Hybrid approach to intrusion detection in fog-based IoT environments

Souza, Cristiano Antonio de; Westphall, Carlos Becker; Machado, Renato Bobsin; Sobral, João Bosco M.; Vieira, Gustavo dos Santos

doi:10.1016/j.comnet.2020.107417

Cited by 100 publications

(60 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SVMs are not recommended for large datasets, as the training takes a long time. Some researchers have proposed hybrid frameworks [29,54,56,64,68]. Some studies have proposed distributed attack detection [46,49,50], which has achieved better attack detection than centralized algorithms.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

In many enterprises and the private sector, the Internet of Things (IoT) has spread globally. The growing number of different devices connected to the IoT and their various protocols have contributed to the increasing number of attacks, such as denial-of-service (DoS) and remote-to-local (R2L) ones. There are several approaches and techniques that can be used to construct attack detection models, such as machine learning, data mining, and statistical analysis. Nowadays, this technique is commonly used because it can provide precise analysis and results. Therefore, we decided to study the previous literature on the detection of IoT attacks and machine learning in order to understand the process of creating detection models. We also evaluated various datasets used for the models, IoT attack types, independent variables used for the models, evaluation metrics for assessment of models, and monitoring infrastructure using DevSecOps pipelines. We found 49 primary studies, and the detection models were developed using seven different types of machine learning techniques. Most primary studies used IoT device testbed datasets, and others used public datasets such as NSL-KDD and UNSW-NB15. When it comes to measuring the efficiency of models, both numerical and graphical measures are commonly used. Most IoT attacks occur at the network layer according to the literature. If the detection models applied DevSecOps pipelines in development processes for IoT devices, they were more secure. From the results of this paper, we found that machine learning techniques can detect IoT attacks, but there are a few issues in the design of detection models. We also recommend the continued use of hybrid frameworks for the improved detection of IoT attacks, advanced monitoring infrastructure configurations using methods based on software pipelines, and the use of machine learning techniques for advanced supervision and monitoring.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Deciding the optimal estimation of K can be a complicated and tedious procedure. Cristiano et al [56] proposed a hybrid binary classification method based on DNN and KNN. The proposed system gave better results compared to when only DNN or KNN were used.…”

Section: Machine Learning Techniquesmentioning

confidence: 99%

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Therefore, NSL-KDD dataset is being widely used by researchers. Recent works on intrusion detection in fog computing environment have been evaluated using this dataset [50], [51], [52] and, [53]. But this dataset also suffers from class imbalance problem.…”

Section: A Experimentsmentioning

confidence: 99%

Intrusion Detection Based on Autoencoder and Isolation Forest in Fog Computing

2020

View full text Add to dashboard Cite

Fog Computing has emerged as an extension to cloud computing by providing an efficient infrastructure to support IoT. Fog computing acting as a mediator provides local processing of the endusers' requests and reduced delays in communication between the end-users and the cloud via fog devices. Therefore, the authenticity of incoming network traffic on the fog devices is of immense importance. These devices are vulnerable to malicious attacks. All kinds of information, especially financial and health information travel through these devices. Attackers target these devices by sending malicious data packets. It is imperative to detect these intrusions to provide secure and reliable service to the user. So, an effective Intrusion Detection System (IDS) is essential for the secure functioning of fog without compromising efficiency. In this paper, we propose a method (Auto-IF) for intrusion detection based on deep learning approach using Autoencoder (AE) and Isolation Forest (IF) for the fog environment. This approach targets only binary classification of the incoming packets as fog devices are more concerned about differentiating attack from normal packets in real-time. We validate the proposed method on the benchmark NSL-KDD dataset. Our technique of intrusion detection achieves a high accuracy rate of 95.4% as compared to many other state-of-art intrusion detection methods.

show abstract

“…The various attacks included in NSL-KDD dataset include: DoS (Denial of Services) attack, User-to-Root attack, Remote-to-local attack and Probes. In the literature, this dataset has been widely used to assess the performance of anomaly-based attack detection systems for IoT network [6,7,8].…”

Section: Introductionmentioning

confidence: 99%

“…dataset and data pre-processing. NSL-KDD is the latest version of KDD99 dataset and has been widely used by researchers to evaluate the performance of the attack detection system in IoT [6,7,8]. In NSL-KDD dataset, the training data is available in "KDDTrain+" file, consisting of 125973 data entries, out of which 67343 entries represent non-malicious and 58630 entries represent malicious.…”

Section: Introduction To Nsl-kddmentioning

confidence: 99%

Mitigating Malicious Insider Attacks in the Internet of Things using Supervised Machine Learning Techniques

Ahmad

Shah

2021

SCPE

View full text Add to dashboard Cite

The interconnection of large number of smart devices and sensors for critical information gathering and analysis over the internet has given rise to the Internet of Things (IoT) network. In recent times, IoT has emerged as a prime field for solving diverse real-life problems by providing a smart and affordable solutions. The IoT network has various constraints like: limited computational capacity of sensors, heterogeneity of devices, limited energy resource and bandwidth etc. These constraints restrict the use of high-end security mechanisms, thus making these type of networks more vulnerable to various security attacks including malicious insider attacks. Also, it is very difficult to detect such malicious insiders in the network due to their unpredictable behaviour and the ubiquitous nature of IoT network makes the task more difficult. To solve such problems machine learning techniques can be used as they have the ability to learn the behaviour of the system and predict the particular anomaly in the system. So, in this paper we have discussed various security requirements and challenges in the IoT network. We have also applied various supervised machine learning techniques on available IoT dataset to deduce which among them is best suited to detect the malicious insider attacks in the IoT network.

show abstract

Hybrid approach to intrusion detection in fog-based IoT environments

Cited by 100 publications

References 22 publications

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

Intrusion Detection Based on Autoencoder and Isolation Forest in Fog Computing

Mitigating Malicious Insider Attacks in the Internet of Things using Supervised Machine Learning Techniques

Contact Info

Product

Resources

About