Top

Journal of Network and Systems Management

Published in:

01-07-2021

AS-IDS: Anomaly and Signature Based IDS for the Internet of Things

Authors: Yazan Otoum, Amiya Nayak

Published in: Journal of Network and Systems Management | Issue 3/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Internet of Things (IoT) is a massively extensive environment that can manage many diverse applications. Security is critical due to potential malicious threats and the diversity of the connectivity. Devices can protect themselves and detect threats with the Intrusion Detection System (IDS). IDS typically uses one of two approaches: anomaly-based or signature-based. This paper proposes a model (known as “AS-IDS”) that combines these two approaches to detect known and unknown attacks in IoT networks. The proposed model has three phases: traffic filtering, preprocessing and the hybrid IDS. In the first phase, the arrival traffic is filtered at the IoT gateway by matching packet features, after which the preprocessing phase applies a Target Encoder, Z-score and Discrete Hessian Eigenmap (DHE) to encode, normalize and eliminate redundancy, respectively. In the final phase, the hybrid IDS integrates signatures and anomalies. The signature-based IDS subsystem investigates packets with Lightweight Neural Network (LightNet), which uses Human Mental Search (HMS) for traffic clustering in the hidden layer and Boyer Moore is used to search for a particular signature in the output layer that is accelerated by using the Generalized Suffix Tree (GST) algorithm and by matching the signatures it classifies the attacks as intruder, normal or unknown. The anomaly-based IDS subsystem employs Deep Q-learning to identify unknown attacks, and uses Signal to Noise Ratio (SNR) and bandwidth to classify the attacks into five classes: Denial of Service (DoS), Probe, User-to-Root (U2R), Remote-to-Local (R2L), and normal traffic. Detected packets are then generated with new signatures, using the Position Aware Distribution Signature (PADS) algorithm. The proposed AS-IDS is implemented in real-time traffic with the NSL-KDD dataset, and the results are evaluated in terms of Detection Rate (DR), False Alarm Rate (FAR), Specificity, F-measure and computation time.

previous article Cybersecurity of Smart Home Systems: Sensor Identity Protection

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Jararweh, Y., Otoum, S., Ridhawi, I.Al: “Trustworthy and sustainable smart city services at the edge”. Sustain. Cities Soc. 62, 1–11 (2020)CrossRef

Aloqaily, M., Otoum, S., Ridhawi, I.Al, Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 1–14 (2019)CrossRef

Santos, L. Rabadao, C., Gonçalves, R.: Intrusion detection systems in Internet of Things: A literature review. 13th Iberian Conference on Information systems and Technologies (CISTI) (2018)

Fu, Y., Yan, Z., Cao, J., Koné, O., Cao, X.: An automata based intrusion detection method for Internet of Things. Mobile Inf. Syst. https://doi.org/10.1155/2017/1750637 (2017)

Elrawy, M.F., Awad, A.I., Hamed, H.F.A.: Intrusion detection systems for IoT-based smart environments: a survey. J. Cloud Comput. 7, 1–20 (2018)CrossRef

Salunkhe, U.R., Mali, S.N.: Security enrichment in intrusion detection system using classifier ensemble. J. Electr. Comput. Eng. (2017). https://doi.org/10.1155/2017/1794849CrossRef

Vengatesan, K., Kumar, A., Naik, R., Verma, D.K.: Anomaly based novel intrusion detection system for network traffic reduction. In: 2nd International Conference on I-SMAC. IoT in Social, Mobile, Analytics and Cloud (2019)

Cepheli, Ö., Büyükçorak, S., Kurt, G.K.: Hybrid intrusion detection system for DDoS attacks. J. Electr. Comput. Eng. https://doi.org/10.1155/2016/1075648 (2016)

Saleh, A.I., Talaat, F.M., Labib, L.M.: A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif. Intell. Rev. 51, 403–443 (2019)CrossRef

10.

Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9, 173 (2020)CrossRef

11.

Khan, I.A., Pi, D., Khan, Z.U., Hussain, Y., Nawaz, A.: HML-IDS: a hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems. IEEE Access 7, 89507–89521 (2019)CrossRef

12.

Elhefnawy, R., Abounaser, H., Badr, A.: A hybrid nested genetic-fuzzy algorithm framework for intrusion detection and attacks. IEEE Access 8, 98218–98233 (2020)CrossRef

13.

Jiang, K., Wang, W., Wang, A., Wu, H.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020)CrossRef

14.

Kim, J., Kim, J., Kim, H., Shim, M.: CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020)CrossRef

15.

Tobi, A.M.Al, Duncan, I.: Improving intrusion detection model prediction by threshold adaptation. Information 10, 159 (2019)CrossRef

16.

Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10, 1775 (2020)CrossRef

17.

de Lima Filho, F.S., Silveira, F.A.F., de Medeiros Brito Jr, A., Vargas-Solar, G., Silveira, L. F.: Smart detection: an online approach for dos/ ddos attack detection using machine learning. Secur. Commun. Netw. https://doi.org/10.1155/2019/1574749 (2019)

18.

Yang, K., Ren, J., Zhu, Y., Zhang, W.: Active learning for wireless IoT intrusion detection. IEEE Wirel. Commun. 25(6), 19–25 (2018)CrossRef

19.

Otoum, Y., Nayak, A.: “On securing IoT from Deep Learning perspective”, 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1-7, (2020). https://doi.org/10.1109/ISCC50000.2020.9219671

20.

Otoum, S., Kantarci, B., Mouftah, H.T.: On the feasibility of deep learning in sensor network intrusion detection. IEEE Netw. Lett. 1(2), 68–71 (2019)CrossRef

21.

Khan, Z.A., Abbasi, U.: Reputation management using honeypots for intrusion detection in the internet of things. Electronics 9(3), 1–30 (2020)

22.

Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., Alazab, A.: A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks. Electronics 8(11), 1–18 (2019)CrossRef

23.

Iman, A.N., Ahmad, T.: Improving Intrusion Detection System by Estimating Parameters of Random Forest in Boruta. Presented at the (2020)

24.

Rajagopal, S., Kundapur, P., Hareesha, K.: A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur. Commu. Netw. (2020). https://doi.org/10.1155/2020/4586875

25.

Aung, Y., Min, M.: Hybrid Intrusion Detection System using K-means and K-Nearest Neighbors Algorithms. IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS) (2018)

26.

Lv, L., Wang, W., Zhang, Z., Liu, X.: A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine. Knowl. Based Syst. 195, 102548 (2020)CrossRef

27.

Alazzam, H., Sharieh, A., Sabri, K.E.: A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Syst. Appl. 148, 1–14 (2020)CrossRef

28.

Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. 31, 541–553 (2018)

29.

Zhang, Y., Li, P., Wang, X.: Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7, 31711–31722 (2019)CrossRef

30.

Hachmi, F., Boujenfa, K., Limam, M.: Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization. J. Netw. Syst. Manag. 27, 93–120 (2019)CrossRef

31.

Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection system. International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (2018)

32.

Thamilarasu, G., Chawla, S.: Towards deep-learning-driven intrusion detection for the internet of things. Sensors 19(9), 1–19 (2019)CrossRef

33.

Balakrishnan, N., Rajendran, A., Pelusi, D., Ponnusamy, V.: Deep belief network enhanced intrusion detection system to prevent security breach in the internet of things. Internet Things 4(33), 1–8 (2019)

34.

Khan, M.A., Karim, M.R., Kim, Y.: A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11(4), 583 (2019)CrossRef

35.

Otoum, Y., Liu, D., Nayak, A.: DL-IDS: a deep learning-based intrusion detection framework for securing IoT. Emerg. Telecommun. Technol, Trans (2019). https://doi.org/10.1002/ett.3803CrossRef

36.

Pajouh, H.H., Javidan, R., Khayami, R., Dehghantanha, A., Choo, K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in iot backbone networks. IEEE Trans. Emerg. Top. Comput. 7, 314–323 (2019)CrossRef

37.

Kaur, S., Singh, M.J.: Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput. Appl. 32, 7859–7877 (2019)CrossRef

38.

Ye, Q., Zhi, W.: Discrete hessian eigenmaps method for dimensionality reduction. J. Comput. Appl. Math. 278, 197–212 (2015)MathSciNetMATHCrossRef

39.

Tang, Y., Chen, S.: An automated signature-based approach against polymorphic internet worms. IEEE Trans. Parallel Distrib. Syst. 18(7), 879–892 (2007)CrossRef

40.

Khan, A.H.: Lightweight Neural Networks. arXiv:1712.05695v1(2017)

41.

Mousavirad, S.J., Ebrahimpour-Komleh, H.: Human mental search: a new population-based metaheuristic optimization algorithm. Appl. Intell. 47, 850–887 (2017). https://doi.org/10.1007/s10489-017-0903-6CrossRef

42.

Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418CrossRef

Title: AS-IDS: Anomaly and Signature Based IDS for the Internet of Things
Authors: Yazan Otoum
Amiya Nayak
Publication date: 01-07-2021
Publisher: Springer US
Published in: Journal of Network and Systems Management / Issue 3/2021
Print ISSN: 1064-7570
Electronic ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-021-09589-6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2021

Knowledge Discovery: Can It Shed New Light on Threshold Definition for Heavy-Hitter Detection?

Data Processing on Edge and Cloud: A Performability Evaluation and Sensitivity Analysis

Customizable Deployment of NFV Services

GlobeSnap: An Efficient Globally Consistent Statistics Collection for Software-Defined Networks

Energy and Cost-Aware Workflow Scheduling in Cloud Computing Data Centers Using a Multi-objective Optimization Algorithm

Hybrid Stochastic Ranking and Opposite Differential Evolution-Based Enhanced Firefly Optimization Algorithm for Extending Network Lifetime Through Efficient Clustering in WSNs

Premium Partner