A novel IoT intrusion detection framework using Decisive Red Fox optimization and descriptive back propagated radial basis function models.

The Internet of Things (IoT) is extensively used in modern-day life, such as in smart homes, intelligent transportation, etc. However, the present security measures cannot fully protect the IoT due to its vulnerability to malicious assaults. Intrusion detection can protect IoT devices from the most harmful attacks as a security tool. Nevertheless, the time and detection efficiencies of conventional intrusion detection methods need to be more accurate. The main contribution of this paper is to develop a simple as well as intelligent security framework for protecting IoT from cyber-attacks. For this purpose, a combination of Decisive Red Fox (DRF) Optimization and Descriptive Back Propagated Radial Basis Function (DBRF) classification are developed in the proposed work. The novelty of this work is, a recently developed DRF optimization methodology incorporated with the machine learning algorithm is utilized for maximizing the security level of IoT systems. First, the data preprocessing and normalization operations are performed to generate the balanced IoT dataset for improving the detection accuracy of classification. Then, the DRF optimization algorithm is applied to optimally tune the features required for accurate intrusion detection and classification. It also supports increasing the training speed and reducing the error rate of the classifier. Moreover, the DBRF classification model is deployed to categorize the normal and attacking data flows using optimized features. Here, the proposed DRF-DBRF security model's performance is validated and tested using five different and popular IoT benchmarking datasets. Finally, the results are compared with the previous anomaly detection approaches by using various evaluation parameters

UGRansome1819 : a novel dataset for anomaly detection and zero-day threats

This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.https://www.mdpi.com/journal/informationam2022Informatic

Real time dataset generation framework for intrusion detection systems in IoT

© 2020 The Internet of Things (IoT) has evolved in the last few years to become one of the hottest topics in the area of computer science research. This drastic increase in IoT applications across different disciplines, such as in health-care and smart industries, comes with a considerable security risk. This is not limited only to attacks on privacy; it can also extend to attacks on network availability and performance. Therefore, an intrusion detection system is essential to act as the first line of defense for the network. IDS systems and algorithms depend heavily on the quality of the dataset provided. Sadly, there has been a lack of work in evaluating and collecting intrusion detection system related datasets that are designed specifically for an IoT ecosystem. Most of the studies published focus on outdated and non-compatible datasets such as the KDD98 dataset. Therefore, in this paper, we aim to investigate the existing datasets and their applications for IoT environments. Then we introduce a real-time data collection framework for building a dataset for intrusion detection system evaluation and testing. The main advantages of the proposed dataset are that it contains features that are explicitly designed for the 6LoWPAN/RPL network, the most widely used protocol in the IoT environment