A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks

With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks

TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-based Intrusion Detection System

Intrusion detection systems (IDS) play a pivotal role in computer security by discovering and repealing malicious activities in computer networks. Anomaly-based IDS, in particular, rely on classification models trained using historical data to discover such malicious activities. In this paper, an improved IDS based on hybrid feature selection and two-level classifier ensembles is proposed. An hybrid feature selection technique comprising three methods, i.e. particle swarm optimization, ant colony algorithm, and genetic algorithm, is utilized to reduce the feature size of the training datasets (NSL-KDD and UNSW-NB15 are considered in this paper). Features are selected based on the classification performance of a reduced error pruning tree (REPT) classifier. Then, a two-level classifier ensembles based on two meta learners, i.e., rotation forest and bagging, is proposed. On the NSL-KDD dataset, the proposed classifier shows 85.8% accuracy, 86.8% sensitivity, and 88.0% detection rate, which remarkably outperform other classification techniques recently proposed in the literature. Results regarding the UNSW-NB15 dataset also improve the ones achieved by several state of the art techniques. Finally, to verify the results, a two-step statistical significance test is conducted. This is not usually considered by IDS research thus far and, therefore, adds value to the experimental results achieved by the proposed classifier

A Hybrid Classification Approach for Intrusion Detection in IoT Network

With the increase in number of IoT devices, the capabilities to provide reliable security and detect the malicious activities within the IoT network have become quite challenging. We propose a hybrid classification approach to detect multi-class attacks in the IoT network. In the proposed model, Principle Component Analysis (PCA) is used to extract the useful features and Linear Discriminant Analysis (LDA) is used to reduce the high dimension data set into lower dimension space by keeping less number of important features. This was assisted by use of a combination of neural network and Support Vector Machine (SVM) classifiers to improve the detection rate and decrease the false alarm rate. The neural network, a multi-class classifier, is used to classify the intruders in the network with more accuracy. The SVM is an efficient and fast learner classifier which is used to classify the unmatched behavior. The proposed method needs less computation complexity for intrusion detection. The performance of the proposed model was evaluated on two benchmark datasets for intrusion detection, i.e., NSL-KDD and UNSW-NB15. Results show that our model outperforms existing models

A Hybrid Classification Approach for Intrusion Detection in IoT Network

809-816With the increase in number of IoT devices, the capabilities to provide reliable security and detect the malicious activities within the IoT network have become quite challenging. We propose a hybrid classification approach to detect multi-class attacks in the IoT network. In the proposed model, Principle Component Analysis (PCA) is used to extract the useful features and Linear Discriminant Analysis (LDA) is used to reduce the high dimension data set into lower dimension space by keeping less number of important features. This was assisted by use of a combination of neural network and Support Vector Machine (SVM) classifiers to improve the detection rate and decrease the false alarm rate. The neural network, a multi-class classifier, is used to classify the intruders in the network with more accuracy. The SVM is an efficient and fast learner classifier which is used to classify the unmatched behavior. The proposed method needs less computation complexity for intrusion detection. The performance of the proposed model was evaluated on two benchmark datasets for intrusion detection, i.e., NSL-KDD and UNSW-NB15. Results show that our model outperforms existing models

Malware Detection in Internet of Things (IoT) Devices Using Deep Learning

Internet of Things (IoT) devices usage is increasing exponentially with the spread of the internet. With the increasing capacity of data on IoT devices, these devices are becoming venerable to malware attacks; therefore, malware detection becomes an important issue in IoT devices. An effective, reliable, and time-efficient mechanism is required for the identification of sophisticated malware. Researchers have proposed multiple methods for malware detection in recent years, however, accurate detection remains a challenge. We propose a deep learning-based ensemble classification method for the detection of malware in IoT devices. It uses a three steps approach; in the first step, data is preprocessed using scaling, normalization, and de-noising, whereas in the second step, features are selected and one hot encoding is applied followed by the ensemble classifier based on CNN and LSTM outputs for detection of malware. We have compared results with the state-of-the-art methods and our proposed method outperforms the existing methods on standard datasets with an average accuracy of 99.5%.publishedVersio