没有合适的资源?快使用搜索试试~ 我知道了~
首页用于检测物联网(IoT)网络攻击的新型混合入侵检测系统(IDS)-研究论文
用于检测物联网(IoT)网络攻击的新型混合入侵检测系统(IDS)-研究论文
需积分: 0 13 下载量 85 浏览量
更新于2023-04-29
评论 5
收藏 1.43MB PDF 举报
如今,物联网已广泛用于各种应用程序中以改善生活质量。 但是,由于物联网数量众多,开放性和分布式特性,物联网越来越成为进行未经授权攻击的理想目标。 因此,为了维持物联网系统的安全性,需要有效的入侵检测系统(IDS)。 IDS实施了检测器,可以连续监视网络流量。 文献中针对物联网安全提出了各种ID方法。 然而,现有方法在检测精度和时间开销方面具有缺点。 为了提高IDS的检测精度并减少所需的时间,本文提出了一种混合IDS系统,其中预处理阶段用于减少所需的时间,特征选择以及分类是在单独的阶段完成的。 通过使用增强型随机跳蛙(ESFL)算法来完成特征选择过程,并使用带有门控递归神经网络的轻卷积神经网络(LCNN-GRNN)算法对所选特征进行分类。 将这种两阶段方法与用于入侵检测的最新方法进行了比较,由于该方法需要进行光处理,因此在准确性和运行时间方面都超过了它们。
资源详情
资源评论
资源推荐
Annals of Emerging Technologies in Computing (AETiC)
Vol. 4, No. 5, 2020
Rabie A. Ramadan and Kusum Yadav, "A Novel Hybrid Intrusion Detection System (IDS) for the Detection of Internet of
Things (IoT) Network Attacks”, Annals of Emerging Technologies in Computing (AETiC), Print ISSN: 2516-0281, Online ISSN:
2516-029X, pp. 61-74, Vol. 4, No. 5, 20
th
December 2020, Published by International Association of Educators and Researchers
(IAER), DOI: 10.33166/AETiC.2020.05.004, Available: http://aetic.theiaer.org/archive/v4/v4n5/p4.html.
Research Article
A Novel Hybrid Intrusion Detection
System (IDS) for the Detection of
Internet of Things (IoT) Network
Attacks
Rabie A. Ramadan
1,2,
* and Kusum Yadav
2
1
Computer Science and Engineering College, University of Hai’l, Hai’l, Saudi Arabia
rabie@rabieramadan.org
2
Computer Engineering Department, Cairo University, Giza, Egypt
y.kusum@uoh.edu.sa
*Correspondence: rabie@rabieramadan.org
Received: 8
th
November 2020; Accepted: 11
th
December 2020; Published: 20
th
December 2020
Abstract: Nowadays, IoT has been widely used in different applications to improve the quality of life.
However, the IoT becomes increasingly an ideal target for unauthorized attacks due to its large number of
objects, openness, and distributed nature. Therefore, to maintain the security of IoT systems, there is a need
for an efficient Intrusion Detection System (IDS). IDS implements detectors that continuously monitor the
network traffic. There are various IDs methods proposed in the literature for IoT security. However, the
existing methods had the disadvantages in terms of detection accuracy and time overhead. To enhance the
IDS detection accuracy and reduces the required time, this paper proposes a hybrid IDS system where a pre-
processing phase is utilized to reduce the required time and feature selection as well as the classification is
done in a separate stage. The feature selection process is done by using the Enhanced Shuffled Frog Leaping
(ESFL) algorithm and the selected features are classified using Light Convolutional Neural Network with
Gated Recurrent Neural Network (LCNN-GRNN) algorithm. This two-stage method is compared to up-to-
date methods used for intrusion detection and it over performs them in terms of accuracy and running time
due to the light processing required by the proposed method.
Keywords: IoT; Hybrid classification; IoT security; Convolution Neural Network; KDD cup dataset
1. Introduction
Internet of Things (IoT) becomes more increasingly popular in different industries such as social
domains, healthcare, personal and smart cities. However, it increases the risk of security issues in
many applications like medical monitoring, mission-critical tasks, and industrial control. These
applications work mainly based on trustworthy data delivery, data privacy, and reliability. Due to
the limitations of the IoT technologies, security became one of the key issues in IoT services and
networks. The IoT devices are tiny, heterogeneous and not supporting interoperability. These
characteristics extend the attack range and increase the complexity of developing any security
solution. IoT devices are vulnerable to not only network attacks (Putra, Dedeoglu, Kanhere, and
Jurdak, 2020)(Daia, Ramadan, and Fayek, 2018), they are also susceptible to powerful hackers from
unauthorized internet users. In some of the literatures, cryptography algorithms are proposed for IoT
authenticity and confidentiality to some extent. However, cryptography tools are costly in terms of
computations and time which might not be suitable for IoT devices.
AETiC 2020, Vol. 4, No. 5 62
www.aetic.theiaer.org
In addition, cryptography algorithms help in satisfying network authentication and data
integrity. Additional tools are required to monitor the IoT network traffic to avoid the recent
network attacks. Intrusion Detection System ((IDS) is most essential to maintain such function. IDSs
play the role of network monitoring, analysis, and attack detection.
Various IDS techniques are presented in the literature. These techniques are categorized into
two types which are anomaly-based detection and signature-based detection (Blanco, Malagón,
Briongos, and Moya, 2019) [4]. The signature-based detection method depends on the history of pre-
defined malicious activities patterns and the anomaly-based detection method depends on the
discovery of the deviation from normal behaviors to determine the intrusions. Therefore, the
anomaly-based method had the capability of detecting unknown attacks without predefined activity
patterns. In this paper, we present an anomaly-based intrusion detection model in IoT networks.
One of the anomaly-based methods is clustering. Clustering techniques can determine the
intrusions without predefined patterns. For instance, the authors of (Jyothsna, V. Rama Prasad, and
Munivara Prasad, 2011) experimented with k-means, k-medoids, outlier detection algorithms and
EM clustering to detect network intrusions. Through clustering, the traffic could be divided into
normal and abnormal traffic [6]. However, EM-based anomaly detection method turns out to provide
more accurate results than other clustering methods. Other classification methods are utilized for
anomaly detection such as Fuzzy logic, classification tree, Naïve Bayes network, genetic algorithm,
Support vector machine, and neural network [7]. The main idea behind the operation of these
algorithms is to classify the data into two types such as normal or abnormal categories. When
multiple numbers of attacks presented in-network, single algorithm might not be sufficient. Hybrid
approaches are used to use cascaded supervised algorithms, cascaded unsupervised algorithms, or
combining supervised and unsupervised algorithms [8] [9].
The research in this paper falls under the umbrella of the hybrid approach where the main
objectives are:
• To select more relevant features using Enhanced Shuffled Frog Leaping (ESFL)
algorithm,
• To achieve the high classification rate using Light Convolutional Neural Network with
Gated Recurrent Neural Network (LCNN-GRNN) method,
• To improve the detection rate accuracy of certain attacks such as U2R, DoS, R2L attacks
without mitigating of performance. Those attacks are the most attacks recently
discovered for IoT networks.
The paper is organized as follows: Section II defines the various literature survey of IDS
techniques and IoT security challenges. Section II defines the problem to be solved in this paper.
Section IV describes the overall workflow of the proposed system and a detailed description of the
proposed hybrid methods and algorithms. Section V contains the performance analysis of the
proposed system and dataset description. Section VI concludes the proposed system results and
discussion.
2. Problem Definition
With the advances in sensing technologies, IoT network became possible. However, IoT devices
suffer from different limitations including the energy sources and limited capabilities. In addition,
standard cryptography and regular IDS techniques could not be suitable for such network. Besides,
with the connectivity to the Internet, hacking techniques are getting strong and easy to be learnt.
Therefore, efficient monitoring process for intrusion detection is a challenge. This leads to various
research proposals to enhance IoT intrusion detection performance. One of the famous datasets that
has been extensively studied is NSL-KDD cup dataset. It became a de facto standard to test new
algorithms. Unfortunately, the existing methods suffer from the following problems:
• Minimum classification rate of attacks,
• Time overhead,
• Minimum detection rate of attack and
• Minimum accuracy.
AETiC 2020, Vol. 4, No. 5 63
www.aetic.theiaer.org
Therefore, the problem in hand is to introduce an efficient IDS solution that solve the following
mentioned problems where the detection time is important especially with IoT runtime operation.
Also, the accuracy is another issue where IoT systems could be used in critical applications such as
healthcare or military systems.
This paper proposes a hybrid IDS system that combines CNN and Gated Recurrent Neural
Network, LCNN-GRNN. In addition, it proposes a pre-processing method entitled Enhanced
Shuffled Frog Leaping (ESFL) for the best feature selection operation. To improve the performance
of the proposed system, the dataset is split into training and testing sub-data before classification. It
classifies the information into normal class or anomaly class.
3. Literature Review
Chaabouni et al. [10] classified the IoT security attacks in IoT networks using existing anomaly
detection approaches. They survey the state-of-the-art NIDS - Network Intrusion Detection System
describing various existing NIDS implementation tools, open-source network sniffing software, and
datasets. This review comprises the existing NIDS techniques with machine learning techniques and
the conclusion was that machine learning techniques give higher success rate than other techniques.
Pajouh et al. in [11] presented the novel IDS system based on the two-tier classification module
and two-layer dimension reduction to determine the malicious activities named R2L and U2R attacks.
The proposed method examined the linear discriminant analysis and component analysis of
dimension reduction for feature selection or dimensionality reduction. Then, the authors applied the
two-tier classification method in the form of K-NN and naïve Bayes to analyze the suspicious
behaviors. The proposed method was examined with the NSL-KDD dataset and the authors claimed
that the proposed method of superior performances to determine R2L and U2R attacks.
The IoT becomes much more interests in many industries such as logistics tracking, healthcare,
automobile, and smart cities. Hodo et al. in [12] described the threat analysis in IoT and ANN
algorithm was used to analyze these threats. A supervised ANN or multilevel perceptron was trained
by internet packet traces, then evaluated the ability of the proposed system to DDoS attacks. The
paper focuses on the classification of normal and attack patterns in IoT networks. The authors claimed
that they were able to detect up to 99.4% of DDoS attacks in the used datasets.
Another work has been conducted by Deng et al. in [13] where they proposed an IDS system for
mobile networks based on a transfer learning algorithm. the authors analyzed various security issues
and characteristics of networking security. Then, they discussed the internet security technologies of
authentication, key management, routing security, access control, intrusion detection, fault tolerance,
and privacy protection. Also, various types of intrusion detection technologies were discussed and
the applications of IoT architecture were identified.
Midi et al. [14] proposed a knowledge-driven adaptable IDS system (KALIS) for IoT. KALIS is
designed to be able to detect intrusions across a wide range of IoT systems in real-time. The proposed
system monitors numerous protocols and it had no performance impacts on IoT applications. The
proposed IDS approach does not mark individual protocols for IoT networks. It familiarizes the
suitable detection strategy to certain network features. The authors claimed that that KALIS
algorithms is effective in detecting intrusions of IoT systems.
Similar algorithm is proposed in [15] where deep learning is utilized for traffic flow intrusion
detection in IoT networks. The proposed method generates the generic features from packet-level
information. The authors developed Feed Forward Neural Networks (FFNN) to detect Dos, DDOS,
information theft attacks, and reconnaissance for binary and multiclass classification. Again, the
authors claimed the effectiveness of their algorithm in attacks detection and classification.
Another deep leaning approach is presented in [16] where the authors proposed a new intrusion
detection system named as mutual information selection element and deep extraction. The feature
extraction process was done using deep structure stacked autoencoders based on mutual information
between the class label and the feature. The entropy-based tree wrapper method was utilized for
optimizing the feature subsets.
剩余13页未读,继续阅读
weixin_38691703
- 粉丝: 2
- 资源: 961
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- RTL8188FU-Linux-v5.7.4.2-36687.20200602.tar(20765).gz
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0