Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

Download Full-text

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Sensors ◽

10.3390/s20226578 ◽

2020 ◽

Vol 20 (22) ◽

pp. 6578

Author(s):

Ivan Vaccari ◽

Giovanni Chiola ◽

Maurizio Aiello ◽

Maurizio Mongelli ◽

Enrico Cambiaso

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Detection System ◽

Critical Issue ◽

Cyber Attacks ◽

Machine Learning Techniques ◽

Detection Systems ◽

Learning Techniques ◽

Iot Devices ◽

Definition Of

IoT networks are increasingly popular nowadays to monitor critical environments of different nature, significantly increasing the amount of data exchanged. Due to the huge number of connected IoT devices, security of such networks and devices is therefore a critical issue. Detection systems assume a crucial role in the cyber-security field: based on innovative algorithms such as machine learning, they are able to identify or predict cyber-attacks, hence to protect the underlying system. Nevertheless, specific datasets are required to train detection models. In this work we present MQTTset, a dataset focused on the MQTT protocol, widely adopted in IoT networks. We present the creation of the dataset, also validating it through the definition of a hypothetical detection system, by combining the legitimate dataset with cyber-attacks against the MQTT network. Obtained results demonstrate how MQTTset can be used to train machine learning models to implement detection systems able to protect IoT contexts.

Download Full-text

Towards a Lightweight Detection System for Cyber Attacks in the IoT Environment Using Corresponding Features

Electronics ◽

10.3390/electronics9010144 ◽

2020 ◽

Vol 9 (1) ◽

pp. 144 ◽

Cited By ~ 6

Author(s):

Yan Naung Soe ◽

Yaokai Feng ◽

Paulus Insap Santosa ◽

Rudy Hartanto ◽

Kouichi Sakurai

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Detection System ◽

Detection Performance ◽

Cyber Attacks ◽

Raspberry Pi ◽

Selection Algorithm ◽

Feature Selection Algorithm ◽

New Feature ◽

Iot Devices

The application of a large number of Internet of Things (IoT) devices makes our life more convenient and industries more efficient. However, it also makes cyber-attacks much easier to occur because so many IoT devices are deployed and most of them do not have enough resources (i.e., computation and storage capacity) to carry out ordinary intrusion detection systems (IDSs). In this study, a lightweight machine learning-based IDS using a new feature selection algorithm is designed and implemented on Raspberry Pi, and its performance is verified using a public dataset collected from an IoT environment. To make the system lightweight, we propose a new algorithm for feature selection, called the correlated-set thresholding on gain-ratio (CST-GR) algorithm, to select really necessary features. Because the feature selection is conducted on three specific kinds of cyber-attacks, the number of selected features can be significantly reduced, which makes the classifiers very small and fast. Thus, our detection system is lightweight enough to be implemented and carried out in a Raspberry Pi system. More importantly, as the really necessary features corresponding to each kind of attack are exploited, good detection performance can be expected. The performance of our proposal is examined in detail with different machine learning algorithms, in order to learn which of them is the best option for our system. The experiment results indicate that the new feature selection algorithm can select only very few features for each kind of attack. Thus, the detection system is lightweight enough to be implemented in the Raspberry Pi environment with almost no sacrifice on detection performance.

Download Full-text

Toward Developing Efficient Conv-AE-Based Intrusion Detection System Using Heterogeneous Dataset

Electronics ◽

10.3390/electronics9111771 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1771

Author(s):

Muhammad Ashfaq Khan ◽

Juntae Kim

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Performance Metrics ◽

Detection System ◽

Rapid Development ◽

Research Problem ◽

Vital Role ◽

Attack Detection ◽

Detection Methods ◽

Malicious Attacks

Recently, due to the rapid development and remarkable result of deep learning (DL) and machine learning (ML) approaches in various domains for several long-standing artificial intelligence (AI) tasks, there has an extreme interest in applying toward network security too. Nowadays, in the information communication technology (ICT) era, the intrusion detection (ID) system has the great potential to be the frontier of security against cyberattacks and plays a vital role in achieving network infrastructure and resources. Conventional ID systems are not strong enough to detect advanced malicious threats. Heterogeneity is one of the important features of big data. Thus, designing an efficient ID system using a heterogeneous dataset is a massive research problem. There are several ID datasets openly existing for more research by the cybersecurity researcher community. However, no existing research has shown a detailed performance evaluation of several ML methods on various publicly available ID datasets. Due to the dynamic nature of malicious attacks with continuously changing attack detection methods, ID datasets are available publicly and are updated systematically. In this research, spark MLlib (machine learning library)-based robust classical ML classifiers for anomaly detection and state of the art DL, such as the convolutional-auto encoder (Conv-AE) for misuse attack, is used to develop an efficient and intelligent ID system to detect and classify unpredictable malicious attacks. To measure the effectiveness of our proposed ID system, we have used several important performance metrics, such as FAR, DR, and accuracy, while experiments are conducted on the publicly existing dataset, specifically the contemporary heterogeneous CSE-CIC-IDS2018 dataset.

Download Full-text

CONSTRUCTION OF ATTACK DETECTION SYSTEMS IN INFORMATION NETWORKS ON NEURAL NETWORK STRUCTURES

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2020.10.169183 ◽

2020 ◽

Vol 2 (10) ◽

pp. 169-183

Author(s):

Serhii Tolіupa ◽

Oleksandr Pliushch ◽

Ivan Parkhomenko

Keyword(s):

Neural Network ◽

Information Systems ◽

Detection System ◽

Attack Detection ◽

Cyber Attacks ◽

Network Structures ◽

Network Attack ◽

Detection Systems ◽

Protection Mechanisms ◽

Software Prototype

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

Download Full-text

An Efficient Malware Detection System using Hybrid Feature Selection Methods

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a1043.1291s319 ◽

2019 ◽

Vol 9 (1S3) ◽

pp. 224-228

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Unique Feature ◽

Detection System ◽

Malware Detection ◽

Selection Methods ◽

Training Process ◽

Detection Systems ◽

Selection Approach ◽

Feature Selection Approach

Malware is a serious threat to individuals and users. The security researchers present various solutions, striving to achieve efficient malware detection. Malware attackers devise detection avoidance techniques to escape from detection systems. The key challenge is that growth of malware increases every hour, leading to large damages to users’ privacy. The training process takes much longer time, mining the unnecessary features. Feature Selection is effective in achieving unique feature set in detecting malware. In this paper, we propose a malware detection system using hybrid feature selection approach to detect malware efficiently with a reduced feature set. Machine learning based classification is performed on eight classifiers with two malware datasets. The experiments were done without and with feature selection. The empirical results show that the classification using selected feature set and XGB classifier identifies malware efficiently with an accuracy of 98.9% and 99.26% for the two datasets.

Download Full-text

A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using Machine Learning Algorithms

Sensors ◽

10.3390/s21248320 ◽

2021 ◽

Vol 21 (24) ◽

pp. 8320

Author(s):

Abebe Diro ◽

Naveen Chilamkurti ◽

Van-Doan Nguyen ◽

Will Heyne

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

Resource Constraints ◽

Detection System ◽

Machine Learning Algorithms ◽

Smart Devices ◽

Detection Systems ◽

Massive Number ◽

Iot Devices ◽

Detection Schemes

The Internet of Things (IoT) consists of a massive number of smart devices capable of data collection, storage, processing, and communication. The adoption of the IoT has brought about tremendous innovation opportunities in industries, homes, the environment, and businesses. However, the inherent vulnerabilities of the IoT have sparked concerns for wide adoption and applications. Unlike traditional information technology (I.T.) systems, the IoT environment is challenging to secure due to resource constraints, heterogeneity, and distributed nature of the smart devices. This makes it impossible to apply host-based prevention mechanisms such as anti-malware and anti-virus. These challenges and the nature of IoT applications call for a monitoring system such as anomaly detection both at device and network levels beyond the organisational boundary. This suggests an anomaly detection system is strongly positioned to secure IoT devices better than any other security mechanism. In this paper, we aim to provide an in-depth review of existing works in developing anomaly detection solutions using machine learning for protecting an IoT system. We also indicate that blockchain-based anomaly detection systems can collaboratively learn effective machine learning models to detect anomalies.

Download Full-text

Performance Analysis of Proposed Hybrid Machine Learning Model for Efficient Intrusion Detection

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.e3467.049620 ◽

2020 ◽

Vol 9 (6) ◽

pp. 904-911

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Detection System ◽

Hybrid Approach ◽

Attack Detection ◽

Cyber Attacks ◽

Machine Learning Algorithms ◽

The Internet ◽

Detection Techniques ◽

Networking Technologies

At present networking technologies has provided a better medium for people to communicate and exchange information on the internet. This is the reason in the last ten years the number of internet users has increased exponentially. The high-end use of network technology and the internet has also presented many security problems. Many intrusion detection techniques are proposed in combination with KDD99, NSL-KDD datasets. But there are some limitations of available datasets. Intrusion detection using machine learning algorithms makes the detection system more accurate and fast. So in this paper, a new hybrid approach of machine learning combining feature selection and classification algorithms is presented. The model is examined with the UNSW NB15 intrusion dataset. The proposed model has achieved better accuracy rate and attack detection also improved while the false attack rate is reduced. The model is also successful to accurately classify rare cyber attacks like worms, backdoor, and shellcode.

Download Full-text

Physical Data Auditing for Attack Detection in Cyber-Manufacturing Systems: Blockchain for Machine Learning Process

Volume 2B: Advanced Manufacturing ◽

10.1115/imece2019-10442 ◽

2019 ◽

Cited By ~ 1

Author(s):

Jinwoo Song ◽

Diksha Shukla ◽

Mingtao Wu ◽

Vir V. Phoha ◽

Young B. Moon

Keyword(s):

Neural Network ◽

Machine Learning ◽

Convolutional Neural Network ◽

Learning Process ◽

Manufacturing Systems ◽

Detection System ◽

Attack Detection ◽

Cyber Attacks ◽

Comparative Performance ◽

Physical Data

Abstract Auditing physical data using machine learning can enhance the security in Cyber-Manufacturing System (CMS). However, the physical data processing itself is prone to cyber-attacks. Connections based on the internet in CMS opens the route for adversaries to compromise the attack detection system itself. To prevent data from malicious data injection in CMS, this paper proposes an enhanced Simple Convolutional Neural Network (SCNN) based attack detection system employing a blockchain. There are three contributions of this paper: (i) introducing a secure attack detection system using blockchain, (ii) optimizing the cost and time for CMS by training on the simulated images, and (iii) presenting a real-time attack detection system for CMS by simplifying the convolutional neural network. The paper demonstrates the effectiveness of the blockchain implementation by presenting the comparative performance analysis of the proposed attack detection system with and without blockchain implementation using an example of a simulated attack on the machine learning process.

Download Full-text

A Framework for Generating Evasion Attacks for Machine Learning based Network Intrusion Detection Systems

10.36227/techrxiv.15164463 ◽

2021 ◽

Author(s):

Raymond Mogg ◽

Simon Enoch ◽

Dong Seong Kim

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Detection System ◽

Vital Role ◽

Cyber Attacks ◽

Algorithm Performance ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems ◽

Learning Technique

<p>Intrusion Detection System (IDS) plays a vital role in detecting anomalies and cyber-attacks in networked systems. However, sophisticated attackers can manipulate the IDS’ attacks samples to evade possible detection. In this paper, we present a network-based IDS and investigate the viability of generating interpretable evasion attacks against the IDS through the application of a machine learning technique and an evolutionary algorithm. We employ a genetic algorithm to generate optimal attack features for certain attack categories, which are evaluated against a decision tree-based IDS in terms of their fitness measurements. To demonstrate the feasibility of our approach, we perform experiments based on the NSL-KDD dataset and analyze the algorithm performance. </p> <p> </p>

Download Full-text