Intrusion detection in IoT networks using machine learning

The exponential growth of Internet of Things (IoT) infrastructure has introduced significant security challenges due to the large-scale deployment of interconnected devices. IoT devices are present in every aspect of our modern life; they are essential components of Industry 4.0, smart cities, and critical infrastructures. Therefore, the detection of attacks on this platform becomes necessary through an Intrusion Detection Systems (IDS). These tools are dedicated hardware devices or software that monitors a network to detect and automatically alert the presence of malicious activity. This study aimed to assess the viability of Machine Learning Models for IDS within IoT infrastructures. Five classifiers, encompassing a spectrum from linear models like Logistic Regression, Decision Trees from Trees Algorithms, Gaussian Naïve Bayes from Probabilistic models, Random Forest from ensemble family and Multi-Layer Perceptron from Artificial Neural Networks, were analysed. These models were trained using supervised methods on a public IoT attacks dataset, with three tasks ranging from binary classification (determining if a sample was part of an attack) to multiclassification of 8 groups of attack categories and the multiclassification of 33 individual attacks. Various metrics were considered, from performance to execution times and all models were trained and tuned using cross-validation of 10 k-folds. On the three classification tasks, Random Forest was found to be the model with best performance, at expenses of time consumption. Gaussian Naïve Bayes was the fastest algorithm in all classification¿s tasks, but with a lower performance detecting attacks. Whereas Decision Trees shows a good balance between performance and processing speed. Classifying among 8 attack categories, most models showed vulnerabilities to specific attack types, especially those in minority classes due to dataset imbalances. In more granular 33 attack type classifications, all models generally faced challenges, but Random Forest remained the most reliable, despite vulnerabilities. In conclusion, Machine Learning algorithms proves to be effective for IDS in IoT infrastructure, with Random Forest model being the most robust, but with Decision Trees offering a good balance between speed and performance.Objectius de Desenvolupament Sostenible::9 - Indústria, Innovació i Infraestructur

Anomaly detection for IoT networks using machine learning

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThe Internet of Things (IoT) is considered one of the trending technologies today. IoT affects various industries, including logistics tracking, healthcare, automotive and smart cities. A rising number of cyber-attacks and breaches are rapidly targeting networks equipped with IoT devices. This thesis aims to improve security in IoT networks by enhancing anomaly detection using machine learning. This thesis identified the challenges and gaps related to securing the Internet of Things networks. The challenges are network size, the number of devices, the human factor, and the complexity of IoT networks. The gaps identified include the lack of research on signature-based intrusion detection systems used for anomaly detection, in addition to the lack of modelling input parameters required for anomaly detection in IoT networks. Furthermore, there is a lack of comparison of the performance of machine learning algorithms on standard and real IoT datasets. This thesis creates a dataset to test the anomaly binary classification performance of the Neural Networks, Gaussian Naive Bayes, Support Vector Machine, and Decision Trees machine learning algorithms and compares their results with the KDDCUP99 dataset. The results show that Support Vector Machine and Gaussian Naive Bayes perform lower than the other models on the created IoT dataset. This thesis reduces the number of features required by machine learning algorithms for anomaly detection in the IoT networks to five features only, which resulted in reduced execution time by an average of 58%. This thesis tests CNNwGFC, which is an enhanced Convolutional Neural Network model, in detecting and classifying anomalies in IoT networks. This model achieves an increase of 15.34% in the accuracy for IoT anomaly classification in the UNSW-NB15 compared to the classic Convolutional Neural Network. The CNNwGFC multi-classification accuracy (96.24%) is higher by 7.16 than the highest from the literature

Análisis de la seguridad del protocolo de transporte MQTT en dispositivos para internet de las cosas.

Internet de las cosas ha crecido rápidamente y su implementación dentro de todos los campos es una realidad al igual que las amenazas de seguridad por lo que implica tener conectado a internet los dispositivos cotidianos que utiliza la sociedad en general por lo que se ha hecho necesario establecer normatividad y estandarizar la implementación de esta tecnología en todos sus aspectos como los protocolos de comunicación, es así que la organización internacional de estándares, ISO ha estandarizado el protocolo de transporte de mensajes MQTT (Message Queue Telemetry Transport) como protocolo aplicable a los entornos donde se realiza comunicación de dispositivos de Internet de las cosas para contribuir a las buenas prácticas de seguridad se presenta este estudio que pretende determinar las vulnerabilidades de la implementación del protocolo MQTT para obtener mecanismos y herramientas de mitigación de amenazas mediante la identificación de las amenazas y evaluación de los mecanismos de mitigación del riesgo. Esto permite determinar los mejores campos de aplicación del protocolo MQTT teniendo en cuenta en qué tipo de comunicación se hace más o menos vulnerable determinando las mejores prácticas de seguridad con un protocolo de transporte estandarizado para el uso de comunicaciones en internet de las cosas.The internet of things technology has grown rapidly and its implementation within all fields is a reality as well as security threats, so it means having the daily devices used by society in general connected to the internet, so it has been It is necessary to establish regulations and standardize the implementation of this technology in all its aspects such as communication protocols, so the international organization of standards, ISO has standardized the message transport protocol MQTT (Message Queue Telemetry Transport) as a protocol applicable to The environments where communication of Internet devices of things is carried out to contribute to good security practices presents this study that aims to determine the vulnerabilities of the implementation of the MQTT protocol to obtain mechanisms and tools for mitigating threats by identifying threats and assess tion of risk mitigation mechanisms. This makes it possible to determine the best fields of application of the MQTT protocol, taking into account the type of communication that is more or less vulnerable, determining the best security practices with a standardized transport protocol for the use of communications on the Internet of Things

Ensemble learning-based IDS for sensors telemetry data in IoT networks

The Internet of Things (IoT) is a paradigm that connects a range of physical smart devices to provide ubiquitous services to individuals and automate their daily tasks. IoT devices collect data from the surrounding environment and communicate with other devices using different communication protocols such as CoAP, MQTT, DDS, etc. Study shows that these protocols are vulnerable to attack and prove a significant threat to IoT telemetry data. Within a network, IoT devices are interdependent, and the behaviour of one device depends on the data coming from another device. An intruder exploits vulnerabilities of a device's interdependent feature and can alter the telemetry data to indirectly control the behaviour of other dependent devices in a network. Therefore, securing IoT devices have become a significant concern in IoT networks. The research community often proposes intrusion Detection Systems (IDS) using different techniques. One of the most adopted techniques is machine learning (ML) based intrusion detection. This study suggests a stacking-based ensemble model makes IoT devices more intelligent for detecting unusual behaviour in IoT networks. The TON-IoT (2020) dataset is used to assess the effectiveness of the proposed model. The proposed model achieves significant improvements in accuracy and other evaluation measures in binary and multi-class classification scenarios for most of the sensors compared to traditional ML algorithms and other ensemble techniques