IoT-IE: An Information-Entropy-Based Approach to Traffic Anomaly Detection in Internet of Things

Security issues related to the Internet of Things (IoTs) have attracted much attention in many fields in recent years. One important problem in IoT security is to recognize the type of IoT devices, according to which different strategies can be designed to enhance the security of IoT applications. However, existing IoT device recognition approaches rarely consider traffic attacks, which might change the pattern of traffic and consequently decrease the recognition accuracy of different IoT devices. In this work, we first validate by experiments that traffic attacks indeed decrease the recognition accuracy of existing IoT device recognition approaches; then, we propose an approach called IoT-IE that combines information entropy of different traffic features to detect traffic anomaly. We then enhance the robustness of IoT device recognition by detecting and ignoring the abnormal traffic detected by our approach. Experimental evaluations show that IoT-IE can effectively detect abnormal behaviors of IoT devices in the traffic under eight different types of attacks, achieving a high accuracy value of 0.977 and a low false positive rate of 0.011. It also achieves an accuracy of 0.969 in a multiclassification experiment with 7 different types of attacks.

Download Full-text

A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks

Electronics ◽

10.3390/electronics8111210 ◽

2019 ◽

Vol 8 (11) ◽

pp. 1210 ◽

Cited By ~ 11

Author(s):

Khraisat ◽

Gondal ◽

Vamplew ◽

Kamruzzaman ◽

Alazab

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

Support Vector ◽

Detection Accuracy ◽

Lower False Positive Rate ◽

Positive Rate ◽

Iot Devices

The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.

Download Full-text

IoT Botnet Anomaly Detection Using Unsupervised Deep Learning

Electronics ◽

10.3390/electronics10161876 ◽

2021 ◽

Vol 10 (16) ◽

pp. 1876

Author(s):

Ioana Apostol ◽

Marius Preda ◽

Constantin Nila ◽

Ion Bica

Keyword(s):

Deep Learning ◽

Detection System ◽

False Positive Rate ◽

Empirical Evaluation ◽

Learning Approaches ◽

Promising Alternative ◽

Positive Rate ◽

Unsupervised Deep Learning ◽

Attack Surface ◽

Iot Devices

The Internet of Things has become a cutting-edge technology that is continuously evolving in size, connectivity, and applicability. This ecosystem makes its presence felt in every aspect of our lives, along with all other emerging technologies. Unfortunately, despite the significant benefits brought by the IoT, the increased attack surface built upon it has become more critical than ever. Devices have limited resources and are not typically created with security features. Lately, a trend of botnet threats transitioning to the IoT environment has been observed, and an army of infected IoT devices can expand quickly and be used for effective attacks. Therefore, identifying proper solutions for securing IoT systems is currently an important and challenging research topic. Machine learning-based approaches are a promising alternative, allowing the identification of abnormal behaviors and the detection of attacks. This paper proposes an anomaly-based detection solution that uses unsupervised deep learning techniques to identify IoT botnet activities. An empirical evaluation of the proposed method is conducted on both balanced and unbalanced datasets to assess its threat detection capability. False-positive rate reduction and its impact on the detection system are also analyzed. Furthermore, a comparison with other unsupervised learning approaches is included. The experimental results reveal the performance of the proposed detection method.

Download Full-text

Mathematical model on distributed denial of service attack through Internet of things in a network

Nonlinear Engineering ◽

10.1515/nleng-2017-0094 ◽

2019 ◽

Vol 8 (1) ◽

pp. 486-495 ◽

Cited By ~ 3

Author(s):

Bimal Kumar Mishra ◽

Ajit Kumar Keshri ◽

Dheeresh Kumar Mallick ◽

Binay Kumar Mishra

Keyword(s):

Mathematical Model ◽

Internet Of Things ◽

Equilibrium Points ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Denial Of Service Attack ◽

Different Types ◽

Service Attack ◽

Iot Devices

Abstract Internet of Things (IoT) opens up the possibility of agglomerations of different types of devices, Internet and human elements to provide extreme interconnectivity among them towards achieving a completely connected world of things. The mainstream adaptation of IoT technology and its widespread use has also opened up a whole new platform for cyber perpetrators mostly used for distributed denial of service (DDoS) attacks. In this paper, under the influence of internal and external nodes, a two - fold epidemic model is developed where attack on IoT devices is first achieved and then IoT based distributed attack of malicious objects on targeted resources in a network has been established. This model is mainly based on Mirai botnet made of IoT devices which came into the limelight with three major DDoS attacks in 2016. The model is analyzed at equilibrium points to find the conditions for their local and global stability. Impact of external nodes on the over-all model is critically analyzed. Numerical simulations are performed to validate the vitality of the model developed.

Download Full-text

Healthcare-Internet of Things and Its Components

Advances in Medical Technologies and Clinical Practice - Optimizing Health Monitoring Systems With Wireless Technology ◽

10.4018/978-1-5225-6067-8.ch018 ◽

2021 ◽

pp. 258-277

Author(s):

Aman Tyagi

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Communication Technologies ◽

The Internet ◽

Healthcare Resources ◽

Iot Security ◽

Global Epidemic ◽

Security Issues ◽

Analyse Data ◽

Iot Devices

Elderly population in the Asian countries is increasing at a very fast rate. Lack of healthcare resources and infrastructure in many countries makes the task of provding proper healthcare difficult. Internet of things (IoT) in healthcare can address the problem effectively. Patient care is possible at home using IoT devices. IoT devices are used to collect different types of data. Various algorithms may be used to analyse data. IoT devices are connected to the internet and all the data of the patients with various health reports are available online and hence security issues arise. IoT sensors, IoT communication technologies, IoT gadgets, components of IoT, IoT layers, cloud and fog computing, benefits of IoT, IoT-based algorithms, IoT security issues, and IoT challenges are discussed in the chapter. Nowadays global epidemic COVID19 has demolished the economy and health services of all the countries worldwide. Usefulness of IoT in COVID19-related issues is explained here.

Download Full-text

Towards the Integration of Blockchain and IoT for Security Challenges in IoT

Transforming Businesses With Bitcoin Mining and Blockchain Applications - Advances in Finance, Accounting, and Economics ◽

10.4018/978-1-7998-0186-3.ch003 ◽

2020 ◽

pp. 45-67 ◽

Cited By ~ 1

Author(s):

K. Dinesh Kumar ◽

Venkata Rathnam T. ◽

Venkata Ramana R. ◽

M. Sudhakara ◽

Ravi Kumar Poluru

Keyword(s):

Internet Of Things ◽

Security Management ◽

Vital Role ◽

Management Systems ◽

Iot Security ◽

Communication Architecture ◽

Secure Systems ◽

Security Issues ◽

Blockchain Technology ◽

Iot Devices

Internet of things (IoT) technology plays a vital role in the current technologies because IoT develops a network by integrating different kinds of objects and sensors to create the communication among objects directly without human interaction. With the presence of internet of things technology in our daily comes smart thinking and various advantages. At the same time, secure systems have been a most important concern for the protection of information systems and networks. However, adopting traditional security management systems in the internet of things leads several issues due to the limited privacy and policies like privacy standards, protocol stacks, and authentication rules. Usually, IoT devices has limited network capacities, storage, and computing processors. So they are having more chances to attacks. Data security, privacy, and reliability are three main challenges in the IoT security domain. To address the solutions for the above issues, IoT technology has to provide advanced privacy and policies in this large incoming data source. Blockchain is one of the trending technologies in the privacy management to provide the security. So this chapter is focused on the blockchain technologies which can be able to solve several IoT security issues. This review mainly focused on the state-of-the-art IoT security issues and vulnerabilities by existing review works in the IoT security domains. The taxonomy is presented about security issues in the view of communication, architecture, and applications. Also presented are the challenges of IoT security management systems. The main aim of this chapter is to describe the importance of blockchain technology in IoT security systems. Finally, it highlights the future directions of blockchain technology roles in IoT systems, which can be helpful for further improvements.

Download Full-text

Hybrid Botnet Detection Based on Host and Network Analysis

Journal of Computer Networks and Communications ◽

10.1155/2020/9024726 ◽

2020 ◽

Vol 2020 ◽

pp. 1-16

Author(s):

Suzan Almutairi ◽

Saoucene Mahfoudh ◽

Sultan Almutairi ◽

Jalal S. Alowibdi

Keyword(s):

Cyber Security ◽

False Positive Rate ◽

General Technique ◽

Botnet Detection ◽

Security Issues ◽

Positive Rate ◽

Communication Traffic ◽

And Performance ◽

High Level ◽

And Control

Botnet is one of the most dangerous cyber-security issues. The botnet infects unprotected machines and keeps track of the communication with the command and control server to send and receive malicious commands. The attacker uses botnet to initiate dangerous attacks such as DDoS, fishing, data stealing, and spamming. The size of the botnet is usually very large, and millions of infected hosts may belong to it. In this paper, we addressed the problem of botnet detection based on network’s flows records and activities in the host. Thus, we propose a general technique capable of detecting new botnets in early phase. Our technique is implemented in both sides: host side and network side. The botnet communication traffic we are interested in includes HTTP, P2P, IRC, and DNS using IP fluxing. HANABot algorithm is proposed to preprocess and extract features to distinguish the botnet behavior from the legitimate behavior. We evaluate our solution using a collection of real datasets (malicious and legitimate). Our experiment shows a high level of accuracy and a low false positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.

Download Full-text

Outlier Detection Method for Flash Flood Disaster Monitoring Data based on Information Entropy

Journal of Physics Conference Series ◽

10.1088/1742-6596/2138/1/012013 ◽

2021 ◽

Vol 2138 (1) ◽

pp. 012013

Author(s):

Yongzhi Chen ◽

Ziao Xu ◽

Chaoqun Niu

Keyword(s):

Outlier Detection ◽

Information Entropy ◽

Detection Method ◽

Flash Flood ◽

False Positive Rate ◽

Flood Disaster ◽

Detection Methods ◽

Positive Rate ◽

Disaster Monitoring ◽

Local Outlier

Abstract In the research of flash flood disaster monitoring and early warning, the Internet of Things is widely used in real-time information collection. There are abnormal situations such as noise, repetition and errors in a large amount of data collected by sensors, which will lead to false alarm, lower prediction accuracy and other problems. Aiming at the characteristic that outliers flow of sensors will cause obvious fluctuation of information entropy, this paper proposes a local outlier detection method based on information entropy and optimized by sliding window and LOF (Local Outlier Factor). This method can be used to improve the data quality, thus improving the accuracy of disaster prediction. The method is applied to data stream processing of water sensor, and the experimental results show that the method can accurately detect outliers. Compared with the existing detection methods that only use data distance to determine, the test positive rate is improved and the false positive rate is reduced.

Download Full-text

Machine Learning Based Technique for Detection of Rank Attack in RPL based Internet of Things Networks

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i3044.0789s319 ◽

2019 ◽

Vol 8 (9S3) ◽

pp. 244-248

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Nearest Neighbor ◽

False Positive Rate ◽

Security And Privacy ◽

Weak Links ◽

K Nearest Neighbor ◽

Detection Mechanism ◽

Wormhole Attack ◽

Positive Rate

Internet of Things (IoT) is a new Paradiagram in the network technology. It has the vast application in almost every field like retail, industries, and healthcare etc. It has challenges like security and privacy, robustness, weak links, less power, etc. A major challenge among these is security. Due to the weak connectivity links, these Internet of Things network leads to many attacks in the network layer. RPL is a routing protocol which establishes a path particularly for the constrained nodes in Internet of Things based networks. These RPL based network is exposed to many attacks like black hole attack, wormhole attack, sinkhole attack, rank attack, etc. This paper proposed a detection technique for rank attack based on the machine learning approach called MLTKNN, based on K-nearest neighbor algorithm. The proposed technique was simulated in the Cooja simulation with 30 motes and calculated the true positive rate and false positive rate of the proposed detection mechanism. Finally proved that, the performance of the proposed technique was efficient in terms of the delay, packet delivery rate and in detection of the rank attack.

Download Full-text

A Novel Fog-IoT based Framework for Improving Performance of Cloud Computing

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.l1198.10812s19 ◽

2019 ◽

Vol 8 (12S) ◽

pp. 889-895

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Secure Communication ◽

Fog Computing ◽

Cloud Service ◽

Raspberry Pi ◽

New Paradigm ◽

Privacy And Security ◽

Security Issues ◽

Iot Devices

Internet-of-Things (IoT) has been considered as a fundamental part of our day by day existence with billions of IoT devices gathering information remotely and can interoperate within the current Internet framework. Fog computing is nothing but cloud computing to the extreme of network security. It provides computation and storage services via CSP (Cloud Service Provider) to end devices in the Internet of Things (IoT). Fog computing allows the data storing and processing any nearby network devices or nearby cloud endpoint continuum. Using fog computing, the designer can reduce the computation architecture of the IoT devices. Unfortunitily, this new paradigm IoT-Fog faces numerous new privacy and security issues, like authentication and authorization, secure communication, information confidentiality. Despite the fact that the customary cloud-based platform can even utilize heavyweight cryptosystem to upgrade security, it can't be performed on fog devices drectly due to reseource constraints. Additionally, a huge number of smart fog devices are fiercely disseminated and situated in various zones, which expands the danger of being undermined by some pernicious gatherings. Trait Based Encryption (ABE) is an open key encryption conspire that enables clients to scramble and unscramble messages dependent on client qualities, which ensures information classification and hearty information get to control. Be that as it may, its computational expense for encryption and unscrambling stage is straightforwardly corresponding to the multifaceted nature of the arrangements utilized. The points is to assess the planning, CPU burden, and memory burden, and system estimations all through each phase of the cloud-to-things continuum amid an analysis for deciding highlights from a finger tapping exercise for Parkinson's Disease patients. It will be appeared there are confinements to the proposed testbeds when endeavoring to deal with upwards of 35 customers at the same time. These discoveries lead us to a proper conveyance of handling the leaves the Intel NUC as the most suitable fog gadget. While the Intel Edison and Raspberry Pi locate a superior balance at in the edge layer, crossing over correspondence conventions and keeping up a self-mending network topology for "thing" devices in the individual territory organize.

Download Full-text

COSMOS: Collaborative, Seamless and Adaptive Sentinel for the Internet of Things

Sensors ◽

10.3390/s19071492 ◽

2019 ◽

Vol 19 (7) ◽

pp. 1492 ◽

Cited By ~ 6

Author(s):

Pantaleone Nespoli ◽

David Useche Pelaez ◽

Daniel Díaz López ◽

Félix Gómez Mármol

Keyword(s):

Internet Of Things ◽

Real World ◽

Smart Devices ◽

Raspberry Pi ◽

The Internet ◽

Security Issues ◽

Dynamic Scenario ◽

Computer Based ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone).

Download Full-text