Detecting Prominent Features and Classifying Network Traffic for Securing Internet of Things Based on Ensemble Methods

abstract: Rapid growth of internet and connected devices ranging from cloud systems to internet of things have raised critical concerns for securing these systems. In the recent past, security attacks on different kinds of devices have evolved in terms of complexity and diversity. One of the challenges is establishing secure communication in the network among various devices and systems. Despite being protected with authentication and encryption, the network still needs to be protected against cyber-attacks. For this, the network traffic has to be closely monitored and should detect anomalies and intrusions. Intrusion detection can be categorized as a network traffic classification problem in machine learning. Existing network traffic classification methods require a lot of training and data preprocessing, and this problem is more serious if the dataset size is huge. In addition, the machine learning and deep learning methods that have been used so far were trained on datasets that contain obsolete attacks. In this thesis, these problems are addressed by using ensemble methods applied on an up to date network attacks dataset. Ensemble methods use multiple learning algorithms to get better classification accuracy that could be obtained when the corresponding learning algorithm is applied alone. This dataset for network traffic classification has recent attack scenarios and contains over fifteen attacks. This approach shows that ensemble methods can be used to classify network traffic and detect intrusions with less training times of the model, and lesser pre-processing without feature selection. In addition, this thesis also shows that only with less than ten percent of the total features of input dataset will lead to similar accuracy that is achieved on whole dataset. This can heavily reduce the training times and classification duration in real-time scenarios.Dissertation/ThesisMasters Thesis Computer Science 201

A Behavior-Based Intrusion Detection System Using Ensemble Learning Techniques

Intrusion Detection Systems (IDSs) play a key role in modern ICT security. Attacks detected and reported by IDSs are often analyzed by administrators who are tasked with countering the attack and minimizing its damage. Consequently, it is important that the alerts generated by the IDS are as detailed as possible. In this paper, we present a multi-layered behavior-based IDS using ensemble learning techniques for the classification of network attacks. Three widely adopted and appreciated models, i.e., Decision Trees, Random Forests, and Artificial Neural Networks, have been chosen to build the ensemble. To reduce the system response time, our solution is designed to immediately filter out traffic detected as benign without further analysis, while suspicious events are investigated to achieve a more fine-grained classification. Experimental evaluation performed on the CIC-IDS2017 public dataset shows that the system is able to detect nine categories of attacks with high performances, according to all the considered metrics

An efficient network intrusion detection and classification system

Intrusion detection in computer networks is of great importance because of its effects on the different communication and security domains. The detection of network intrusion is a challenge. Moreover, network intrusion detection remains a challenging task as a massive amount of data is required to train the state-of-the-art machine learning models to detect network intrusion threats. Many approaches have already been proposed recently on network intrusion detection. However, they face critical challenges owing to the continuous increase in new threats that current systems do not understand. This paper compares multiple techniques to develop a network intrusion detection system. Optimum features are selected from the dataset based on the correlation between the features. Furthermore, we propose an AdaBoost-based approach for network intrusion detection based on these selected features and present its detailed functionality and performance. Unlike most previous studies, which employ the KDD99 dataset, we used a recent and comprehensive UNSW-NB 15 dataset for network anomaly detection. This dataset is a collection of network packets exchanged between hosts. It comprises 49 attributes, including nine types of threats such as DoS, Fuzzers, Exploit, Worm, shellcode, reconnaissance, generic, and analysis Backdoor. In this study, we employ SVM and MLP for comparison. Finally, we propose AdaBoost based on the decision tree classifier to classify normal activity and possible threats. We monitored the network traffic and classified it into either threats or non-threats. The experimental findings showed that our proposed method effectively detects different forms of network intrusions on computer networks and achieves an accuracy of 99.3% on the UNSW-NB15 dataset. The proposed system will be helpful in network security applications and research domains. © 2022 by the authors. Licensee MDPI, Basel, Switzerland

Robust Deep Learning Based Framework for Detecting Cyber Attacks from Abnormal Network Traffic

The internet's recent rapid growth and expansion have raised concerns about cyberattacks, which are constantly evolving and changing. As a result, a robust intrusion detection system was needed to safeguard data. One of the most effective ways to meet this problem was by creating the artificial intelligence subfields of machine learning and deep learning models. Network integration is frequently used to enable remote management, monitoring, and reporting for cyber-physical systems (CPS). This work addresses the primary assault categories such as Denial of Services(DoS), Probe, User to Root(U2R) and Root to Local(R2L) attacks. As a result, we provide a novel Recurrent Neural Networks (RNN) cyberattack detection framework that combines AI and ML techniques. To evaluate the developed system, we employed the Network Security Laboratory-Knowledge Discovery Databases (NSL-KDD), which covered all critical threats. We used normalisation to eliminate mistakes and duplicated data before pre-processing the data. Linear Discriminant Analysis(LDA) is used to extract the characteristics. The fundamental rationale for choosing RNN-LDA for this study is that it is particularly efficient at tackling sequence issues, time series prediction, text generation, machine translation, picture descriptions, handwriting recognition, and other tasks. The proposed model RNN-LDA is used to learn time-ordered sequences of network flow traffic and assess its performance in detecting abnormal behaviour. According to the results of the experiments, the framework is more effective than traditional tactics at ensuring high levels of privacy. Additionally, the framework beats current detection techniques in terms of detection rate, false positive rate, and processing time

IoT Dataset Validation Using Machine Learning Techniques for Traffic Anomaly Detection

This article belongs to the Special Issue Sensor Network Technologies and Applications with Wireless Sensor Devices[Abstract] With advancements in engineering and science, the application of smart systems is increasing, generating a faster growth of the IoT network traffic. The limitations due to IoT restricted power and computing devices also raise concerns about security vulnerabilities. Machine learning-based techniques have recently gained credibility in a successful application for the detection of network anomalies, including IoT networks. However, machine learning techniques cannot work without representative data. Given the scarcity of IoT datasets, the DAD emerged as an instrument for knowing the behavior of dedicated IoT-MQTT networks. This paper aims to validate the DAD dataset by applying Logistic Regression, Naive Bayes, Random Forest, AdaBoost, and Support Vector Machine to detect traffic anomalies in IoT. To obtain the best results, techniques for handling unbalanced data, feature selection, and grid search for hyperparameter optimization have been used. The experimental results show that the proposed dataset can achieve a high detection rate in all the experiments, providing the best mean accuracy of 0.99 for the tree-based models, with a low false-positive rate, ensuring effective anomaly detection.This project was funded by the Accreditation, Structuring, and Improvement of Consolidated Research Units and Singular Centers (ED431G/01), funded by Vocational Training of the Xunta de Galicia endowed with EU FEDER funds and Spanish Ministry of Science and Innovation, via the project PID2019-111388GB-I00Xunta de Galicia; ED431G/0

Ensemble Models for Intrusion Detection System Classification

Using data analytics in the problem of Intrusion Detection and Prevention Systems (IDS/IPS) is a continuous research problem due to the evolutionary nature of the problem and the changes in major influencing factors. The main challenges in this area are designing rules that can predict malware in unknown territories and dealing with the complexity of the problem and the conflicting requirements regarding high accuracy of detection and high efficiency. In this scope, we evaluated the usage of state-of-the-art ensemble learning models in improving the performance and efficiency of IDS/IPS. We compared our approaches with other existing approaches using popular open-source datasets available in this area

Barnacles Mating Optimizer with Hopfield Neural Network Based Intrusion Detection in Internet of Things Environment

Owing to the development and expansion of energy-aware sensing devices and autonomous and intelligent systems, the Internet of Things (IoT) has gained remarkable growth and found uses in several day-to-day applications. Currently, the Internet of Things (IoT) network is gradually developing ubiquitous connectivity amongst distinct new applications namely smart homes, smart grids, smart cities, and several others. The developing network of smart devices and objects allows people to make smart decisions with machine to machine (M2M) communications. One of the real-world security and IoT-related challenges was vulnerable to distinct attacks which poses several security and privacy challenges. Thus, an IoT provides effective and efficient solutions. An Intrusion Detection System (IDS) is a solution for addressing security and privacy challenges with identifying distinct IoT attacks. This study develops a new Barnacles Mating Optimizer with Hopfield Neural Network based Intrusion Detection (BMOHNN-ID) in IoT environment. The presented BMOHNN-ID technique majorly concentrates on the detection and classification of intrusions from IoT environments. In order to attain this, the BMOHNN-ID technique primarily pre-processes the input data for transforming it into a compatible format. Next, the HNN model was employed for the effectual recognition and classification of intrusions from IoT environments. Moreover, the BMO technique was exploited to optimally modify the parameters related to the HNN model. When a list of possible susceptibilities of every device is ordered, every device is profiled utilizing data related to every device. It comprises routing data, the reported hostname, network flow, and topology. This data was offered to the external modules for digesting the data via REST API model. The experimental values assured that the BMOHNN-ID model has gained effectual intrusion classification performance over the other models

Deep-IFS:Intrusion Detection Approach for Industrial Internet of Things Traffic in Fog Environment

The extensive propagation of industrial Internet of Things (IIoT) technologies has encouraged intruders to initiate a variety of attacks that need to be identified to maintain the security of end-user data and the safety of services offered by service providers. Deep learning (DL), especially recurrent approaches, has been applied successfully to the analysis of IIoT forensics but their key challenge of recurrent DL models is that they struggle with long traffic sequences and cannot be parallelized. Multihead attention (MHA) tried to address this shortfall but failed to capture the local representation of IIoT traffic sequences. In this article, we propose a forensics-based DL model (called Deep-IFS) to identify intrusions in IIoT traffic. The model learns local representations using local gated recurrent unit (LocalGRU), and introduces an MHA layer to capture and learn global representation (i.e., long-range dependencies). A residual connection between layers is designed to prevent information loss. Another challenge facing the current IIoT forensics frameworks is their limited scalability, limiting performance in handling Big IIoT traffic data produced by IIoT devices. This challenge is addressed by deploying and training the proposed Deep-IFS in a fog computing environment. The intrusion identification becomes scalable by distributing the computation and the IIoT traffic data across worker fog nodes for training the model. The master fog node is responsible for sharing training parameters and aggregating worker node output. The aggregated classification output is subsequently passed to the cloud platform for mitigating attacks. Empirical results on the Bot-IIoT dataset demonstrate that the developed distributed Deep-IFS can effectively handle Big IIoT traffic data compared with the present centralized DL-based forensics techniques. Further, the results validate the robustness of the proposed Deep-IFS across various evaluation measures