scholarly journals An Experimental Analysis of Attack Classification Using Machine Learning in IoT Networks

Sensors ◽  
2021 ◽  
Vol 21 (2) ◽  
pp. 446
Author(s):  
Andrew Churcher ◽  
Rehmat Ullah ◽  
Jawad Ahmad ◽  
Sadaqat ur Rehman ◽  
Fawad Masood ◽  
...  
Keyword(s):  
Machine Learning ◽  
Binary Classification ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Support Vector ◽  
Distributed Denial Of Service ◽  
Detection Systems ◽  
Iot Devices ◽  
Artificial Neural Network Ann ◽  
Multi Class Classification

In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

Prediction, Detection, and Mitigation of DDoS Attacks Using HPCs

2021 ◽  
pp. 523-538
Author(s):  
Pablo Pessoa Do Nascimento ◽  
Isac F. A. F. Colares ◽  
Ronierison Maciel ◽  
Humberto Caetano Da Silva ◽  
Paulo Maciel
Keyword(s):  
Web Service ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Intrusion Prevention ◽  
Detection Systems ◽  
Use Of Data ◽  
Adaptive Architecture

Web service interruptions caused by DDoS (distributed denial of service) attacks have increased considerably over the years, and intrusion detection systems (IDS) are not enough to detect threats on the network, even when used together with intrusion prevention systems (IPS), taking into account the increase of assets in the traffic path, where it creates unique points of failure in the system, and also taking into account the use of data that contains information about normal traffic situations and attacks, where this comparison and analysis can cost a significant amount of host resources, to try to guarantee the prediction, detection, and mitigation of attacks in real-time or in time between detection and mitigation, being crucial in harm reduction. This chapter presents an adaptive architecture that combines techniques, methods, and tools from different segments to improve detection accuracy as well as the prediction and mitigation of these threats and to show that it is capable of implementing a powerful architecture against this type of threat, DDoS attacks.

scholarly journals Recent Advancements in Intrusion Detection Systems for the Internet of Things

2019 ◽  
Vol 2019 ◽  
pp. 1-19 ◽  
Author(s):  
Zeeshan Ali Khan ◽  
Peter Herrmann
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Ad Hoc ◽  
Denial Of Service ◽  
Research Work ◽  
Intrusion Detection Systems ◽  
Future Research ◽  
Detection Systems ◽  
Iot Applications ◽  
Iot Devices

Many Internet of Things (IoT) systems run on tiny connected devices that have to deal with severe processor and energy restrictions. Often, the limited processing resources do not allow the use of standard security mechanisms on the nodes, making IoT applications quite vulnerable to different types of attacks. This holds particularly for intrusion detection systems (IDS) that are usually too resource-heavy to be handled by small IoT devices. Thus, many IoT systems are not sufficiently protected against typical network attacks like Denial-of-Service (DoS) and routing attacks. On the other side, IDSs have already been successfully used in adjacent network types like Mobile Ad hoc Networks (MANET), Wireless Sensor Networks (WSN), and Cyber-Physical Systems (CPS) which, in part, face limitations similar to those of IoT applications. Moreover, there is research work ongoing that promises IDSs that may better fit to the limitations of IoT devices. In this article, we will give an overview about IDSs suited for IoT networks. Besides looking on approaches developed particularly for IoT, we introduce also work for the three similar network types mentioned above and discuss if they are also suitable for IoT systems. In addition, we present some suggestions for future research work that could be useful to make IoT networks more secure.

scholarly journals The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽  
2020 ◽  
Vol 20 (9) ◽  
pp. 2559 ◽  
Author(s):  
Celestine Iwendi ◽  
Suleman Khan ◽  
Joseph Henry Anajemba ◽  
Mohit Mittal ◽  
Mamdouh Alenezi ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Detection System ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Ensemble Models ◽  
Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

scholarly journals Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture

Sensors ◽  
2020 ◽  
Vol 20 (16) ◽  
pp. 4372 ◽  
Author(s):  
Yan Naung Soe ◽  
Yaokai Feng ◽  
Paulus Insap Santosa ◽  
Rudy Hartanto ◽  
Kouichi Sakurai
Keyword(s):  
Machine Learning ◽  
High Performance ◽  
Detection System ◽  
Rapid Development ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Detection Systems ◽  
Iot Devices ◽  
Artificial Neural Network Ann ◽  
Feature Selection Approach

With the rapid development and popularization of Internet of Things (IoT) devices, an increasing number of cyber-attacks are targeting such devices. It was said that most of the attacks in IoT environments are botnet-based attacks. Many security weaknesses still exist on the IoT devices because most of them have not enough memory and computational resource for robust security mechanisms. Moreover, many existing rule-based detection systems can be circumvented by attackers. In this study, we proposed a machine learning (ML)-based botnet attack detection framework with sequential detection architecture. An efficient feature selection approach is adopted to implement a lightweight detection system with a high performance. The overall detection performance achieves around 99% for the botnet attack detection using three different ML algorithms, including artificial neural network (ANN), J48 decision tree, and Naïve Bayes. The experiment result indicates that the proposed architecture can effectively detect botnet-based attacks, and also can be extended with corresponding sub-engines for new kinds of attacks.

scholarly journals A simulation work for generating a novel dataset to detect distributed denial of service attacks on Vehicular Ad hoc NETwork systems

2021 ◽  
Vol 17 (3) ◽  
pp. 155014772110002
Author(s):  
Fahd A Alhaidari ◽  
Alia Mohammed Alrehan
Keyword(s):  
Machine Learning ◽  
Ad Hoc Network ◽  
Ad Hoc ◽  
Denial Of Service ◽  
Vehicular Ad Hoc Network ◽  
Traffic Density ◽  
Support Vector ◽  
Denial Of Service Attacks ◽  
Distributed Denial Of Service ◽  
Network Systems

Vehicular Ad hoc NETwork is a promising technology providing important facilities for modern transportation systems. It has garnered much interest from researchers studying the mitigation of attacks including distributed denial of service attacks. Machine learning techniques, which mainly rely on the quality of the datasets used, play a role in detecting many attacks with a high level of accuracy. We conducted a comprehensive literature review and found many limitations on the datasets available for distributed denial of service attacks on Vehicular Ad hoc NETwork including the following: unavailability of online versions, an absence of distributed denial of service traffic, unrepresentative of Vehicular Ad hoc NETwork, and no information regarding the network configurations. Therefore, in this article, we proposed a novel simulation technique to generate a valid dataset called Vehicular Ad hoc NETwork distributed denial of service dataset, which is dedicated to Vehicular Ad hoc NETworks. Vehicular Ad hoc NETwork distributed denial of service dataset holds information on distributed denial of service attack traffic considering Vehicular Ad hoc NETwork architecture, traffic density, attack intensity, and nodes mobility. Well-known simulation tools such as SUMO, OMNeT++, Veins, and INET were used to ensure that all the properties of Vehicular Ad hoc NETwork have been captured. We then compared Vehicular Ad hoc NETwork distributed denial of service dataset with several studies to prove its novelty and evaluated the dataset using several machine learning models. We confirmed that studied models using this dataset achieved high accuracy above 99.5% except support-vector machine that achieved 97.3%.

scholarly journals Machine Learning Solutions for Analysis and Detection of DDoS Attacks in Cloud Computing Environment

2020 ◽  
Vol 9 (3) ◽  
pp. 2205-2209
Keyword(s):  
Machine Learning ◽  
Cloud Computing ◽  
Intrusion Detection ◽  
Detection System ◽  
Denial Of Service ◽  
Anomalous Behavior ◽  
Support Vector ◽  
Cloud Computing Environment ◽  
Detection Systems ◽  
Computing Environments

Distributed denial of service is a critical threat that is responsible for halting the normal functionality of services in cloud computing environments. Distributing Denial of Service attacks is categorized in the level of crucial attacks that undermine the network's functionality. These attacks have become sophisticated and continue to grow rapidly, and it has become a challenging task to detect and address these attacks. There is a need for Intelligent Intrusion detection systems that can classify and detect anomalous behavior in network traffic. This research was performed on the cloudstack environment using Tor Hammer as an attacking mechanism, and the Intrusion Detection System produced a new dataset. This analysis incorporates numerous algorithms of machine learning: k-means, decision tree, Random Forest, Naïve Bayes, Support Vector Machine and C4.5

scholarly journals ANOMALY DETECTION USING MACHINE LEARNING APPROACHES

2020 ◽  
Vol 3 (2) ◽  
pp. 196-206
Author(s):  
Mausumi Das Nath ◽  
◽  
Tapalina Bhattasali
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Vital Role ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Abnormal Behavior ◽  
Support Vector ◽  
Learning Approaches ◽  
Detection Systems ◽  
Internet Users

Due to the enormous usage of the Internet, users share resources and exchange voluminous amounts of data. This increases the high risk of data theft and other types of attacks. Network security plays a vital role in protecting the electronic exchange of data and attempts to avoid disruption concerning finances or disrupted services due to the unknown proliferations in the network. Many Intrusion Detection Systems (IDS) are commonly used to detect such unknown attacks and unauthorized access in a network. Many approaches have been put forward by the researchers which showed satisfactory results in intrusion detection systems significantly which ranged from various traditional approaches to Artificial Intelligence (AI) based approaches.AI based techniques have gained an edge over other statistical techniques in the research community due to its enormous benefits. Procedures can be designed to display behavior learned from previous experiences. Machine learning algorithms are used to analyze the abnormal instances in a particular network. Supervised learning is essential in terms of training and analyzing the abnormal behavior in a network. In this paper, we propose a model of Naïve Bayes and SVM (Support Vector Machine) to detect anomalies and an ensemble approach to solve the weaknesses and to remove the poor detection results

scholarly journals Empirical Evaluation of Noise Influence on Supervised Machine Learning Algorithms Using Intrusion Detection Datasets

2021 ◽  
Vol 2021 ◽  
pp. 1-28
Author(s):  
Khalid M. Al-Gethami ◽  
Mousa T. Al-Akhras ◽  
Mohammed Alawairdhi
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Extreme Values ◽  
Empirical Evaluation ◽  
Machine Learning Algorithms ◽  
Supervised Machine Learning ◽  
Intrusion Detection Systems ◽  
Support Vector ◽  
Detection Systems ◽  
Ensembles Of Classifiers

Optimizing the detection of intrusions is becoming more crucial due to the continuously rising rates and ferocity of cyber threats and attacks. One of the popular methods to optimize the accuracy of intrusion detection systems (IDSs) is by employing machine learning (ML) techniques. However, there are many factors that affect the accuracy of the ML-based IDSs. One of these factors is noise, which can be in the form of mislabelled instances, outliers, or extreme values. Determining the extent effect of noise helps to design and build more robust ML-based IDSs. This paper empirically examines the extent effect of noise on the accuracy of the ML-based IDSs by conducting a wide set of different experiments. The used ML algorithms are decision tree (DT), random forest (RF), support vector machine (SVM), artificial neural networks (ANNs), and Naïve Bayes (NB). In addition, the experiments are conducted on two widely used intrusion datasets, which are NSL-KDD and UNSW-NB15. Moreover, the paper also investigates the use of these ML algorithms as base classifiers with two ensembles of classifiers learning methods, which are bagging and boosting. The detailed results and findings are illustrated and discussed in this paper.

scholarly journals A System to automate the development of anomaly-based network intrusion detection model

2021 ◽  
Vol 2089 (1) ◽  
pp. 012006
Author(s):  
B Padmaja ◽  
K Sai Sravan ◽  
E Krishna Rao Patro ◽  
G Chandra Sekhar
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Real Time ◽  
Network Traffic ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Support Vector ◽  
The Internet ◽  
Detection Systems ◽  
Network Intrusion

Abstract Cyber security is the major concern in today’s world. Over the past couple of decades, the internet has grown to such an extent that almost every individual living on this planet has the access to the internet today. This can be viewed as one of the major achievements in the human race, but on the flip side of the coin, this gave rise to a lot of security issues for every individual or the company that is accessing the web through the internet. Hackers have become active and are always monitoring the networks to grab every possible opportunity to attack a system and make the best fortune out of its vulnerabilities. To safeguard people’s and organization’s privacy in this cyberspace, different network intrusion detection systems have been developed to detect the hacker’s presence in the networks. These systems fall under signature based and anomaly based intrusion detection systems. This paper deals with using anomaly based intrusion detection technique to develop an automation system to both train and test supervised machine learning models, which is developed to classify real time network traffic as to whether it is malicious or not. Currently the best models by considering both detection success rate and the false positives rate are Artificial Neural Networks(ANN) followed by Support Vector Machines(SVM). In this paper, it is verified that Artificial Neural Network (ANN) based machine learning with wrapper feature selection outperforms support vector machine (SVM) technique while classifying network traffic as harmful or harmless. Initially to evaluate the performance of the system, NSL-KDD dataset is used to train and test the SVM and ANN models and finally classify real time network traffic using these models. This system can be used to carry out model building automatically on the new datasets and also for classifying the behaviour of the provided dataset without having to code.

Sign in / Sign up

Export Citation Format

Share Document