research-article

Intelligent Intrusion Detection in Low-Power IoTs

Authors:
Ahmed Saeed

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, UK

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, UK
View Profile

,
Ali Ahmadinia

Department of Computer Science, California State University San Marcos, CA, US

Department of Computer Science, California State University San Marcos, CA, US
View Profile

,
Abbas Javed

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, UK

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, UK
View Profile

,
Hadi Larijani

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, UK

School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, UK
View Profile

Authors Info & Claims

ACM Transactions on Internet Technology Volume 16 Issue 4Article No.: 27pp 1–25https://doi.org/10.1145/2990499

Published:09 December 2016Publication History

ACM Transactions on Internet Technology

Abstract

Security and privacy of data are one of the prime concerns in today’s Internet of Things (IoT). Conventional security techniques like signature-based detection of malware and regular updates of a signature database are not feasible solutions as they cannot secure such systems effectively, having limited resources. Programming languages permitting immediate memory accesses through pointers often result in applications having memory-related errors, which may lead to unpredictable failures and security vulnerabilities. Furthermore, energy efficient IoT devices running on batteries cannot afford the implementation of cryptography algorithms as such techniques have significant impact on the system power consumption. Therefore, in order to operate IoT in a secure manner, the system must be able to detect and prevent any kind of intrusions before the network (i.e., sensor nodes and base station) is destabilised by the attackers. In this article, we have presented an intrusion detection and prevention mechanism by implementing an intelligent security architecture using random neural networks (RNNs). The application’s source code is also instrumented at compile time in order to detect out-of-bound memory accesses. It is based on creating tags, to be coupled with each memory allocation and then placing additional tag checking instructions for each access made to the memory. To validate the feasibility of the proposed security solution, it is implemented for an existing IoT system and its functionality is practically demonstrated by successfully detecting the presence of any suspicious sensor node within the system operating range and anomalous activity in the base station with an accuracy of 97.23%. Overall, the proposed security solution has presented a minimal performance overhead.

References

Hossam Abdelbaki, Erol Gelenbe, and Said E. El-Khamy. 2000. Analog hardware implementation of the random neural network model. In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN’00), Vol. 4. IEEE, 197--201. Google ScholarDigital Library
J. Aguilar and A. Colmenares. 1998. Resolution of pattern recognition problems using a hybrid genetic/random neural network learning algorithm. Pattern Analysis and Applications 1, 1 (1998), 52--61. Google ScholarDigital Library
Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proceedings of the USENIX Security Symposium. 51--66. Google ScholarDigital Library
Vicente Alarcon-Aquino, Javier Barria, and others. 2006. Multiresolution FIR neural-network-based learning algorithm applied to network traffic prediction. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 36, 2 (2006), 208--220. Google ScholarDigital Library
Syed Obaid Amin, Muhammad Shoaib Siddiqui, Choong Seon Hong, and Sungwon Lee. 2009. RIDES: Robust intrusion detection system for IP-based ubiquitous sensor networks. Sensors 9, 5 (2009), 3447--3468.Google ScholarCross Ref
Kumar Avijit and Prateek Gupta. 2006. Binary rewriting and call interception for efficient runtime protection against buffer overflows. Software: Practice and Experience 36, 9 (2006), 971--998. Google ScholarDigital Library
Kumar Avijit, Prateek Gupta, and Deepak Gupta. 2004. TIED, LibsafePlus: Tools for runtime buffer overflow protection. In Proceedings of the USENIX Security Symposium. 45--56. Google ScholarDigital Library
M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita. 2014. Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys Tutorials 16, 1 (First Quarter 2014), 303--336.Google ScholarCross Ref
I. Butun, S. D. Morgera, and R. Sankar. 2014. A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys Tutorials 16, 1 (First Quarter 2014), 266--282.Google ScholarCross Ref
C. Callegari, S. Giordano, and M. Pagano. 2014. Neural network based anomaly detection. In Proceedings of the 2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD’14). 310--314.Google Scholar
Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve. 2006. SAFECode: Enforcing alias analysis for weakly typed languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation. ACM, New York, NY, 144--157. Google ScholarDigital Library
Ioannis Doudalis, James Clause, Guru Venkataramani, Milos Prvulovic, and Alessandro Orso. 2012. Effective and efficient memory protection using dynamic tainting. IEEE Transactions on Computers 61, 1 (2012), 87--100. Google ScholarDigital Library
Erol Gelenbe. 1989. Random neural networks with negative and positive signals and product form solution. Neural Computation 1, 4 (1989), 502--510. Google ScholarDigital Library
Erol Gelenbe. 1990. Stability of the random neural network model. Neural Computation 2, 2 (1990), 239--247. Google ScholarDigital Library
Erol Gelenbe. 1991. Product-form queueing networks with negative and positive customers. Journal of Applied Probability (1991), 656--663.Google Scholar
Erol Gelenbe. 1993. Learning in the recurrent random neural network. Neural Computation 5, 1 (1993), 154--164. Google ScholarDigital Library
E. Gelenbe and K. F. Hussain. 2002. Learning in the multiple class random neural network. IEEE Transactions on Neural Networks 13, 6 (Nov. 2002), 1257--1267. Google ScholarDigital Library
Michael Georgiopoulos, Cong Li, and Taskin Kocak. 2011. Learning in the feed-forward random neural network: A critical review. Performance Evaluation 68, 4 (2011), 361--384. Google ScholarDigital Library
J. Granjal, E. Monteiro, and J. Sa Silva. 2015. Security for the internet of things: A survey of existing protocols and open research issues. IEEE Communications Surveys Tutorials 17, 3, 1294--1312.Google ScholarDigital Library
Sang-Jun Han and Sung-Bae Cho. 2005. Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics 36, 3 (2005), 559--570. Google ScholarDigital Library
Niranjan Hasabnis, Ashish Misra, and R. Sekar. 2012. Light-weight bounds checking. In Proceedings of the 10th International Symposium on CGO (CGO’12). ACM, New York, NY, 135--144. Google ScholarDigital Library
HOPERF. Accessed: 15-9-2015. RFM69 ISM Transceiver Module. Retrieved from http://www.hoperf.cn/upload/rf/RFM69-V1.3.pdf.Google Scholar
A. Javed, H. Larijani, A. Ahmadinia, R. Emmanuel, D. Gibson, and C. Clark. 2015. Experimental testing of a random neural network smart controller using a single zone test chamber. Networks, IET 4, 6 (2015), 350--358.Google ScholarCross Ref
A. Javed, H. Larijani, A. Ahmadinia, and D. Gibson. 2016. Smart random neural network controller for HVAC using cloud computing technology. IEEE Transactions on Industrial Informatics PP, 99 (2016), 1--1.Google Scholar
Richard W. M. Jones and Paul H. J. Kelly. 1997. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the 3rd International Workshop on Automatic Debugging. Citeseer, 13--26.Google Scholar
Georgios Kornaros and Dionisios Pnevmatikatos. 2013. A survey and taxonomy of on-chip monitoring of multicore systems-on-chip. ACM Transactions on Design Automation of Electronic Systems 18, 2, Article 17 (2013), 38 pages. Google ScholarDigital Library
Sandeep Kumar and Eugene H. Spafford. 1994. An Application of Pattern Matching in Intrusion Detection. Technical Report. Department of Computer Sciences, Purdue University.Google Scholar
Wenchao Li, Ping Yi, Yue Wu, Li Pan, and Jianhua Li. 2014. A new intrusion detection system based on KNN classification algorithm in wireless sensor network. Journal of Electrical and Computing Engineering (2014).Google Scholar
Aristidis Likas and Andreas Stafylopatis. 2000. Training the random neural network using quasi-Newton methods. European Journal of Operational Research 126, 2 (2000), 331--339.Google ScholarCross Ref
Shan Lu, Zhenmin Li, Feng Qin, Lin Tan, Pin Zhou, and Yuanyuan Zhou. 2005. Bugbench: Benchmarks for evaluating bug detection tools. In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools. 1--5.Google Scholar
Shufu Mao and T. Wolf. 2010. Hardware support for secure processing in embedded systems. IEEE Transactions on Computers 59, 6 (2010), 847--854. Google ScholarDigital Library
Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini, and Imrich Chlamtac. 2012. Internet of things: Vision, applications and research challenges. Ad Hoc Networks 10, 7 (2012), 1497--1516. Google ScholarDigital Library
Samir Mohamed and Gerardo Rubino. 2002. A study of real-time packet video quality using random neural networks. IEEE Transactions on Circuits and Systems for Video Technology 12, 12 (2002), 1071--1083. Google ScholarDigital Library
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. In ACM Sigplan Notices, Vol. 44. ACM, 245--258.Google ScholarDigital Library
George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems 27, 3 (2005), 477--526. Google ScholarDigital Library
NIST. 2001. Advanced Encryption Standard: U.S. National Institute of Standards and Technology (NIST): Federal Information Processing Standards Publication (FIPS PUBS) 197. Retrievevd from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google Scholar
Aleph One. 1996. Smashing the stack for fun and profit. Phrack Magazine 7, 49 (1996), 14--16.Google Scholar
M. Rahmatian, H. Kooti, I. G. Harris, and E. Bozorgzadeh. 2012. Hardware-assisted detection of malicious software in embedded systems. Embedded Systems Letters, IEEE 4, 4 (2012), 94--97. Google ScholarDigital Library
Shahid Raza, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the internet of things. Ad Hoc Networks 11, 8 (2013), 2661--2674. Google ScholarDigital Library
RSA. 2003. Public-Key Cryptography Standards (PKCS): RSA Cryptography Specifications Version 2.1. Retrieved from https://tools.ietf.org/html/rfc3447.Google Scholar
Olatunji Ruwase and Monica S. Lam. 2004. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium.Google Scholar
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the 2010 IEEE Symposium onSecurity and Privacy (SP’10). IEEE, 317--331. Google ScholarDigital Library
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In USENIX ATC, Vol. 2012. Google ScholarDigital Library
G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure program execution via dynamic information flow tracking. SIGARCH Comput. Archit. News 32, 5 (Oct. 2004), 85--96.Google ScholarDigital Library
Stelios Timotheou. 2008. Nonnegative least squares learning for the random neural network. In Artificial Neural Networks-ICANN 2008. Springer, 195--204. Google ScholarDigital Library
Stelios Timotheou. 2010. The random neural network: A survey. The Computer Journal 53, 3 (2010), 251--267. Google ScholarDigital Library
W. Trappe, R. Howard, and R. S. Moore. 2015. Low-energy security: Limits and opportunities in the internet of things. IEEE Security Privacy 13, 1 (Jan. 2015), 14--21.Google ScholarDigital Library
Kleber Vieira, Alexandre Schulter, Carlos Westphall, and Carla Westphall. 2010. Intrusion detection for grid and cloud computing. IT Professional 12, 4 (2010), 38--43. Google ScholarDigital Library
John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, and Wouter Joosen. 2011. RIPE: Runtime intrusion prevention evaluator. In Proceedings of the 27th Annual Computer Security Applications Conference. ACM. Google ScholarDigital Library
Shelly Xiaonan Wu and Wolfgang Banzhaf. 2010. The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing 10, 1 (2010), 1--35. Google ScholarDigital Library
Li Da Xu, Wu He, and Shancang Li. 2014. Internet of things in industries: A survey. IEEE Transactions on Industrial Informatics 10, 4 (Nov. 2014), 2233--2243.Google ScholarCross Ref
Man-Ki Yoon, S. Mohan, Jaesik Choi, Jung-Eun Kim, and Lui Sha. 2013. SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems. In Proceedings of the 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS’13). 21--32. Google ScholarDigital Library
Yves Younan. 2014. 25 Years of Vulnerabilities: 1988-2012. Retrieved from http://labs.snort.org/blogfiles/Sourcefire\\-25-Years-of-Vulnerabilities-Research-Report.pdf.Google Scholar
Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens, and Wouter Joosen. 2010. PAriCheck: An efficient pointer arithmetic checker for C programs. In Proceedings of the 5th ACM Symposium on Computer and Communication Security. ACM, 145--156. Google ScholarDigital Library

Index Terms

Intelligent Intrusion Detection in Low-Power IoTs
1. Networks
  1. Network types
    1. Cyber-physical networks
      1. Sensor networks
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Edge-Based Intrusion Detection for IoT devices
Special Issue on Analytics for Cybersecurity and Privacy, Part 1

As the Internet of Things (IoT) is estimated to grow to 25 billion by 2021, there is a need for an effective and efficient Intrusion Detection System (IDS) for IoT devices. Traditional network-based IDSs are unable to efficiently detect IoT malware and ...
Read More
Evaluating the survivability of Intrusion Tolerant Database systems and the impact of intrusion detection deficiencies

The immaturity of current intrusion detection techniques limits traditional security mechanisms in surviving malicious attacks. Intrusion tolerance approaches have emerged to overcome these limitations. However, to what extent an intrusion tolerant ...
Read More
Two-level machine learning driven intrusion detection model for IoT environments

As a consequence of the growing number of cyberattacks on IoT devices, the need for defences like intrusion detection systems (IDSs) has significantly risen. But current IDS implementations for IoT are complex to design, difficult to incorporate, platform-...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Internet Technology Volume 16, Issue 4
Special Issue on Internet of Things (IoT): Smart and Secure Service Delivery
December 2016
168 pages
ISSN:1533-5399
EISSN:1557-6051
DOI:10.1145/3023158
Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 December 2016
- Revised: 1 August 2016
- Accepted: 1 August 2016
- Received: 1 November 2015
Published in toit Volume 16, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
IoT security
buffer overflows
code instrumentation
data integrity
illegal memory accesses
neural networks
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 68
  Total Citations
  View Citations
- 1,482
  Total Downloads
- Downloads (Last 12 months)60
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Intelligent Intrusion Detection in Low-Power IoTs

ACM Transactions on Internet Technology

Abstract

References

Cited By

Index Terms

Recommendations

Edge-Based Intrusion Detection for IoT devices

Evaluating the survivability of Intrusion Tolerant Database systems and the impact of intrusion detection deficiencies

Two-level machine learning driven intrusion detection model for IoT environments