Intrusion Detection In Internet Of Things Research Articles

Synergistic Approaches to Enhance IoT Intrusion Detection: Balancing Features through Combined Learning

The Internet of Things (IoT) plays a crucial role in ensuring security by preventing unauthorized access, malware infections, and malicious activities. IoT monitors network traffic as well as device behaviour to identify potential threats and take appropriate mitigation measures. However, there is a need for an IoT Intrusion Detection system with enhanced generalization capabilities, leveraging deep learning and advanced anomaly detection techniques. This study presents an innovative approach to IoT IDS that combines SMOTE-Tomek link and BTLBO, CNN with XGB classifier which aims to address data imbalances, improve model performance, reduce misclassifications, and improve overall dataset quality. The proposed IoT IDS system, using the IoT-23 dataset, achieves 99.90% accuracy and a low error rate, all while requiring significantly less execution time. This work represents a significant step forward in IoT security, offering a robust and efficient IDS solution tailored to the changing challenges of the interconnected world.

Autonomous intrusion detection for IoT: a decentralized and privacy preserving approach

The Internet of Things (IoT) has been increasingly adopted in domains such as smart infrastructure, healthcare, supply chain, transportation, and many others. However, the constrained computational resources of these devices make conventional security approaches against security threats not applicable. This limitation emphasizes the need to explore new approaches, specifically tailored to these kinds of devices. To increase protection against cyberattacks in IoT devices, Intrusion Detection Systems (IDSs) are considered an effective approach. Machine Learning (ML) techniques can be combined with Federated Learning to enhance the privacy and scalability of these systems. Many IDSs have been introduced, but there is a research gap concerning Host Intrusion Detection System (HIDS), which is the primary focus of our current work. Additionally, existing research predominantly focuses on the application of ML techniques and their evaluation, with limited attention to real-world implementation. We propose a lightweight HIDS that relies on the analysis of system call traces to detect malicious activities. The proposed HIDS achieved an accuracy rate of approximately 98%. Finally, by using eXplainable Artificial Intelligence methods, we sought to provide explanations for these these results.

Attention-Driven Transfer Learning Model for Improved IoT Intrusion Detection

The proliferation of Internet of Things (IoT) devices has become inevitable in contemporary life, significantly affecting myriad applications. Nevertheless, the pervasive use of heterogeneous IoT gadgets introduces vulnerabilities to malicious cyber-attacks, resulting in data breaches that jeopardize the network’s integrity and resilience. This study proposes an Intrusion Detection System (IDS) for IoT environments that leverages Transfer Learning (TL) and the Convolutional Block Attention Module (CBAM). We extensively evaluate four prominent pre-trained models, each integrated with an independent CBAM at the uppermost layer. Our methodology is validated using the BoT-IoT dataset, which undergoes preprocessing to rectify the imbalanced data distribution, eliminate redundancy, and reduce dimensionality. Subsequently, the tabular dataset is transformed into RGB images to enhance the interpretation of complex patterns. Our evaluation results demonstrate that integrating TL models with the CBAM significantly improves classification accuracy and reduces false-positive rates. Additionally, to further enhance the system performance, we employ an Ensemble Learning (EL) technique to aggregate predictions from the two best-performing models. The final findings prove that our TL-CBAM-EL model achieves superior performance, attaining an accuracy of 99.93% as well as high recall, precision, and F1-score. Henceforth, the proposed IDS is a robust and efficient solution for securing IoT networks.

A Cooperative Intrusion Detection System for the Internet of Things Using Convolutional Neural Networks and Black Hole Optimization.

Maintaining security in communication networks has long been a major concern. This issue has become increasingly crucial due to the emergence of new communication architectures like the Internet of Things (IoT) and the advancement and complexity of infiltration techniques. For usage in networks based on the Internet of Things, previous intrusion detection systems (IDSs), which often use a centralized design to identify threats, are now ineffective. For the resolution of these issues, this study presents a novel and cooperative approach to IoT intrusion detection that may be useful in resolving certain current security issues. The suggested approach chooses the most important attributes that best describe the communication between objects by using Black Hole Optimization (BHO). Additionally, a novel method for describing the network's matrix-based communication properties is put forward. The inputs of the suggested intrusion detection model consist of these two feature sets. The suggested technique splits the network into a number of subnets using the software-defined network (SDN). Monitoring of each subnet is done by a controller node, which uses a parallel combination of convolutional neural networks (PCNN) to determine the presence of security threats in the traffic passing through its subnet. The proposed method also uses the majority voting approach for the cooperation of controller nodes in order to more accurately detect attacks. The findings demonstrate that, in comparison to the prior approaches, the suggested cooperative strategy can detect assaults in the NSLKDD and NSW-NB15 datasets with an accuracy of 99.89 and 97.72 percent, respectively. This is a minimum 0.6 percent improvement.

Optimizing IoT Intrusion Detection Using Balanced Class Distribution, Feature Selection, and Ensemble Machine Learning Techniques.

Internet of Things (IoT) devices are leading to advancements in innovation, efficiency, and sustainability across various industries. However, as the number of connected IoT devices increases, the risk of intrusion becomes a major concern in IoT security. To prevent intrusions, it is crucial to implement intrusion detection systems (IDSs) that can detect and prevent such attacks. IDSs are a critical component of cybersecurity infrastructure. They are designed to detect and respond to malicious activities within a network or system. Traditional IDS methods rely on predefined signatures or rules to identify known threats, but these techniques may struggle to detect novel or sophisticated attacks. The implementation of IDSs with machine learning (ML) and deep learning (DL) techniques has been proposed to improve IDSs' ability to detect attacks. This will enhance overall cybersecurity posture and resilience. However, ML and DL techniques face several issues that may impact the models' performance and effectiveness, such as overfitting and the effects of unimportant features on finding meaningful patterns. To ensure better performance and reliability of machine learning models in IDSs when dealing with new and unseen threats, the models need to be optimized. This can be done by addressing overfitting and implementing feature selection. In this paper, we propose a scheme to optimize IoT intrusion detection by using class balancing and feature selection for preprocessing. We evaluated the experiment on the UNSW-NB15 dataset and the NSL-KD dataset by implementing two different ensemble models: one using a support vector machine (SVM) with bagging and another using long short-term memory (LSTM) with stacking. The results of the performance and the confusion matrix show that the LSTM stacking with analysis of variance (ANOVA) feature selection model is a superior model for classifying network attacks. It has remarkable accuracies of 96.92% and 99.77% and overfitting values of 0.33% and 0.04% on the two datasets, respectively. The model's ROC is also shaped with a sharp bend, with AUC values of 0.9665 and 0.9971 for the UNSW-NB15 dataset and the NSL-KD dataset, respectively.

An extreme gradient boost based classification and regression tree for network intrusion detection in IoT

Nowadays, modern technology includes various devices, networks, and apps from the internet of things (IoT), which consist of both positive and negative impacts on social, economic, and industrial effects. To address these issues, IoT applications and networks require lightweight, quick, and adaptable security solutions. In this sense, solutions based on artificial intelligence and big data analytics can yield positive outcomes in the realm of cyber security. This study presents a method called extreme gradient boost (XGBoost) based classification and regression tree to identify network intrusions in the IoT. This model is ideally suited for application in IoT networks with restricted resource availability because of its distributed structure and builtin higher generalization capabilities. This approach is thoroughly tested using botnet internet of things (BoT-IoT) new-generation IoT security datasets. All trials are conducted in a range of different settings, and a number of performance indicators are used to evaluate the effectiveness of the proposed method. The suggested study's findings provide recommendations and insights for situations involving binary classes and numerous classes. The suggested XGBoost model achieved 99.53% of accuracy in attack detection and 99.51% in precision for binary class and multiclass classifications, respectively.

Towards intrusion detection in IoT using Few-shot learning

The Internet of Things (IoT) is an emerging technology that covers various domains and has become an essential part of the upcoming technological revolution. IoT applications include healthcare, smart-cities, smart-cars, industries, quality of life, and several other fields. IoT typically consists of lightweight sensor devices that facilitate procedures such as automation, real-time trackable data collection, and data-driven decisions. However, securing IoT networks is an accessible research area for several reasons. The main security challenges are limited resources that are incapable of dealing with complex and advanced security tools; and lack of required data for training the security systems like Intrusion detection systems as a result of their heterogeneous nature. This research proposed a Few-shot learning IoT intrusion detection system model based on a Siamese network to overcome the above limitation. The model aims to classify and distinguish normal and attacked traffic. The experiment utilized an IoT dataset in different scenarios to analyze and validate the behavior with three categories with different numbers of data in each. The performance result achieves more than 99% accuracy and shows an efficient detection ability using only less than 1% of the dataset.

Internet of Things intrusion detection: Research and practice of NSENet and LSTM fusion models

To address the problems of complex environment, limited device computational resources and limited memory resources in the existing IoT, SELSTM, an intrusion detection system composed of NSENet and LSTM fusion based on SENet, is investigated. The NSENet part of the SELSTM system is based on the squeeze-and-excitation network (SENet). The lightweight computational modules NonLocal, SKConv and inverted residuals are fused into SE blocks, and self-attention of Nonlocal is used to improve the local receptive field of feature extraction. The channel attention and spatial attention of each part of the data are strengthened by the use of SKConv To enhance the adaptive convolution ability of the model and ensure the completeness of the information, the properties of the inverted residual structure are used to ensure that the gradient of the model decreases steadily without gradient explosion or disappearance. For the problem of data imbalance, the dataset is randomly resampled using the weight resampling technique to improve the balance of the dataset to ensure that the final detection effect of the model is more effective and generalized, while the data flow is divided into two parts for processing, and the model parameters are optimized using the model gradient optimizer consisting of the optimizer Lion and the optimization function Lookahead. The model extracts the spatial and temporal features of the data through multidimensional extraction to ensure the completeness of the data feature information in multiple dimensions, thus obtaining better detection results. The results of the experiments comparing the SELSTM model with other models on the intrusion dataset show that the intrusion detection model has a higher detection precision and accuracy than the traditional deep learning intrusion detection model, which indicates that the SELSTM has better detection performance properties and better practicality and effectiveness on IoT devices.

An adversarial environment reinforcement learning-driven intrusion detection algorithm for Internet of Things

The increasing prevalence of Internet of Things (IoT) systems has made them attractive targets for malicious actors. To address the evolving threats and the growing complexity of detection, there is a critical need to search for and develop new algorithms that are fast and robust in detecting and classifying dangerous network traffic. In this context, deep reinforcement learning (DRL) is gaining recognition as a prospective solution in numerous fields as it enables autonomous agents to cooperate with their environment for decision-making without relying on human experts. This article presents an innovative approach to intrusion detection in IoT systems using an adversarial reinforcement learning (RL) algorithm known for its exceptional predictive capabilities. The predictive process relies on a classifier, implemented as a streamlined and highly efficient neural network. Embedded within this classifier is a policy function meticulously trained using an innovative RL model. Importantly, this model ensures that the environment’s behavior is dynamically fine-tuned simultaneously with the learning process, improving the overall effectiveness of the intrusion detection approach. The efficiency of our proposal was assessed using the Bot-IoT database, consisting of a mixture of legitimate IoT network traffic and simulated attack scenarios. Our scheme shows superior performance compared to existing ones. Therefore, our approach to IoT intrusion detection can be considered a valuable alternative to existing methods, capable of significantly improving the IoT systems’ security.

Hybrid CNN Approach for Unknown Attack Detection in Edge-Based IoT Networks

INTRODUCTION: In the constantly growing Internet of Things (IoT), device security is crucial. As IoT gadgets pervade our lives, detecting unforeseen assaults is crucial to protecting them. Behavioral analysis, machine learning, and collaborative intelligence may be needed to protect against new dangers. This short discusses the need of detecting unexpected IoT attacks and essential security strategies for these interconnected environments.OBJECTIVES: This research uses the BoT-IoT dataset to create an enhanced IoT intrusion detection system. The goals are to optimize a CNN architecture for effective pattern recognition, address imbalanced data, and evaluate model performance using precision, recall, F1-score, and AUC-ROC measures. Improving IoT ecosystem reliability and security against unknown assaults is the ultimate goal.METHODS: The proposed methods use the BoT-IoT dataset to create a comprehensive IoT intrusion detection system. This involves tuning a Convolutional Neural Network (CNN) architecture to improve pattern recognition. Oversampling and class weighting address imbalanced data issues. RESULTS: The comprehensive evaluation of our innovative unknown attack detection method shows promise, suggesting it may be better than existing methods. A high accuracy, precision, recall, and f-measure of 98.23% were attained using an advanced model and feature selection methods. This achievement was achieved by using features designed to identify unknown attacks in the dataset, proving the proposed methodology works.CONCLUSION: This research presents an improved IoT Intrusion Detection System using the BoT-IoT dataset. The optimised Convolutional Neural Network architecture and imbalanced data handling approaches achieved 98.23% accuracy.

Enhancing IoT Security: A Few-Shot Learning Approach for Intrusion Detection

Recently, the number of Internet of Things (IoT)-connected devices has increased daily. Consequently, cybersecurity challenges have increased due to the natural diversity of the IoT, limited hardware resources, and limited security capabilities. Intrusion detection systems (IDSs) play a substantial role in securing IoT networks. Several researchers have focused on machine learning (ML) and deep learning (DL) to develop intrusion detection techniques. Although ML is good for classification, other methods perform better in feature transformation. However, at the level of accuracy, both learning techniques have their own certain compromises. Although IDSs based on ML and DL methods can achieve a high detection rate, the performance depends on the training dataset size. Incidentally, collecting a large amount of data is one of the main drawbacks that limits performance when training datasets are lacking, and such methods can fail to detect novel attacks. Few-shot learning (FSL) is an emerging approach that is employed in different domains because of its proven ability to learn from a few training samples. Although numerous studies have addressed the issues of IDSs and improved IDS performance, the literature on FSL-based IDSs is scarce. Therefore, an investigation is required to explore the performance of FSL in IoT IDSs. This work proposes an IoT intrusion detection model based on a convolutional neural network as a feature extractor and a prototypical network as an FSL classifier. The empirical results were analyzed and compared with those of recent intrusion detection approaches. The accuracy results reached 99.44%, which shows a promising direction for involving FSL in IoT IDSs.

Enhancing Intrusion Detection through Unsupervised Deep Learning Models

The Internet of Things (IoT) has experienced significant growth since its inception, representing a groundbreaking technological advancement. In essence, IoT involves the seamless integration of devices and data to automate and centralize various processes. This transformative technology is revolutionizing business operations and reshaping society as a whole. As IoT continues to evolve, the importance of detecting vulnerabilities and weaknesses becomes paramount in order to thwart unauthorized access to critical resources and business functions, which could potentially render the entire system unavailable. One prevalent threat in this context is Denial of Service (DoS) and Distributed DoS attacks. In this project, propose an innovative architecture known as Protocol Based Deep Intrusion Detection (PB-DID). To create our dataset, we gathered packets from IoT traffic and compared features from two well-known datasets: UNSWNB15 and Bot-IoT. We focused on flow and Transmission Control Protocol (TCP) characteristics. Our primary objective was to accurately classify network traffic into three categories: non-anomalous, DoS, and DDoS, while addressing issues like data imbalance and overfitting. Utilizing deep learning (DL) techniques, we achieved an impressive classification accuracy of 96.3%. This level of accuracy demonstrates the potential of our PB-DID architecture in effectively identifying and mitigating intrusion attempts in the context of IoT, thereby enhancing the security and reliability of IoT systems. Keywords—: Intrusion detection in IoT, Deep learning for intrusion detection, DoS detection, DDoS detection.

IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered Feature Selection with ML Model for IoT Threats & Attack Detection

Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.

CFL-IDS: An Effective Clustered Federated Learning Framework for Industrial Internet of Things Intrusion Detection

CFL-IDS: An Effective Clustered Federated Learning Framework for Industrial Internet of Things Intrusion Detection

A Transferable Deep Learning Framework for Improving the Accuracy of Internet of Things Intrusion Detection

As the size of the IoT solutions and services market proliferates, industrial fields utilizing IoT devices are also diversifying. However, the proliferation of IoT devices, often intertwined with users’ personal information and privacy, has led to a continuous surge in attacks targeting these devices. However, conventional network-level intrusion detection systems with pre-defined rulesets are gradually losing their efficacy due to the heterogeneous environments of IoT ecosystems. To address such security concerns, researchers have utilized ML-based network-level intrusion detection techniques. Specifically, transfer learning has been dedicated to identifying unforeseen malicious traffic in IoT environments based on knowledge distillation from the rich source domain data sets. Nevertheless, since most IoT devices operate in heterogeneous but small-scale environments, such as home networks, selecting adequate source domains for learning proves challenging. This paper introduces a framework designed to tackle this issue. In instances where assessing an adequate data set through pre-learning using transfer learning is non-trivial, our proposed framework advocates the selection of a data set as the source domain for transfer learning. This selection process aims to determine the appropriateness of implementing transfer learning, offering the best practice in such scenarios. Our evaluation demonstrates that the proposed framework successfully chooses a fitting source domain data set, delivering the highest accuracy.

Optimizing IoT intrusion detection system: feature selection versus feature extraction in machine learning

Internet of Things (IoT) devices are widely used but also vulnerable to cyberattacks that can cause security issues. To protect against this, machine learning approaches have been developed for network intrusion detection in IoT. These often use feature reduction techniques like feature selection or extraction before feeding data to models. This helps make detection efficient for real-time needs. This paper thoroughly compares feature extraction and selection for IoT network intrusion detection in machine learning-based attack classification framework. It looks at performance metrics like accuracy, f1-score, and runtime, etc. on the heterogenous IoT dataset named Network TON-IoT using binary and multiclass classification. Overall, feature extraction gives better detection performance than feature selection as the number of features is small. Moreover, extraction shows less feature reduction compared with that of selection, and is less sensitive to changes in the number of features. However, feature selection achieves less model training and inference time compared with its counterpart. Also, more space to improve the accuracy for selection than extraction when the number of features changes. This holds for both binary and multiclass classification. The study provides guidelines for selecting appropriate intrusion detection methods for particular scenarios. Before, the TON-IoT heterogeneous IoT dataset comparison and recommendations were overlooked. Overall, the research presents a thorough comparison of feature reduction techniques for machine learning-driven intrusion detection in IoT networks.

Multi-scale Convolutional Feature Fusion Network Based on Attention Mechanism for IoT Traffic Classification

AbstractThe Internet of Things (IoT) has been extensively utilized in domains such as smart homes, healthcare, and other industries. With the exponential growth of Internet of Things (IoT) devices, they have become prime targets for malicious cyber-attacks. Effective classification of IoT traffic is, therefore, imperative to enable robust intrusion detection systems. However, IoT traffic data contain intricate spatial relationships and topological information, which traditional methods for traffic identification lack the capability to fully extract features and capture crucial characteristics. We propose a multi-scale convolutional feature fusion network augmented with a Convolutional Block Attention Module (MCF-CBAM) for accurate IoT traffic classification. The network incorporates three critical innovations: (1) Parallel convolution extracts multi-scale spatial features from traffic data. The 1 × 1 convolution operation reduces the amount of parameters and calculations of the network, thereby improving work efficiency. (2) The attention module suppresses less informative features while highlighting the most discriminative ones, enabling focused learning on decisive features. (3) Cross-scale connections with channel jumps reuse features from prior layers to enhance generalization. We evaluate the method extensively on three widely adopted public datasets. Quantitative results demonstrate MCF-CBAM establishes new state-of-the-art performance benchmarks for IoT traffic classification, surpassing existing methods by a significant margin. Qualitative visualizations of the learned attention weights provide intuitive insights into how the network automatically discovers the most decisive spatial features for identification. With its strong empirical performance and interpretable attention mechanisms, this work presents a promising deep learning solution to augment real-world IoT intrusion detection systems against growing cybersecurity threats.

A novel IoT intrusion detection framework using Decisive Red Fox optimization and descriptive back propagated radial basis function models

The Internet of Things (IoT) is extensively used in modern-day life, such as in smart homes, intelligent transportation, etc. However, the present security measures cannot fully protect the IoT due to its vulnerability to malicious assaults. Intrusion detection can protect IoT devices from the most harmful attacks as a security tool. Nevertheless, the time and detection efficiencies of conventional intrusion detection methods need to be more accurate. The main contribution of this paper is to develop a simple as well as intelligent security framework for protecting IoT from cyber-attacks. For this purpose, a combination of Decisive Red Fox (DRF) Optimization and Descriptive Back Propagated Radial Basis Function (DBRF) classification are developed in the proposed work. The novelty of this work is, a recently developed DRF optimization methodology incorporated with the machine learning algorithm is utilized for maximizing the security level of IoT systems. First, the data preprocessing and normalization operations are performed to generate the balanced IoT dataset for improving the detection accuracy of classification. Then, the DRF optimization algorithm is applied to optimally tune the features required for accurate intrusion detection and classification. It also supports increasing the training speed and reducing the error rate of the classifier. Moreover, the DBRF classification model is deployed to categorize the normal and attacking data flows using optimized features. Here, the proposed DRF-DBRF security model's performance is validated and tested using five different and popular IoT benchmarking datasets. Finally, the results are compared with the previous anomaly detection approaches by using various evaluation parameters.

Optimized intrusion detection in IoT and fog computing using ensemble learning and advanced feature selection.

The proliferation of Internet of Things (IoT) devices and fog computing architectures has introduced major security and cyber threats. Intrusion detection systems have become effective in monitoring network traffic and activities to identify anomalies that are indicative of attacks. However, constraints such as limited computing resources at fog nodes render conventional intrusion detection techniques impractical. This paper proposes a novel framework that integrates stacked autoencoders, CatBoost, and an optimised transformer-CNN-LSTM ensemble tailored for intrusion detection in fog and IoT networks. Autoencoders extract robust features from high-dimensional traffic data while reducing the dimensionality of the efficiency at fog nodes. CatBoost refines features through predictive selection. The ensemble model combines self-attention, convolutions, and recurrence for comprehensive traffic analysis in the cloud. Evaluations of the NSL-KDD, UNSW-NB15, and AWID benchmarks demonstrate an accuracy of over 99% in detecting threats across traditional, hybrid enterprises and wireless environments. Integrated edge preprocessing and cloud-based ensemble learning pipelines enable efficient and accurate anomaly detection. The results highlight the viability of securing real-world fog and the IoT infrastructure against continuously evolving cyber-attacks.

A Model-agnostic XAI Approach for Developing Low-cost IoT Intrusion Detection Dataset

This study tackles the significant challenge of generating low-cost intrusion detection datasets for Internet of Things (IoT) camera devices, particularly for financially limited organizations. Traditional datasets often depend on costly cameras, posing accessibility issues. Addressing this, a new dataset was developed, tailored for low-cost IoT devices, focusing on essential features. The research employed an Entry/Exit IoT Network at CKT-UTAS, Navrongo, a Ghanaian University, showcasing a feasible model for similar organizations. The study gathered location and other vital features from low-cost cameras and a standard dataset. Using the XGBoost machine learning algorithm, the effectiveness of this approach for cybersecurity enhancement was demonstrated. The implementation included a model-agnostic eXplainable AI (XAI) technique, employing Shapley Additive Explanations (SHAP) values to interpret the XGBoost model's predictions. This highlighted the significance of cost-effective features like Flow Duration, Total Forward Packets, and Total Length Forward Packet, in addition to location data. These features were crucial for intrusion detection using the new IoT dataset. Training a deep-learning model with only these features maintained comparable accuracy to using the full dataset, validating the practicality and efficiency of the approach in real-world scenarios.