Intrusion detection in the Internet of Things based on a multilayer combination of misuse and anomaly detection systems
الموضوعات : journal of Artificial Intelligence in Electrical Engineering
Hossein Khosrovifar
1
,
Mohammad Ali Jabraeil Jamali
2
,
Kambiz Majidzadeh
3
,
Mohammad Masdari
4
1 - Department of Computer Engineering, Urmia Branch, Islamic Azad University, Urmia, Iran
2 - Department of Computer Engineering, Shabestar Branch, Islamic Azad University, Shabestar, Iran
3 - Department of Computer Engineering, Urmia Branch, Islamic Azad University, Urmia, Iran.
4 - Islamic Azad University, Urmia Branch
الکلمات المفتاحية: Internet of Things, Intrusion detection, Machin learning, Classifier systems, GMDH neural network.,
ملخص المقالة :
In light of the rapid and insecure growth of devices connected to the Internet of Things (IoT), intrusion detection systems are recognized as one of the effective security mechanisms in this domain. These systems face significant challenges, including vast amounts of data with numerous features and imbalanced distribution, data imbalance, resource limitations, unknown attack detection, and a high rate of false alarms. This paper introduces a new model for developing an intrusion detection system known as Hybrid Multi-Layer System (HMLS), aimed at reducing false alarms and increasing accuracy in detecting both known and unknown attacks. In the proposed method, a dataset collected from network traffic is preprocessed before being fed into a multi-layer classifier that identifies specific categories of attacks at each layer based on a hybrid intrusion detection framework called Hybrid System of Misuse and Anomaly (HSoMA). Simulation results using the NSL-KDD dataset indicate that the proposed method improves evaluation metrics by 5.49%, 1.09%, and 4.5% in terms of Accuracy, Precision, and False Alarm rates compared to previous works.
[1] T. Oh, "Blockchain-Enabled Security Enhancement for IoT Networks: Integrating LEACH Algorithm and Distributed Ledger Technology," Journal of Machine and Computing, 2025.
[2] A. M. Banaamah and I. Ahmad, "Intrusion Detection in IoT Using Deep Learning," Sensors, vol. 22, no. 21, p. 8417, 2022.
[3] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, "Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study," Journal of Information Security and Applications, vol. 50, p. 102419, 2020/02/01/ 2020.
[4] L. Kane, J. Chen, R. Thomas, V. Liu, and M. McKague, "Security and Performance in IoT: A Balancing Act," IEEE Access, vol. PP, pp. 1-1, 07/06 2020.
[5] P. Williams, P. Rojas, and M. Bayoumi, "Security Taxonomy in IoT – A Survey," in 2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS), 2019, pp. 560-565.
[6] M. Hasan, M. Islam, I. Islam, and M. M. A. Hashem, "Attack and Anomaly Detection in IoT Sensors in IoT Sites Using Machine Learning Approaches," p. 100059, 05/20 2019.
[7] H. Lin, Q. Xue, J. Feng, and D. Bai, "Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine," Digital Communications and Networks, vol. 9, no. 1, pp. 111-124, 2023/02/01/ 2023.
[8] N. F. Syed, M. Ge, and Z. Baig, "Fog-cloud based intrusion detection system using Recurrent Neural Networks and feature selection for IoT networks," Computer Networks, vol. 225, p. 109662, 2023/04/01/ 2023.
[9] L. Yi, M. Yin, and M. Darbandi, "A deep and systematic review of the intrusion detection systems in the fog environment," Transactions on Emerging Telecommunications Technologies, vol. 34, no. 1, p. e4632, 2023.
[10] K. Kethineni and G. Pradeepini, "Intrusion detection in internet of things-based smart farming using hybrid deep learning framework," Cluster Computing, 2023/06/03 2023.
[11] I. Alrashdi, A. Alqazzaz, E. Aloufi, R. Alharthi, M. Zohdy, and H. Ming, "AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine Learning," in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), 2019, pp. 0305-0310.
[12] C. A. de Souza, C. B. Westphall, R. B. Machado, J. B. M. Sobral, and G. d. S. Vieira, "Hybrid approach to intrusion detection in fog-based IoT environments," Computer Networks, vol. 180, p. 107417, 2020/10/24/ 2020.
[13] O. AbuAlghanam, H. Alazzam, E. a. Alhenawi, M. Qatawneh, and O. Adwan, "Fusion-based anomaly detection system using modified isolation forest for internet of things," Journal of Ambient Intelligence and Humanized Computing, vol. 14, no. 1, pp. 131-145, 2023/01/01 2023.
[14] S. Hajiheidari, K. Wakil, M. Badri, and N. J. Navimipour, "Intrusion detection systems in the Internet of things: A comprehensive investigation," Computer Networks, vol. 160, pp. 165-191, 2019/09/04/ 2019.
[15] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications, vol. 36, no. 1, pp. 42-57, 2013/01/01/ 2013.
[16] R. G. Bace and P. Mell, "NIST Special Publication on Intrusion Detection Systems," 2001.
[17] P. Hu, S. Dhelim, H. Ning, and T. Qiu, "Survey on fog computing: architecture, key technologies, applications and open issues," Journal of Network and Computer Applications, vol. 98, pp. 27-42, 2017/11/15/ 2017.
[18] Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. 2018.
[19] Q. Niyaz, W. Sun, and A. Y. Javaid, "A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)," EAI Endorsed Trans. Security Safety, vol. 4, p. e2, 2017.
[20] S. Rahman, S. A. Mamun, M. U. Ahmed, and M. S. Kaiser, "PHY/MAC layer attack detection system using neuro-fuzzy algorithm for IoT network," in 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT), 2016, pp. 2531-2536.
[21] E. Hodo et al., "Threat analysis of IoT networks using artificial neural network intrusion detection system," in 2016 International Symposium on Networks, Computers and Communications (ISNCC), 2016, pp. 1-6.
[22] M. Lopez-Martin, B. Carro, A. Sanchez-Esguevillas, and J. Lloret, "Conditional Variational Autoencoder for Prediction and Feature Recovery Applied to Intrusion Detection in IoT," Sensors, vol. 17, no. 9, p. 1967, 2017.
[23] A. A. Diro and N. Chilamkurti, "Distributed attack detection scheme using deep learning approach for Internet of Things," Future Generation Computer Systems, vol. 82, pp. 761-768, 2018/05/01/ 2018.
[24] M. E. Pamukov, V. K. Poulkov, and V. A. Shterev, "Negative Selection and Neural Network Based Algorithm for Intrusion Detection in IoT," in 2018 41st International Conference on Telecommunications and Signal Processing (TSP), 2018, pp. 1-5.
[25] Y. Zhong et al., "HELAD: A novel network anomaly detection model based on heterogeneous ensemble learning," Computer Networks, vol. 169, p. 107049, 2020/03/14/ 2020.
[26] C. A. d. Souza, C. B. Westphall, R. B. Machado, J. B. M. Sobral, and G. d. S. Vieira, "Hybrid approach to intrusion detection in fog-based IoT environments," Comput. Networks, vol. 180, p. 107417, 2020.
[27] K. Atefi, H. Hashim, and T. Khodadadi, A Hybrid Anomaly Classification with Deep Learning (DL) and Binary Algorithms (BA) as Optimizer in the Intrusion Detection System (IDS). 2020, pp. 29-34.
[28] Y. Wu, W. Lee, X. Gong, and H. Wang, "A Hybrid Intrusion Detection Model Combining SAE with Kernel Approximation in Internet of Things," Sensors, vol. 20, p. 5710, 10/08 2020.
[29] T. Wisanwanichthan and M. Thammawichai, "A Double-Layered Hybrid Approach for Network Intrusion Detection System Using Combined Naive Bayes and SVM," IEEE Access, vol. PP, pp. 1-1, 10/06 2021.
[30] B. A. Tama, L. Nkenyereye, S. M. R. Islam, and K. S. Kwak, "An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble," IEEE Access, vol. 8, pp. 24120-24134, 2020.
[31] C. Tang, N. Luktarhan, and Y. Zhao, "SAAE-DNN: Deep Learning Method on Intrusion Detection," Symmetry, vol. 12, no. 10, p. 1695, 2020.
[32] B. Adhi Tama, M. Comuzzi, and K. H. Rhee, "TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-based Intrusion Detection System," IEEE Access, vol. 7, 07/11 2019.
[33] Y. Zhou, G. Cheng, S. Jiang, and M. Dai, "Building an efficient intrusion detection system based on feature selection and ensemble classifier," Computer Networks, vol. 174, p. 107247, 2020/06/19/ 2020.
[34] Y. N. Kunang, S. Nurmaini, D. Stiawan, and B. Y. Suprapto, "Attack classification of an intrusion detection system using deep learning and hyperparameter optimization," Journal of Information Security and Applications, vol. 58, p. 102804, 2021/05/01/ 2021.
[35] Y. Tang, L. Gu, and L. Wang, "Deep Stacking Network for Intrusion Detection," Sensors, vol. 22, p. 25, 12/22 2021.
[36] L. Liu, B. Xu, X. Zhang, and X. Wu, "An intrusion detection method for internet of things based on suppressed fuzzy clustering," EURASIP Journal on Wireless Communications and Networking, vol. 2018, 05/09 2018.
[37] Y. Li et al., "Robust detection for network intrusion of industrial IoT based on multi-CNN fusion," Measurement, vol. 154, p. 107450, 2020/03/15/ 2020.
[38] S. Chatterjee and M. K. Hanawal, "Federated Learning for Intrusion Detection in IoT Security: A Hybrid Ensemble Approach," p. arXiv:2106.15349Accessed on: June 01, 2021Available: https://ui.adsabs.harvard.edu/abs/2021arXiv210615349C
[39] S. D. Bay, D. F. Kibler, M. J. Pazzani, and P. Smyth, "The UCI KDD archive of large data sets for data mining research and experimentation," SIGKDD Explor., vol. 2, pp. 81-85, 2000.
[40] S. Naseer et al., "Enhanced Network Anomaly Detection Based on Deep Neural Networks," IEEE Access, vol. 6, pp. 48231-48246, 2018.
[41] T. Hwang, T.-J. Lee, and Y.-J. Lee, A three-tier IDS via data mining approach. 2007, pp. 1-6.
[42] H. Yao, Q. Wang, L. Wang, P. Zhang, M. Li, and Y. Liu, "An Intrusion Detection Framework Based on Hybrid Multi-Level Data Mining," International Journal of Parallel Programming, vol. 47, no. 4, pp. 740-758, 2019/08/01 2019.
[43] S. J. Farlow, "The GMDH Algorithm of Ivakhnenko," The American Statistician, vol. 35, no. 4, pp. 210-215, 1981.
