Zhendong Wang,Hui Chen,Shuxin Yang,Xiao Luo,Dahai Li,Junling Wang

DOI: https://doi.org/10.7717/peerj-cs.1569

2023-09-22

Abstract:Intrusion detection ensures that IoT can protect itself against malicious intrusions in extensive and intricate network traffic data. In recent years, deep learning has been extensively and effectively employed in IoT intrusion detection. However, the limited computing power and storage space of IoT devices restrict the feasibility of deploying resource-intensive intrusion detection systems on them. This article introduces the DL-BiLSTM lightweight IoT intrusion detection model. By combining deep neural networks (DNNs) and bidirectional long short-term memory networks (BiLSTMs), the model enables nonlinear and bidirectional long-distance feature extraction of complex network information. This capability allows the system to capture complex patterns and behaviors related to cyber-attacks, thus enhancing detection performance. To address the resource constraints of IoT devices, the model utilizes the incremental principal component analysis (IPCA) algorithm for feature dimensionality reduction. Additionally, dynamic quantization is employed to trim the specified cell structure of the model, thereby reducing the computational burden on IoT devices while preserving accurate detection capability. The experimental results on the benchmark datasets CIC IDS2017, N-BaIoT, and CICIoT2023 demonstrate that DL-BiLSTM surpasses traditional deep learning models and cutting-edge detection techniques in terms of detection performance, while maintaining a lower model complexity.

Khawlah Harahsheh,Rami Al-Naimat,Chung-Hao Chen

DOI: https://doi.org/10.3390/electronics13091678

IF: 2.9

2024-04-27

Electronics

Abstract:The rapid evolution of technology has given rise to a connected world where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While the IoT offers incredible convenience and efficiency, it presents a significant challenge to cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques, particularly those encompassing supervised classification techniques, offer a systematic approach to training models using labeled datasets. These techniques enable intrusion detection systems (IDSs) to discern patterns indicative of potential attacks amidst the vast amounts of IoT data. Our investigation delves into various aspects of supervised classification, including feature selection, model training, and evaluation methodologies, to comprehensively evaluate their impact on attack detection effectiveness. The key features selected to improve IDS efficiency and reduce dataset size, thereby decreasing the time required for attack detection, are drawn from the extensive network dataset. This paper introduces an enhanced feature selection method designed to reduce the computational overhead on IoT resources while simultaneously strengthening intrusion detection capabilities within the IoT environment. The experimental results based on the InSDN dataset demonstrate that our proposed methodology achieves the highest accuracy with the fewest number of features and has a low computational cost. Specifically, we attain a 99.99% accuracy with 11 features and a computational time of 0.8599 s.

engineering, electrical & electronic,computer science, information systems,physics, applied

Fangqi Li,Rui-Jie Zhao,Shilin Wang,Li-Bo Chen,Alan Wee-Chung Liew,Weiping Ding

DOI: https://doi.org/10.1109/tfuzz.2022.3165390

IF: 12.253

2022-01-01

IEEE Transactions on Fuzzy Systems

Abstract:The pervasive deployment of the Internet of Things (IoT) has significantly facilitated manufacturing and living. The diversity and continual updates of IoT systems make their security a crucial challenge, among which the detection of malicious network traffic turns out to be the most common yet destructive threat. Despite the efforts on feature engineering and classification backend designing, established intrusion detection systems sometimes lack robustness and are inflexible against the shift of the traffic distribution. To deal with these disadvantages, we design a fuzzy system for the online defense of IoT. Our framework incorporates a full Bayesian possibilistic clustering module for feature processing and an ensemble module motivated by reinforcement learning and adaptive boosting that dynamically fits the streaming data. The proposed clustering module overcomes the issue of determining the number of clusters and can dynamically identify new patterns. The classifier backend combines a collection of fuzzy decision trees that provide readable decision boundaries. The ensembled classifiers can accommodate the drift of data distribution to optimize the long-time performance. Our proposal is tested on settings including one dataset collected from real IoT systems and is compared to numerous competitors. Experimental results verified the advantage of our system regarding accuracy and stability.

computer science, artificial intelligence,engineering, electrical & electronic

Chenxin Duan,Sainan Li,Hai Lin,Wenqi Chen,Guanglei Song,Chenglong Li,Jiahai Yang,Zhiliang Wang

DOI: https://doi.org/10.1109/tdsc.2023.3340563

2024-01-01

Abstract:With Internet-of-Things (IoT) devices gaining popularity, dedicated monitoring systems which accurately detect intrusion traffic for them are in high demand. Existing methods mainly use statistical spatial-temporal traffic features and machine learning models. Their practicality has been limited due to the lack of detection ability for stealthy and tricky attacks, diagnostic utility and long-term performance. To address these problems and motivated by the simplicity of mini IoT devices, we propose to construct fully packet-level models to profile traffic patterns for IoT devices by constructing automaton for short flow and long flow, where the length and direction of each packet are the representative features. We apply these fine-grained models to design and develop a traffic monitoring system, namely IoTa , to detect intrusion traffic for IoT devices. IoTa matches the ongoing traffic with patterns extracted from normal traffic traces. With visible and interactive traffic profiles, IoTa can generate interpretable alerts and is available for long-term use under reasonable human efforts. Evaluations on dozens of common IoT devices show that IoTa can achieve excellent detection accuracy (nearly perfect recalls and always over 0.999 precisions) for various intrusion traffic covering the complete kill chains. Incorrect detection results can be compensated for by error recovery mechanisms and the understandable alert context can be used by the operator to enhance the system. The diagnostic utility and little alert weariness are recognized by the experienced operators.

Weizhe Chen,Hongyu Yang,Lihua Yin,Xi Luo

DOI: https://doi.org/10.1038/s41598-024-69968-2

IF: 4.6

2024-08-22

Scientific Reports

Abstract:Due to the swift advancement of the Internet of Things (IoT), there has been a significant surge in the quantity of interconnected IoT devices that send and exchange vital data across the network. Nevertheless, the frequency of attacks on the Internet of Things is steadily rising, posing a persistent risk to the security and privacy of IoT data. Therefore, it is crucial to develop a highly efficient method for detecting cyber threats on the Internet of Things. Nevertheless, several current network attack detection schemes encounter issues such as insufficient detection accuracy, the curse of dimensionality due to excessively high data dimensions, and the sluggish efficiency of complex models. Employing metaheuristic algorithms for feature selection in network data represents an effective strategy among the myriad of solutions. This study introduces a more comprehensive metaheuristic algorithm called GQBWSSA, which is an enhanced version of the Salp Swarm Algorithm with several strategy improvements. Utilizing this algorithm, a threshold voting-based feature selection framework is designed to obtain an optimized set of features. This procedure efficiently decreases the number of dimensions in the data, hence preventing the negative effects of having a high number of dimensions and effectively extracting the most significant and crucial information. Subsequently, the extracted feature data is combined with the LightGBM algorithm to form a lightweight and efficient ensemble learning scheme for IoT attack detection. The proposed enhanced metaheuristic algorithm has superior performance in feature selection compared to the recent metaheuristic algorithms, as evidenced by the experimental evaluation conducted using the NSLKDD and CICIoT2023 datasets. Compared to current popular ensemble learning solutions, the proposed overall solution exhibits excellent performance on multiple key indicators, including accuracy, precision, as well as training and detection time. Especially on the large-scale dataset CICIoT2023, the proposed scheme achieves an accuracy rate of 99.70% in binary classification and 99.41% in multi classification.

multidisciplinary sciences

Md Arafatur Rahman,A. Taufiq Asyhari,Ong Wei Wen,Husnul Ajra,Yussuf Ahmed,Farhat Anwar

DOI: https://doi.org/10.1007/s11042-021-10567-y

IF: 2.577

2021-03-08

Multimedia Tools and Applications

Abstract:The rapid advancement of technologies has enabled businesses to carryout their activities seamlessly and revolutionised communications across the globe. There is a significant growth in the amount and complexity of Internet of Things devices that are deployed in a wider range of environments. These devices mostly communicate through Wi-Fi networks and particularly in smart environments. Besides the benefits, these devices also introduce security challenges. In this paper, we investigate and leverage effective feature selection techniques to improve intrusion detection using machine learning methods. The proposed approach is based on a centralised intrusion detection system, which uses the deep feature abstraction, feature selection and classification to train the model for detecting the malicious and anomalous actions in the traffic. The deep feature abstraction uses deep learning techniques of artificial neural network in the form of unsupervised autoencoder to construct more features for the traffic. Based on the availability of cumulative features, the system then employs a variety of wrapper-based feature selection techniques ranging from SVM and decision tree to Naive Bayes for selecting high-ranked features, which are then combined and fed into an artificial neural network classifier for distinguishing attack and normal behaviors. The experimental results reveal the effectiveness of the proposed method on Aegean Wi-Fi Intrusion Dataset, which achieves high detection accuracy of up to 99.95%, relatively competitive to the existing machine learning works for the same dataset.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jianjin Zhao,Qi Li,Jintao Sun,Mianxiong Dong,Kaoru Ota,Meng Shen

DOI: https://doi.org/10.1109/jiot.2023.3305585

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to hardware limitations, Internet of Things (IoT) devices without integrated security become easy targets for network attacks. IoT device identification is significant for network security management. Despite many efforts, previous studies either require excessive features raising concerns about efficiency and privacy, or underutilize the data resources to fulfill the potential of simple features. Moreover, the severe data imbalance problem is unaddressed. In this paper, we present IoTProfile, an efficient IoT device identification framework via time series dictionary. It only considers simple packet-level attributes and maps them into different time windows. On this basis, it further follows a shuffle&split organization scheme to structure the imbalanced data as multi-channel time series. By performing random convolutional kernel transformations in two ways and aggregations, IoTProfile captures discriminative patterns and forms the frequency count of recurring patterns to profile the network behaviors of IoT devices over a period of time. The experimental results show that IoTProfile is superior to the other state-of-the-art methods in terms of both identification effectiveness and time overhead, achieving 99.81% and 97.65% Macro-F1 scores on UNSW and UNB datasets in under four minutes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingyi Zhu,Xiufeng Liu

DOI: https://doi.org/10.1016/j.compeleceng.2024.109113

IF: 4.152

2024-02-12

Computers & Electrical Engineering

Abstract:In the rapidly evolving landscape of the Internet of Things (IoT), ensuring robust intrusion detection is paramount for device and data security. This paper proposes a novel method for intrusion detection in IoT networks that leverages a unique blend of subspace clustering and ensemble learning. Our framework integrates three innovative strategies: Clustering Results as Features (CRF), Two-Level Decision Making (TDM), and Iterative Feedback Loop (IFL). These strategies synergize to enhance detection performance and model robustness. We employ mutual information for feature selection and utilize four subspace clustering algorithms – CLIQUE, PROCLUS, SUBCLU, and LOF – to create additional feature sets. Three base learners – NB, LGBM, and XGB – are used in conjunction with a Logistic Regression (LR) meta-learner. To fine-tune our model, we apply Particle Swarm Optimization (PSO) for hyperparameter optimization. We evaluate our framework on the UNSW-NB15 dataset, which contains realistic and diverse IoT network traffic data. The results show that our framework outperforms the state-of-the-art methods in terms of accuracy (97.05%), precision (96.33%), recall (96.55%), F1-score (96.45%), and false positive rate (0.029). Our framework can effectively detect both known and unknown attacks in IoT networks and achieve high accuracy and low false positive rate. The paper contributes both practical implications for network security and theoretical advancements in intrusion detection research.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Huifen Wang,Dong Guo,Jinrui Wei,Jinze Li

DOI: https://doi.org/10.1016/j.jisa.2024.103751

IF: 4.96

2024-03-27

Journal of Information Security and Applications

Abstract:The emergence of IoT has introduced new security concerns, particularly the detection of large-scale network attacks initiated by compromised IoT devices. The diverse nature of IoT devices adds complexity to attack detection, necessitating the classification of devices based on their unique characteristics and behavior patterns. This paper presents a novel device classification method grounded in traffic differentials before and after IoT devices succumb to compromise. The study defines the concept of attack sensitivity and designs a method for calculating the value. The K-means algorithm is used to classify devices into predefined categories based on their attack sensitivity values. The effectiveness of this method is demonstrated through experiments on a public dataset. Additionally, a multi-class classification model is developed to identify newly added devices to the IoT environment, with good results in accuracy, precision, recall, F1 score, and FPR (0.999, 0.997–1,0.997–1,0.998–1,0–0.001). Overall, The device classification method proposed in this paper, based on attack sensitivity, not only enables a rational definition of device categories but also ensures precise classification for devices newly integrated into the IoT environment. This lays the foundation for achieving more precise attack detection and protection, advancing the field towards enhanced cybersecurity measures.

computer science, information systems

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence

Arshiya Khan,Chase Cotton

DOI: https://doi.org/10.5121/ijcsit.2022.14605

2023-01-10

Abstract:Through the generalization of deep learning, the research community has addressed critical challenges in the network security domain, like malware identification and anomaly detection. However, they have yet to discuss deploying them on Internet of Things (IoT) devices for day-to-day operations. IoT devices are often limited in memory and processing power, rendering the compute-intensive deep learning environment unusable. This research proposes a way to overcome this barrier by bypassing feature engineering in the deep learning pipeline and using raw packet data as input. We introduce a feature engineering-less machine learning (ML) process to perform malware detection on IoT devices. Our proposed model, "Feature engineering-less-ML (FEL-ML)," is a lighter-weight detection algorithm that expends no extra computations on "engineered" features. It effectively accelerates the low-powered IoT edge. It is trained on unprocessed byte-streams of packets. Aside from providing better results, it is quicker than traditional feature-based methods. FEL-ML facilitates resource-sensitive network traffic security with the added benefit of eliminating the significant investment by subject matter experts in feature engineering.

Cryptography and Security,Artificial Intelligence,Machine Learning

Haifeng Lin,Qilin Xue,Jiayin Feng,Di Bai

DOI: https://doi.org/10.1016/j.dcan.2022.09.021

IF: 6.348

2023-02-01

Digital Communications and Networks

Abstract:With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.

Mohanad Sarhan,Siamak Layeghy,Marius Portmann

DOI: https://doi.org/10.48550/arXiv.2108.12732

2022-11-23

Abstract:Internet of Things (IoT) networks have become an increasingly attractive target of cyberattacks. Powerful Machine Learning (ML) models have recently been adopted to implement network intrusion detection systems to protect IoT networks. For the successful training of such ML models, selecting the right data features is crucial, maximising the detection accuracy and computational efficiency. This paper comprehensively analyses feature sets' importance and predictive power for detecting network attacks. Three feature selection algorithms: chi-square, information gain and correlation, have been utilised to identify and rank data features. The attributes are fed into two ML classifiers: deep feed-forward and random forest, to measure their attack detection performance. The experimental evaluation considered three datasets: UNSW-NB15, CSE-CIC-IDS2018, and ToN-IoT in their proprietary flow format. In addition, the respective variants in NetFlow format were also considered, i.e., NF-UNSW-NB15, NF-CSE-CIC-IDS2018, and NF-ToN-IoT. The experimental evaluation explored the marginal benefit of adding individual features. Our results show that the accuracy initially increases rapidly with adding features but converges quickly to the maximum. This demonstrates a significant potential to reduce the computational and storage cost of intrusion detection systems while maintaining near-optimal detection accuracy. This has particular relevance in IoT systems, with typically limited computational and storage resources.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Xiuzhang Yang,Guojun Peng,Dongni Zhang,Yangqi Lv

DOI: https://doi.org/10.1155/2022/4748528

IF: 1.968

2022-04-26

Security and Communication Networks

Abstract:Nowadays, the intrusion detection system (IDS) plays a crucial role in the Internet of Things (IoT) networks, which could effectively protect sensitive data from various attacks. However, the existing works have not considered multiview features fusion and failed to capture the semantic relationships among the anomalous requests. They are not robust and cannot detect the attack types in real-time. This paper proposes a lightweight intrusion detection system based on deep learning and knowledge graph. First, our system extracts semantic relationships and key features by knowledge graph and statistical analysis. Then, IoT network requests are converted into word vectors through multiview feature fusion and feature alignment. Finally, an attention-based CNN-BiLSTM model is designed to identify malicious request attacks, which can capture long-distance dependence and contextual semantic information. Experiment results show that the proposed model significantly outperforms the existing solution in the robustness of the model. Moreover, it can select more critical features for IDS to achieve better accuracy and lower the false alarm rate. Compared with the state-of-the-art systems, the proposed IDS achieves a higher detection accuracy of 90.01%. In addition, our system can detect various stealthy attack types (including DoS, Probe, R2L, and U2L) and extract semantic relationships among features.

computer science, information systems,telecommunications

Hongyu Yang,Zelin Wang,Liang Zhang,Xiang Cheng

DOI: https://doi.org/10.1002/int.23074

IF: 8.993

2022-01-01

International Journal of Intelligent Systems

Abstract:The existing botnet detection methods have the problems of uneven sampling, poor feature selection, and weak generalization ability, resulting in low detection and classification results and poor adaptability to the internet of things (IoT) environment with limited computing and storage resources. This paper proposes an IoT botnet detection method using feature reconstruction and interval optimization to solve the above problems. Through the designed address triple and time window-based IP aggregation and feature reconstruction method (ATTW-IP-FR), the network traffic samples obtained from the IoT gateway are integrated, and the flow features are reconstructed to attain the reconstructed sample set. The proposed self-corrected hybrid weighted sampling algorithm balances the normal and botnet flow samples in the reconstructed sample set to get the resampling sample set. The introduced multiattribute decision-making and adjacency relation chain-based sequential forward selection algorithm is applied to eliminate the redundant features in the resampling sample set, and the optimal feature subset is obtained. The resampling sample set filtered by the optimal feature subset is detected and classified through the designed two-stage hybrid heterogeneous model optimized by the intermittent chaos and bald eagle search algorithm-based interval optimization algorithm. The experimental results show that the proposed method effectively detects the botnet in two real IoT scenarios. The detection accuracy is 99.17% $ \% $, the Matthews correlation coefficient is 98.35% $ \% $, the false positive rate is 0.25% $ \% $, and the false negative rate is 1.27% $ \% $, which are better than the existing methods. This method can effectively reduce sampling and feature selection time and space overhead and better adapt to the resource-constrained IoT environment.

Yi-Wen Chen,Jang-Ping Sheu,Yung-Ching Kuo,Nguyen Van Cuong

DOI: https://doi.org/10.1109/eucnc48522.2020.9200909

2020-01-01

Abstract:DDoS attacks often happen in cloud servers and cause a devastating problem. However, an increasing number of Internet of Things (IoT) devices makes us not ignore the influence of large-scale DDoS attacks from IoT devices. In this paper, we propose a machine learning-based on a multi-layer IoT DDoS attack detection system, including IoT devices, IoT gateways, SDN switches, and cloud servers. Firstly, we build eight smart poles with various sensors on our campus and collect sensor data as our datasets through wireless networks or wired networks. Next, we extract the features based on DDoS attack types. The feature selection can result in high accuracy DDoS attack detection in the real IoT environment. The experimental results show that our multi-layer DDoS detection system can accurately detect DDoS attacks. And the SDN controller can block venomous devices effectively according to blacklists from the results of our IoT DDoS attacks detection system.

Farhan Ullah,Ali Turab,Shamsher Ullah,Diletta Cacciagrano,Yue Zhao

DOI: https://doi.org/10.3390/s24134152

IF: 3.9

2024-06-27

Sensors

Abstract:Internet of Things (IoT) applications and resources are highly vulnerable to flood attacks, including Distributed Denial of Service (DDoS) attacks. These attacks overwhelm the targeted device with numerous network packets, making its resources inaccessible to authorized users. Such attacks may comprise attack references, attack types, sub-categories, host information, malicious scripts, etc. These details assist security professionals in identifying weaknesses, tailoring defense measures, and responding rapidly to possible threats, thereby improving the overall security posture of IoT devices. Developing an intelligent Intrusion Detection System (IDS) is highly complex due to its numerous network features. This study presents an improved IDS for IoT security that employs multimodal big data representation and transfer learning. First, the Packet Capture (PCAP) files are crawled to retrieve the necessary attacks and bytes. Second, Spark-based big data optimization algorithms handle huge volumes of data. Second, a transfer learning approach such as word2vec retrieves semantically-based observed features. Third, an algorithm is developed to convert network bytes into images, and texture features are extracted by configuring an attention-based Residual Network (ResNet). Finally, the trained text and texture features are combined and used as multimodal features to classify various attacks. The proposed method is thoroughly evaluated on three widely used IoT-based datasets: CIC-IoT 2022, CIC-IoT 2023, and Edge-IIoT. The proposed method achieves excellent classification performance, with an accuracy of 98.2%. In addition, we present a game theory-based process to validate the proposed approach formally.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ruoyu Li,Qing Li,Yucheng Huang,Wenbin Zhang,Peican Zhu,Yong Jiang

DOI: https://doi.org/10.1007/978-3-031-17146-8_28

2022-01-01

Abstract:As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model's generalization ability. For evaluation, we build a 57.1GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

Yixuan Wu,Laisen Nie,Shupeng Wang,Zhaolong Ning,Shengtao Li

DOI: https://doi.org/10.1109/jiot.2021.3112159

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the rapid advance of Internet of Things (IoT), it is difficult for cloud-centric computing to meet the requirements of low latency and ease of use. As an open and distributed system, edge computing integrates computing, networking, storage, and applications. It provides intelligent services on the edge of an IoT. The edge network is composed of various wireless and wired networks, and the computing and storage resources of edge nodes are limited. These conditions make the edge network expose to a variety of cyber attacks. Additionally, it is difficult for an IoT edge node to support large-scale network data collection and detection for IoT security. Although big data-enabled intrusion detection algorithms can ensure the high accuracy of intrusion detection systems, it is stressful for resource-limited edge nodes to implement those algorithms in IoT. Motivated by these challenges, we propose an intelligent intrusion detection algorithm implemented by big data mining based on a fuzzy rough set, generative adversarial network (GAN), and convolutional neural network (CNN). In our method, we first propose a fuzzy rough set-based algorithm to perform feature selection for big data via IoT. Then, we take advantage of the efficient feature extraction capabilities of CNN for implementing intrusion detection based on selected features. Furthermore, after combining CNN and GAN, we propose an intelligent algorithm to realize intrusion detection in a variety of scenarios. Finally, the proposed method is compared with existing methods for evaluation. Simulation results show that our method has up to 4% higher accuracy than existing methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dr. S. Smys,Dr. Haoxiang Wang,Dr. Abul Basar

DOI: https://doi.org/10.36548/JISMAC.2020.4.002

2020-09-30

DECEMBER

Abstract:Internet of things (IoT) is a promising solution to connect and access every device through internet. Every day the device count increases with large diversity in shape, size, usage and complexity. Since IoT drive the world and changes people lives with its wide range of services and applications. However, IoT provides numerous services through applications, it faces severe security issues and vulnerable to attacks such as sinkhole attack, eaves dropping, denial of service attacks, etc., Intrusion detection system is used to detect such attacks when the network security is breached. This research work proposed an intrusion detection system for IoT network and detect different types of attacks based on hybrid convolutional neural network model. Proposed model is suitable for wide range of IoT applications. Proposed research work is validated and compared with conventional machine learning and deep learning model. Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network.

Computer Science,Engineering