genetic algorithm (GA-SMOTE) and with particle swarm optimization (SMOTE-PSO) along with random undersampling (RUS). The proposed framework utilizes tree-based learning algorithms, Decision Tree, Random Forest, and XGBoost, to identify cyberattacks and associated anomalies within the constrained IoT landscape. Feature selection is performed using the Boruta and WOA algorithms, and pruning algorithms are used to optimize the complexity of the model. The efficacy of the framework is evaluated using standard metrics on both workstations and Raspberry Pi boards to demonstrate its effectiveness on constrained IoT devices. The evaluation results demonstrate that the proposed model achieves a remarkable accuracy of 99.99% in identifying cyberattacks and related anomalies, exceeding the performance of existing baseline models in the CICIDS2017 dataset. It also obtains a high accuracy of 99.5% on EDGE-IIOT dataset. Furthermore, the framework shows promising results in terms of memory usage and execution time, achieving the best performance of 3.07 MB of memory usage and 4.26 s of execution time for the CICIDS2017 dataset and 1.93 MB of memory usage and 4.09 s of execution time for the EDGE-IIOT dataset when implemented on Raspberry Pi boards.

computer science, information systems, theory & methods

Aqib Rashid,Jose Such

DOI: https://doi.org/10.48550/arXiv.2302.00537

2023-02-02

Abstract:Several moving target defenses (MTDs) to counter adversarial ML attacks have been proposed in recent years. MTDs claim to increase the difficulty for the attacker in conducting attacks by regularly changing certain elements of the defense, such as cycling through configurations. To examine these claims, we study for the first time the effectiveness of several recent MTDs for adversarial ML attacks applied to the malware detection domain. Under different threat models, we show that transferability and query attack strategies can achieve high levels of evasion against these defenses through existing and novel attack strategies across Android and Windows. We also show that fingerprinting and reconnaissance are possible and demonstrate how attackers may obtain critical defense hyperparameters as well as information about how predictions are produced. Based on our findings, we present key recommendations for future work on the development of effective MTDs for adversarial attacks in ML-based malware detection.

Machine Learning,Cryptography and Security

Sarah Alkadi,Saad Al-Ahmadi,Mohamed Maher Ben Ismail

DOI: https://doi.org/10.3390/s24082626

IF: 3.9

2024-04-20

Sensors

Abstract:Recently, Machine Learning (ML)-based solutions have been widely adopted to tackle the wide range of security challenges that have affected the progress of the Internet of Things (IoT) in various domains. Despite the reported promising results, the ML-based Intrusion Detection System (IDS) proved to be vulnerable to adversarial examples, which pose an increasing threat. In fact, attackers employ Adversarial Machine Learning (AML) to cause severe performance degradation and thereby evade detection systems. This promoted the need for reliable defense strategies to handle performance and ensure secure networks. This work introduces RobEns, a robust ensemble framework that aims at: (i) exploiting state-of-the-art ML-based models alongside ensemble models for IDSs in the IoT network; (ii) investigating the impact of evasion AML attacks against the provided models within a black-box scenario; and (iii) evaluating the robustness of the considered models after deploying relevant defense methods. In particular, four typical AML attacks are considered to investigate six ML-based IDSs using three benchmarking datasets. Moreover, multi-class classification scenarios are designed to assess the performance of each attack type. The experiments indicated a drastic drop in detection accuracy for some attempts. To harden the IDS even further, two defense mechanisms were derived from both data-based and model-based methods. Specifically, these methods relied on feature squeezing as well as adversarial training defense strategies. They yielded promising results, enhanced robustness, and maintained standard accuracy in the presence or absence of adversaries. The obtained results proved the efficiency of the proposed framework in robustifying IDS performance within the IoT context. In particular, the accuracy reached 100% for black-box attack scenarios while preserving the accuracy in the absence of attacks as well.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Andrew Churcher,Rehmat Ullah,Jawad Ahmad,Sadaqat ur Rehman,Fawad Masood,Mandar Gogate,Fehaid Alqahtani,Boubakr Nour,William J. Buchanan

DOI: https://doi.org/10.3390/s21020446

2021-01-10

Abstract:In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

Cryptography and Security,Machine Learning

Chahira Mahjoub,Monia Hamdi,Reem Ibrahim Alkanhel,Safa Mohamed,Ridha Ejbali

DOI: https://doi.org/10.1186/s13638-024-02348-6

2024-05-08

EURASIP Journal on Wireless Communications and Networking

Abstract:The increasing prevalence of Internet of Things (IoT) systems has made them attractive targets for malicious actors. To address the evolving threats and the growing complexity of detection, there is a critical need to search for and develop new algorithms that are fast and robust in detecting and classifying dangerous network traffic. In this context, deep reinforcement learning (DRL) is gaining recognition as a prospective solution in numerous fields as it enables autonomous agents to cooperate with their environment for decision-making without relying on human experts. This article presents an innovative approach to intrusion detection in IoT systems using an adversarial reinforcement learning (RL) algorithm known for its exceptional predictive capabilities. The predictive process relies on a classifier, implemented as a streamlined and highly efficient neural network. Embedded within this classifier is a policy function meticulously trained using an innovative RL model. Importantly, this model ensures that the environment's behavior is dynamically fine-tuned simultaneously with the learning process, improving the overall effectiveness of the intrusion detection approach. The efficiency of our proposal was assessed using the Bot-IoT database, consisting of a mixture of legitimate IoT network traffic and simulated attack scenarios. Our scheme shows superior performance compared to existing ones. Therefore, our approach to IoT intrusion detection can be considered a valuable alternative to existing methods, capable of significantly improving the IoT systems' security.

telecommunications,engineering, electrical & electronic

Aneeqa Ijaz,Waseem Raza,Hasan Farooq,Marvin Manalastas,Ali Imran

2023-08-06

Abstract:Deep automation provided by self-organizing network (SON) features and their emerging variants such as zero touch automation solutions is a key enabler for increasingly dense wireless networks and pervasive Internet of Things (IoT). To realize their objectives, most automation functionalities rely on the Minimization of Drive Test (MDT) reports. The MDT reports are used to generate inferences about network state and performance, thus dynamically change network parameters accordingly. However, the collection of MDT reports from commodity user devices, particularly low cost IoT devices, make them a vulnerable entry point to launch an adversarial attack on emerging deeply automated wireless networks. This adds a new dimension to the security threats in the IoT and cellular networks. Existing literature on IoT, SON, or zero touch automation does not address this important problem. In this paper, we investigate an impactful, first of its kind adversarial attack that can be launched by exploiting the malicious MDT reports from the compromised user equipment (UE). We highlight the detrimental repercussions of this attack on the performance of common network automation functions. We also propose a novel Malicious MDT Reports Identification framework (MRIF) as a countermeasure to detect and eliminate the malicious MDT reports using Machine Learning and verify it through a use-case. Thus, the defense mechanism can provide the resilience and robustness for zero touch automation SON engines against the adversarial MDT attacks

Machine Learning

Jiawen Kang,Yibo Lian,Changqiao Xu,Haijiang Tian,Xiaohui Kuang,D. Niyato,Zhang Tao

DOI: https://doi.org/10.1109/JSAC.2023.3310072

IF: 16.4

2023-10-01

IEEE Journal on Selected Areas in Communications

Abstract:With rapid development of emerging technologies for Internet of Things (IoT), digital twins (DT) have been proposed to support a wide variety of applications. A mobile network is expected to be integrated with DT to form a DT mobile network (DTMN). Unfortunately, DTMN still faces security threats, which have attracted great research attention. Current defense mechanisms are mostly static, i.e., responding after attacks happening. To solve the aforementioned problem, moving target defense (MTD) has been proposed as an innovative solution. However, there exist three major challenges when applying MTD into DTMN. Firstly, less emphasis was paid to collaborative scheduling between multiple MTD schemes, which can improve the security of DTMN. Secondly, MTD schemes require lots of network resources, but few works focus on the time allocation of multiple MTD schemes to reduce network resource consumption. Thirdly, existing defense strategies only rely on current information, but do not consider future information. In this paper, we propose a collaborative mutation-based MTD (CM-MTD) in DTMN. We mainly consider two MTD schemes called host address mutation (HAM) and route mutation (RM), respectively, which adjust network properties and invalidate different stages of cyber kill chain. We firstly formulate a semi-Markov decision process (SMDP) to model time-varying security events and dynamic deployment of multiple MTD schemes. Then, security events are predicted by long short-term memory (LSTM), which are regarded as network states in SMDP. Next, infeasible actions that do not satisfy network constraints will be removed from the action space of the SMDP. Lastly, we design a hierarchical deep reinforcement learning algorithm for collaborative scheduling. Simulation results highlight the effectiveness of CM-MTD compared with baseline solutions.

Engineering,Computer Science

Mounia Hamidouche,Biniam Fisseha Demissie,Bilel Cherif

2024-03-22

Abstract:As more devices connect to the internet, it becomes crucial to address their limitations and basic security needs. While much research focuses on utilizing ML and DL to tackle security challenges, there is often a tendency to overlook the practicality and feasibility of implementing these methods in real-time settings. This oversight stems from the constrained processing power and memory of certain devices (IoT devices), as well as concerns about the generalizability of these approaches. Focusing on the detection of DNS-tunneling attacks in a router as a case study, we present an end-to-end process designed to effectively address these challenges. The process spans from developing a lightweight DNS-tunneling detection model to integrating it into a resource-constrained device for real-time detection. Through our experiments, we demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency. With this work, we aim to encourage solutions that strike a balance between theoretical advancements and the practical applicability of ML approaches in the ever-evolving landscape of device security.

Cryptography and Security

Eva Rodríguez,Pol Valls,Beatriz Otero,Juan José Costa,Javier Verdú,Manuel Alejandro Pajuelo,Ramon Canal

DOI: https://doi.org/10.3390/s22155621

IF: 3.9

2022-07-28

Sensors

Abstract:Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require balanced datasets with large amounts of labeled data; however, there is a lack of such large collections in IoT networks. This paper proposes an efficient intrusion detection framework based on transfer learning (TL), knowledge transfer, and model refinement, for the effective detection of zero-day attacks. The framework is tailored to 5G IoT scenarios with unbalanced and scarce labeled datasets. The TL model is based on convolutional neural networks (CNNs). The framework was evaluated to detect a wide range of zero-day attacks. To this end, three specialized datasets were created. Experimental results show that the proposed TL-based framework achieves high accuracy and low false prediction rate (FPR). The proposed solution has better detection rates for the different families of known and zero-day attacks than any previous DL-based IDS. These results demonstrate that TL is effective in the detection of cyberattacks in IoT environments.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mike Nkongolo,Mahmut Tokmak

DOI: https://doi.org/10.1007/978-3-031-39652-6_3

2023-06-10

Abstract:Technological advancements in various industries, such as network intelligence, vehicle networks, e-commerce, the Internet of Things (IoT), ubiquitous computing, and cloud-based applications, have led to an exponential increase in the volume of information flowing through critical systems. As a result, protecting critical infrastructures from intrusions and security threats have become a paramount concern in the field of intrusion detection systems (IDS). To address this concern, this research paper focuses on the importance of defending critical infrastructures against intrusions and security threats. It proposes a computational framework that incorporates feature selection through fuzzification. The effectiveness and performance of the proposed framework is evaluated using the NSL-KDD and UGRansome datasets in combination with selected machine learning (ML) models. The findings of the study highlight the effectiveness of fuzzy logic and the use of ensemble learning to enhance the performance of ML models. The research identifies Random Forest (RF) and Extreme Gradient Boosting (XGB) as the top performing algorithms to detect zero-day attacks. The results obtained from the implemented computational framework outperform previous methods documented in the IDS literature, reaffirming the significance of safeguarding critical infrastructures from intrusions and security threats.

Cryptography and Security,Networking and Internet Architecture

Abubakar Sani Ali,Shimaa Naser,Sami Muhaidat

2023-07-13

Abstract:Traditional anti-jamming techniques like spread spectrum, adaptive power/rate control, and cognitive radio, have demonstrated effectiveness in mitigating jamming attacks. However, their robustness against the growing complexity of internet-of-thing (IoT) networks and diverse jamming attacks is still limited. To address these challenges, machine learning (ML)-based techniques have emerged as promising solutions. By offering adaptive and intelligent anti-jamming capabilities, ML-based approaches can effectively adapt to dynamic attack scenarios and overcome the limitations of traditional methods. In this paper, we propose a deep reinforcement learning (DRL)-based approach that utilizes state input from realistic wireless network interface cards. We train five different variants of deep Q-network (DQN) agents to mitigate the effects of jamming with the aim of identifying the most sample-efficient, lightweight, robust, and least complex agent that is tailored for power-constrained devices. The simulation results demonstrate the effectiveness of the proposed DRL-based anti-jamming approach against proactive jammers, regardless of their jamming strategy which eliminates the need for a pattern recognition or jamming strategy detection step. Our findings present a promising solution for securing IoT networks against jamming attacks and highlights substantial opportunities for continued investigation and advancement within this field.

Signal Processing,Systems and Control

Yakub Kayode Saheed,Oluwadamilare Harazeem Abdulganiyu,Taha Ait Tchakoucht

DOI: https://doi.org/10.1016/j.asoc.2024.111434

IF: 8.7

2024-02-01

Applied Soft Computing

Abstract:The emergence of smart cities is an example of how new technologies, such as the Internet of Things (IoT), have facilitated the creation of extensive interconnected and intelligent ecosystems. The widespread deployment of IoT devices has enabled the provision of constant environmental feedback, thereby facilitating the automated adaptation of associated systems. This has brought about a fundamental transformation in the way contemporary society functions. The security of emerging technologies such as IoT has become a significant challenge due to the added complexities, misconfigurations, and conflicts between modern and legacy systems. This challenge has a notable impact on the reliability and accessibility of existing infrastructure. Edge computing (EC) is a collaborative computing system that brings data processing and analysis closer to the edge of the network, where the data is generated, rather than in a centralized cloud environment. The utilization of the IoT has become more prevalent in both everyday life and the manufacturing sector, with a particular emphasis on critical infrastructure. The IoT is presently being utilized across diverse domains, including but not limited to industrial, agricultural, healthcare, and logistical sectors. The security of IoT networks has implications for the safety of individuals, the security of the nation, and economic development. Notwithstanding, conventional intrusion detection techniques that rely on centralized cloud-based systems that have been suggested in previous studies for IoT network security are insufficient to meet the requirements for data confidentiality, network capacity, and prompt responsiveness. In addition, the integration of IoT applications into smart devices has been shown to augment their functionalities. However, it is important to note that this integration also brings about potential security vulnerabilities. Furthermore, a significant number of contemporary IoT devices exhibit restricted security capabilities, rendering them vulnerable to intricate attacks and impeding the extensive integration of IoT technologies. Also, a lot of IoT network devices have been put in place that don't have hardware security measures. This means that traditional intrusion detection systems (IDS) aren't enough to protect the IoT network ecosystem. To address these issues, this research suggests the IoT-Defender framework, which combines a Modified Genetic Algorithm (MGA) model with a deep Long Short-Term Memory (LSTM) network to find cyberattacks in IoT networks. This research represents a pioneering attempt to employ the MGA for feature selection and the GA for fine-tuning the LSTM parameters within an EC framework. The parameters of the LSTM model were fine-tuned through the manipulation of the number of hidden layers, utilizing the GA fitness function. The customization of the MGA aimed to enhance its performance in selecting relevant features, optimizing the use of limited resources on IoT devices and edge nodes. The fine-tuning process involved optimizing hyperparameters, architecture, and training strategies to maximize the LSTM network's effectiveness in learning and detecting patterns in IoT network traffic. The synergy between the MGA and LSTM aimed at creating a comprehensive and efficient IDS. The feature selection by the MGA contributes to improving the LSTM’s performance by providing it with more relevant and discriminating features. In order to solve the issue of class imbalance, we utilize the focal loss function, which provides greater weights to minority classes, hence improving the model’s capacity to learn from those particular classes. The performance of the IoT-Defender model was assessed on the BoT-IoT, UNSW-NB15, and N-BaIoT datasets utilizing a Raspberry Pi IoT device. The results of our study show that the IoT-Defender model works better than other methods. This is shown by its accuracy score of 99.41%, detection rate of 99.78%, precision score of 98.50%, false alarm rate of 2.56%, mean intersection over union (mIoU) of 0.68, and training time of 81.3 seconds on BoT-IoT. The proposed IoT model is designed to be lightweight and can be installed on edge servers to detect cyber-attacks in real-time, specifically in the context of IoT security.

computer science, artificial intelligence, interdisciplinary applications

Xing Liu,Wei Yu,Fan Liang,David Griffith,Nada Golmie

DOI: https://doi.org/10.1016/j.comcom.2020.12.013

IF: 5.047

2021-02-01

Computer Communications

Abstract:<p>The Industrial Internet of Things (IIoT), also known as Industry 4.0, empowers manufacturing and production processes by leveraging automation and Internet of Things (IoT) technologies. In IIoT, the information communication technologies enabled by IoT could greatly improve the efficiency and timeliness of information exchanges between both vertical and horizontal system integrations. Likewise, machine learning algorithms, particularly Deep Reinforcement Learning (DRL), are viable for assisting in automated control of complex IIoT systems, with the support of distributed edge computing infrastructure. Despite noticeable performance improvements, the security threats brought by massive interconnections in IoT and the vulnerabilities of deep neural networks used in DRL must be thoroughly investigated and mitigated before widespread deployment. Thus, in this paper we first design a DRL-based controller that could be deployed at edge computing server to enable automated control in an IIoT context. We then investigate malicious behaviors of adversaries with two attacks: (i) function-based attacks that can be launched during training phase and (ii) performance-based attacks that can be launched after training phase, to study the security impacts of vulnerable DRL-based controllers. From the adversary's perspective, maximum entropy Inverse Reinforcement Learning (IRL) is used to approximate a reward function through observation of system trajectories under the control of trained DRL-based controllers. The approximated reward function is then used to launch attacks by the adversary against the Deep Q Network (DQN)-based controller. Via simulation, we evaluate the impacts of our two investigated attacks, finding that attacks are increasingly successful with increasing accuracy of the control model. Furthermore, we discuss some tradeoffs between control performance and security performance of DRL-based IIoT controllers, and outline several future research directions to secure machine learning use in IIoT systems.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Walid I. Khedr,Ameer E. Gouda,Ehab R. Mohamed

DOI: https://doi.org/10.3390/math11163552

IF: 2.4

2023-08-18

Mathematics

Abstract:Distributed Denial of Service (DDoS) and Address Resolution Protocol (ARP) attacks pose significant threats to the security of Software-Defined Internet of Things (SD-IoT) networks. The standard Software-Defined Networking (SDN) architecture faces challenges in effectively detecting, preventing, and mitigating these attacks due to its centralized control and limited intelligence. In this paper, we present P4-HLDMC, a novel collaborative secure framework that combines machine learning (ML), stateful P4, and a hierarchical logically distributed multi-controller architecture. P4-HLDMC overcomes the limitations of the standard SDN architecture, ensuring scalability, performance, and an efficient response to attacks. It comprises four modules: the multi-controller dedicated interface (MCDI) for real-time attack detection through a distributed alert channel (DAC), the MSMPF, a P4-enabled stateful multi-state matching pipeline function for analyzing IoT network traffic using nine state tables, the modified ensemble voting (MEV) algorithm with six classifiers for enhanced detection of anomalies in P4-extracted traffic patterns, and an attack mitigation process distributed among multiple controllers to effectively handle larger-scale attacks. We validate our framework using diverse test cases and real-world IoT network traffic datasets, demonstrating high detection rates, low false-alarm rates, low latency, and short detection times compared to existing methods. Our work introduces the first integrated framework combining ML, stateful P4, and SDN-based multi-controller architecture for DDoS and ARP detection in IoT networks.

mathematics

João Vitorino,Isabel Praça,Eva Maia

DOI: https://doi.org/10.1007/s12243-023-00953-y

2023-03-04

Abstract:The Internet of Things (IoT) faces tremendous security challenges. Machine learning models can be used to tackle the growing number of cyber-attack variations targeting IoT systems, but the increasing threat posed by adversarial attacks restates the need for reliable defense strategies. This work describes the types of constraints required for a realistic adversarial cyber-attack example and proposes a methodology for a trustworthy adversarial robustness analysis with a realistic adversarial evasion attack vector. The proposed methodology was used to evaluate three supervised algorithms, Random Forest (RF), Extreme Gradient Boosting (XGB), and Light Gradient Boosting Machine (LGBM), and one unsupervised algorithm, Isolation Forest (IFOR). Constrained adversarial examples were generated with the Adaptative Perturbation Pattern Method (A2PM), and evasion attacks were performed against models created with regular and adversarial training. Even though RF was the least affected in binary classification, XGB consistently achieved the highest accuracy in multi-class classification. The obtained results evidence the inherent susceptibility of tree-based algorithms and ensembles to adversarial evasion attacks and demonstrates the benefits of adversarial training and a security by design approach for a more robust IoT network intrusion detection and cyber-attack classification.

Cryptography and Security,Artificial Intelligence,Machine Learning

Ruoyu Li,Qing Li,Jianer Zhou,Yong Jiang

DOI: https://doi.org/10.1109/jiot.2021.3122148

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) has entered a stage of rapid development and increasing deployment. Meanwhile, these low-power devices typically cannot support complex security mechanisms and, thus, are highly susceptible to malware. This article proposes ADRIoT, an anomaly detection framework for IoT networks, which leverages edge computing to uncover potential threats. An edge is empowered with an anomaly detection module, which consists of a traffic capturer, a traffic preprocessor, and a collection of anomaly detectors dedicated to each type of device. Each detector is constructed by an LSTM autoencoder in an unsupervised manner that requires no labeled attack data and is able to handle emerging zero-day attacks. When a device connects to the edge, the edge will fetch the corresponding detector from the cloud and execute it locally. Another problem is the resource constraint of a single edge device like a home router hinders the deployment of such a detection module. To mitigate this problem, we design a multiedge collaborative mechanism that integrates the resource of multiple edges in a local network to increase the overall load capacity. The evaluation demonstrates that ADRIoT can detect various IoT-based attacks effectively and efficiently, showing that ADRIoT can feasibly help build a more secure IoT environment.