Signature-based and Behavior-based Attack Detection with Machine Learning for Home IoT Devices

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

Download Full-text

Attack Detection in IoT using Machine Learning

Engineering, Technology & Applied Science Research ◽

10.48084/etasr.4202 ◽

2021 ◽

Vol 11 (3) ◽

pp. 7273-7278

Author(s):

M. Anwer ◽

M. U. Farooq ◽

S. M. Khan ◽

W. Waseemullah

Keyword(s):

Machine Learning ◽

Network Traffic ◽

Learning Algorithm ◽

Attack Detection ◽

Supervised Machine Learning ◽

Detection Methods ◽

Support Vector ◽

Web Traffic ◽

Local Networks ◽

Iot Devices

Many researchers have examined the risks imposed by the Internet of Things (IoT) devices on big companies and smart towns. Due to the high adoption of IoT, their character, inherent mobility, and standardization limitations, smart mechanisms, capable of automatically detecting suspicious movement on IoT devices connected to the local networks are needed. With the increase of IoT devices connected through internet, the capacity of web traffic increased. Due to this change, attack detection through common methods and old data processing techniques is now obsolete. Detection of attacks in IoT and detecting malicious traffic in the early stages is a very challenging problem due to the increase in the size of network traffic. In this paper, a framework is recommended for the detection of malicious network traffic. The framework uses three popular classification-based malicious network traffic detection methods, namely Support Vector Machine (SVM), Gradient Boosted Decision Trees (GBDT), and Random Forest (RF), with RF supervised machine learning algorithm achieving far better accuracy (85.34%). The dataset NSL KDD was used in the recommended framework and the performances in terms of training, predicting time, specificity, and accuracy were compared.

Download Full-text

Intelligent Detection of IoT Botnets Using Machine Learning and Deep Learning

Applied Sciences ◽

10.3390/app10197009 ◽

2020 ◽

Vol 10 (19) ◽

pp. 7009

Author(s):

Jiyeon Kim ◽

Minsun Shim ◽

Seungah Hong ◽

Yulim Shin ◽

Eunjung Choi

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Binary Classification ◽

Denial Of Service ◽

Attack Detection ◽

Detection Model ◽

Security Models ◽

Iot Devices ◽

Effective Models ◽

Network Disruption

As the number of Internet of Things (IoT) devices connected to the network rapidly increases, network attacks such as flooding and Denial of Service (DoS) are also increasing. These attacks cause network disruption and denial of service to IoT devices. However, a large number of heterogenous devices deployed in the IoT environment make it difficult to detect IoT attacks using traditional rule-based security solutions. It is challenging to develop optimal security models for each type of the device. Machine learning (ML) is an alternative technique that allows one to develop optimal security models based on empirical data from each device. We employ the ML technique for IoT attack detection. We focus on botnet attacks targeting various IoT devices and develop ML-based models for each type of device. We use the N-BaIoT dataset generated by injecting botnet attacks (Bashlite and Mirai) into various types of IoT devices, including a Doorbell, Baby Monitor, Security Camera, and Webcam. We develop a botnet detection model for each device using numerous ML models, including deep learning (DL) models. We then analyze the effective models with a high detection F1-score by carrying out multiclass classification, as well as binary classification, for each model.

Download Full-text

A Survey on Intrusion Detection System using Machine Learning and Deep Learning

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit195264 ◽

2019 ◽

pp. 264-270

Author(s):

Er. Hemavati ◽

Aparna R

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Performance Metrics ◽

Detection System ◽

Attack Detection ◽

Machine Learning Techniques ◽

Network Applications ◽

Important Challenge ◽

Iot Devices

As we know internet of Things (IoT) is one of the fastest growing paradigm which is composed of Internet and different physical devices with different domains or the smart applications like home automation, business automation applications, health and environmental monitoring applications. The dependency on IOT devices is increasing day by day with our daily activities, which leads to most important challenge for security. Since having a better monitoring system for better security is a need. From more than two decades the concept or the frame work called IDS (Intrusion detection system) is playing important role for detecting the attacks in the network. Since the network attacks are not fixed in nature, a new type of attacks are happening on the network applications. There are many traditional IDS techniques are available but they are complex to apply. Since machine learning is one of the important area which is achieving good results in many applications. In this paper we study about the different machine learning techniques used till now and the methodology for the attack detection and the validation strategy. We will also discuss about the performance metrics.

Download Full-text

Edge Machine Learning for AI-Enabled IoT Devices: A Review

Sensors ◽

10.3390/s20092533 ◽

2020 ◽

Vol 20 (9) ◽

pp. 2533 ◽

Cited By ~ 6

Author(s):

Massimo Merenda ◽

Carlo Porcaro ◽

Demetrio Iero

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Machine Learning Algorithms ◽

The Internet ◽

Learning Models ◽

Iot Devices ◽

High Level ◽

And Behavior ◽

The Internet Of Things ◽

Machine Learning Models

In a few years, the world will be populated by billions of connected devices that will be placed in our homes, cities, vehicles, and industries. Devices with limited resources will interact with the surrounding environment and users. Many of these devices will be based on machine learning models to decode meaning and behavior behind sensors’ data, to implement accurate predictions and make decisions. The bottleneck will be the high level of connected things that could congest the network. Hence, the need to incorporate intelligence on end devices using machine learning algorithms. Deploying machine learning on such edge devices improves the network congestion by allowing computations to be performed close to the data sources. The aim of this work is to provide a review of the main techniques that guarantee the execution of machine learning models on hardware with low performances in the Internet of Things paradigm, paving the way to the Internet of Conscious Things. In this work, a detailed review on models, architecture, and requirements on solutions that implement edge machine learning on Internet of Things devices is presented, with the main goal to define the state of the art and envisioning development requirements. Furthermore, an example of edge machine learning implementation on a microcontroller will be provided, commonly regarded as the machine learning “Hello World”.

Download Full-text

Intrusion detection in internet of things networks based on machine learning methods

Information and Control Systems ◽

10.31799/1684-8853-2021-6-42-52 ◽

2021 ◽

pp. 42-52

Author(s):

Tatiana Tatarnikova ◽

Pavel Bogdanov

Keyword(s):

Machine Learning ◽

Wireless Sensor Network ◽

Internet Of Things ◽

Sensor Network ◽

Attack Detection ◽

Wireless Sensor ◽

Learning Methods ◽

Network Attacks ◽

Machine Learning Methods ◽

Iot Devices

Introduction: The growing amount of digital data generated, among others, by smart devices of the Internet of Things makes it important to study the application of machine learning methods to the detection of network traffic anomalies, namely the presence of network attacks. Purpose: To propose a unified approach to detecting attacks at different levels of IoT network architecture, based on machine learning methods. Results: It was shown that at the wireless sensor network level, attack detection is associated with the detection of anomalous behavior of IoT devices, when the deviation of an IoT device behavior from its profile exceeds a predetermined level. Smart IoT devices are profiled on the basis of statistical characteristics, such as the intensity and duration of packet transmission, the proportion of retransmitted packets, etc. At the level of a local or global wired IoT network, data is aggregated and then analyzed using machine learning methods. Trained classifiers can become a part of a network attack detection system, making decisions about compromising a node on the fly. Models of classifiers of network attacks were experimentally selected both at the level of a wireless sensor network and at the level of a local or global wired network. The best results in terms of completeness and accuracy estimates are demonstrated by the random forest method for a wired local and/or global network and by all the considered methods for a wireless sensor network. Practical relevance: The proposed models of classifiers can be used for developing intrusion detection systems in IoT networks.

Download Full-text

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

Information ◽

10.3390/info12040154 ◽

2021 ◽

Vol 12 (4) ◽

pp. 154

Author(s):

Ahmed Bahaa ◽

Ahmed Abdelaziz ◽

Abdalla Sayed ◽

Laila Elfangary ◽

Hanan Fahmy

Keyword(s):

Machine Learning ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Techniques ◽

Learning Techniques ◽

Precise Analysis ◽

Development Processes ◽

Iot Devices ◽

Public Datasets ◽

The Internet Of Things

In many enterprises and the private sector, the Internet of Things (IoT) has spread globally. The growing number of different devices connected to the IoT and their various protocols have contributed to the increasing number of attacks, such as denial-of-service (DoS) and remote-to-local (R2L) ones. There are several approaches and techniques that can be used to construct attack detection models, such as machine learning, data mining, and statistical analysis. Nowadays, this technique is commonly used because it can provide precise analysis and results. Therefore, we decided to study the previous literature on the detection of IoT attacks and machine learning in order to understand the process of creating detection models. We also evaluated various datasets used for the models, IoT attack types, independent variables used for the models, evaluation metrics for assessment of models, and monitoring infrastructure using DevSecOps pipelines. We found 49 primary studies, and the detection models were developed using seven different types of machine learning techniques. Most primary studies used IoT device testbed datasets, and others used public datasets such as NSL-KDD and UNSW-NB15. When it comes to measuring the efficiency of models, both numerical and graphical measures are commonly used. Most IoT attacks occur at the network layer according to the literature. If the detection models applied DevSecOps pipelines in development processes for IoT devices, they were more secure. From the results of this paper, we found that machine learning techniques can detect IoT attacks, but there are a few issues in the design of detection models. We also recommend the continued use of hybrid frameworks for the improved detection of IoT attacks, advanced monitoring infrastructure configurations using methods based on software pipelines, and the use of machine learning techniques for advanced supervision and monitoring.

Download Full-text