Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks

Amaral, Joao P.; Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; Han, Guangjie; Shu, Lei

doi:10.1109/icc.2014.6883583

Cited by 80 publications

(48 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[20] Man-in-the-middle Anomaly-based Simulation Centralized [21] Multiple Conventional attacks Signature-based ------ [22] Routing attack Specification-based Simulation Hybrid [23] DoS Specification-based Simulation -- [24] DoS Signature-based Empirical Centralized [25] Routing attack Anomaly-based Simulation Centralized [26] Routing attack Hybrid Simulation Hybrid [27] Multiple Conventional attacks Anomaly-based ---- [28] Multiple Conventional attacks Signature-based Hypothetical Centralized [29] Multiple Conventional attacks Specification-based Empirical Hybrid [30] Multiple Conventional attacks Signature-based Empirical Distributed [31] DoS Anomaly-based Simulation Distributed [32] Routing attack and MITM Hybrid Simulation [33] Routing attack Hybrid Simulation Distributed [34] Conventional Anomaly-based Empirical [35] Multiple Conventional attacks Anomaly-based ----Hybrid [36] Routing attack Anomaly-based Simulation Hybrid…”

Section: References Security Threat Detection Methods Validation Stratmentioning

confidence: 99%

A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks

Ullah

Mahmoud

2020

Electronics

View full text Add to dashboard Cite

The significant increase of the Internet of Things (IoT) devices in smart homes and other smart infrastructure, and the recent attacks on these IoT devices, are motivating factors to secure and protect IoT networks. The primary security challenge to develop a methodology to identify a malicious activity correctly and mitigate the impact of such activity promptly. In this paper, we propose a two-level anomalous activity detection model for intrusion detection system in IoT networks. The level-1 model categorizes the network flow as normal flow or abnormal flow, while the level-2 model classifies the category or subcategory of detected malicious activity. When the network flow classified as an anomaly by the level-1 model, then the level-1 model forwards the stream to the level-2 model for further investigation to find the category or subcategory of the detected anomaly. Our proposed model constructed on flow-based features of the IoT network. Flow-based detection methodologies only inspect packet headers to classify the network traffic. Flow-based features extracted from the IoT Botnet dataset and various machine learning algorithms were investigated and tested via different cross-fold validation tests to select the best algorithm. The decision tree classifier yielded the highest predictive results for level-1, and the random forest classifier produced the highest predictive results for level-2. Our proposed model Accuracy, Precision, Recall, and F score for level-1 were measured as 99.99% and 99.90% for level-2. A two-level anomalous activity detection system for IoT networks we proposed will provide a robust framework for the development of malicious activity detection system for IoT networks. It would be of interest to researchers in academia and industry.

show abstract

Section: References Security Threat Detection Methods Validation Stratmentioning

confidence: 99%

A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks

Ullah

Mahmoud

2020

Electronics

View full text Add to dashboard Cite

show abstract

“…However, a training phase for this approach is not required as it will work immediately once setting up specifications is finished. Additionally, specifying specifications manually could be error-prone and time-consuming as the system may find it hard to adjust with different domains [77].…”

Section: Statistical-based Methodsmentioning

confidence: 99%

Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review

Lokman

Othman

Bakar

2019

J Wireless Com Network

165

View full text Add to dashboard Cite

The modern vehicles nowadays are managed by networked controllers. Most of the networks were designed with little concern about security which has recently motivated researchers to demonstrate various kinds of attacks against the system. In this paper, we discussed the vulnerabilities of the Controller Area Network (CAN) within invehicle communication protocol along with some potential attacks that could be exploited against it. Besides, we present some of the security solutions proposed in the current state of research in order to overcome the attacks. However, the main goal of this paper is to highlight a holistic approach known as intrusion detection system (IDS) which has been a significant tool in securing networks and information systems over the past decades. To the best of our knowledge, there is no recorded literature on a comprehensive overview of IDS implementation specifically in the CAN bus network system. Thus, we proposed an in-depth investigation of IDS found in the literature based on the following aspects: detection approaches, deployment strategies, attacking techniques, and finally technical challenges. In addition, we also categorized the anomaly-based IDS according to these methods, e.g., frequencybased, machine learning-based, statistical-based, and hybrid-based as part of our contributions. Correspondingly, this study will help to accelerate other researchers to pursue IDS research in the CAN bus system.

show abstract

“…In the clustered placement, the network is organized into clusters, where a cluster head is selected from each cluster, and deployed with the IDS agent. For example, the cluster heads can overhear and monitor their neighbor nodes' packet transmission [7]. A specification-based detection algorithm is then applied, where the overheard packets are compared to the abnormal behaviors (set of rules) which are manually defined.…”

Section: Intrusion Detection For Wireless Internet Of Thingsmentioning

confidence: 99%

Active Learning for Wireless IoT Intrusion Detection

Yang

Ren

Zhu

et al. 2018

IEEE Wireless Commun.

View full text Add to dashboard Cite

Internet of Things (IoT) is becoming truly ubiquitous in our everyday life, but it also faces unique security challenges. Intrusion detection is critical for the security and safety of a wireless IoT network. This paper discusses the human-in-the-loop active learning approach for wireless intrusion detection. We first present the fundamental challenges against the design of a successful Intrusion Detection System (IDS) for wireless IoT network. We then briefly review the rudimentary concepts of active learning and propose its employment in the diverse applications of wireless intrusion detection. Experimental example is also presented to show the significant performance improvement of the active learning method over traditional supervised learning approach. While machine learning techniques have been widely employed for intrusion detection, the application of human-in-the-loop machine learning that leverages both machine and human intelligence to intrusion detection of IoT is still in its infancy. We hope this article can assist the readers in understanding the key concepts of active learning and spur further research in this area.Index Terms-Internet of things, intrusion detection, active learning, human-in-the-loop machine learning

show abstract

Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks

Cited by 80 publications

References 13 publications

A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks

A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks

Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review

Active Learning for Wireless IoT Intrusion Detection

Contact Info

Product

Resources

About