Abstract
Internet of Things (IoT) has been thriving in recent years, playing an important role in a multitude of various domains, including industry 4.0, smart transportation, home automation, and healthcare. As a result, a massive number of IoT devices are deployed to collect data from our surrounding environment and transfer these data to other systems over the Internet. This may lead to cybersecurity threats, such as denial of service attacks, brute-force attacks, and unauthorized accesses. Unfortunately, many IoT devices lack solid security mechanisms and hardware security supports because of their limitations in computational capability. In addition, the heterogeneity of devices in IoT networks causes nontrivial challenges in detecting security threats. In this article, we present a collaborative intrusion detection system (IDS), namely, MidSiot, deployed at both Internet gateways and IoT local gateways. Our proposed IDS consists of three stages: (1) classifying the type of each IoT device in the IoT network; (2) differentiating between benign and malicious network traffic; and (3) identifying the type of attacks targeting IoT devices. The last two stages are handled by the Internet gateways, whereas the first stage is on the local gateway to leverage the computational resources from edge devices. The evaluation results on three popular IDS datasets (IoTID20, CIC-IDS-2017, and BOT-IoT) indicate our proposal could detect seven common cyberattacks targeting IoT devices with an average accuracy of 99.68% and outperforms state-of-the-art IDSs. This demonstrates that MidSiot could be an effective and practical IDS to protect IoT networks.
Highlights
Internet of ings (IoT) has been thriving in recent years, playing an important role in a multitude of various domains, including industry 4.0, smart transportation, home automation, and healthcare
Our proposed intrusion detection system (IDS) consists of three stages: (1) classifying the type of each IoT device in the IoT network; (2) differentiating between benign and malicious network traffic; and (3) identifying the type of attacks targeting IoT devices. e last two stages are handled by the Internet gateways, whereas the first stage is on the local gateway to leverage the computational resources from edge devices. e evaluation results on three popular IDS datasets (IoTID20, CIC-IDS-2017, and BOT-IoT) indicate our proposal could detect seven common cyberattacks targeting IoT devices with an average accuracy of 99.68% and outperforms state-of-the-art IDSs. is demonstrates that MidSiot could be an effective and practical IDS to protect IoT networks
We note that the key difference between IoT network traffic and other network traffics is the diversity and volume. e diversity of IoT network traffic comes from the heterogeneity of IoT devices and their communication protocols, resulting in diverse network behaviors
Summary
There has been an increased interest in exploring machine learning for enhancing the detection quality of IDSs [17, 18]. In terms of datasets used for IDSs, the authors in [21] proposed a new dataset called IoTID20, which was evaluated in their work by implementing several machine learning algorithms (e.g., logistic regression, decision tree, random forest), which results in increasing F1-score for both binary classification and multiclass classification. As far as collaborative intrusion detection systems are concerned, a series of research [27,28,29] provided blockchain challenge-based collaborative intrusion detections In these systems, the authors leveraged the strength of blockchain to investigate the trust mechanism in a network of IDS nodes. Several approaches are evaluated by non-IoT datasets or testbeds having a small number of IoT devices. us, previous IDS proposals are insufficient for deploying to practical IoT ecosystem
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
