Jinxin Liu
Burak Kantarci
ABSTRACT
Wide adoption of Internet of Things (IoT) devices and applications encounters security vulnerabilities as roadblocks. The heterogeneous nature of IoT systems prevents common benchmarks, such as the NSL-KDD dataset, from being used to test and verify the performance of different Network Intrusion Detection Systems (NIDS). In order to bridge this gap, in this paper, we examine specific attacks in the NSL-KDD dataset that can impact sensor nodes and networks in IoT settings. Furthermore, in order to detect the introduced attacks, we study eleven machine learning algorithms and report the results. Through numerical analysis, we show that tree-based methods and ensemble methods outperform the rest of the studied machine learning methods. Among the supervised algorithms, XGBoost ranks the first with 97% accuracy, 90.5% Matthews correlation coefficient (MCC), and 99.6% Area Under the Curve (AUC) performance. Moreover, a notable research finding of this study is that the Expectation-Maximization (EM) algorithm, which is an unsupervised method, also performs reasonably well in the detection of the attacks in the NSL-KDD dataset and outperforms the accuracy of the Naïve Bayes classifier by 22.0%.
- Iman Almomani, Bassam Al-Kasasbeh, and Mousa AL-Akhras. 2016. WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks.Google Scholar
- Hazim Almuhimedi et al. 2015. Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging. In ACM Conf. Human Fact, in Comp. Sys. Seoul, Korea, 787--796.Google Scholar
- Ethem Alpaydin. 2020. Introduction to Machine Learning (fourth edition edition ed.). The MIT Press, Cambridge, MA.Google Scholar
- Tianqi Chen and Carlos Guestrin. 2016. XGBoost: A Scalable Tree Boosting System. In ACM SIGKDD Int Conf. on Knowledge Discovery and Data Mining. San Francisco, CA, USA, 785--794.Google ScholarDigital Library
- Davide Chicco and Giuseppe Jurman. 2020. The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genomics 21 (Jan. 2020).Google Scholar
- G. Dong, Y. Jin, S. Wang, W. Li, Z. Tao, and S. Guo. 2019. DB-Kmeans:An Intrusion Detection Algorithm Based on DBSCAN and K-means. In 20th APNOMS Symposium. 1--4.Google Scholar
- A. Dunkels, B. Gronvall, and T. Voigt. 2004. Contiki - a lightweight and flexible operating system for tiny networked sensors. In 29th Annual IEEE International Conference on Local Computer Networks. 455--462. ISSN: 0742-1303.Google Scholar
- Fatma Gara, Leila Ben Saad, and Rahma Ben Ayed. 2017. An intrusion detection system for selective forwarding attack in IPv6-based mobile WSNs. In Int. Wireless Communications and Mobile Computing Conf. 276--281.Google ScholarCross Ref
- Mahmudul Hasan, Md. Milon Islam, Md Ishrak Islam Zarif, and M. M. A. Hashem. 2019. Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet of Things 7 (Sept. 2019), 100059.Google Scholar
- Elike Hodo, Xavier Bellekens, Andrew Hamilton, Pierre-Louis Dubouilh, Ephraim Iorkyase, Christos Tachtatzis, and Robert Atkinson. 2016. Threat analysis of IoT networks using artificial neural network intrusion detection system. In Int. Symp. on Networks, Comp. and Comm. Yasmine Hammamet, TUN, 1--6.Google ScholarCross Ref
- Khalid Hussain, Syed Jawad Hussain, NZ Jhanjhi, and Mamoona Humayun. 2019. SYN Flood Attack Detection based on Bayes Estimator (SFADBE) For MANET. In Int. Conf. on Computer and Information Sci. (ICCIS). 1--4.Google ScholarCross Ref
- Kamaldeep, M. Malik, and M. Dutta. 2017. Contiki-based mitigation of UDP flooding attacks in the Internet of things. In Int. Conf. on Comp., Comm. and Automation. 1296--1300.Google Scholar
- Nattawat Khamphakdee, Nunnapus Benjamas, and Saiyan Saiyod. 2014. Improving Intrusion Detection System based on Snort rules for network probe attack detection. In Int. Conf. on Information and Communication Technology. 69--74.Google ScholarCross Ref
- K. C. Khor, C. Y. Ting, and S. Phon-Amnuaisuk. 2010. Comparing Single and Multiple Bayesian Classifiers Approaches for Network Intrusion Detection. In Int. Conf. on Computer Engineering and Applications, Vol. 2. 325--329.Google Scholar
- Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. 2019. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Future Gen. Comp. Sys. 100 (Nov. 2019), 779--796.Google Scholar
- N. Lower and F. Zhan. 2020. A Study of Ensemble Methods for Cyber Security. In Computing and Communication Workshop and Conf. 1001--1009.Google Scholar
- Marc-Oliver Pahl and François-Xavier Aubet. 2018. All Eyes on You: Distributed Multi-Dimensional IoT Microservice Anomaly Detection. In 14th International Conf. on Network and Service Management (CNSM). 72--80. ISSN: 2165-9605.Google Scholar
- Hamed Haddad Pajouh, Reza Javidan, Raouf Khayami, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2019. A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks. IEEE Trans, on Emerging Topics in Computing 7 (April 2019), 314--323.Google ScholarCross Ref
- Nadun Rajasinghe, Jagath Samarabandu, and Xianbin Wang. 2018. INSECS-DCS: A Highly Customizable Network Intrusion Dataset Creation Framework. In IEEE CCECE,. 1--4.Google Scholar
- Rongrong Fu, Kangfeng Zheng, Dongmei Zhang, and Yixian Yang. 2011. An intrusion detection scheme based on anomaly mining in Internet of Things. In IET Int. Conf. on Wireless, Mobile & Multimedia Networks. 315--320.Google Scholar
- Yalin E. Sagduyu, Yi Shi, and Tugba Erpek. 2019. IoT Network Security from the Perspective of Adversarial Deep Learning. In IEEE Int. Conf. on Sensing, Commu., and Networking. 1--9.Google ScholarDigital Library
- Mustapha Réda Senouci, Abdelhamid Mellouk, and Amar Aissani. 2014. Random deployment of wireless sensor networks: a survey and approach. Int. J. Ad Hoc Ubiquitous Comp. (2014).Google ScholarCross Ref
- Muhammad Shafiq, Zhihong Tian, Yanbin Sun, Xiaojiang Du, and Mohsen Guizani. 2020. Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Future Generation Computer Systems 107 (June 2020), 433--442.Google Scholar
- Subrina Sultana, Sumaiya Nasrin, Farhana Kabir Lipi, Md Afzal Hossain, Zinia Sultana, and Fatima Jannat. 2019. Detecting and Preventing IP Spoofing and Local Area Network Denial (LAND) Attack for Cloud Computing with the Modification of Hop Count Filtering (HCF) Mechanism. In Int. Conf. on Comp., Comm., Chemical, Materials and Electronic Eng. (IC4ME2). 1--6.Google Scholar
- Syeda Manjia Tahsien, Hadis Karimipour, and Petros Spachos. 2020. Machine learning based solutions for security of Internet of Things (IoT): A survey. Journal of Network and Computer Applications 161 (2020), 102630.Google ScholarCross Ref
- Fekadu Yihunie, Eman Abdelfattah, and Ammar Odeh. 2018. Analysis of ping of death DoS and DDoS attacks. In IEEE Long Island Sys., Applications and Technology Conf. 1--4.Google Scholar
- Gholam Reza Zargar and Peyman Kabiri. 2009. Identification of effective network features to detect Smurf attacks. In IEEE Student Conf. on Research and Development. 49--52.Google ScholarCross Ref
- Congyingzi Zhang and Robert Green. 2015. Communication security in internet of thing: preventive measure and avoid DDoS attack over IoT network. In 18th Symposium on Communications & Networking. Alexandria, VA, 8--15.Google Scholar
- Yüksel Öner and Hasan Bulut. 2020. A robust EM clustering approach: ROBEM. Communications in Statistics - Theory and Methods 0, 0 (Feb. 2020). Publisher: Taylor & Francis.Google Scholar
Index Terms
- Machine learning-driven intrusion detection for Contiki-NG-based IoT networks exposed to NSL-KDD dataset
Recommendations
Intrusion Detection System for NSL-KDD Dataset Using Convolutional Neural Networks
CSAI '18: Proceedings of the 2018 2nd International Conference on Computer Science and Artificial IntelligenceWith the increment of cyber traffic, there is a growing demand for cyber security. How to accurately detect cyber intrusions is the hotspot of recent research. Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, ...
Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS
The use of encrypted data, the diversity of new protocols, and the surge in the number of malicious activities worldwide have posed new challenges for intrusion detection systems (IDS). In this scenario, existing signature-based IDS are not performing ...
Two-level machine learning driven intrusion detection model for IoT environments
As a consequence of the growing number of cyberattacks on IoT devices, the need for defences like intrusion detection systems (IDSs) has significantly risen. But current IDS implementations for IoT are complex to design, difficult to incorporate, platform-...
Comments