A Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection

The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQIN), adapted to the intrusion detection context. The most reliable performance was achieved by LightGBM. Nonetheless, iForest displayed good anomaly detection results and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.The present work was done and funded in the scope of the European Union’s Horizon 2020 research and innovation program, under project SeCoIIA (grant agreement no. 871967). This work has also received funding from UIDP/00760/2020.info:eu-repo/semantics/publishedVersio

ENSEMBLE MACHINE LEARNING APPROACH FOR IOT INTRUSION DETECTION SYSTEMS

The rapid growth and development of the Internet of Things (IoT) have had an important impact on various industries, including smart cities, the medical profession, autos, and logistics tracking. However, with the benefits of the IoT come security concerns that are becoming increasingly prevalent. This issue is being addressed by developing intelligent network intrusion detection systems (NIDS) using machine learning (ML) techniques to detect constantly changing network threats and patterns. Ensemble ML represents the recent direction in the ML field. This research proposes a new anomaly-based solution for IoT networks utilizing ensemble ML algorithms, including logistic regression, naive Bayes, decision trees, extra trees, random forests, and gradient boosting. The algorithms were tested on three different intrusion detection datasets. The ensemble ML method achieved an accuracy of 98.52% when applied to the UNSW-NB15 dataset, 88.41% on the IoTID20 dataset, and 91.03% on the BoTNeTIoT-L01-v2 dataset

IMAT: A Lightweight IoT Network Intrusion Detection System based on Machine Learning techniques

Internet of Things (IoT) is one of the fast-expanding technologies nowadays, and promises to be revolutionary for the near future. IoT systems are in fact an incredible convenience due to centralized and computerized control of any electronic device. This technology allows various physical devices, home applications, vehicles, appliances, etc., to be interconnected and exposed to the Internet. On the other hand, it entails the fundamental need to protect the network from adversarial and unwanted alterations. To prevent such threats it is necessary to appeal to Intrusion Detection Systems (IDS), which can be used in information environments to monitor identified threats or anomalies. The most recent and efficient IDS applications involve the use of Machine Learning (ML) techniques which can automatically detect and prevent malicious attacks, such as distributed denial-of-service (DDoS), which represents a recurring thread to IoT networks in the last years. The work presented on this thesis comes with double purpose: build and test different light Machine Learning models which achieve great performance by running on resource-constrained devices; and at the same time we present a novel Network-based Intrusion Detection System based on the latter devices which can automatically detect IoT attack traffic. Our proposed system consists on deploying small low-powered devices to each component of an IoT environment where each device performs Machine Learning based Intrusion Detection at network level. In this work we describe and train different light-ML models which are tested on Raspberry Pis and FPGAs boards. The performance of such classifiers detecting benign and malicious traffic is presented and compared by response time, accuracy, precision, recall, f1-score and ROC-AUC metrics. The aim of this work is to test these machine learning models on recent datasets with the purpose of finding the most performing ones which can be used for intrusion-defense over IoT environments characterized by high flexibility, easy-installation and efficiency. The obtained results are above 0.99\% of accuracy for different models and they indicate that the proposed system can bring a remarkable layer of security. We show how Machine Learning applied to small low-cost devices is an efficient and versatile combination characterized by a bright future ahead.Internet of Things (IoT) is one of the fast-expanding technologies nowadays, and promises to be revolutionary for the near future. IoT systems are in fact an incredible convenience due to centralized and computerized control of any electronic device. This technology allows various physical devices, home applications, vehicles, appliances, etc., to be interconnected and exposed to the Internet. On the other hand, it entails the fundamental need to protect the network from adversarial and unwanted alterations. To prevent such threats it is necessary to appeal to Intrusion Detection Systems (IDS), which can be used in information environments to monitor identified threats or anomalies. The most recent and efficient IDS applications involve the use of Machine Learning (ML) techniques which can automatically detect and prevent malicious attacks, such as distributed denial-of-service (DDoS), which represents a recurring thread to IoT networks in the last years. The work presented on this thesis comes with double purpose: build and test different light Machine Learning models which achieve great performance by running on resource-constrained devices; and at the same time we present a novel Network-based Intrusion Detection System based on the latter devices which can automatically detect IoT attack traffic. Our proposed system consists on deploying small low-powered devices to each component of an IoT environment where each device performs Machine Learning based Intrusion Detection at network level. In this work we describe and train different light-ML models which are tested on Raspberry Pis and FPGAs boards. The performance of such classifiers detecting benign and malicious traffic is presented and compared by response time, accuracy, precision, recall, f1-score and ROC-AUC metrics. The aim of this work is to test these machine learning models on recent datasets with the purpose of finding the most performing ones which can be used for intrusion-defense over IoT environments characterized by high flexibility, easy-installation and efficiency. The obtained results are above 0.99\% of accuracy for different models and they indicate that the proposed system can bring a remarkable layer of security. We show how Machine Learning applied to small low-cost devices is an efficient and versatile combination characterized by a bright future ahead

ENSEMBLE MACHINE LEARNING APPROACH FOR IOT INTRUSION DETECTION SYSTEMS

The rapid growth and development of the Internet of Things (IoT) have had an important impact on various industries, including smart cities, the medical profession, autos, and logistics tracking. However, with the benefits of the IoT come security concerns that are becoming increasingly prevalent. This issue is being addressed by developing intelligent network intrusion detection systems (NIDS) using machine learning (ML) techniques to detect constantly changing network threats and patterns. Ensemble ML represents the recent direction in the ML field. This research proposes a new anomaly-based solution for IoT networks utilizing ensemble ML algorithms, including logistic regression, naive Bayes, decision trees, extra trees, random forests, and gradient boosting. The algorithms were tested on three different intrusion detection datasets. The ensemble ML method achieved an accuracy of 98.52% when applied to the UNSW-NB15 dataset, 88.41% on the IoTID20 dataset, and 91.03% on the BoTNeTIoT-L01-v2 dataset

Federated Reinforcement Learning-Supported IDS for IoT-steered Healthcare Systems

Wireless Networks lack clear boundaries which leads to security concerns and vulnerabilities to numerous kinds of intrusions. With the growth of cyber intruders, the risks on crucial applications monitored by networked systems have also grown. Effective and vigorous Intrusion Detection Systems (IDSs) for protecting shared information continues to be an essential task to keep private data safe especially in the healthcare sphere. Constructing an IDS that detects and returns information efficiently and with the highest accuracy is a challenging task. Machine Learning (ML) techniques have been effectively adopted in IDSs to detect network intruders. Reinforcement learning is considered as one of the main developments in ML. IDS mainly performs a higher accuracy rate, detection rate as well as a higher performance of a classification (ROC curve). According to these and to tackle the security issues, a Federated Reinforcement Learning-based Intrusion Detection System (FRL-IDS) in the Internet of Things (IoT) networks for healthcare infrastructures has been proposed. The proposed model has been evaluated and compared to a similar model (i.e. SVM system). The proposed model shows superiority over the SVM-steered IDS with accuracy and detection rates of ≈ 0.985 and ≈ 96.5%, respectively. This proposed infrastructure will not only aid in intrusion detection of large health care systems but also other wireless decentralized networks found across multiple real-world applications

Intelligent intrusion detection in low power IoTs

Security and privacy of data are one of the prime concerns in today’s Internet of Things (IoT). Conventional security techniques like signature-based detection of malware and regular updates of a signature database are not feasible solutions as they cannot secure such systems effectively, having limited resources. Programming languages permitting immediate memory accesses through pointers often result in applications having memory-related errors, which may lead to unpredictable failures and security vulnerabilities. Furthermore, energy efficient IoT devices running on batteries cannot afford the implementation of cryptography algorithms as such techniques have significant impact on the system power consumption. Therefore, in order to operate IoT in a secure manner, the system must be able to detect and prevent any kind of intrusions before the network (i.e., sensor nodes and base station) is destabilised by the attackers. In this article, we have presented an intrusion detection and prevention mechanism by implementing an intelligent security architecture using random neural networks (RNNs). The application’s source code is also instrumented at compile time in order to detect out-of-bound memory accesses. It is based on creating tags, to be coupled with each memory allocation and then placing additional tag checking instructions for each access made to the memory. To validate the feasibility of the proposed security solution, it is implemented for an existing IoT system and its functionality is practically demonstrated by successfully detecting the presence of any suspicious sensor node within the system operating range and anomalous activity in the base station with an accuracy of 97.23%. Overall, the proposed security solution has presented a minimal performance overhead.</jats:p