Top

Cluster Computing

Published in:

02-09-2020

TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things

Authors: Abdul Jabbar Siddiqui, Azzedine Boukerche

Published in: Cluster Computing | Issue 1/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In the recent years, the Internet of Things has been becoming a vulnerable target of intrusion attacks. As the academia and industry move towards bringing the Internet of Things (IoT) to every sector of our lives, much attention needs to be given to develop advanced Intrusion Detection Systems (IDS) to detect such attacks. In this work, we propose a novel network-based intrusion detection method which learns patterns of benign flows in a temporal codebook. Based on the temporally learnt codebook, we propose a feature representation method to transform the raw flow-based statistical features into more discriminative representations, called TempoCode-IoT. We develop an ensemble of machine learning-based classifiers optimized to discriminate the malicious flows from the benign ones, based on the proposed TempoCode-IoT. The effectiveness of the proposed method is empirically evaluated on a state-of-the-art realistic intrusion detection dataset as well as on a real botnet-infected IoT dataset, achieving high accuracies and low false positive rates across a variety of intrusion attacks. Moreover, the proposed method outperforms several state-of-the-art works based on the used datasets, proving the effectiveness of Tempo-Code-IoT over raw flow features, both in terms of accuracies and processing speeds.

previous article Retail level Blockchain transformation for product supply chain using truffle development platform

next article A survey on boosting IoT security and privacy through blockchain

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Aldwairi, T., Perera, D., Novotny, M.A.: An evaluation of the performance of restricted boltzmann machines as a model for anomaly network intrusion detection. Comput. Netw. 144, 111–119 (2018)CrossRef

Almi’ani, M., Ghazleh, A.A., Al-Rahayfeh, A., Razaque, A.: Intelligent intrusion detection system using clustered self organized map. In: 2018 Fifth international conference on software defined systems (SDS), pp. 138–144 (2018)

Aloqaily, M., Otoum, S., Ridhawi, I.A., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks 90, 101842 (2019). Recent advances on security and privacy in Intelligent Transportation Systems

Arthur, D., Vassilvitskii, S.: How slow is the k-means method? In: Proceedings of the twenty-second annual symposium on computational geometry, SCG ’06, p. 144-153. Association for Computing Machinery, New York, NY, USA (2006). https://doi.org/10.1145/1137856.1137880

Atli, B.G., Miche, Y., Jung, A.: Network intrusion detection using flow statistics. In: 2018 IEEE Statistical Signal Processing Workshop (SSP), pp. 70–74 (2018)

Awad, M., Khanna, R.: Support Vector Machines for Classification, pp. 39–66. Apress, Berkeley, CA (2015)

Bottou, L., Chapelle, O., DeCoste, D., Weston, J.: Support Vector Machine Solvers, pp. 1–27 (2007)

Boukerche, A., Jucá, K.R.L., Notare, M.S.M.A., Sobral, J.B.M.: Biological inspired based intrusion detection models for mobile telecommunication systems. In: Olariu, S., Zomaya, A.Y. (eds.) Handbook of Bioinspired Algorithms and Applications. Chapman and Hall/CRC, New York (2005)

Boukerche, A., Jucá, K.R.L., Sobral, JaB, Annoni Notare, M.S.M.: An artificial immune based intrusion detection model for computer and telecommunication systems. Parallel Comput 30(5–6), 629–646 (2004)CrossRef

10.

Boukerche, A., Machado, R.B., Jucá, K.R.L., Sobral, JaBM, Notare, M.S.M.A.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Comput. Commun. 30(13), 2649–2660 (2007)CrossRef

11.

Breiman, L.: Bagging predictors. Mach. Learn. 24(2), 123–140 (1996)MATH

12.

Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2(2), 121–167 (1998)CrossRef

13.

Csurka, G., Dance, C.R., Fan, L., Willamowski, J., Bray, C.: Visual Categorization with bags of keypoints. In: Workshop on statistical learning in computer vision, ECCV, pp. 1–22 (2004)

14.

Gil, G.D., Lashkari, A.H., Mamun, M., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related features. In: 2nd International conference on information systems security and privacy (ICISSP 2016), pp. 407–414 (2016)

15.

Ioannou, C., Vassiliou, V.: An intrusion detection system for constrained wsn and iot nodes based on binary logistic regression. In: Proceedings of the 21st ACM international conference on modeling, analysis and simulation of wireless and mobile systems, MSWIM ’18, p. 259-263. Association for Computing Machinery, New York, NY, USA (2018)

16.

Kaspersky: Kaspersky lab ddos intelligence quarterly report: amplification attacks and old botnets make a comeback (2018). “https://www.kaspersky.com/about/press-releases/2018-amplification-attacks-and-old-botnets”. Accessed 29 October 2018

17.

Lee, W., Rezapour, A., Tzeng, W.: Monsieur poirot: detecting botnets using re-identification algorithm and nontrivial feature selection technique. In: 2018 IEEE international conference on communications (ICC), pp. 1–6 (2018)

18.

Lin, W.C., Ke, S.W., Tsai, C.F.: Cann: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl.-Based Syst. 78, 13–21 (2015)CrossRef

19.

Machado, R.B., Boukerche, A., Sobral, J.B.M., Jucá, K.R.L., Notare, M.S.M.A.: A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations. In: 19th International parallel and distributed processing symposium (IPDPS 2005), CD-ROM / Abstracts Proceedings, 4-8 April 2005, Denver, CO, USA. IEEE Computer Society (2005)

20.

Marir, N., Wang, H., Feng, G., Li, B., Jia, M.: Distributed abnormal behavior detection approach based on deep belief network and ensemble svm using spark. IEEE Access 6, 59657–59671 (2018)CrossRef

21.

Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., Elovici, Y.: N-baiot: network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)CrossRef

22.

Micro, T.: Ddos—security news—trend micro usa. https://www.trendmicro.com/vinfo/us/security/news/ddos

23.

Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: 25th Annual network and distributed system security symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 (2018)

24.

Moustafa, N., Turnbull, B., Choo, K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2871719CrossRef

25.

Nõmm, S., Bahsi, H.: Unsupervised anomaly based botnet detection in iot networks. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA), pp. 1048–1053 (2018)

26.

Nanni, L., Lumini, A.: Heterogeneous bag-of-features for object/scene recognition. Appl. Soft Comput. 13(4), 2171–2178 (2013)CrossRef

27.

Nofal, R.A., Tran, N., Garcia, C., Liu, Y., Dezfouli, B.: A comprehensive empirical analysis of tls handshake and record layer on iot platforms. In: Proceedings of the 22nd international ACM conference on modeling, analysis and simulation of wireless and mobile systems, MSWIM ’19, p. 61-70. Association for Computing Machinery, New York, NY, USA (2019)

28.

Osborne, C., Day, Z.: The most interesting internet-connected vehicle hacks on record. https://www.zdnet.com/article/these-are-the-most-interesting-ways-to-hack-internet-connected-vehicles/

29.

Otoum, S., Kantarci, B., Mouftah, H.: Empowering reinforcement learning on big sensed data for intrusion detection. In: ICC 2019 - 2019 IEEE international conference on communications (ICC), pp. 1–7 (2019)

30.

Otoum, S., Kantarci, B., Mouftah, H.T.: On the feasibility of deep learning in sensor network intrusion detection. IEEE Netw. Lett. 1(2), 68–71 (2019)CrossRef

31.

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetMATH

32.

Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5(6), 4829–4842 (2018)CrossRef

33.

Sedjelmaci, H., Senouci, S.M., Abu-Rgheff, M.A.: An efficient and lightweight intrusion detection mechanism for service-oriented vehicular networks. IEEE Internet Things J. 1(6), 570–577 (2014)CrossRef

34.

Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International conference on information systems security and privacy (ICISSP) (2018)

35.

Shasha, S., Mahmoud, M., Mannan, M., Youssef, A.: Playing with danger: A taxonomy and evaluation of threats to smart toys. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2877749CrossRef

36.

Siddiqui, A.J., Boukerche, A.: Encoded flow features for network intrusion detection in internet of things. In: 2020 IEEE 17th annual consumer communications networking conference (CCNC), pp. 1–6 (2020)

37.

Soundar Raja James, R.J.P., Albasir, A.A., Naik, K., Zaman, M., Goel, N.: A power signal based dynamic approach to detecting anomalous behavior in wireless devices. In: Proceedings of the 16th ACM international symposium on mobility management and wireless access, MobiWac’18, p. 9-18. Association for Computing Machinery, New York, NY, USA (2018)

38.

Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995)CrossRef

39.

Venkata Abhishek, N., Tandon, A., Lim, T.J., Sikdar, B.: Detecting forwarding misbehavior in clustered iot networks. In: Proceedings of the 14th ACM international symposium on QoS and security for wireless and mobile networks, Q2SWinet’18, p. 1-6. Association for Computing Machinery, New York, NY, USA (2018)

40.

Yao, H., Fu, D., Zhang, P., Li, M., Liu, Y.: Msml: a novel multi-level semi-supervised machine learning framework for intrusion detection system. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2873125CrossRef

41.

Zhang, J., Chen, C., Xiang, Y., Zhou, W., Xiang, Y.: Internet traffic classification by aggregating correlated naive bayes predictions. IEEE Trans. Inform. Forensics Sec. 8(1), 5–15 (2013)CrossRef

42.

Zheng, J., Hu, M.: An anomaly intrusion detection system based on vector quantization. IEICE Trans. Inf. Syst. E89–D(1), 201–210 (2006)CrossRef

43.

Zhou, Z.H.: Ensemble Learning, pp. 270–273. Springer US, Boston, MA (2009)

Title: TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things
Authors: Abdul Jabbar Siddiqui
Azzedine Boukerche
Publication date: 02-09-2020
Publisher: Springer US
Published in: Cluster Computing / Issue 1/2021
Print ISSN: 1386-7857
Electronic ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-020-03153-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2021

Retraction Note to: Mobile network intrusion detection for IoT system based on transfer learning algorithm

A survey on boosting IoT security and privacy through blockchain

Battling against cyberattacks: towards pre-standardization of countermeasures

Energy-saving traffic scheduling in backbone networks with software-defined networks

Multi-matrix verifiable computation

Fuzzy logic based clustering algorithm for management in critical infrastructure

Premium Partner