scholarly journals A Host-Based Anomaly Detection Framework Using XGBoost and LSTM for IoT Devices

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Xiali Wang ◽  
Xiang Lu
Keyword(s):  
Anomaly Detection ◽  
Detection System ◽  
Gradient Boosting ◽  
System Call ◽  
Iot Security ◽  
Extreme Gradient Boosting ◽  
Ip Camera ◽  
Iot Devices ◽  
System Call Sequences ◽  
Abnormal Behaviors

The Internet of Things (IoT) is rapidly spreading in various application scenarios through its salient features in ubiquitous device connections, ranging from agriculture and industry to transportation and other fields. As the increasing spread of IoT applications, IoT security is gradually becoming one of the most significant issues to guard IoT devices against various cybersecurity threats. Usually, IoT devices are the main components responsible for sensing, computing, and transmitting; in this case, how to efficiently protect the IoT device itself away from cyber attacks, like malware, virus, and worm, becomes the vital point in IoT security. This paper presents a brand new architecture of intrusion detection system (IDS) for IoT devices, which is designed to identify device- or host-oriented attacks in a lightweight manner in consideration of limited computation resources on IoT devices. To this end, in this paper, we propose a stacking model to couple the Extreme Gradient Boosting (XGBoost) model and the Long Short-Term Memory (LSTM) model together for the abnormal state analysis on the IoT devices. More specifically, we adopt the system call sequence as the indicators of abnormal behaviors. The collected system call sequences are firstly processed by the famous n-gram model, which is a common method used for host-based intrusion detections. Then, the proposed stacking model is used to identify abnormal behaviors hidden in the system call sequences. To evaluate the performance of the proposed model, we establish a real-setting IP camera system and place several typical IoT attacks on the victim IP camera. Extensive experimental evaluations show that the stacking model has outperformed other existing anomaly detection solutions, and we are able to achieve a 0.983 AUC score in real-world data. Numerical testing demonstrates that the XGBoost-LSTM stacking model has excellent performance, stability, and the ability of generalization.

Real-Time Intrusion Detection Based on System Call and ARTIS Model

2014 ◽  
Vol 926-930 ◽  
pp. 3157-3160
Author(s):  
Zhan Huang ◽  
Yu Ying Jiang ◽  
Lu Bin Li
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Intrusion Detection System ◽  
Detection System ◽  
Detection Methods ◽  
System Call ◽  
Detection Model ◽  
Fixed Length ◽  
Computer Intrusion Detection ◽  
Abnormal Behaviors

The main purpose of a computer intrusion detection system is to accurately distinguish between self and non-self. A novel intrusion detection model based on ARTIS model is proposed by introducing the Red Flower and Green Leaf concepts, and by coordinated use of RF variable length and GL fixed length detectors. Intrusion detection methods are optimized to ensure the quick detection of abnormal behaviors making the model more suitable for real-time intrusion detection and more accurately to distinguish between self-and non-self.

scholarly journals Internet of Things: A Comprehensive Study on Machine Learning-based Intrusion Detection approaches

2021 ◽  
Author(s):  
Priyanka Gupta ◽  
Lokesh Yadav ◽  
Deepak Singh Tomar
Keyword(s):  
Machine Learning ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Real Time ◽  
Detection System ◽  
Research Work ◽  
Security And Privacy ◽  
Iot Security ◽  
Advantages And Disadvantages ◽  
Iot Devices

The Internet of Things (IoT) connects billions of interconnected devices that can exchange information with each other with minimal user intervention. The goal of IoT to become accessible to anyone, anytime, and anywhere. IoT has engaged in multiple fields, including education, healthcare, businesses, and smart home. Security and privacy issues have been significant obstacles to the widespread adoption of IoT. IoT devices cannot be entirely secure from threats; detecting attacks in real-time is essential for securing devices. In the real-time communication domain and especially in IoT, security and protection are the major issues. The resource-constrained nature of IoT devices makes traditional security techniques difficult. In this paper, the research work carried out in IoT Intrusion Detection System is presented. The Machine learning methods are explored to provide an effective security solution for IoT Intrusion Detection systems. Then discussed the advantages and disadvantages of the selected methodology. Further, the datasets used in IoT security are also discussed. Finally, the examination of the open issues and directions for future trends are also provided.

scholarly journals A Study of Soft Computing Based IoT Device Security System

2020 ◽  
Vol 9 (11) ◽  
pp. 5-10
Keyword(s):  
Neural Network ◽  
Artificial Neural Network ◽  
Intrusion Detection System ◽  
Detection System ◽  
Security System ◽  
Security Risks ◽  
Iot Security ◽  
Security Attack ◽  
Artificial Neural ◽  
Iot Devices

The ubiquitous computing environment has increased interest in IoT technology. As IoT has open characteristics in the fields of industry, increased accessibility has raised the possibility of threats. As the IoT network was small on scale, there was risk of security. IoT development brought the network environment by combining networks, therefore risk of security attack compared to small network. The response time while operating IoT devices to detect intrusion through hacking, the artificial neural network responses using mobile devices. This process help to deal with hacking. By detecting virus in real time, this process help to prevent intrusion. As IoT security risks, we suggested an intrusion detection system using artificial neural network model in this study. The system which is developed in this can be adjusted to fit situations of IoT by facilitating modification of critical values. The research which detects anomaly through the response to be used for information security system which utilize IoT .

scholarly journals IoT Botnet Attack Detection Based on Optimized Extreme Gradient Boosting and Feature Selection

Sensors ◽  
2020 ◽  
Vol 20 (21) ◽  
pp. 6336 ◽  
Author(s):  
Mnahi Alqahtani ◽  
Hassan Mathkour ◽  
Mohamed Maher Ben Ismail
Keyword(s):  
Feature Selection ◽  
Large Scale ◽  
Feature Selection Method ◽  
Selection Method ◽  
Attack Detection ◽  
Gradient Boosting ◽  
Fisher Score ◽  
Detection Approach ◽  
Extreme Gradient Boosting ◽  
Iot Devices

Nowadays, Internet of Things (IoT) technology has various network applications and has attracted the interest of many research and industrial communities. Particularly, the number of vulnerable or unprotected IoT devices has drastically increased, along with the amount of suspicious activity, such as IoT botnet and large-scale cyber-attacks. In order to address this security issue, researchers have deployed machine and deep learning methods to detect attacks targeting compromised IoT devices. Despite these efforts, developing an efficient and effective attack detection approach for resource-constrained IoT devices remains a challenging task for the security research community. In this paper, we propose an efficient and effective IoT botnet attack detection approach. The proposed approach relies on a Fisher-score-based feature selection method along with a genetic-based extreme gradient boosting (GXGBoost) model in order to determine the most relevant features and to detect IoT botnet attacks. The Fisher score is a representative filter-based feature selection method used to determine significant features and discard irrelevant features through the minimization of intra-class distance and the maximization of inter-class distance. On the other hand, GXGBoost is an optimal and effective model, used to classify the IoT botnet attacks. Several experiments were conducted on a public botnet dataset of IoT devices. The evaluation results obtained using holdout and 10-fold cross-validation techniques showed that the proposed approach had a high detection rate using only three out of the 115 data traffic features and improved the overall performance of the IoT botnet attack detection process.

A Night-time Anomaly Detection System of Hog Activities Based on Passive Infrared Detector

2019 ◽  
Vol 35 (4) ◽  
pp. 481-493 ◽  
Author(s):  
Y. Cai ◽  
Li Ma ◽  
Gang Liu
Keyword(s):  
Anomaly Detection ◽  
Daily Activity ◽  
Detection System ◽  
Infrared Detector ◽  
Storage System ◽  
Time Data ◽  
Night Time ◽  
Labview Software ◽  
Abnormal Behaviors ◽  
Passive Infrared

Abstract. The amount of daily activity can be used as important data for the analysis and evaluation of the health, diseases, and environmental conditions of hog farms, which in turn can affect fertility rate and productivity. In this article, a monitoring system based on a passive infrared detector (PID) is proposed to analyze daily hog activity and abnormal behaviors. The hardware includes a high-accuracy acquisition system, which uses a 24-bit ADS1256 chip as its A/D conversion and signal input channel, and a PID, which ensures that the signal can be obtained uninterruptedly day and night. Based on the LabVIEW software platform, a real-time data acquisition, display, and storage system was programmed in which the activity curve can be displayed, and the system parameters can be modified if necessary. A simulation experiment was performed in a test laboratory (7 × 17 m) with a larger size than a typical hog room (7 × 15 m), and the appropriate orientation of the sensor, the installed position, and the lens were selected. Data for 90 days (day and night) were collected in a hog room to establish the model of daily activity. To find the abnormal behaviors during the night, an improved K-means clustering was constructed. The results indicated that the improved K-means clustering method performed satisfactorily in clustering and anomaly detection. The developed system for daily activities monitoring and night-time anomaly detection could be a potential technique to assist research in hog behavior detection and animal welfare improvement. Keywords: Animal activity, Hog, Motion sensor, PID, Signal processing.

scholarly journals A Comprehensive Study of Anomaly Detection Schemes in IoT Networks Using Machine Learning Algorithms

Sensors ◽  
2021 ◽  
Vol 21 (24) ◽  
pp. 8320
Author(s):  
Abebe Diro ◽  
Naveen Chilamkurti ◽  
Van-Doan Nguyen ◽  
Will Heyne
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
Resource Constraints ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Smart Devices ◽  
Detection Systems ◽  
Massive Number ◽  
Iot Devices ◽  
Detection Schemes

The Internet of Things (IoT) consists of a massive number of smart devices capable of data collection, storage, processing, and communication. The adoption of the IoT has brought about tremendous innovation opportunities in industries, homes, the environment, and businesses. However, the inherent vulnerabilities of the IoT have sparked concerns for wide adoption and applications. Unlike traditional information technology (I.T.) systems, the IoT environment is challenging to secure due to resource constraints, heterogeneity, and distributed nature of the smart devices. This makes it impossible to apply host-based prevention mechanisms such as anti-malware and anti-virus. These challenges and the nature of IoT applications call for a monitoring system such as anomaly detection both at device and network levels beyond the organisational boundary. This suggests an anomaly detection system is strongly positioned to secure IoT devices better than any other security mechanism. In this paper, we aim to provide an in-depth review of existing works in developing anomaly detection solutions using machine learning for protecting an IoT system. We also indicate that blockchain-based anomaly detection systems can collaboratively learn effective machine learning models to detect anomalies.

scholarly journals Preventing MQTT Vulnerabilities Using IoT-Enabled Intrusion Detection System

Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 567
Author(s):  
Muhammad Husnain ◽  
Khizar Hayat ◽  
Enrico Cambiaso ◽  
Ubaid U. Fayyaz ◽  
Maurizio Mongelli ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Communication Protocol ◽  
Detection System ◽  
Communication Technologies ◽  
Cyber Attacks ◽  
Iot Security ◽  
Iot Applications ◽  
Iot Devices ◽  
Main Component

The advancement in the domain of IoT accelerated the development of new communication technologies such as the Message Queuing Telemetry Transport (MQTT) protocol. Although MQTT servers/brokers are considered the main component of all MQTT-based IoT applications, their openness makes them vulnerable to potential cyber-attacks such as DoS, DDoS, or buffer overflow. As a result of this, an efficient intrusion detection system for MQTT-based applications is still a missing piece of the IoT security context. Unfortunately, existing IDSs do not provide IoT communication protocol support such as MQTT or CoAP to validate crafted or malformed packets for protecting the protocol implementation vulnerabilities of IoT devices. In this paper, we have designed and developed an MQTT parsing engine that can be integrated with network-based IDS as an initial layer for extensive checking against IoT protocol vulnerabilities and improper usage through a rigorous validation of packet fields during the packet-parsing stage. In addition, we evaluate the performance of the proposed solution across different reported vulnerabilities. The experimental results demonstrate the effectiveness of the proposed solution for detecting and preventing the exploitation of vulnerabilities on IoT protocols.

scholarly journals AN INTELLIGENT MODEL BASED ON DEEP TRANSFER LEARNING FOR DETECTING ANOMALIES IN CYBER-PHYSICAL SYSTEMS

2021 ◽  
pp. 124-132
Author(s):  
L. V. Sukhostat
Keyword(s):  
Anomaly Detection ◽  
Transfer Learning ◽  
Neural Model ◽  
Acoustic Signals ◽  
Cyber Physical Systems ◽  
Gradient Boosting ◽  
Industrial Equipment ◽  
Physical Systems ◽  
Extreme Gradient Boosting ◽  
Boosting Algorithm

Context. The problem of detecting anomalies from signals of cyber-physical systems based on spectrogram and scalogram images is considered. The object of the research is complex industrial equipment with heterogeneous sensory systems of different nature.  Objective. The goal of the work is the development of a method for signal anomalies detection based on transfer learning with the extreme gradient boosting algorithm. Method. An approach based on transfer learning and the extreme gradient boosting algorithm, developed for detecting anomalies in acoustic signals of cyber-physical systems, is proposed. Little research has been done in this area, and therefore various pre-trained deep neural model architectures have been studied to improve anomaly detection. Transfer learning uses weights from a deep neural model, pre-trained on a large dataset, and can be applied to a small dataset to provide convergence without overfitting. The classic approach to this problem usually involves signal processing techniques that extract valuable information from sensor data. This paper performs an anomaly detection task using a deep learning architecture to work with acoustic signals that are preprocessed to produce a spectrogram and scalogram. The SPOCU activation function was considered to improve the accuracy of the proposed approach. The extreme gradient boosting algorithm was used because it has high performance and requires little computational resources during the training phase. This algorithm can significantly improve the detection of anomalies in industrial equipment signals. Results. The developed approach is implemented in software and evaluated for the anomaly detection task in acoustic signals of cyber-physical systems on the MIMII dataset. Conclusions. The conducted experiments have confirmed the efficiency of the proposed approach and allow recommending it for practical use in diagnosing the state of industrial equipment. Prospects for further research may lie in the application of ensemble approaches based on transfer learning to various real datasets to improve the performance and fault-tolerance of cyber-physical systems.

scholarly journals A Genetic-Based Extreme Gradient Boosting Model for Detecting Intrusions in Wireless Sensor Networks

Sensors ◽  
2019 ◽  
Vol 19 (20) ◽  
pp. 4383 ◽  
Author(s):  
Alqahtani ◽  
Gumaei ◽  
Mathkour ◽  
Maher Ben Ismail
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Intrusion Detection ◽  
Cross Validation ◽  
Detection System ◽  
Imbalanced Data ◽  
Wireless Sensor ◽  
Gradient Boosting ◽  
Extreme Gradient Boosting ◽  
Fold Cross Validation

An Intrusion detection system is an essential security tool for protecting services and infrastructures of wireless sensor networks from unseen and unpredictable attacks. Few works of machine learning have been proposed for intrusion detection in wireless sensor networks and that have achieved reasonable results. However, these works still need to be more accurate and efficient against imbalanced data problems in network traffic. In this paper, we proposed a new model to detect intrusion attacks based on a genetic algorithm and an extreme gradient boosting (XGBoot) classifier, called GXGBoost model. The latter is a gradient boosting model designed for improving the performance of traditional models to detect minority classes of attacks in the highly imbalanced data traffic of wireless sensor networks. A set of experiments were conducted on wireless sensor network-detection system (WSN-DS) dataset using holdout and 10 fold cross validation techniques. The results of 10 fold cross validation tests revealed that the proposed approach outperformed the state-of-the-art approaches and other ensemble learning classifiers with high detection rates of 98.2%, 92.9%, 98.9%, and 99.5% for flooding, scheduling, grayhole, and blackhole attacks, respectively, in addition to 99.9% for normal traffic.

Sign in / Sign up

Export Citation Format

Share Document