A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using Machine Learning Algorithms

The Internet of Things (IoT) consists of a massive number of smart devices capable of data collection, storage, processing, and communication. The adoption of the IoT has brought about tremendous innovation opportunities in industries, homes, the environment, and businesses. However, the inherent vulnerabilities of the IoT have sparked concerns for wide adoption and applications. Unlike traditional information technology (I.T.) systems, the IoT environment is challenging to secure due to resource constraints, heterogeneity, and distributed nature of the smart devices. This makes it impossible to apply host-based prevention mechanisms such as anti-malware and anti-virus. These challenges and the nature of IoT applications call for a monitoring system such as anomaly detection both at device and network levels beyond the organisational boundary. This suggests an anomaly detection system is strongly positioned to secure IoT devices better than any other security mechanism. In this paper, we aim to provide an in-depth review of existing works in developing anomaly detection solutions using machine learning for protecting an IoT system. We also indicate that blockchain-based anomaly detection systems can collaboratively learn effective machine learning models to detect anomalies.

Download Full-text

Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture

Sensors ◽

10.3390/s20164372 ◽

2020 ◽

Vol 20 (16) ◽

pp. 4372 ◽

Cited By ~ 1

Author(s):

Yan Naung Soe ◽

Yaokai Feng ◽

Paulus Insap Santosa ◽

Rudy Hartanto ◽

Kouichi Sakurai

Keyword(s):

Machine Learning ◽

High Performance ◽

Detection System ◽

Rapid Development ◽

Attack Detection ◽

Cyber Attacks ◽

Detection Systems ◽

Iot Devices ◽

Artificial Neural Network Ann ◽

Feature Selection Approach

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

Download Full-text

Adversarial Samples on Android Malware Detection Systems for IoT Systems

Sensors ◽

10.3390/s19040974 ◽

2019 ◽

Vol 19 (4) ◽

pp. 974 ◽

Cited By ~ 10

Author(s):

Xiaolei Liu ◽

Xiaojiang Du ◽

Xiaosong Zhang ◽

Qingxin Zhu ◽

Hao Wang ◽

...

Keyword(s):

Detection System ◽

Fitness Function ◽

Malware Detection ◽

Security Analysis ◽

Machine Learning Algorithms ◽

Android Malware ◽

Testing Framework ◽

Detection Systems ◽

Android Malware Detection ◽

Iot Devices

Many IoT (Internet of Things) systems run Android systems or Android-like systems. With the continuous development of machine learning algorithms, the learning-based Android malware detection system for IoT devices has gradually increased. However, these learning-based detection models are often vulnerable to adversarial samples. An automated testing framework is needed to help these learning-based malware detection systems for IoT devices perform security analysis. The current methods of generating adversarial samples mostly require training parameters of models and most of the methods are aimed at image data. To solve this problem, we propose a testing framework for learning-based Android malware detection systems (TLAMD) for IoT Devices. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample without affecting the features of the application. By introducing genetic algorithms and some technical improvements, our test framework can generate adversarial samples for the IoT Android application with a success rate of nearly 100% and can perform black-box testing on the system.

Download Full-text

Dependable Fire Detection System with Multifunctional Artificial Intelligence Framework

Sensors ◽

10.3390/s19092025 ◽

2019 ◽

Vol 19 (9) ◽

pp. 2025 ◽

Cited By ~ 6

Author(s):

Jun Hong Park ◽

Seunggi Lee ◽

Seongjin Yun ◽

Hanjin Kim ◽

Won-Tae Kim

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

Data Transfer ◽

Detection System ◽

Smart Cities ◽

Fire Detection ◽

Machine Learning Algorithms ◽

Detection Accuracy ◽

Detection Systems ◽

Fire Detection System

A fire detection system requires accurate and fast mechanisms to make the right decision in a fire situation. Since most commercial fire detection systems use a simple sensor, their fire recognition accuracy is deficient because of the limitations of the detection capability of the sensor. Existing proposals, which use rule-based algorithms or image-based machine learning can hardly adapt to the changes in the environment because of their static features. Since the legacy fire detection systems and network services do not guarantee data transfer latency, the required need for promptness is unmet. In this paper, we propose a new fire detection system with a multifunctional artificial intelligence framework and a data transfer delay minimization mechanism for the safety of smart cities. The framework includes a set of multiple machine learning algorithms and an adaptive fuzzy algorithm. In addition, Direct-MQTT based on SDN is introduced to solve the traffic concentration problems of the traditional MQTT. We verify the performance of the proposed system in terms of accuracy and delay time and found a fire detection accuracy of over 95%. The end-to-end delay, which comprises the transfer and decision delays, is reduced by an average of 72%.

Download Full-text

Cyberattacks Detection in IoT-Based Smart City Applications Using Machine Learning Techniques

International Journal of Environmental Research and Public Health ◽

10.3390/ijerph17249347 ◽

2020 ◽

Vol 17 (24) ◽

pp. 9347 ◽

Cited By ~ 1

Author(s):

Md Mamunur Rashid ◽

Joarder Kamruzzaman ◽

Mohammad Mehedi Hassan ◽

Tasadduq Imam ◽

Steven Gordon

Keyword(s):

Machine Learning ◽

Smart City ◽

Service Providers ◽

Detection System ◽

Smart Cities ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Increased Risk ◽

Iot Devices

In recent years, the widespread deployment of the Internet of Things (IoT) applications has contributed to the development of smart cities. A smart city utilizes IoT-enabled technologies, communications and applications to maximize operational efficiency and enhance both the service providers’ quality of services and people’s wellbeing and quality of life. With the growth of smart city networks, however, comes the increased risk of cybersecurity threats and attacks. IoT devices within a smart city network are connected to sensors linked to large cloud servers and are exposed to malicious attacks and threats. Thus, it is important to devise approaches to prevent such attacks and protect IoT devices from failure. In this paper, we explore an attack and anomaly detection technique based on machine learning algorithms (LR, SVM, DT, RF, ANN and KNN) to defend against and mitigate IoT cybersecurity threats in a smart city. Contrary to existing works that have focused on single classifiers, we also explore ensemble methods such as bagging, boosting and stacking to enhance the performance of the detection system. Additionally, we consider an integration of feature selection, cross-validation and multi-class classification for the discussed domain, which has not been well considered in the existing literature. Experimental results with the recent attack dataset demonstrate that the proposed technique can effectively identify cyberattacks and the stacking ensemble model outperforms comparable models in terms of accuracy, precision, recall and F1-Score, implying the promise of stacking in this domain.

Download Full-text

Design and Evaluation of a New Machine Learning Framework for IoT and Embedded Devices

Electronics ◽

10.3390/electronics10050600 ◽

2021 ◽

Vol 10 (5) ◽

pp. 600

Author(s):

Gianluca Cornetta ◽

Abdellah Touhafi

Keyword(s):

Machine Learning ◽

Data Analysis ◽

High Performance ◽

Low Cost ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Smart Devices ◽

Raspberry Pi ◽

Embedded Devices ◽

Iot Devices

Low-cost, high-performance embedded devices are proliferating and a plethora of new platforms are available on the market. Some of them either have embedded GPUs or the possibility to be connected to external Machine Learning (ML) algorithm hardware accelerators. These enhanced hardware features enable new applications in which AI-powered smart objects can effectively and pervasively run in real-time distributed ML algorithms, shifting part of the raw data analysis and processing from cloud or edge to the device itself. In such context, Artificial Intelligence (AI) can be considered as the backbone of the next generation of Internet of the Things (IoT) devices, which will no longer merely be data collectors and forwarders, but really “smart” devices with built-in data wrangling and data analysis features that leverage lightweight machine learning algorithms to make autonomous decisions on the field. This work thoroughly reviews and analyses the most popular ML algorithms, with particular emphasis on those that are more suitable to run on resource-constrained embedded devices. In addition, several machine learning algorithms have been built on top of a custom multi-dimensional array library. The designed framework has been evaluated and its performance stressed on Raspberry Pi III- and IV-embedded computers.

Download Full-text

Anomaly Detection using Optimized Features using Genetic Algorithm and MultiEnsemble Classifier

IJOSTHE ◽

10.24113/ojssports.v5i6.79 ◽

2018 ◽

Vol 5 (6) ◽

pp. 7

Author(s):

Apoorva Deshpande ◽

Ramnaresh Sharma

Keyword(s):

Machine Learning ◽

Genetic Algorithm ◽

Intrusion Detection ◽

Anomaly Detection ◽

Detection System ◽

Research Work ◽

Ensemble Classifier ◽

Machine Learning Algorithms ◽

Data Set ◽

Machine Learning Classification

Anomaly detection system plays an important role in network security. Anomaly detection or intrusion detection model is a predictive model used to predict the network data traffic as normal or intrusion. Machine Learning algorithms are used to build accurate models for clustering, classification and prediction. In this paper classification and predictive models for intrusion detection are built by using machine learning classification algorithms namely Random Forest. These algorithms are tested with KDD-99 data set. In this research work the model for anomaly detection is based on normalized reduced feature and multilevel ensemble classifier. The work is performed in divided into two stages. In the first stage data is normalized using mean normalization. In second stage genetic algorithm is used to reduce number of features and further multilevel ensemble classifier is used for classification of data into different attack groups. From result analysis it is analysed that with reduced feature intrusion can be classified more efficiently.

Download Full-text

SHAPEIoT: Secure Handshake Protocol for Autonomous IoT Device Discovery and Blacklisting using Physical Unclonable Functions and Machine Learning

10.5121/csit.2021.111511 ◽

2021 ◽

Author(s):

Cem Ata Baykara ◽

Ilgın Şafak ◽

Kübra Kalkan

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

Network Simulation ◽

Anomalous Behavior ◽

Machine Learning Algorithms ◽

Detection Accuracy ◽

Session Key ◽

Device Discovery ◽

Handshake Protocol ◽

Iot Devices

This paper proposes a new lightweight handshake protocol implemented on top of the Constrained Application Protocol (CoAP) that can be used in device discovery and ensuring the IoT network security by autonomously managing devices of any computational complexity using whitelisting and blacklisting. A Physical Unclonable Function (PUF) is utilized for the session key generation in the proposed handshake protocol. The CoAP server performs real-time device discovery using the proposed handshake protocol, and anomaly detection using machinelearning algorithms to ensure the security of the IoT network. To the best of our knowledge, the presented PUF-based handshake protocol is the first to performs blacklisting and whitelisting. Whitelisted IoT devices not displaying anomalous behavior can join and remain in the IoT network. IoT devices that display anomalous behavior are autonomously blacklisted by the CoAP server and are either disallowed from joining the IoT network or are removed from the IoT network. Simulation results show that amongst the five machine learning algorithms studied, the stacking classifier displays the highest overall anomaly detection accuracy of 99.98%. Based on the results of the network simulation performed, the CoAP server is capable of blacklisting malicious IoT devices within the network with perfect accuracy.

Download Full-text

MQTTset, a New Dataset for Machine Learning Techniques on MQTT

Sensors ◽

10.3390/s20226578 ◽

2020 ◽

Vol 20 (22) ◽

pp. 6578

Author(s):

Ivan Vaccari ◽

Giovanni Chiola ◽

Maurizio Aiello ◽

Maurizio Mongelli ◽

Enrico Cambiaso

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Detection System ◽

Critical Issue ◽

Cyber Attacks ◽

Machine Learning Techniques ◽

Detection Systems ◽

Learning Techniques ◽

Iot Devices ◽

Definition Of

IoT networks are increasingly popular nowadays to monitor critical environments of different nature, significantly increasing the amount of data exchanged. Due to the huge number of connected IoT devices, security of such networks and devices is therefore a critical issue. Detection systems assume a crucial role in the cyber-security field: based on innovative algorithms such as machine learning, they are able to identify or predict cyber-attacks, hence to protect the underlying system. Nevertheless, specific datasets are required to train detection models. In this work we present MQTTset, a dataset focused on the MQTT protocol, widely adopted in IoT networks. We present the creation of the dataset, also validating it through the definition of a hypothetical detection system, by combining the legitimate dataset with cyber-attacks against the MQTT network. Obtained results demonstrate how MQTTset can be used to train machine learning models to implement detection systems able to protect IoT contexts.

Download Full-text

Multi-level host-based intrusion detection system for Internet of things

Journal of Cloud Computing Advances Systems and Applications ◽

10.1186/s13677-020-00206-6 ◽

2020 ◽

Vol 9 (1) ◽

Author(s):

Robin Gassais ◽

Naser Ezzati-Jivan ◽

Jose M. Fernandez ◽

Daniel Aloise ◽

Michel R. Dagenais

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Intrusion Detection ◽

Detection System ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Network Activity ◽

Machine Learning Techniques ◽

Smart Devices ◽

Automation System

AbstractThe growth of the Internet of things (IoT) has ushered in a new area of inter-connectivity and innovation in the home. Many devices, once separate, can now be interacted with remotely, improving efficiency and organization. This, however, comes at the cost of rising security vulnerabilities. Vendors are competing to create and release quickly innovative connected objects, without focusing on the security issues. As a consequence, attacks involving smart devices, or targeting them, are proliferating, creating threats to user’s privacy and even their physical security. Additionally, the heterogeneous technologies involved in IoT make attempts to develop protection on smart devices much harder. Most of the intrusion detection systems developed for those platforms are based on network activity. However, on many systems, intrusions cannot easily or reliably be detected from network traces. We propose a novel host-based automated framework for intrusion detection. Our work combines user space and kernel space information and machine learning techniques to detect various kinds of intrusions in smart devices. Our solution use tracing techniques to automatically get devices behavior, process this data into numeric arrays to train several machine learning algorithms, and raise alerts whenever an intrusion is found. We implemented several machine learning algorithms, including deep learning ones, to achieve high detection capabilities, while adding little overhead on the monitored devices. We tested our solution within a realistic home automation system with actual threats.

Download Full-text