Generating Datasets for Anomaly-Based Intrusion Detection Systems in IoT and Industrial IoT Networks

Over the past few years, we have witnessed the emergence of Internet of Things (IoT) and Industrial IoT networks that bring significant benefits to citizens, society, and industry. However, their heterogeneous and resource-constrained nature makes them vulnerable to a wide range of threats. Therefore, there is an urgent need for novel security mechanisms such as accurate and efficient anomaly-based intrusion detection systems (AIDSs) to be developed before these networks reach their full potential. Nevertheless, there is a lack of up-to-date, representative, and well-structured IoT/IIoT-specific datasets which are publicly available and constitute benchmark datasets for training and evaluating machine learning models used in AIDSs for IoT/IIoT networks. Contribution to filling this research gap is the main target of our recent research work and thus, we focus on the generation of new labelled IoT/IIoT-specific datasets by utilising the Cooja simulator. To the best of our knowledge, this is the first time that the Cooja simulator is used, in a systematic way, to generate comprehensive IoT/IIoT datasets. In this paper, we present the approach that we followed to generate an initial set of benign and malicious IoT/IIoT datasets. The generated IIoT-specific information was captured from the Contiki plugin “powertrace” and the Cooja tool “Radio messages”.

Download Full-text

Recent Advancements in Intrusion Detection Systems for the Internet of Things

Security and Communication Networks ◽

10.1155/2019/4301409 ◽

2019 ◽

Vol 2019 ◽

pp. 1-19 ◽

Cited By ~ 6

Author(s):

Zeeshan Ali Khan ◽

Peter Herrmann

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Ad Hoc ◽

Denial Of Service ◽

Research Work ◽

Intrusion Detection Systems ◽

Future Research ◽

Detection Systems ◽

Iot Applications ◽

Iot Devices

Many Internet of Things (IoT) systems run on tiny connected devices that have to deal with severe processor and energy restrictions. Often, the limited processing resources do not allow the use of standard security mechanisms on the nodes, making IoT applications quite vulnerable to different types of attacks. This holds particularly for intrusion detection systems (IDS) that are usually too resource-heavy to be handled by small IoT devices. Thus, many IoT systems are not sufficiently protected against typical network attacks like Denial-of-Service (DoS) and routing attacks. On the other side, IDSs have already been successfully used in adjacent network types like Mobile Ad hoc Networks (MANET), Wireless Sensor Networks (WSN), and Cyber-Physical Systems (CPS) which, in part, face limitations similar to those of IoT applications. Moreover, there is research work ongoing that promises IDSs that may better fit to the limitations of IoT devices. In this article, we will give an overview about IDSs suited for IoT networks. Besides looking on approaches developed particularly for IoT, we introduce also work for the three similar network types mentioned above and discuss if they are also suitable for IoT systems. In addition, we present some suggestions for future research work that could be useful to make IoT networks more secure.

Download Full-text

IDS and IPS Systems in Wireless Communication Scenarios

Encyclopedia of Information Science and Technology, Second Edition ◽

10.4018/978-1-60566-026-4.ch283 ◽

2011 ◽

pp. 1799-1704

Author(s):

dolfo Alan Sánchez Vázquez ◽

Gregorio Martínez Pérez

Keyword(s):

Wireless Networks ◽

Wireless Communication ◽

Intrusion Detection ◽

Communication Networks ◽

Research Work ◽

Intrusion Detection Systems ◽

Software Vulnerabilities ◽

Detection Systems ◽

Wired Networks ◽

Main Ideas

In principle, computers networks were conceived to share resources and certain computing devices among a select group of people working in academic institutions. In this context, the security did not have high importance. Today, through the network circulates a lot of valuable data (budgets, credit card numbers, marketing data, etc.), much of which can be considered confidential. Here is where security takes great importance?so that these data cannot be read or modified by any third party, and the services offered are always available and only to authorized people (confidentiality, integrity, and readiness). When we refer to security, there are some terms of great importance. Risk is defined as any accidental or not prospective exhibition of information as consequence of the bad operation of hardware or the incorrect design of software. Vulnerabilities indicate when a failure in the operation of software and/or hardware elements exposes the system to penetrations. Starting from here we can define attack as an event against the good operation of a system, and it can be successful or not. If the attack is successful and access is obtained to the files and programs or control is obtained to the computers without being detected, then we are dealing with a penetration. This leads to an intrusion, which is a group of actions compromising the integrity, confidentiality, and readiness of computer resources (Sobh, 2006). The main objective of this article is to explain to the reader the main concepts regarding intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), and the particular issues that should be additionally considered when protecting wireless communication scenarios (in comparison with IDSs/IPSs in traditional wired networks). It also includes an extended view of the current state of the art of IDSs and IPSs in wireless networks, covering both research works done so far in this area, as well as an analysis of current open source IDSs and IPSs, and how they are dealing with the specific requirements of wireless communication networks. This article is organized as follows: First, we start with a summary of the main related works in the background section; then we give a description of the important concepts of security, a classification of intrusion detection systems, and a brief comparative of the operation of IDSs in wired and wireless networks. Next, we highlight certain research works exemplifying efforts done so far in wireless scenarios. We present the main ideas behind our current research work to model intrusions in wireless scenarios, before offering future directions of work and a summary of the main ideas expressed in the article.

Download Full-text

A Compressive Compilation of Cyber Security for Internet of Energy (IoE)

10.4018/978-1-6684-3666-0.ch039 ◽

2022 ◽

pp. 883-910

Author(s):

Gustavo Arroyo-Figueroa ◽

Isai Rojas-Gonzalez ◽

José Alberto Hernández-Aguilar

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Cyber Security ◽

Research Work ◽

Intrusion Detection Systems ◽

Electrical Network ◽

Future Research ◽

Electrical Grid ◽

Detection Systems ◽

Security Challenges

Internet of energy (IoE) is the natural evolution of Smart Grid incorporating the paradigm of internet of things (IoT). This complicated environment has a lot of threats and vulnerabilities, so the security challenges are very complex and specialized. This chapter contains a compilation of the main threats, vulnerabilities, and attacks that can occur in the IoE environment and the critical structure of the electrical grid. The objective is to show the best cybersecurity practices that can support maintaining a safe, reliable, and available electrical network complying with the requirements of availability, integrity, and confidentially of the information. The study includes review of countermeasures, standards, and specialized intrusion detection systems, as mechanisms to solve security problems in IoE. Better understanding of security challenges and solutions in the IoE can be the light on future research work for IoE security.

Download Full-text

Performance Assessment of Supervised Classifiers for Designing Intrusion Detection Systems: A Comprehensive Review and Recommendations for Future Research

Mathematics ◽

10.3390/math9060690 ◽

2021 ◽

Vol 9 (6) ◽

pp. 690

Author(s):

Ranjit Panigrahi ◽

Samarjeet Borah ◽

Akash Kumar Bhoi ◽

Muhammad Fazal Ijaz ◽

Moumita Pramanik ◽

...

Keyword(s):

Intrusion Detection ◽

Performance Measures ◽

Research Work ◽

Intrusion Detection Systems ◽

Misclassification Rate ◽

Future Research ◽

Detection Systems ◽

Network Intrusion ◽

Supervised Classifiers ◽

The Ideal

Supervised learning and pattern recognition is a crucial area of research in information retrieval, knowledge engineering, image processing, medical imaging, and intrusion detection. Numerous algorithms have been designed to address such complex application domains. Despite an enormous array of supervised classifiers, researchers are yet to recognize a robust classification mechanism that accurately and quickly classifies the target dataset, especially in the field of intrusion detection systems (IDSs). Most of the existing literature considers the accuracy and false-positive rate for assessing the performance of classification algorithms. The absence of other performance measures, such as model build time, misclassification rate, and precision, should be considered the main limitation for classifier performance evaluation. This paper’s main contribution is to analyze the current literature status in the field of network intrusion detection, highlighting the number of classifiers used, dataset size, performance outputs, inferences, and research gaps. Therefore, fifty-four state-of-the-art classifiers of various different groups, i.e., Bayes, functions, lazy, rule-based, and decision tree, have been analyzed and explored in detail, considering the sixteen most popular performance measures. This research work aims to recognize a robust classifier, which is suitable for consideration as the base learner, while designing a host-based or network-based intrusion detection system. The NSLKDD, ISCXIDS2012, and CICIDS2017 datasets have been used for training and testing purposes. Furthermore, a widespread decision-making algorithm, referred to as Techniques for Order Preference by Similarity to the Ideal Solution (TOPSIS), allocated ranks to the classifiers based on observed performance reading on the concern datasets. The J48Consolidated provided the highest accuracy of 99.868%, a misclassification rate of 0.1319%, and a Kappa value of 0.998. Therefore, this classifier has been proposed as the ideal classifier for designing IDSs.

Download Full-text

A Compressive Compilation of Cyber Security for Internet of Energy (IoE)

Cyber Security of Industrial Control Systems in the Future Internet Environment - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2910-2.ch013 ◽

2020 ◽

pp. 267-294

Author(s):

Gustavo Arroyo-Figueroa ◽

Isai Rojas-Gonzalez ◽

José Alberto Hernández-Aguilar

Keyword(s):

Internet Of Things ◽

Intrusion Detection ◽

Cyber Security ◽

Research Work ◽

Intrusion Detection Systems ◽

Electrical Network ◽

Future Research ◽

Electrical Grid ◽

Detection Systems ◽

Security Challenges

Download Full-text

An Approach for the Application of a Dynamic Multi-Class Classifier for Network Intrusion Detection Systems

Electronics ◽

10.3390/electronics9111759 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1759

Author(s):

Xavier Larriva-Novo ◽

Carmen Sánchez-Zas ◽

Víctor A. Villagrá ◽

Mario Vega-Barbas ◽

Diego Rivera

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intelligent Systems ◽

Research Work ◽

Machine Learning Algorithms ◽

Intrusion Detection Systems ◽

Detection Range ◽

Detection Systems ◽

Network Intrusion ◽

Normal Behavior

Currently, the use of machine learning models for developing intrusion detection systems is a technology trend which improvement has been proven. These intelligent systems are trained with labeled datasets, including different types of attacks and the normal behavior of the network. Most of the studies use a unique machine learning model, identifying anomalies related to possible attacks. In other cases, machine learning algorithms are used to identify certain type of attacks. However, recent studies show that certain models are more accurate identifying certain classes of attacks than others. Thus, this study tries to identify which model fits better with each kind of attack in order to define a set of reasoner modules. In addition, this research work proposes to organize these modules to feed a selection system, that is, a dynamic classifier. Finally, the study shows that when using the proposed dynamic classifier model, the detection range increases, improving the detection by each individual model in terms of accuracy.

Download Full-text

Distributed Intrusion Detection Systems

Web Services Security and E-Business ◽

10.4018/978-1-59904-168-1.ch013 ◽

2007 ◽

pp. 231-238

Author(s):

Rosalind Deena Kumari ◽

G. Radhamani

Keyword(s):

Intrusion Detection ◽

System Architecture ◽

Intrusion Detection System ◽

Detection System ◽

Research Work ◽

Intrusion Detection Systems ◽

Future Research ◽

Detection Systems ◽

Distributed Intrusion Detection ◽

Entire Network

The recent tremendous increase in the malicious usage of the network has made it necessary that an IDS should encapsulate the entire network rather than at a system. This was the inspiration for the birth of a distributed intrusion detection system (DIDS). Different configurations of DIDSs have been actively used and are also rapidly evolving due to the changes in the types of threats. This chapter will give the readers an overview of DIDS and the system architecture. It also highlights on the various agents that are involved in DIDS and the benefits of the system. Finally, directions for future research work are discussed.

Download Full-text

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

IEEE Access ◽

10.1109/access.2020.2994961 ◽

2020 ◽

Vol 8 ◽

pp. 93083-93108 ◽

Cited By ~ 2

Author(s):

Slavica V. Bostjancic Rakas ◽

Mirjana D. Stojanovic ◽

Jasna D. Markovic-Petrovic

Keyword(s):

Intrusion Detection ◽

Research Work ◽

Intrusion Detection Systems ◽

Detection Systems

Download Full-text

An Adversarial Approach for Intrusion Detection Systems Using Jacobian Saliency Map Attacks (JSMA) Algorithm

Computers ◽

10.3390/computers9030058 ◽

2020 ◽

Vol 9 (3) ◽

pp. 58

Author(s):

Ayyaz Ul Haq Qureshi ◽

Hadi Larijani ◽

Mehdi Yousefi ◽

Ahsan Adeel ◽

Nhamoinesu Mtetwa

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intelligent Systems ◽

Detection System ◽

Saliency Map ◽

Intrusion Detection Systems ◽

Specific Information ◽

Detection Systems ◽

Digital World ◽

The Impact

In today’s digital world, the information systems are revolutionizing the way we connect. As the people are trying to adopt and integrate intelligent systems into daily lives, the risks around cyberattacks on user-specific information have significantly grown. To ensure safe communication, the Intrusion Detection Systems (IDS) were developed often by using machine learning (ML) algorithms that have the unique ability to detect malware against network security violations. Recently, it was reported that the IDS are prone to carefully crafted perturbations known as adversaries. With the aim to understand the impact of such attacks, in this paper, we have proposed a novel random neural network-based adversarial intrusion detection system (RNN-ADV). The NSL-KDD dataset is utilized for training. For adversarial attack crafting, the Jacobian Saliency Map Attack (JSMA) algorithm is used, which identifies the feature which can cause maximum change to the benign samples with minimum added perturbation. To check the effectiveness of the proposed adversarial scheme, the results are compared with a deep neural network which indicates that RNN-ADV performs better in terms of accuracy, precision, recall, F1 score and training epochs.

Download Full-text