A feature exploration approach for IoT attack type classification

Erfani, Masoud; Shoeleh, Farzaneh; Dadkhah, Sajjad; Kaur, Barjinder Pal; Xiong, Pulei; Iqbal, Shahrear; Ray, Suprio; Ghorbani, Ali A.

doi:10.1109/dasc-picom-cbdcom-cyberscitech52372.2021.00101

Cited by 14 publications

(13 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We develop an optimized, lightweight, ensemble transfer learning model based on CNN for a CoT environment capable of repelling network attacks. In the first phase, data acquisition is carried out by selecting from existing datasets the database that contains IoT-based network attacks as discussed in [36]. The CIC-IDS2017 and CSE-CIC-IDS2018 with the highest numbers of real-time data points were selected for the research.…”

Section: Proposed Framework a Problem Statement And System Overviewmentioning

confidence: 99%

Transfer Learning Approach to IDS on Cloud IoT Devices Using Optimized CNN

et al. 2023

View full text Add to dashboard Cite

Data centralization can potentially increase Internet of Things (IoT) usage. The trend is to move IoT devices to a centralized server with higher memory capacity and a more robust management interface. Hence, a larger volume of data will be transmitted, resulting in more network security issues. Cloud IoT offers more advantages for deploying and managing IoT systems through minimizing response delays, optimal latency, and effective network load distribution. As a result, sophisticated network attack strategies are deployed to leverage the vulnerabilities in the extensive network space and exploit user information. Several attempts have been made to provide network intrusion detection systems (IDS) to the cloud IoT interface using machine learning and deep learning approaches on dedicated IDS datasets. This paper proposes a transfer learning IDS based on the Convolutional Neural Network (CNN) architecture that has shown excellent results on image classification. We use five pre-trained CNN models, including VGG16, VGG19, Inception, MobileNet, and EfficientNets, to train on two selected datasets: CIC-IDS2017 and CSE-CICIDS2018. Before the training, we carry out preprocessing, imbalance treatment, dimensionality reduction, and conversion of the feature vector into images suitable for the CNN architecture using Quantile Transformer. Three best-performing models (InceptionV3, MobileNetV3Small, and EfficientNetV2B0) are selected to develop an ensemble model called efficient-lightweight ensemble transfer learning (ELETL-IDS) using the model averaging approach. On evaluation, the findings show that the ELETL-IDS outperformed existing state-of-the-art proposals in all evaluation metrics, reaching 100% in accuracy, precision, recall, and F-score. We use Matthew's Correlation Coefficient (MCC) to validate this result and compared it to the AUC-ROC, which maintained an exact value of 0.9996. To this end, our proposed model is lightweight, efficient, and reliable enough to be deployed in cloud IoT systems for intrusion detection.

show abstract

Section: Proposed Framework a Problem Statement And System Overviewmentioning

confidence: 99%

Transfer Learning Approach to IDS on Cloud IoT Devices Using Optimized CNN

et al. 2023

View full text Add to dashboard Cite

show abstract

“…We use a set of features that have demonstrated promising results in prior research efforts to conduct a comparison with our end-to-end approach in terms of both accuracy and the time it takes to extract these features [8], [29]. This comparative evaluation will enable us to gauge the performance and efficiency of our system when compared to established feature-based methods.…”

Section: Defining a Standard Set Of Hand-crafted Features For Compara...mentioning

confidence: 99%

Enhancing IoT Security via Automatic Network Traffic Analysis: The Transition from Machine Learning to Deep Learning

Hamidouche,

Popko,

Ouni

2023

Proceedings of the International Conference on the Internet of Things

View full text Add to dashboard Cite

This work provides a comparative analysis illustrating how Deep Learning (DL) surpasses Machine Learning (ML) in addressing tasks within Internet of Things (IoT), such as attack classification and device-type identification. Our approach involves training and evaluating a DL model using a range of diverse IoT-related datasets, allowing us to gain valuable insights into how adaptable and practical these models can be when confronted with various IoT configurations. We initially convert the unstructured network traffic data from IoT networks, stored in PCAP files, into images by processing the packet data. This conversion process adapts the data to meet the criteria of DL classification methods. The experiments showcase the ability of DL to surpass the constraints tied to manually engineered features, achieving superior results in attack detection and maintaining comparable outcomes in device-type identification. Additionally, a notable feature extraction time difference becomes evident in the experiments: traditional methods require around 29 milliseconds per data packet, while DL accomplishes the same task in just 2.9 milliseconds. The significant time gap, DL's superior performance, and the recognized limitations of manually engineered features, presents a compelling call to action within the IoT community. This encourages us to shift from exploring new IoT features for each dataset to addressing the challenges of integrating DL into IoT, making it a more efficient solution for real-world IoT scenarios.

show abstract

“…Due to the availability of many potential variables in determining malicious activity on an IoT device, Machine Learning (ML) arises as a natural choice as it is poised to take a major role in the near future of IoT cybersecurity [8]. Numerous studies have proposed robust intrusion detection systems (IDS) tailored for the IoT environment, leveraging various ML approaches and features to enhance traditional IDS performance [9][10][11][12]. For this purpose, several datasets containing samples of malicious network packets and system logs were published [13][14][15][16].…”

Section: Introductionmentioning

confidence: 99%

Towards Resource-Efficient DDoS Detection in IoT: Leveraging Feature Engineering of System and Network Usage Metrics

Gavric,

Bhandari,

Shalaginov

2024

Preprint

View full text Add to dashboard Cite

The Internet of Things (IoT) is omnipresent, exposing a large number of devices that often lack security controls to the public Internet. In the modern world, many everyday processes depend on these devices, and their service outage could lead to catastrophic consequences. There are many Deep Packet Inspection (DPI) based intrusion detection systems (IDS). However, their linear computational complexity induced by the event-driven nature poses a power-demanding obstacle in resource-constrained IoT environments. In this paper, we shift away from the traditional IDS as we introduce a novel and lightweight framework, relying on a time-driven algorithm to detect Distributed Denial of Service (DDoS) attacks by employing Machine Learning (ML) algorithms leveraging the newly engineered features containing system and network utilization information. These features are periodically generated, and there are only ten of them, resulting in a low and constant algorithmic complexity. Moreover, we leverage IoT-specific patterns to detect malicious traffic as we argue that each Denial of Service (DoS) attack leaves a unique fingerprint in the proposed set of features. We construct a dataset by launching some of the most prevalent DoS attacks against an IoT device, and we demonstrate the effectiveness of our approach with high accuracy. The results show that standalone IoT devices can detect and classify DoS and, therefore, arguably, DDoS attacks against them at a low computational cost with a deterministic delay.

show abstract

A feature exploration approach for IoT attack type classification

Cited by 14 publications

References 13 publications

Transfer Learning Approach to IDS on Cloud IoT Devices Using Optimized CNN

Transfer Learning Approach to IDS on Cloud IoT Devices Using Optimized CNN

Enhancing IoT Security via Automatic Network Traffic Analysis: The Transition from Machine Learning to Deep Learning

Towards Resource-Efficient DDoS Detection in IoT: Leveraging Feature Engineering of System and Network Usage Metrics

Contact Info

Product

Resources

About