An Intelligent Intrusion Detection System for Internet of Things Attack Detection and Identification Using Machine Learning
The usability and scalability of Internet of things (IoT) technology are expanding in such a way that they facilitate human living standards. However, they increase the vulnerabilities and attack vectors over IoT networks as well. Thus, more security challenges could be expected and encountered, and more security services and solutions should be provided. Although many security techniques propose and promise good solutions for that intrusion detection systems IDSs still considered the best. Many works proposed machine learning (ML)-based IDSs for IoT attack detection and classification. Nevertheless, they suffer from two main gaps. First, few of the works utilized or could analyze an up-to-date version of IoT-based attack behaviors. Second, few of the works can be considered as multi-class attack detection and classification. Therefore, this work proposes an intelligent IDS (IIDS) by exploiting the ability of ML algorithms to classify and identify malicious from benign behaviors among IoT network packets. Three ML classifier algorithms are investigated, which are K-Nearest Neighbor, support vector machine, and artificial neural network. The developed models have been trained and tested as binary and multi-class classifiers against 15 types of attacks and benign. This work employs an up-to-date dataset known as IoT23, which covers millions of malicious and benign behaviors of IoT-connected devices. The process of developing the proposed IIDSs goes under different preprocessing phases and methods, such as null value solving, SMOTE method for the imbalanced datasets, data normalization, and feature selections. The results present IIDSs as good binary and multi-class classifiers even for zero-day attacks.
Abdulla, S.M., Al-Dabagh, N.B., and Zakaria, O., 2010. Identify features and parameters to devise an accurate intrusion detection system using artificial neural network. International Journal of Computer and Information Engineering, 4, pp.1553-1557.
Alfarshouti, A.M., and Almutairi, S.M., 2022. An intrusion detection system in IoT environment using KNN and SVM classifiers. Webology, 19, pp.130-143.
Aslam, M., Ye, D., Tariq, A., Asad, M., Hanif, M., Ndzi, D., Chelloug, S.A., Elaziz, M.A., Al-Qaness, M.A.A., and Jilani, S.F., 2022. Adaptive machine learning based distributed denial-of-services attacks detection and mitigation system for SDN-enabled IoT. Sensors(Basel), 22, p.2697.
Bhandari, A., 2020. Everything you Should Know about Confusion Matrix for Machine Learning’, Analytics Vidhya. Available from: https://www.analyticsvidhya.com/blog/2020/04/confusion-matrix-machine-learning/#:~:text=A%20Confusion%20matrix%20is%20an,by%20the%20machine%20learning%20model [Last accessed on 2022 Aug 26].
Chen, K., Zhang, S., Li, Z., Zhang, Y., Deng, Q., Ray, S., and Jin, Y., 2018. Internet-of-things security and vulnerabilities: Taxonomy, challenges, and practice. Journal of Hardware and Systems Security, 2, pp.97-110.
Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., and Buchanan, W.J., 2021. An experimental analysis of attack classification using machine learning in IoT networks. Sensors (Basel), 21, p.446.
Fatayer, T.S., and Azara, M.N., 2019. IoT secure communication using ANN classification algorithms. In: 2019 International Conference on Promising Electronic Technologies (ICPET). IEEE, New Jersey, pp.142-146.
Garcia, S., Parmisano, A., and Erquiaga, M.J., 2020. IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic. Stratosphere Lab., TechRep, Praha, Czech Republic.
Giusto, D., Iera, A., Morabito, G., and Atzori, L., 2010. The Internet of Things: 20th Tyrrhenian Workshop on Digital Communications. Springer Science and Business Media, Berlin.
Gopi, R., Sathiyamoorthi, V., Selvakumar, S., Manikandan, R., Chatterjee, P., Jhanjhi, N.Z., and Luhach, A.K., 2021. Enhanced method of ANN based model for detection of DDoS attacks on multimedia internet of things. Multimedia Tools and Applications, pp.1-19.
Hanif, S., Ilyas, T., and Zeeshan, M., 2019. Intrusion Detection in IoT using Artificial Neural Networks on UNSW-15 Dataset. In: 2019 IEEE 16th International Conference on Smart Cities: Improving Quality of Life using ICT & IoT and AI (HONET-ICT). IEEE, New Jerssey, pp.152-156.
Ho, E.S.L., 2022. Data security challenges in deep neural network for healthcare IoT systems. In: Security and Privacy Preserving for IoT and 5G Networks. Springer, Berlin.
Iman, A.I.N., 2022. Low Rate DDOS attack Detection using KNN on SD-IOT. Universitas Muhammadiyah Malang, Indonesia.
Islam, U., Muhammad, A., Mansoor, R., Hossain, M.S., Ahmad, I., Eldin, E.T., Khan, J.A., Ur Rehman, A., and Shafiq, M., 2022. Detection of Distributed Denial of Service (DDoS) attacks in IOT based monitoring system of banking sector using machine learning models. Sustainability, 14, p.8374.
Kareem, M.I., and Jasim, M.N., 2022. Fast and accurate classifying model for denial-of-service attacks by using machine learning. Bulletin of Electrical Engineering and Informatics, 11, pp.1742-1751.
Kumari, K., and Mrunalini, M., 2022. Detecting denial of service attacks using machine learning algorithms. Journal of Big Data, 9, p.56.
Lee, S.J., and Zeng, X., 2008. A Modular Method for Estimating Null Values in Relational Database Systems. In: 2008 Eighth International Conference on Intelligent Systems Design and Applications. IEEE, New Jerssey, pp.415-419.
Li, W., Yi, P., Wu, Y., Pan, L., and Li, J., 2014. A new intrusion detection system based on KNN classification algorithm in wireless sensor network. Journal of Electrical and Computer Engineering, 2014, p.240217.
Li, Z., Rios, A.L.G., and Trajković, L., 2021. Classifying Denial of Service Attacks Using Fast Machine Learning Algorithms. In: 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, New Jerssey, pp.1221-1226.
Majeed Alhammadi, N.A., 2022. Comparative study between (SVM) and (KNN) classifiers by using (PCA) to improve of intrusion detection system. Iraqi Journal of Intelligent Computing and Informatics (IJICI), 1, pp.22-33.
Malik, M., and Dutta, M., 2022. Security Challenges in Internet of Things (IoT) integrated power and energy (PaE) systems. In: Intelligent Data Analytics for Power and Energy Systems. Springer Nature, Berlin, pp.555-566.
Mehmood, A., Khan, A.N., and Elhadef, M., 2022. HeuCrip: A malware detection approach for internet of battlefield things. Cluster Computing, 26, pp.977-992.
Nagisetty, A., and Gupta, G.P., 2019. Framework for Detection of Malicious Activities in IoT Networks using Keras Deep Learning Library. In: 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). IEEE, United States, pp.633-637.
Nawir, M., Amir, A., Yaakob, N., and Bi Lynn, O., 2016. Internet of Things (IoT): Taxonomy of Security Attacks. In: 2016 3rd International Conference on Electronic Design (ICED). IEEE, United States, pp.321-326.
Garcia, S., Parmisano, A. and Equiaga, M.J. (2020). IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic (Version 1.0.0) [Data Set]. Europe: Zenodo. http://doi.org/10.5281/zenodo.4743746
Picon Ruiz, A., Gila, A.A., Irusta, U., and Huguet, J.E., 2020. Why deep learning performs better than classical machine learning? Dyna Ingenieria E Industria, 95, pp.119-122.
Radivilova, T., Kirichenko, L., Ageiev, D., and Bulakh, V., 2019. Classification Methods of Machine Learning to Detect DDoS Attacks. In: 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE, United States, pp. 207-210.
Saharkhizan, M., Azmoodeh, A., Dehghantanha, A., Choo, K.K.R., and Parizi, R.M., 2020. An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic. IEEE Internet of Things Journal, 7, pp.8852-8859.
Sanmorino, A., 2019. A study for DDOS attack classification method. Journal of Physics: Conference Series, 2019, p.012025.
Sewak, M., Sahay, S.K., and Rathore, H., 2018. Comparison of Deep Learning and the Classical Machine Learning Algorithm for the Malware Detection. In: 2018 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). IEEE, United States, pp.293-296.
Soe, Y.N., Feng, Y., Santosa, P.I., Hartanto, R., and Sakurai, K., 2019. A Sequential Scheme for Detecting Cyber Attacks in IoT Environment. In: 2019 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conferenced on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/ CBDCom/CyberSciTech). IEEE, United States, pp.238-244.
Tabassum, A., Erbad, A., Lebda, W., Mohamed, A., and Guizani, M., 2022. FEDGAN-IDS: Privacy-preserving IDS using GAN and federated learning. Computer Communications, 192, pp.299-310.
Tabassum, A., Erbad, A., Mohamed, A., and Guizani, M., 2021. Privacy preserving distributed IDS using incremental learning for IoT health systems. IEEE Access, 9, pp.14271-14283.
Weller-Fahy, D.J., Borghetti, B.J., and Sodemann, A.A., 2014. A survey of distance and similarity measures used within network intrusion anomaly detection. IEEE Communications Surveys and Tutorials, 17, pp.70-91.
Wongvorachan, T., He, S., and Bulut, O., 2023. A comparison of undersampling, oversampling, and SMOTE methods for dealing with imbalanced classification in educational data mining. Information, 14, p.54.
Copyright (c) 2023 Trifa S. Othman, Saman M. Abdullah
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License [CC BY-NC-SA 4.0] that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).