Abstract
The advancement in IoT has prompted its application in areas such as smart homes, smart cities, etc., and this has aided its exponential growth. However, alongside this development, IoT networks are experiencing a rise in security challenges such as botnet attacks, which often appear as network anomalies. Similarly, providing security solutions has been challenging due to the low resources that characterize the devices in IoT networks. To overcome these challenges, the fog computing paradigm has provided an enabling environment that offers additional resources for deploying security solutions such as anomaly mitigation schemes. In this paper, we propose a hybrid anomaly mitigation framework for IoT using fog computing to ensure faster and accurate anomaly detection. The framework employs signature- and anomaly-based detection methodologies for its two modules, respectively. The signature-based module utilizes a database of attack sources (blacklisted IP addresses) to ensure faster detection when attacks are executed from the blacklisted IP address, while the anomaly-based module uses an extreme gradient boosting algorithm for accurate classification of network traffic flow into normal or abnormal. We evaluated the performance of both modules using an IoT-based dataset in terms response time for the signature-based module and accuracy in binary and multiclass classification for the anomaly-based module. The results show that the signature-based module achieves a fast attack detection of at least six times faster than the anomaly-based module in each number of instances evaluated. The anomaly-based module using the XGBoost classifier detects attacks with an accuracy of 99% and at least 97% for average recall, average precision, and average F1 score for binary and multiclass classification. Additionally, it recorded 0.05 in terms of false-positive rates.
Highlights
In recent times, the proliferation of Internet of Things (IoT) devices and their applications in various facets of our lives, such as smart cities, smart health, smart homes, etc., has provided numerous benefits
We proposed a hybrid anomaly mitigation framework for IoT networks using fog computing, which harnesses the resources of the fog
The results show that the signature-based module outperforms our anomaly-based module of the fog-based framework in binary and multiclass classifications are the anomaly-based module for all of the network traffic instances
Summary
The proliferation of IoT devices and their applications in various facets of our lives, such as smart cities, smart health, smart homes, etc., has provided numerous benefits. The botnet was able to generate around 292,000 requests per second and it lasted for 13 days [7] This highlights the weakness and threat to the nodes in IoT networks, the anomaly mitigation scheme cannot detect the exploitation of default authentication credentials by the Mirai malware at the device level. We proposed an anomaly mitigation framework that leverages the benefits of the fog to deploy a hybrid anomaly mitigation framework for the IoT network It employs the signature-based IDS that utilizes the similarity feature of attack sources in botnet attacks to create a blacklist of attack sources (IP addresses) for timely attack detection. The utilization of the signature-based module in the framework for network traffic flow analyses ensures a speedy detection of known attack sources, thereby reducing the operational overhead and time of classification in the anomaly-based IDS module.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
