1
|
Mogollón Gutiérrez Ó, Sancho Núñez JC, Ávila M, Caro A. A detailed study of resampling algorithms for cyberattack classification in engineering applications. PeerJ Comput Sci 2024; 10:e1975. [PMID: 38660195 PMCID: PMC11041950 DOI: 10.7717/peerj-cs.1975] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/12/2023] [Accepted: 03/11/2024] [Indexed: 04/26/2024]
Abstract
The evolution of engineering applications is highly relevant in the context of protecting industrial systems. As industries are increasingly interconnected, the need for robust cybersecurity measures becomes paramount. Engineering informatics not only provides tools for knowledge representation and extraction but also affords a comprehensive spectrum of developing sophisticated cybersecurity solutions. However, safeguarding industrial systems poses a unique challenge due to the inherent heterogeneity of data within these environments. Together with this problem, it's crucial to acknowledge that datasets that simulate real cyberattacks within these diverse environments exhibit a high imbalance, often skewed towards certain types of traffics. This study proposes a system for addressing class imbalance in cybersecurity. To do this, three oversampling (SMOTE, Borderline1-SMOTE, and ADASYN) and five undersampling (random undersampling, cluster centroids, NearMiss, repeated edited nearest neighbor, and Tomek Links) methods are tested. Particularly, these balancing algorithms are used to generate one-vs-rest binary models and to develop a two-stage classification system. By doing so, this study aims to enhance the efficacy of cybersecurity measures ensuring a more comprehensive understanding and defense against the diverse range of threats encountered in industrial environments. Experimental results demonstrates the effectiveness of proposed system for cyberattack detection and classification among nine widely known cyberattacks.
Collapse
Affiliation(s)
| | | | - Mar Ávila
- Escuela Politecnica, University of Extremadura, Cáceres, Cáceres, Spain
| | - Andrés Caro
- Escuela Politecnica, University of Extremadura, Cáceres, Cáceres, Spain
| |
Collapse
|
2
|
Alalhareth M, Hong SC. An Adaptive Intrusion Detection System in the Internet of Medical Things Using Fuzzy-Based Learning. SENSORS (BASEL, SWITZERLAND) 2023; 23:9247. [PMID: 38005635 PMCID: PMC10674369 DOI: 10.3390/s23229247] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/22/2023] [Revised: 11/13/2023] [Accepted: 11/16/2023] [Indexed: 11/26/2023]
Abstract
The Internet of Medical Things (IoMT) is a growing trend within the rapidly expanding Internet of Things, enhancing healthcare operations and remote patient monitoring. However, these devices are vulnerable to cyber-attacks, posing risks to healthcare operations and patient safety. To detect and counteract attacks on the IoMT, methods such as intrusion detection systems, log monitoring, and threat intelligence are utilized. However, as attackers refine their methods, there is an increasing shift toward using machine learning and deep learning for more accurate and predictive attack detection. In this paper, we propose a fuzzy-based self-tuning Long Short-Term Memory (LSTM) intrusion detection system (IDS) for the IoMT. Our approach dynamically adjusts the number of epochs and utilizes early stopping to prevent overfitting and underfitting. We conducted extensive experiments to evaluate the performance of our proposed model, comparing it with existing IDS models for the IoMT. The results show that our model achieves high accuracy, low false positive rates, and high detection rates, indicating its effectiveness in identifying intrusions. We also discuss the challenges of using static epochs and batch sizes in deep learning models and highlight the importance of dynamic adjustment. The findings of this study contribute to the development of more efficient and accurate IDS models for IoMT scenarios.
Collapse
Affiliation(s)
- Mousa Alalhareth
- Department of Information Systems, College of Computer Science and Information System, Najran University, Najran 61441, Saudi Arabia
- Department of Computer and Information Sciences, Towson University, Towson, MD 21204, USA
| | - Sung-Chul Hong
- Department of Computer and Information Sciences, Towson University, Towson, MD 21204, USA
| |
Collapse
|
3
|
Sharma RK, Issac B, Xin Q, Gadekallu TR, Nath K. Plant and Salamander Inspired Network Attack Detection and Data Recovery Model. SENSORS (BASEL, SWITZERLAND) 2023; 23:5562. [PMID: 37420729 DOI: 10.3390/s23125562] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/15/2023] [Revised: 04/24/2023] [Accepted: 06/01/2023] [Indexed: 07/09/2023]
Abstract
The number of users of the Internet has been continuously rising, with an estimated 5.1 billion users in 2023, which comprises around 64.7% of the total world population. This indicates the rise of more connected devices to the network. On average, 30,000 websites are hacked daily, and nearly 64% of companies worldwide experience at least one type of cyberattack. As per IDC's 2022 Ransomware study, two-thirds of global organizations were hit by a ransomware attack that year. This creates the desire for a more robust and evolutionary attack detection and recovery model. One aspect of the study is the bio-inspiration models. This is because of the natural ability of living organisms to withstand various odd circumstances and overcome them with an optimization strategy. In contrast to the limitations of machine learning models with the need for quality datasets and computational availability, bio-inspired models can perform in low computational environments, and their performances are designed to evolve naturally with time. This study concentrates on exploring the evolutionary defence mechanism in plants and understanding how plants react to any known external attacks and how the response mechanism changes to unknown attacks. This study also explores how regenerative models, such as salamander limb regeneration, could build a network recovery system where services could be automatically activated after a network attack, and data could be recovered automatically by the network after a ransomware-like attack. The performance of the proposed model is compared to open-source IDS Snort and data recovery systems such as Burp and Casandra.
Collapse
Affiliation(s)
- Rupam Kumar Sharma
- Department of Computer Science and Engineering, Rajiv Gandhi University, Itanagar 791112, India
| | - Biju Issac
- Department of Computer and Information Sciences, Northumbria University, Newcastle upon Tyne NE1 8ST, UK
| | - Qin Xin
- Faculty of Science and Technology, University of the Faroe Islands, Vestara Bryggja 15, FO-100 Tórshavn, Faroe Islands
| | - Thippa Reddy Gadekallu
- School of Information Technology and Engineering, Vellore Institute of Technology & Engineering, Vellore 632014, India
- Department of Electrical and Computer Engineering, Lebanese American University, Byblos P.O. Box 36, Lebanon
- Zhongda Group, Haiyan County, Jiaxing 314312, China
- College of Information Science and Engineering, Jiaxing University, Jiaxing 314001, China
- Division of Research and Development, Lovely Professional University, Phagwara 144401, India
| | - Keshab Nath
- Department of Computer Science and Engineering, Indian Institute of Information Technology, Kottayam 686635, India
| |
Collapse
|
4
|
Khan NW, Alshehri MS, Khan MA, Almakdi S, Moradpoor N, Alazeb A, Ullah S, Naz N, Ahmad J. A hybrid deep learning-based intrusion detection system for IoT networks. MATHEMATICAL BIOSCIENCES AND ENGINEERING : MBE 2023; 20:13491-13520. [PMID: 37679099 DOI: 10.3934/mbe.2023602] [Citation(s) in RCA: 2] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 09/09/2023]
Abstract
The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.
Collapse
Affiliation(s)
- Noor Wali Khan
- Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan
| | - Mohammed S Alshehri
- Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia
| | - Muazzam A Khan
- Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan
- ICESCO Chair Big Data Analytics and Edge Computing, Quaid-i-Azam University, Islamabad 44000, Pakistan
| | - Sultan Almakdi
- Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia
| | - Naghmeh Moradpoor
- School of Computing, Engineering & The Built Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK
| | - Abdulwahab Alazeb
- Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia
| | - Safi Ullah
- Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan
| | - Naila Naz
- Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan
| | - Jawad Ahmad
- School of Computing, Engineering & The Built Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK
| |
Collapse
|
5
|
Catillo M, Pecchia A, Villano U. CPS-GUARD: Intrusion Detection for Cyber-Physical Systems and IoT Devices Using Outlier-Aware Deep Autoencoders. Comput Secur 2023. [DOI: 10.1016/j.cose.2023.103210] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/31/2023]
|
6
|
Zero-day attack detection: a systematic literature review. Artif Intell Rev 2023. [DOI: 10.1007/s10462-023-10437-z] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 03/03/2023]
|
7
|
Gokul Pran S, Raja S. An efficient feature selection and classification approach for an intrusion detection system using Optimal Neural Network. JOURNAL OF INTELLIGENT & FUZZY SYSTEMS 2023. [DOI: 10.3233/jifs-222120] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 02/26/2023]
Abstract
Network flaws are used by hackers to get access to private systems and data. This data and system access may be extremely destructive with losses. Therefore, this network intrusions detection is utmost significance. While investigating every feature set in the network, deep learning-based algorithms require certain inputs. That’s why, an Adaptive Artificial Neural Network Optimized with Oppositional Crow Search Algorithm is proposed for network intrusions detection (IDS-AANN-OCSA). The proposed method includes several phases, including feature selection, preprocessing, data acquisition, and classification. Here, the datas are gathered via CICIDS 2017 dataset. The datas are fed to pre-processing. During pre-processing, redundancy eradication and missing value replacement is carried out with the help of random forest along Local least squares for removing uncertainties. The pre-processed datas are fed to feature selection to select better features. The feature selection is accomplished under hybrid genetic algorithm together with particle swarm optimization technique (GPSO). The selected features are fed to adaptive artificial neural network (AANN) for categorization which categorizes the data as BENIGN, DOS Hulk, PortScan, DDoS, DoS Golden Eye. Finally, the hyper parameter of adaptive artificial neural network is tuned with Oppositional Crow Search Algorithm (OCSA) helps to gain better classification of network intrusions. The proposed approach is activated in Python, and its efficiency is evaluated with certain performance metrics, like accuracy, recall, specificity, precision, F score, sensitivity. The performance of proposed approach achieves better accuracy 99.75%, 97.85%, 95.13%, 98.79, better sensitivity 96.34%, 91.23%, 89.12%, 87.25%, compared with existing methods, like One-Dimensional Convolutional Neural Network Based Deep Learning for Network Intrusion Detection (IDS-CNN-GPSO), An innovative network intrusion detection scheme (IDS-CNN-LSTM) and Application of deep learning to real-time Web intrusion detection (IDS-CNN-ML-AIDS) methods respectively.
Collapse
Affiliation(s)
- S. Gokul Pran
- Department of Computer Science Engineering, Christian College of Engineering & Technology, Dindigul, Tamil Nadu, India
| | - Sivakami Raja
- Department of Information Technology, PSNA College of Engineering and Technology, Dindigul, Tamil Nadu, India
| |
Collapse
|
8
|
Attique D, Wang H, Wang P. Fog-Assisted Deep-Learning-Empowered Intrusion Detection System for RPL-Based Resource-Constrained Smart Industries. SENSORS (BASEL, SWITZERLAND) 2022; 22:9416. [PMID: 36502115 PMCID: PMC9735641 DOI: 10.3390/s22239416] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 09/22/2022] [Revised: 11/16/2022] [Accepted: 11/22/2022] [Indexed: 06/17/2023]
Abstract
The Internet of Things (IoT) is a prominent and advanced network communication technology that has familiarized the world with smart industries. The conveniently acquirable nature of IoT makes it susceptible to a diversified range of potential security threats. The literature has brought forth a plethora of solutions for ensuring secure communications in IoT-based smart industries. However, resource-constrained sectors still demand significant attention. We have proposed a fog-assisted deep learning (DL)-empowered intrusion detection system (IDS) for resource-constrained smart industries. The proposed Cuda-deep neural network gated recurrent unit (Cu-DNNGRU) framework was trained on the N-BaIoT dataset and was evaluated on judicious performance metrics, including accuracy, precision, recall, and F1-score. Additionally, the Cu-DNNGRU was empirically investigated alongside state-of-the-art classifiers, including Cu-LSTMDNN, Cu-BLSTM, and Cu-GRU. An extensive performance comparison was also undertaken among the proposed IDS and some outstanding solutions from the literature. The simulation results showed ample strength with respect to the validation of the proposed framework. The proposed Cu-DNNGRU achieved 99.39% accuracy, 99.09% precision, 98.89% recall, and an F1-score of 99.21%. In the performance comparison, the values were substantially higher than those of the benchmarked schemes, as well as competitive security solutions from the literature.
Collapse
Affiliation(s)
- Danish Attique
- College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
| | - Hao Wang
- Department of Automation, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
| | - Ping Wang
- Department of Automation, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
| |
Collapse
|
9
|
Peng J, Cai Z, Chen Z, Liu X, Zheng M, Song C, Zhu X, Teng Y, Zhang R, Zhou Y, Lv X, Xu J. An trustworthy intrusion detection framework enabled by ex-post-interpretation-enabled approach. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2022. [DOI: 10.1016/j.jisa.2022.103364] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/11/2022]
|
10
|
Meta-Heuristic Optimization Algorithm-Based Hierarchical Intrusion Detection System. COMPUTERS 2022. [DOI: 10.3390/computers11120170] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/30/2022]
Abstract
Numerous network cyberattacks have been launched due to inherent weaknesses. Network intrusion detection is a crucial foundation of the cybersecurity field. Intrusion detection systems (IDSs) are a type of machine learning (ML) software proposed for making decisions without explicit programming and with little human intervention. Although ML-based IDS advancements have surpassed earlier methods, they still struggle to identify attack types with high detection rates (DR) and low false alarm rates (FAR). This paper proposes a meta-heuristic optimization algorithm-based hierarchical IDS to identify several types of attack and to secure the computing environment. The proposed approach comprises three stages: The first stage includes data preprocessing, feature selection, and the splitting of the dataset into multiple binary balanced datasets. In the second stage, two novel meta-heuristic optimization algorithms are introduced to optimize the hyperparameters of the extreme learning machine during the construction of multiple binary models to detect different attack types. These are combined in the last stage using an aggregated anomaly detection engine in a hierarchical structure on account of the model’s accuracy. We propose a software machine learning IDS that enables multi-class classification. It achieved scores of 98.93, 99.63, 99.19, 99.78, and 0.01, with 0.51 for average accuracy, DR, and FAR in the UNSW-NB15 and CICIDS2017 datasets, respectively.
Collapse
|
11
|
Alkasassbeh M, Al-Haj Baddar S. Intrusion Detection Systems: A State-of-the-Art Taxonomy and Survey. ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING 2022. [DOI: 10.1007/s13369-022-07412-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/19/2022]
|
12
|
Manzano Sanchez RA, Zaman M, Goel N, Naik K, Joshi R. Towards Developing a Robust Intrusion Detection Model Using Hadoop-Spark and Data Augmentation for IoT Networks. SENSORS (BASEL, SWITZERLAND) 2022; 22:7726. [PMID: 36298077 PMCID: PMC9608938 DOI: 10.3390/s22207726] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 09/15/2022] [Revised: 10/04/2022] [Accepted: 10/06/2022] [Indexed: 06/16/2023]
Abstract
In recent years, anomaly detection and machine learning for intrusion detection systems have been used to detect anomalies on Internet of Things networks. These systems rely on machine and deep learning to improve the detection accuracy. However, the robustness of the model depends on the number of datasamples available, quality of the data, and the distribution of the data classes. In the present paper, we focused specifically on the amount of data and class imbalanced since both parameters are key in IoT due to the fact that network traffic is increasing exponentially. For this reason, we propose a framework that uses a big data methodology with Hadoop-Spark to train and test multi-class and binary classification with one-vs-rest strategy for intrusion detection using the entire BoT IoT dataset. Thus, we evaluate all the algorithms available in Hadoop-Spark in terms of accuracy and processing time. In addition, since the BoT IoT dataset used is highly imbalanced, we also improve the accuracy for detecting minority classes by generating more datasamples using a Conditional Tabular Generative Adversarial Network (CTGAN). In general, our proposed model outperforms other published models including our previous model. Using our proposed methodology, the F1-score of one of the minority class, i.e., Theft attack was improved from 42% to 99%.
Collapse
Affiliation(s)
| | - Marzia Zaman
- Cistel Technology Inc., 30 Concourse Gate, Nepean, ON K2E 7V7, Canada
| | - Nishith Goel
- Cistech Limited, 201-203 Colonnade Rd, Nepean, ON K2E 7K3, Canada
| | - Kshirasagar Naik
- Department of Electrical and Computer Engineering, University of Waterloo, 200 University Ave W, Waterloo, ON N2L 3G1, Canada
| | - Rohit Joshi
- Cistel Technology Inc., 30 Concourse Gate, Nepean, ON K2E 7V7, Canada
| |
Collapse
|
13
|
IIoT Malware Detection Using Edge Computing and Deep Learning for Cybersecurity in Smart Factories. APPLIED SCIENCES-BASEL 2022. [DOI: 10.3390/app12157679] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 02/06/2023]
Abstract
The smart factory environment has been transformed into an Industrial Internet of Things (IIoT) environment, which is an interconnected and open approach. This has made smart manufacturing plants vulnerable to cyberattacks that can directly lead to physical damage. Most cyberattacks targeting smart factories are carried out using malware. Thus, a solution that efficiently detects malware by monitoring and analyzing network traffic for malware attacks in smart factory IIoT environments is critical. However, achieving accurate real-time malware detection in such environments is difficult. To solve this problem, this study proposes an edge computing-based malware detection system that efficiently detects various cyberattacks (malware) by distributing vast amounts of smart factory IIoT traffic information to edge servers for deep learning processing. The proposed malware detection system consists of three layers (edge device, edge, and cloud layers) and utilizes four meaningful functions (model training and testing, model deployment, model inference, and training data transmission) for edge-based deep learning. In experiments conducted on the Malimg dataset, the proposed malware detection system incorporating a convolutional neural network with image visualization technology achieved an overall classification accuracy of 98.93%, precision of 98.93%, recall of 98.93%, and F1-score of 98.92%.
Collapse
|
14
|
Sarwar A, Alnajim AM, Marwat SNK, Ahmed S, Alyahya S, Khan WU. Enhanced Anomaly Detection System for IoT Based on Improved Dynamic SBPSO. SENSORS 2022; 22:s22134926. [PMID: 35808425 PMCID: PMC9269715 DOI: 10.3390/s22134926] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/27/2022] [Revised: 06/21/2022] [Accepted: 06/26/2022] [Indexed: 12/04/2022]
Abstract
The Internet of Things (IoT) supports human endeavors by creating smart environments. Although the IoT has enabled many human comforts and enhanced business opportunities, it has also opened the door to intruders or attackers who can exploit the technology, either through attacks or by eluding it. Hence, security and privacy are the key concerns for IoT networks. To date, numerous intrusion detection systems (IDS) have been designed for IoT networks, using various optimization techniques. However, with the increase in data dimensionality, the search space has expanded dramatically, thereby posing significant challenges to optimization methods, including particle swarm optimization (PSO). In light of these challenges, this paper proposes a method called improved dynamic sticky binary particle swarm optimization (IDSBPSO) for feature selection, introducing a dynamic search space reduction strategy and a number of dynamic parameters to enhance the searchability of sticky binary particle swarm optimization (SBPSO). Through this approach, an IDS was designed to detect malicious data traffic in IoT networks. The proposed model was evaluated using two IoT network datasets: IoTID20 and UNSW-NB15. It was observed that in most cases, IDSBPSO obtained either higher or similar accuracy even with less number of features. Moreover, IDSBPSO substantially reduced computational cost and prediction time, compared with conventional PSO-based feature selection methods.
Collapse
Affiliation(s)
- Asima Sarwar
- Department of Computer Systems Engineering, University of Engineering and Technology, Peshawar 25120, Pakistan; (A.S.); (S.N.K.M.); (S.A.); (W.U.K.)
| | - Abdullah M. Alnajim
- Department of Information Technology, College of Computer, Qassim University, Buraydah 51452, Saudi Arabia
- Correspondence:
| | - Safdar Nawaz Khan Marwat
- Department of Computer Systems Engineering, University of Engineering and Technology, Peshawar 25120, Pakistan; (A.S.); (S.N.K.M.); (S.A.); (W.U.K.)
| | - Salman Ahmed
- Department of Computer Systems Engineering, University of Engineering and Technology, Peshawar 25120, Pakistan; (A.S.); (S.N.K.M.); (S.A.); (W.U.K.)
| | - Saleh Alyahya
- Department of Electrical Engineering, College of Engineering and Information Technology, Onaizah Colleges, Onaizah 56447, Saudi Arabia;
| | - Waseem Ullah Khan
- Department of Computer Systems Engineering, University of Engineering and Technology, Peshawar 25120, Pakistan; (A.S.); (S.N.K.M.); (S.A.); (W.U.K.)
| |
Collapse
|
15
|
Ahmad R, Alsmadi I, Alhamdani W, Tawalbeh L. A Deep Learning Ensemble Approach to Detecting Unknown Network Attacks. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2022. [DOI: 10.1016/j.jisa.2022.103196] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/24/2022]
|
16
|
Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method. Symmetry (Basel) 2022. [DOI: 10.3390/sym14061095] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 12/04/2022] Open
Abstract
Cloud computing facilitates the users with on-demand services over the Internet. The services are accessible from anywhere at any time. Despite the valuable services, the paradigm is, also, prone to security issues. A Distributed Denial of Service (DDoS) attack affects the availability of cloud services and causes security threats to cloud computing. Detection of DDoS attacks is necessary for the availability of services for legitimate users. The topic has been studied by many researchers, with better accuracy for different datasets. This article presents a method for DDoS attack detection in cloud computing. The primary objective of this article is to reduce misclassification error in DDoS detection. In the proposed work, we select the most relevant features, by applying two feature selection techniques, i.e., the Mutual Information (MI) and Random Forest Feature Importance (RFFI) methods. Random Forest (RF), Gradient Boosting (GB), Weighted Voting Ensemble (WVE), K Nearest Neighbor (KNN), and Logistic Regression (LR) are applied to selected features. The experimental results show that the accuracy of RF, GB, WVE, and KNN with 19 features is 0.99. To further study these methods, misclassifications of the methods are analyzed, which lead to more accurate measurements. Extensive experiments conclude that the RF performed well in DDoS attack detection and misclassified only one attack as normal. Comparative results are presented to validate the proposed method.
Collapse
|
17
|
Binbusayyis A, Alaskar H, Vaiyapuri T, Dinesh M. An investigation and comparison of machine learning approaches for intrusion detection in IoMT network. THE JOURNAL OF SUPERCOMPUTING 2022; 78:17403-17422. [PMID: 35601090 PMCID: PMC9114823 DOI: 10.1007/s11227-022-04568-3] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Accepted: 04/27/2022] [Indexed: 06/15/2023]
Abstract
Internet of Medical Things (IoMT) is network of interconnected medical devices (smart watches, pace makers, prosthetics, glucometer, etc.), software applications, and health systems and services. IoMT has successfully addressed many old healthcare problems. But it comes with its drawbacks essentially with patient's information privacy and security related issues that comes from IoMT architecture. Using obsolete systems can bring security vulnerabilities and draw attacker's attention emphasizing the need for effective solution to secure and protect the data traffic in IoMT network. Recently, intrusion detection system (IDS) is regarded as an essential security solution for protecting IoMT network. In the past decades, machines learning (ML) algorithms have demonstrated breakthrough results in the field of intrusion detection. Notwithstanding, to our knowledge, there is no work that investigates the power of machines learning algorithms for intrusion detection in IoMT network. This paper aims to fill this gap of knowledge investigating the application of different ML algorithms for intrusion detection in IoMT network. The investigation analysis includes ML algorithms such as K-nearest neighbor, Naïve Bayes, support vector machine, artificial neural network and decision tree. The benchmark dataset, Bot-IoT which is publicly available with comprehensive set of attacks was used to train and test the effectiveness of all ML models considered for investigation. Also, we used comprehensive set of evaluation metrics to compare the power of ML algorithms with regard to their detection accuracy for intrusion in IoMT networks. The outcome of the analysis provides a promising path to identify the best the machine learning approach can be used for building effective IDS that can safeguard IoMT network against malicious activities.
Collapse
Affiliation(s)
- Adel Binbusayyis
- College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Al Kharj, Saudi Arabia
| | - Haya Alaskar
- College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Al Kharj, Saudi Arabia
| | - Thavavel Vaiyapuri
- College of Computer Engineering and Sciences, Prince Sattam Bin Abdulaziz University, Al Kharj, Saudi Arabia
| | - M. Dinesh
- College of Computing and Informatics, Saudi Electronic University, Riyadh, Saudi Arabia
| |
Collapse
|
18
|
Ahmad R, Alsmadi I, Alhamdani W, Tawalbeh L. A comprehensive deep learning benchmark for IoT IDS. Comput Secur 2022. [DOI: 10.1016/j.cose.2021.102588] [Citation(s) in RCA: 4] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/03/2022]
|
19
|
Prasad A, Chandra S. VMFCVD: An Optimized Framework to Combat Volumetric DDoS Attacks using Machine Learning. ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING 2022; 47:9965-9983. [PMID: 35096507 PMCID: PMC8783776 DOI: 10.1007/s13369-021-06484-9] [Citation(s) in RCA: 3] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 08/12/2021] [Accepted: 12/06/2021] [Indexed: 11/29/2022]
Abstract
Despite significant development in distributed denial of service (DDoS) defense systems, the downtime caused by DDoS damages reputation, crushes end-user experience, and leads to considerable revenue loss. Volumetric DDoS attacks are the most common form of DDoS attack and are carried out by an army of infected IoT devices or by reflector servers, which increase attacks at massive scales. In this work, we propose a voting-based multimode framework to combat volumetric DDoS (VMFCVD) attacks. VMFCVD is based on a triad of fast detection mode (FDM), defensive fast detection mode (DFDM), and high accuracy mode (HAM) methods. FDM is designed to classify network traffic when the server is under attack. The highly dimensionally reduced dataset helps FDM accelerate detection speed. During our experiment, the dimension reduction for FDM was more than 97% while maintaining an accuracy of 99.9% in most cases. DFDM is an extended version of FDM that enhances malicious network traffic detection accuracy by tightening the detection technique. HAM focuses on detection accuracy, showing substantial improvement over FDM and DFDM. HAM activates when the server is stable. VMFCVD is extensively experimented on the latest benchmark DDoS and botnet datasets, namely the CICIDS2017 (BoT & DDoS), CSE-CIC-IDS2018 (BoT & DDoS), CICDDoS2019 (DNS, LDAP, SSDP & SYN), DoHBrw2020, NBaIoT2018 (Mirai), UNSW2018 BoTIoT, and UNSW NB15 datasets. The VMFCVD results show that it outperforms recent studies. VMFCVD performs exceptionally well when the server is under DDoS attack.
Collapse
Affiliation(s)
- Arvind Prasad
- Department of Computer Science, Babasaheb Bhimrao Ambedkar University (A Central University), Lucknow, 226025 UP India
| | - Shalini Chandra
- Department of Computer Science, Babasaheb Bhimrao Ambedkar University (A Central University), Lucknow, 226025 UP India
| |
Collapse
|
20
|
K. G, S.H. B. Network traffic analysis through deep learning for detection of an army of bots in health IoT network. INTERNATIONAL JOURNAL OF PERVASIVE COMPUTING AND COMMUNICATIONS 2022. [DOI: 10.1108/ijpcc-10-2021-0259] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 11/17/2022]
Abstract
Purpose
IoT has a wide range of applications in the health-care sector and has captured the interest of many academic and industrial communities. The health IoT devices suffer from botnet attacks as all the devices are connected to the internet. An army of compromised bots may form to launch a DDoS attack, steal confidential data of patients and disrupt the service, and hence detecting this army of bots is paramount. This study aims to detect botnet attacks in health IoT devices using the deep learning technique.
Design/methodology/approach
This paper focuses on designing a method to protect health IoT devices from botnet attacks by constantly observing communication network traffic and classifying them as benign and malicious flow. The proposed algorithm analyzes the health IoT network traffic through implementing Bidirectional long-short term memory, a deep learning technique. The IoT-23 data set is considered for this research as it includes diverse botnet attack scenarios.
Findings
The performance of the proposed method is evaluated using attack prediction accuracy. It results in the highest accuracy of 84.8%, classifying benign and malicious traffic.
Originality/value
The proposed method constantly monitors the health IoT network to detect botnet attacks and classifies the traffic as benign or attack. The system is implemented using the BiLSTM algorithm and trained using the IoT-23 data set. The diversity of attack scenarios of the IoT-23 data set demonstrates the proposed algorithm's competence in detecting botnet types in a heterogeneous environment.
Collapse
|
21
|
Al-Sarem M, Saeed F, Alkhammash EH, Alghamdi NS. An Aggregated Mutual Information Based Feature Selection with Machine Learning Methods for Enhancing IoT Botnet Attack Detection. SENSORS (BASEL, SWITZERLAND) 2021; 22:185. [PMID: 35009725 PMCID: PMC8749651 DOI: 10.3390/s22010185] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/14/2021] [Revised: 12/23/2021] [Accepted: 12/24/2021] [Indexed: 06/14/2023]
Abstract
Due to the wide availability and usage of connected devices in Internet of Things (IoT) networks, the number of attacks on these networks is continually increasing. A particularly serious and dangerous type of attack in the IoT environment is the botnet attack, where the attackers can control the IoT systems to generate enormous networks of "bot" devices for generating malicious activities. To detect this type of attack, several Intrusion Detection Systems (IDSs) have been proposed for IoT networks based on machine learning and deep learning methods. As the main characteristics of IoT systems include their limited battery power and processor capacity, maximizing the efficiency of intrusion detection systems for IoT networks is still a research challenge. It is important to provide efficient and effective methods that use lower computational time and have high detection rates. This paper proposes an aggregated mutual information-based feature selection approach with machine learning methods to enhance detection of IoT botnet attacks. In this study, the N-BaIoT benchmark dataset was used to detect botnet attack types using real traffic data gathered from nine commercial IoT devices. The dataset includes binary and multi-class classifications. The feature selection method incorporates Mutual Information (MI) technique, Principal Component Analysis (PCA) and ANOVA f-test at finely-granulated detection level to select the relevant features for improving the performance of IoT Botnet classifiers. In the classification step, several ensemble and individual classifiers were used, including Random Forest (RF), XGBoost (XGB), Gaussian Naïve Bayes (GNB), k-Nearest Neighbor (k-NN), Logistic Regression (LR) and Support Vector Machine (SVM). The experimental results showed the efficiency and effectiveness of the proposed approach, which outperformed other techniques using various evaluation metrics.
Collapse
Affiliation(s)
- Mohammed Al-Sarem
- College of Computer Science and Engineering, Taibah University, Medina 42353, Saudi Arabia;
| | - Faisal Saeed
- College of Computer Science and Engineering, Taibah University, Medina 42353, Saudi Arabia;
- School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK
| | - Eman H. Alkhammash
- Department of Computer Science, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia;
| | - Norah Saleh Alghamdi
- College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, Riyadh 11671, Saudi Arabia
| |
Collapse
|
22
|
Enhanced Network Intrusion Detection System. SENSORS 2021; 21:s21237835. [PMID: 34883839 PMCID: PMC8659770 DOI: 10.3390/s21237835] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/12/2021] [Revised: 11/11/2021] [Accepted: 11/19/2021] [Indexed: 12/03/2022]
Abstract
A reasonably good network intrusion detection system generally requires a high detection rate and a low false alarm rate in order to predict anomalies more accurately. Older datasets cannot capture the schema of a set of modern attacks; therefore, modelling based on these datasets lacked sufficient generalizability. This paper operates on the UNSW-NB15 Dataset, which is currently one of the best representatives of modern attacks and suggests various models. We discuss various models and conclude our discussion with the model that performs the best using various kinds of evaluation metrics. Alongside modelling, a comprehensive data analysis on the features of the dataset itself using our understanding of correlation, variance, and similar factors for a wider picture is done for better modelling. Furthermore, hypothetical ponderings are discussed for potential network intrusion detection systems, including suggestions on prospective modelling and dataset generation as well.
Collapse
|
23
|
Tian P, Chen Z, Yu W, Liao W. Towards asynchronous federated learning based threat detection: A DC-Adam approach. Comput Secur 2021. [DOI: 10.1016/j.cose.2021.102344] [Citation(s) in RCA: 8] [Impact Index Per Article: 2.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/28/2022]
|
24
|
Abstract
Cyber attackers exploit a network of compromised computing devices, known as a botnet, to attack Internet-of-Things (IoT) networks. Recent research works have recommended the use of Deep Recurrent Neural Network (DRNN) for botnet attack detection in IoT networks. However, for high feature dimensionality in the training data, high network bandwidth and a large memory space will be needed to transmit and store the data, respectively in IoT back-end server or cloud platform for Deep Learning (DL). Furthermore, given highly imbalanced network traffic data, the DRNN model produces low classification performance in minority classes. In this paper, we exploit the joint advantages of Long Short-Term Memory Autoencoder (LAE), Synthetic Minority Oversampling Technique (SMOTE), and DRNN to develop a memory-efficient DL method, named LS-DRNN. The effectiveness of this method is evaluated with the Bot-IoT dataset. Results show that the LAE method reduced the dimensionality of network traffic features in the training set from 37 to 10, and this consequently reduced the memory space required for data storage by 86.49%. SMOTE method helped the LS-DRNN model to achieve high classification performance in minority classes, and the overall detection rate increased by 10.94%. Furthermore, the LS-DRNN model outperformed state-of-the-art models.
Collapse
|
25
|
Popoola SI, Adebisi B, Ande R, Hammoudeh M, Anoh K, Atayero AA. SMOTE-DRNN: A Deep Learning Algorithm for Botnet Detection in the Internet-of-Things Networks. SENSORS (BASEL, SWITZERLAND) 2021; 21:2985. [PMID: 33923151 PMCID: PMC8123033 DOI: 10.3390/s21092985] [Citation(s) in RCA: 18] [Impact Index Per Article: 6.0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 03/27/2021] [Revised: 04/20/2021] [Accepted: 04/21/2021] [Indexed: 11/16/2022]
Abstract
Nowadays, hackers take illegal advantage of distributed resources in a network of computing devices (i.e., botnet) to launch cyberattacks against the Internet of Things (IoT). Recently, diverse Machine Learning (ML) and Deep Learning (DL) methods were proposed to detect botnet attacks in IoT networks. However, highly imbalanced network traffic data in the training set often degrade the classification performance of state-of-the-art ML and DL models, especially in classes with relatively few samples. In this paper, we propose an efficient DL-based botnet attack detection algorithm that can handle highly imbalanced network traffic data. Specifically, Synthetic Minority Oversampling Technique (SMOTE) generates additional minority samples to achieve class balance, while Deep Recurrent Neural Network (DRNN) learns hierarchical feature representations from the balanced network traffic data to perform discriminative classification. We develop DRNN and SMOTE-DRNN models with the Bot-IoT dataset, and the simulation results show that high-class imbalance in the training data adversely affects the precision, recall, F1 score, area under the receiver operating characteristic curve (AUC), geometric mean (GM) and Matthews correlation coefficient (MCC) of the DRNN model. On the other hand, the SMOTE-DRNN model achieved better classification performance with 99.50% precision, 99.75% recall, 99.62% F1 score, 99.87% AUC, 99.74% GM and 99.62% MCC. Additionally, the SMOTE-DRNN model outperformed state-of-the-art ML and DL models.
Collapse
Affiliation(s)
- Segun I. Popoola
- Department of Engineering, Manchester Metropolitan University, Manchester M1 5GD, UK; (S.I.P.); (R.A.)
| | - Bamidele Adebisi
- Department of Engineering, Manchester Metropolitan University, Manchester M1 5GD, UK; (S.I.P.); (R.A.)
| | - Ruth Ande
- Department of Engineering, Manchester Metropolitan University, Manchester M1 5GD, UK; (S.I.P.); (R.A.)
| | - Mohammad Hammoudeh
- Department of Computing and Mathematics, Manchester Metropolitan University, Manchester M1 5GD, UK;
| | - Kelvin Anoh
- School of Engineering, University of Bolton, Greater Manchester BL3 5AB, UK;
| | - Aderemi A. Atayero
- Department of Electrical and Information Engineering, Covenant University, Ota P.M.B. 1023, Nigeria;
| |
Collapse
|
26
|
Wu C, Li W. Enhancing intrusion detection with feature selection and neural network. INT J INTELL SYST 2021. [DOI: 10.1002/int.22397] [Citation(s) in RCA: 20] [Impact Index Per Article: 6.7] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/06/2022]
Affiliation(s)
- Chunhui Wu
- School of Internet Finance and Information Engineering Guangdong University of Finance Guangzhou China
| | - Wenjuan Li
- Institute of Artificial Intelligence and Blockchain Guangzhou University Guangdong China
- Department of Computing The Hong Kong Polytechnic University Hong Kong China
| |
Collapse
|
27
|
Abstract
In recent years, there has been a growing demand for cybersecurity experts, and, according to predictions, this demand will continue to increase. Cyber Ranges can fill this gap by combining hands-on experience with educational courses, and conducting cybersecurity competitions. In this paper, we conduct a systematic survey of ten Cyber Ranges that were developed in the last decade, with a structured interview. The purpose of the interview is to find details about essential components, and especially the tools used to design, create, implement and operate a Cyber Range platform, and to present the findings.
Collapse
|
28
|
Yang X, Shu L, Chen J, Ferrag MA, Wu J, Nurellari E, Huang K. A Survey on Smart Agriculture: Development Modes, Technologies, and Security and Privacy Challenges. IEEE/CAA JOURNAL OF AUTOMATICA SINICA 2021; 8:273-302. [PMID: 0 DOI: 10.1109/jas.2020.1003536] [Citation(s) in RCA: 24] [Impact Index Per Article: 8.0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 05/21/2023]
|