IoT Intrusion Detection Using Machine Learning with a Novel High Performing Feature Selection Method

Cao B., Li C., Song Y., Qin Y., Chen C.

A network intrusion detection model that fuses a convolutional neural network and a gated recurrent unit is proposed to address the problems associated with the low accuracy of existing intrusion detection models for the multiple classification of intrusions and low accuracy of class imbalance data detection. In this model, a hybrid sampling algorithm combining Adaptive Synthetic Sampling (ADASYN) and Repeated Edited nearest neighbors (RENN) is used for sample processing to solve the problem of positive and negative sample imbalance in the original dataset. The feature selection is carried out by combining Random Forest algorithm and Pearson correlation analysis to solve the problem of feature redundancy. Then, the spatial features are extracted by using a convolutional neural network, and further extracted by fusing Averagepooling and Maxpooling, using attention mechanism to assign different weights to the features, thus reducing the overhead and improving the model performance. At the same time, a Gated Recurrent Unit (GRU) is used to extract the long-distance dependent information features to achieve comprehensive and effective feature learning. Finally, a softmax function is used for classification. The proposed intrusion detection model is evaluated based on the UNSW_NB15, NSL-KDD, and CIC-IDS2017 datasets, and the experimental results show that the classification accuracy reaches 86.25%, 99.69%, 99.65%, which are 1.95%, 0.47% and 0.12% higher than that of the same type of CNN-GRU, and can solve the problems of low classification accuracy and class imbalance well.

Fu Y., Du Y., Cao Z., Li Q., Xiang W.

With an increase in the number and types of network attacks, traditional firewalls and data encryption methods can no longer meet the needs of current network security. As a result, intrusion detection systems have been proposed to deal with network threats. The current mainstream intrusion detection algorithms are aided with machine learning but have problems of low detection rates and the need for extensive feature engineering. To address the issue of low detection accuracy, this paper proposes a model for traffic anomaly detection named a deep learning model for network intrusion detection (DLNID), which combines an attention mechanism and the bidirectional long short-term memory (Bi-LSTM) network, first extracting sequence features of data traffic through a convolutional neural network (CNN) network, then reassigning the weights of each channel through the attention mechanism, and finally using Bi-LSTM to learn the network of sequence features. In intrusion detection public data sets, there are serious imbalance data generally. To address data imbalance issues, this paper employs the method of adaptive synthetic sampling (ADASYN) for sample expansion of minority class samples, to eventually form a relatively symmetric dataset, and uses a modified stacked autoencoder for data dimensionality reduction with the objective of enhancing information fusion. DLNID is an end-to-end model, so it does not need to undergo the process of manual feature extraction. After being tested on the public benchmark dataset on network intrusion detection NSL-KDD, experimental results show that the accuracy and F1 score of this model are better than those of other comparison methods, reaching 90.73% and 89.65%, respectively.

Imrana Y., Xiang Y., Ali L., Abdul-Rauf Z., Hu Y., Kadry S., Lim S.

In a network architecture, an intrusion detection system (IDS) is one of the most commonly used approaches to secure the integrity and availability of critical assets in protected systems. Many existing network intrusion detection systems (NIDS) utilize stand-alone classifier models to classify network traffic as an attack or as normal. Due to the vast data volume, these stand-alone models struggle to reach higher intrusion detection rates with low false alarm rates( FAR). Additionally, irrelevant features in datasets can also increase the running time required to develop a model. However, data can be reduced effectively to an optimal feature set without information loss by employing a dimensionality reduction method, which a classification model then uses for accurate predictions of the various network intrusions. In this study, we propose a novel feature-driven intrusion detection system, namely χ2-BidLSTM, that integrates a χ2 statistical model and bidirectional long short-term memory (BidLSTM). The NSL-KDD dataset is used to train and evaluate the proposed approach. In the first phase, the χ2-BidLSTM system uses a χ2 model to rank all the features, then searches an optimal subset using a forward best search algorithm. In next phase, the optimal set is fed to the BidLSTM model for classification purposes. The experimental results indicate that our proposed χ2-BidLSTM approach achieves a detection accuracy of 95.62% and an F-score of 95.65%, with a low FAR of 2.11% on NSL-KDDTest+. Furthermore, our model obtains an accuracy of 89.55%, an F-score of 89.77%, and an FAR of 2.71% on NSL-KDDTest−21, indicating the superiority of the proposed approach over the standard LSTM method and other existing feature-selection-based NIDS methods.

de Souza C.A., Westphall C.B., Machado R.B.

Due to Internet of Things devices resource limitations, security often does not receive enough attention. Intrusion detection approaches are important for identifying attacks and taking appropriate countermeasures for each specific threat. This work presents a two-step approach for intrusion detection and identification. The first step performs a traffic analysis with an Extra Tree binary classifier . Events detected as intrusive are analyzed in the second stage by an ensemble approach consisting of Extra Tree, Random Forest, and Deep Neural Network . An extensive evaluation was performed with the Bot-IoT, IoTID20, NSL-KDD, and CICIDS2018 intrusion datasets. The experiments demonstrated that the proposed approach could achieve similar or superior performance to other machine learning techniques and state-of-the-art approaches in all databases, demonstrating the robustness of the proposed approach.

Iliyasu A.S., Abdurrahman U.A., Zheng L.

Recently, intrusion detection methods based on supervised deep learning techniques (DL) have seen widespread adoption by the research community, as a result of advantages, such as the ability to learn useful feature representations from input data without excessive manual intervention. However, these techniques require large amounts of data to generalize well. Collecting a large-scale malicious sample is non-trivial, especially in the modern day with its constantly evolving landscape of cyber-threats. On the other hand, collecting a few-shot of malicious samples is more realistic in practical settings, as in cases such as zero-day attacks, where security agents are only able to intercept a limited number of such samples. Hence, intrusion detection methods based on few-shot learning is emerging as an alternative to conventional supervised learning approaches to simulate more realistic settings. Therefore, in this paper, we propose a novel method that leverages discriminative representation learning with a supervised autoencoder to achieve few-shot intrusion detection. Our approach is implemented in two stages: we first train a feature extractor model with known classes of malicious samples using a discriminative autoencoder, and then in the few-shot detection stage, we use the trained feature extractor model to fit a classifier with a few-shot examples of the novel attack class. We are able to achieve detection rates of 99.5% and 99.8% for both the CIC-IDS2017 and NSL-KDD datasets, respectively, using only 10 examples of an unseen attack.

Kareem S.S., Mostafa R.R., Hashim F.A., El-Bakry H.M.

The increasing use of Internet of Things (IoT) applications in various aspects of our lives has created a huge amount of data. IoT applications often require the presence of many technologies such as cloud computing and fog computing, which have led to serious challenges to security. As a result of the use of these technologies, cyberattacks are also on the rise because current security methods are ineffective. Several artificial intelligence (AI)-based security solutions have been presented in recent years, including intrusion detection systems (IDS). Feature selection (FS) approaches are required for the development of intelligent analytic tools that need data pretreatment and machine-learning algorithm-performance enhancement. By reducing the number of selected features, FS aims to improve classification accuracy. This article presents a new FS method through boosting the performance of Gorilla Troops Optimizer (GTO) based on the algorithm for bird swarms (BSA). This BSA is used to boost performance exploitation of GTO in the newly developed GTO-BSA because it has a strong ability to find feasible regions with optimal solutions. As a result, the quality of the final output will increase, improving convergence. GTO-BSA’s performance was evaluated using a variety of performance measures on four IoT-IDS datasets: NSL-KDD, CICIDS-2017, UNSW-NB15 and BoT-IoT. The results were compared to those of the original GTO, BSA, and several state-of-the-art techniques in the literature. According to the findings of the experiments, GTO-BSA had a better convergence rate and higher-quality solutions.

Carrera F., Dentamaro V., Galantucci S., Iannacone A., Impedovo D., Pirlo G.

The 0-day attack is a cyber-attack based on vulnerabilities that have not yet been published. The detection of anomalous traffic generated by such attacks is vital, as it can represent a critical problem, both in a technical and economic sense, for a smart enterprise as for any system largely dependent on technology. To predict this kind of attack, one solution can be to use unsupervised machine learning approaches, as they guarantee the detection of anomalies regardless of their prior knowledge. It is also essential to identify the anomalous and unknown behaviors that occur within a network in near real-time. Three different approaches have been proposed and benchmarked in exactly the same condition: Deep Autoencoding with GMM and Isolation Forest, Deep Autoencoder with Isolation Forest, and Memory Augmented Deep Autoencoder with Isolation Forest. These approaches are thus the result of combining different unsupervised algorithms. The results show that the addition of the Isolation Forest improves the accuracy values and increases the inference time, although this increase does not represent a relevant problematic factor. This paper also explains the features that the various models consider most important for classifying an event as an attack using the explainable artificial intelligence methodology called Shapley Additive Explanations (SHAP). Experiments were conducted on KDD99, NSL-KDD, and CIC-IDS2017 datasets.

Soleymanzadeh R., Aljasim M., Qadeer M.W., Kashef R.

Smart devices are used in the era of the Internet of Things (IoT) to provide efficient and reliable access to services. IoT technology can recognize comprehensive information, reliably deliver information, and intelligently process that information. Modern industrial systems have become increasingly dependent on data networks, control systems, and sensors. The number of IoT devices and the protocols they use has increased, which has led to an increase in attacks. Global operations can be disrupted, and substantial economic losses can be incurred due to these attacks. Cyberattacks have been detected using various techniques, such as deep learning and machine learning. In this paper, we propose an ensemble staking method to effectively reveal cyberattacks in the IoT with high performance. Experiments were conducted on three different datasets: credit card, NSL-KDD, and UNSW datasets. The proposed stacked ensemble classifier outperformed the individual base model classifiers.

Heigl M., Weigelt E., Fiala D., Schramm M.

Over the past couple of years, machine learning methods—especially the outlier detection ones—have anchored in the cybersecurity field to detect network-based anomalies rooted in novel attack patterns. However, the ubiquity of massive continuously generated data streams poses an enormous challenge to efficient detection schemes and demands fast, memory-constrained online algorithms that are capable to deal with concept drifts. Feature selection plays an important role when it comes to improve outlier detection in terms of identifying noisy data that contain irrelevant or redundant features. State-of-the-art work either focuses on unsupervised feature selection for data streams or (offline) outlier detection. Substantial requirements to combine both fields are derived and compared with existing approaches. The comprehensive review reveals a research gap in unsupervised feature selection for the improvement of outlier detection methods in data streams. Thus, a novel algorithm for Unsupervised Feature Selection for Streaming Outlier Detection, denoted as UFSSOD, will be proposed, which is able to perform unsupervised feature selection for the purpose of outlier detection on streaming data. Furthermore, it is able to determine the amount of top-performing features by clustering their score values. A generic concept that shows two application scenarios of UFSSOD in conjunction with off-the-shell online outlier detection algorithms has been derived. Extensive experiments have shown that a promising feature selection mechanism for streaming data is not applicable in the field of outlier detection. Moreover, UFSSOD, as an online capable algorithm, yields comparable results to a state-of-the-art offline method trimmed for outlier detection.

Balogh S., Gallo O., Ploszek R., Špaček P., Zajac P.

Internet of Things connects the physical and cybernetic world. As such, security issues of IoT devices are especially damaging and need to be addressed. In this treatise, we overview current security issues of IoT with the perspective of future threats. We identify three main trends that need to be specifically addressed: security issues of the integration of IoT with cloud and blockchains, the rapid changes in cryptography due to quantum computing, and finally the rise of artificial intelligence and evolution methods in the scope of security of IoT. We give an overview of the identified threats and propose solutions for securing the IoT in the future.

Alrubayyi H., Goteng G., Jaber M., Kelly J.

The fast growth of the Internet of Things (IoT) and its diverse applications increase the risk of cyberattacks, one type of which is malware attacks. Due to the IoT devices’ different capabilities and the dynamic and ever-evolving environment, applying complex security measures is challenging, and applying only basic security standards is risky. Artificial Immune Systems (AIS) are intrusion-detecting algorithms inspired by the human body’s adaptive immune system techniques. Most of these algorithms imitate the human’s body B-cell and T-cell defensive mechanisms. They are lightweight, adaptive, and able to detect malware attacks without prior knowledge. In this work, we review the recent advances in employing AIS for the improved detection of malware in IoT networks. We present a critical analysis that highlights the limitations of the state-of-the-art in AIS research and offer insights into promising new research directions.

Siddiqi M.A., Pak W.

Detecting intrusion in network traffic has remained a problematic task for years. Progress in the field of machine learning is paving the way for enhancing intrusion detection systems. Due to this progress intrusion detection has become an integral part of network security. Intrusion detection has achieved high detection accuracy with the help of supervised machine learning methods. A key factor in enhancing the performance of supervised classifiers is how data is augmented for training the classification model. Data in real-world networks or publicly available datasets are not always normally (Gaussian) distributed. Instead, the distributions of variables are more likely to be skewed. To achieve a high detection rate, data normalization or transformation plays an important role for machine learning-based intrusion detection systems. Several methods are available to normalize the attributes of the data before training a classification model. However, opting for the most suitable normalization technique is still a questionable task. In this paper, a statistical method is proposed that can identify the most suitable normalization method for the dataset. The normalization method identified by the proposed approach gives the highest accuracy for an intrusion detection system. To highlight the efficiency of the proposed method, five different datasets were used with two different feature selection methods. The datasets belong to both Internet of things and traditional network environments. The proposed method is also able to identify hybrid normalizations to achieve even improved intrusion detection results.

Wisanwanichthan T., Thammawichai M.

A pattern matching method (signature-based) is widely used in basic network intrusion detection systems (IDS). A more robust method is to use a machine learning classifier to detect anomalies and unseen attacks. However, a single machine learning classifier is unlikely to be able to accurately detect all types of attacks, especially uncommon attacks e.g., Remote2Local (R2L) and User2Root (U2R) due to a large difference in the patterns of attacks. Thus, a hybrid approach offers more promising performance. In this paper, we proposed a Double-Layered Hybrid Approach (DLHA) designed specifically to address the aforementioned problem. We studied common characteristics of different attack categories by creating Principal Component Analysis (PCA) variables that maximize variance from each attack type, and found that R2L and U2R attacks have similar behaviour to normal users. DLHA deploys Naive Bayes classifier as Layer 1 to detect DoS and Probe, and adopts SVM as Layer 2 to distinguish R2L and U2R from normal instances. We compared our work with other published research articles using the NSL-KDD data set. The experimental results suggest that DLHA outperforms several existing state-of-the-art IDS techniques, and is significantly better than any single machine learning classifier by large margins. DLHA also displays an outstanding performance in detecting rare attacks by obtaining a detection rate of 96.67% and 100% from R2L and U2R respectively.

Albulayhi K., Smadi A.A., Sheldon F.T., Abercrombie R.K.

This paper surveys the deep learning (DL) approaches for intrusion-detection systems (IDSs) in Internet of Things (IoT) and the associated datasets toward identifying gaps, weaknesses, and a neutral reference architecture. A comparative study of IDSs is provided, with a review of anomaly-based IDSs on DL approaches, which include supervised, unsupervised, and hybrid methods. All techniques in these three categories have essentially been used in IoT environments. To date, only a few have been used in the anomaly-based IDS for IoT. For each of these anomaly-based IDSs, the implementation of the four categories of feature(s) extraction, classification, prediction, and regression were evaluated. We studied important performance metrics and benchmark detection rates, including the requisite efficiency of the various methods. Four machine learning algorithms were evaluated for classification purposes: Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), and an Artificial Neural Network (ANN). Therefore, we compared each via the Receiver Operating Characteristic (ROC) curve. The study model exhibits promising outcomes for all classes of attacks. The scope of our analysis examines attacks targeting the IoT ecosystem using empirically based, simulation-generated datasets (namely the Bot-IoT and the IoTID20 datasets).

Abu Al-Haija Q., Ishtaiwi A.

Badar A.U., Mahmood D., Iqbal A., Kim S.W., Akleylek S., Cengiz K., Nauman A.

Uncrewed Aerial Vehicles (UAVs) are frequently utilized in several domains such as transportation, distribution, monitoring, and aviation. A significant security vulnerability is the Global Positioning System (GPS) Spoofing attack, wherein the assailant deceives the GPS receiver by transmitting counterfeit signals, thereby gaining control of the UAV. This can result in the UAV being captured or, in certain instances, destroyed. Numerous strategies have been presented to identify counterfeit GPS signals. Although there have been notable advancements in machine learning (ML) for detecting GPS spoofing attacks, there are still challenges and limitations in the current state-of-the-art research. These include imbalanced datasets, sub-optimal feature selection, and the accuracy of attack detection in resource-constrained environments. The proposed framework investigates the optimal pairing of feature selection (FS) methodologies and deep learning techniques for detecting GPS spoofing attacks on UAVs. The primary objective of this study is to address the challenges associated with detecting GPS spoofing attempts in UAVs. The study focuses on tackling the issue of imbalanced datasets by implementing rigorous oversampling techniques. To do this, a comprehensive approach is proposed that combines advanced feature selection techniques with powerful neural network (NN) architectures. The selected attributes from this process are then transmitted to the succeeding tiers of a hybrid NN, which integrates convolutional neural network (CNN) and bidirectional long short-term memory (BiLSTM) components. The Analysis of Variance (ANOVA) + CNN-BiLSTM hybrid model demonstrates superior performance, producing exceptional results with a precision of 98.84%, accuracy of 99.25%, F1 score of 99.26%, and recall of 99.69%. The proposed hybrid model for detecting GPS spoofing attacks exhibits significant improvements in terms of prediction accuracy, true positive and false positive rates, as well as F1 score and recall values.

Sheheryar M.A., Sharma S.

ABSTRACTThe Internet of Things (IoT) has revolutionized how people involve with technological innovations. However, this development has also brought up significant security concerns. The increasing number of IoT attacks poses a serious risk to individuals and businesses equally. In response, this article introduces an ensemble feature engineering method for effective feature selection, based on a systematic behavioral analysis by means of artificial intelligence. This method identifies and highlights the most relevant features from IoT botnet dataset, facilitating accurate detection of both malicious and benign traffic. To detect IoT botnet attacks, the ensemble feature engineering method incorporates distinct approaches, including a genetic algorithm‐based genetic approach, filter selection methods such as mutual information, LASSO regularization, and forward‐backward search. A merger approach then combines these results, addressing redundancy and irrelevance. As well, a wrapper algorithm called recursive feature removal is applied to further refine the feature selection process. The effectiveness of the selected feature set is validated by means of deep learning algorithms (CNN, RNN, LSTM, and GRU) rooted in artificial intelligence, and applied to the IoT‐Botnet 2020 dataset. Results demonstrate encouraging performance, with precision between 97.88% and 98.99%, recall scores between 99.10% and 99.95%, detection accuracy between 98.05% and 99.21%, and an F1‐score ranging from 98.45% to 99.82%. Moreover, the ensemble feature engineering approach achieved precision of 98.26%, recall score of 99.68%, detection accuracy of 98.49%, F1‐measure of 99.00%, an AUC‐ROC of 82.37% and specificity of 98.38%. These outcomes highlight the method's robust performance in identifying both malicious and benign IoT botnet traffic.

Pinar M., Aktas A., Ulku E.E.

Umar M.A., Chen Z., Shuaib K., Liu Y.

Rreddy M.V., Lathigara A., Reddy M.K.

The ubiquity of Internet of Things (IoT) gadgets in smart homes has transformed our interactions with our living environments by providing never-before-seen levels of automation and convenience. However, because IoT devices are becoming possible targets for malicious attacks, this broad connectivity also poses serious security risks. Ensuring the privacy, safety, and integrity of smart home ecosystems requires prompt detection and mitigation of these threats. Data from IoT devices is gathered, pre-processed, feature engineered, labelled, and divided into training, validation, and testing sets as part of a machine learning method to threat detection in smart home IoT networks. The process of choosing and training appropriate machine learning models—which can include everything from classification techniques to anomaly detection algorithms—is crucial. Methods are surveyed to review different types of cyber-attacks, such as denial-of-service (DoS), distributed denial-of-service (DDoS), probing, user-to-root (U2R), remote-to-local (R2L), botnet attack, spoofing, and man-in-the-middle (MITM) attacks. To protect user information, data anonymization and encryption techniques are used with privacy considerations. Another strategy that has been put forth aims to improve the security of IoT networks in smart homes by providing a strong defence against new threats and equipping users with the information and resources they need to keep their connected world safe. To provide a full overview of the numerous advancements in this field, a list of all works published in the literature to date is incorporated. Lastly, the study also includes suggestions for future research directions.

Walling S., Lodh S.

ABSTRACTThe Internet of Things (IoT) has transformed technology interactions by connecting devices and facilitating information exchange. However, IoT's interconnectivity presents significant security challenges, including network security, device vulnerabilities, data confidentiality, and authentication. Many IoT devices lack strong security measures, making them susceptible to misuse. Additionally, privacy concerns arise due to sensitive data storage. Solutions such as secure authentication, encryption, and encrypted communication are vital. Intrusion detection systems (IDS) play a crucial role in proactively protecting networks, yet they encounter significant challenges in identifying new intrusions and minimizing false alarms. To tackle these issues, researchers have developed IDS systems that leverage machine learning (ML) and deep learning (DL) techniques. This survey article not only provides an in‐depth analysis of current IoT IDS but also summarizes the techniques, deployment strategies, validation methods, and datasets commonly used in the development of these systems. A thorough analysis of modern Network Intrusion Detection System (NIDS) publications is also included, which evaluates, examines, and contrasts NIDS approaches in the context of the IoT with regard to its architecture, detection methods, and validation strategies, dangers that have been addressed, and deployed algorithms setting it apart from earlier surveys that predominantly concentrate on traditional systems. We concentrate on IoT NIDS implemented by ML and DL in this survey given that learning algorithms have an excellent track record for success in security and privacy. The study, in our opinion, will be beneficial for academic and industrial research in identifying IoT dangers and problems, in implementing their own NIDS and in proposing novel innovative techniques in an IoT context while taking IoT limits into consideration.

Adeyemi T., Ngobigha F., Ez-Zizi A.

Alamareen A.B., Al-Mashagbeh M.H., Abuasal S., Hussein A.S.

Over the past 10 years, the Internet of Things (IoT) has become more significant and is currently being utilized in a number of research and development areas, such as smart cities and homes, health, industry, agriculture, security, and surveillance. IoT systems, sensors are commonly utilized as a common interface via which any devices may join a wireless sensor network and create an information system including several intelligently decision-making sensor nodes that are all operational. Furthermore, the energy depletion resulting from the restricted resources of sensor nodes is a challenging issue that reduces the lifetime of individual nodes as well as the network system overall. This paper shows how Machine Learning (ML) may be used to improve IoT network security. The IOT Intrusion Dataset was created to serve as a reference point for identifying unusual activity on IoT networks.

Kaushik S., Bhardwaj A., Almogren A., bharany S., Altameem A., Rehman A.U., Hussen S., Hamam H.

There are serious security issues with the quick growth of IoT devices, which are increasingly essential to Industry 4.0. These gadgets frequently function in challenging environments with little energy and processing power, leaving them open to cyberattacks and making it more difficult to implement intrusion detection systems (IDS) that work. In order to address this issue, this study presents a unique feature selection algorithm based on basic statistical methods and a lightweight intrusion detection system. This methodology improves performance and cuts training time by 27–63% for a variety of classifiers. By utilizing the most discriminative features, the suggested methods lower the computational overhead and improve the detection accuracy. The IDS achieved over 99.9% accuracy, precision, recall, and F1-Score on the dataset IoTID20, with consistent performance on the NSLKDD dataset.

Shenbaga Moorthy R., Arikumar K.S., Prathiba S.B., Pabitha P.

In the era of informatics, the effectiveness of machine learning models is compromised due to the challenge of dimensionality in the data. The presence of redundant and irrelevant features significantly increases computational complexity, posing a central obstacle in the extraction of valuable insights from the extensive dataset. Any machine learning model’s performance suffers because of the issue of the plague of dimensionality. To improve the classifier’s performance, feature selection is applied beforehand on applying the machine learning model. Feature selection is accomplished using Enhanced Binary Particle Swarm Optimization (E-BPSO) with the aid of boosting the performance of the K-Nearest Neighbor (K-NN) classifier and is experimented on benchmarking real-world datasets. The conventional BPSO suffers from the problem of exploration which leads to premature convergence. In order to overcome the drawbacks of conventional BPSO, E-BPSO is proposed. The enhancement is made by integrating the self-adaptive velocity to drive the particle with the aid to balance exploration and exploitation. The performance of the proposed E-BPSO is evaluated against the traditional binary particle swarm optimization algorithm and genetic algorithm, considering metrics like accuracy, fitness, root mean square error, and dimensionality reduction ratio.

Wang P., Song Y., Wang X., Guo X., Xiang Q.

As the Internet of Things (IoT) technology becomes extensively deployed, IoT security issues are increasingly prominent. The traffic patterns of IoT are complex and high-dimensional, which makes it difficult to distinguish the tiny differences between normal and malicious samples. To tackle the above problems, we propose an IoT intrusion detection architecture based on Gramian angular difference fields (GADF) imaging technology and improved Transformer, named ImagTIDS. Firstly, we encode the network traffic data of IoT into images using GADF to preserve more robust temporal and global features, and then we propose a model named ImagTrans for extracting local and global features from network traffic images. ImagTIDS utilizes the self-attention mechanism to dynamically adjust the attention weights and adaptively focus on the important features, effectively suppressing the adverse effects of redundant features. Furthermore, due to the serious class imbalance problem in IoT intrusion detection, we utilize Focal Loss to dynamically scale the model gradient and adaptively reduce the weights of simple samples to focus on hard-to-classify classes. Finally, we validate the effectiveness of the proposed method on the publicly available IoT intrusion detection datasets ToN_IoT and DS2OS, and the experimental results show that the proposed method achieves superior detection performance and higher robustness on class imbalance datasets compared to other remarkable methods.

Sukhni B.A., Manna S.K., Dave J.M., Zhang L.

The rapid integration of Internet of Things (IoT) systems in various sectors has escalated security risks due to sophisticated multilayer attacks that compromise multiple security layers and lead to significant data loss, personal information theft, financial losses etc. Existing research on multilayer IoT attacks exhibits gaps in real-world applicability, due to reliance on outdated datasets with a limited focus on adaptive, dynamic approaches to address multilayer vulnerabilities. Additionally, the complete reliance on automated processes without integrating human expertise in feature selection and weighting processes may affect the reliability of detection models. Therefore, this research aims to develop a Semi-Automated Intrusion Detection System (SAIDS) that integrates efficient feature selection, feature weighting, normalisation, visualisation, and human–machine interaction to detect and identify multilayer attacks, enhancing mitigation strategies. The proposed framework managed to extract an optimal set of 13 significant features out of 64 in the Edge-IIoT dataset, which is crucial for the efficient detection and classification of multilayer attacks, and also outperforms the performance of the KNN model compared to other classifiers in binary classification. The KNN algorithm demonstrated an average accuracy exceeding 94% in detecting several multilayer attacks such as UDP, ICMP, HTTP flood, MITM, TCP SYN, XSS, SQL injection, etc.

Zheng Y.

Huang Y., Chen G., Gou J., Fan Z., Liao Y.

Intrusion Detection System (IDS) plays an important role in the cybersecurity for preventing the platform from network attacks. To improve the overall performance of IDS, researchers have introduced machine learning methods to classify network behaviors. As the Internet develops and cyberspace expands, the network environment becomes increasingly diverse and complex. As a result, the traditional and single machine learning methods limit the development of intrusion detection systems, and it is difficult to resist the exponential growth of network attacks. To solve this problem, we propose a novel intrusion detection method based on the hybrid feature selection and stacking ensemble techniques to improve the performance of the intrusion detection system. We first apply the hybrid feature selection technique based on the filtering and embedding methods to reduce the feature dimensions. The filtering method uses the information gain rate, while the embedding method uses the feature importance from the random forest model and determines the best feature subset through the hybrid strategy. On the basis of this, a random forest binary classifier is constructed for each category before a multi-classifier is constructed by the aggregation strategy-based stacking ensemble mechanism to determine the specific type of network behavior. The experimental results show that, on the UNSW-NB15 dataset, the proposed method achieved an accuracy of 80.83% with only 9 selected best features (45 in total), which is an improvement of 5.37% compared to the baseline method. On the CICIDS2017 dataset, the accuracy of proposed model reached 99.97% with 27 features selected (75 in total), outperforming the baseline methods. The detection and recognition performance of our proposed method is better than that of traditional machine learning methods and other well-known ensemble methods in terms of accuracy, F1-Score, Cohen’s Kappa score, and false alarm rate. This indicates that our proposed model could be a useful tool in intrusion detection.

Boddu B.R., Mandapati V.R., Narayanarao C.

The Internet of Things (IoT) plays a crucial role in ensuring security by preventing unauthorized access, malware infections, and malicious activities. IoT monitors network traffic as well as device behaviour to identify potential threats and take appropriate mitigation measures. However, there is a need for an IoT Intrusion Detection system with enhanced generalization capabilities, leveraging deep learning and advanced anomaly detection techniques. This study presents an innovative approach to IoT IDS that combines SMOTE-Tomek link and BTLBO, CNN with XGB classifier which aims to address data imbalances, improve model performance, reduce misclassifications, and improve overall dataset quality. The proposed IoT IDS system, using the IoT-23 dataset, achieves 99.90% accuracy and a low error rate, all while requiring significantly less execution time. This work represents a significant step forward in IoT security, offering a robust and efficient IDS solution tailored to the changing challenges of the interconnected world.