Internet of Things security with machine learning techniques:a systematic literature review

Abstract. The Internet of Things (IoT) technologies are beneficial for both private and businesses. The growth of the technology and its rapid introduction to target fast-growing markets faces security challenges. Machine learning techniques have been recently used in research studies as a solution in securing IoT devices. These machine learning techniques have been implemented successfully in other fields. The objective of this thesis is to identify and analyze existing scientific literature published recently regarding the use of machine learning techniques in securing IoT devices. In this thesis, a systematic literature review was conducted to explore the previous research on the use of machine learning in IoT security. The review was conducted by following a procedure developed in the review protocol. The data for the study was collected from three databases i.e. IEEE Xplore, Scopus and Web of Science. From a total of 855 identified papers, 20 relevant primary studies were selected to answer the research question. The study identified 7 machine learning techniques used in IoT security, additionally, several attack models were identified and classified into 5 categories. The results show that the use of machine learning techniques in IoT security is a promising solution to the challenges facing security. Supervised machine learning techniques have better performance in comparison to unsupervised and reinforced learning. The findings also identified that data types and the learning method affects the performance of machine learning techniques. Furthermore, the results show that machine learning approach is mostly used in securing the network

Increasing the rate of intrusion detection based on a hybrid technique

This paper presents techniques to increase intrusion detection rates. Theses techniques are based on specific features that are detected and it's shown that a small number of features (9) can yield improved detection rates compared to higher numbers. These techniques utilize soft computing techniques such a Backpropagation based artificial neural networks and fuzzy sets. These techniques achieve a significant improvement over the state of the art for standard DARPA benchmark data

BLACK HOLE ATTACK IN AODV & FRIEND FEATURES UNIQUE EXTRACTION TO DESIGN DETECTION ENGINE FOR INTRUSION DETECTION SYSTEM IN MOBILE ADHOC NETWORK

Ad-hoc network is a collection of nodes that are capable to form dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the reliable & secure communication paths in Mobile Adhoc Network, each node in the ad hoc network has to rely on each other in order to forward packets, thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile ad hoc network (MANET) where security is a crucial issue and they are forced to rely on the neighbor node, trust plays an important role that could improve the number of successful data transmission. Larger the number of trusted nodes, higher successful data communication process rates could be expected. In this paper, Black Hole attack is applied in the network, statistics are collected to design intrusion detection engine for MANET Intrusion Detection System (IDS). Feature extraction and rule inductions are applied to find out the accuracy of detection engine by using support vector machine. In this paper True Positive generated by the detection engine is very high and this is a novel approach in the area of Mobile Adhoc Intrusion detection system

Network Intrusion Detection System:A systematic study of Machine Learning and Deep Learning approaches

The rapid advances in the internet and communication fields have resulted in ahuge increase in the network size and the corresponding data. As a result, manynovel attacks are being generated and have posed challenges for network secu-rity to accurately detect intrusions. Furthermore, the presence of the intruderswiththeaimtolaunchvariousattackswithinthenetworkcannotbeignored.Anintrusion detection system (IDS) is one such tool that prevents the network frompossible intrusions by inspecting the network traffic, to ensure its confidential-ity, integrity, and availability. Despite enormous efforts by the researchers, IDSstillfaceschallengesinimprovingdetectionaccuracywhilereducingfalsealarmrates and in detecting novel intrusions. Recently, machine learning (ML) anddeep learning (DL)-based IDS systems are being deployed as potential solutionsto detect intrusions across the network in an efficient manner. This article firstclarifiestheconceptofIDSandthenprovidesthetaxonomybasedonthenotableML and DL techniques adopted in designing network-based IDS (NIDS) sys-tems. A comprehensive review of the recent NIDS-based articles is provided bydiscussing the strengths and limitations of the proposed solutions. Then, recenttrends and advancements of ML and DL-based NIDS are provided in terms ofthe proposed methodology, evaluation metrics, and dataset selection. Using theshortcomings of the proposed methods, we highlighted various research chal-lenges and provided the future scope for the research in improving ML andDL-based NIDS

IDPS Signature Classification with a Reject Option and the Incorporation of Expert Knowledge

As the importance of intrusion detection and prevention systems (IDPSs) increases, great costs are incurred to manage the signatures that are generated by malicious communication pattern files. Experts in network security need to classify signatures by importance for an IDPS to work. We propose and evaluate a machine learning signature classification model with a reject option (RO) to reduce the cost of setting up an IDPS. To train the proposed model, it is essential to design features that are effective for signature classification. Experts classify signatures with predefined if-then rules. An if-then rule returns a label of low, medium, high, or unknown importance based on keyword matching of the elements in the signature. Therefore, we first design two types of features, symbolic features (SFs) and keyword features (KFs), which are used in keyword matching for the if-then rules. Next, we design web information and message features (WMFs) to capture the properties of signatures that do not match the if-then rules. The WMFs are extracted as term frequency-inverse document frequency (TF-IDF) features of the message text in the signatures. The features are obtained by web scraping from the referenced external attack identification systems described in the signature. Because failure needs to be minimized in the classification of IDPS signatures, as in the medical field, we consider introducing a RO in our proposed model. The effectiveness of the proposed classification model is evaluated in experiments with two real datasets composed of signatures labeled by experts: a dataset that can be classified with if-then rules and a dataset with elements that do not match an if-then rule. In the experiment, the proposed model is evaluated. In both cases, the combined SFs and WMFs performed better than the combined SFs and KFs. In addition, we also performed feature analysis.Comment: 9 pages, 5 figures, 3 table