Document Type : Reseach Article
10.57647/j.mjee.2024.180341
Abstract
The concept of the Internet of Things (IoT) and its countless applications are considered as an inseparable part of the modern technology era. The placement of IoT- based devices and their limitations make the environment more vulnerable due to its openness. Security plays a critical role in IoT applications due to the pervasiveness of the IoT in all of the aspects in daily life. On the other hand, final devices such as their limited computing power, large number of devices connected to each other, and communication between devices and users do not allow for using traditional methods to solve security issues. Intrusion detection systems (IDSs) which can separate malicious traffic from normal mode are among the effective solutions in this field. the installed IDS should be highly accurate and lightweight to affect accuracy. In order to bring services closer to electronic devices, a concept called “fog” has emerged. A large number of studies have been conducted to make the light IDS for IoT networks utilizing various methods. The present study aims to propose
a two-layer hierarchical IDS based on machine learning, which detects attacks by considering the limitations of IoT resources. In order to create an efficient and accurate IDS, the combination of two improved K-nearest neighbor (KNN) algorithms and a multi-layer perceptron (MLP) neural network was applied in the fog and cloud to separate the attacks from normal traffic, respectively. we evaluated our proposed method using IOT23 dataset. The results prove the improvement in accuracy, compared to the previous methods.
Keywords
[1] C.A. de Souza et al. “Intrusion detection
and prevention in fog based IoT environments: A systematic literature review.”.
Computer Networks, 214:109154, 2022. DOI:
https://doi.org/10.1016/j.comnet.2022.109154.
[2] C.A. de Souza et al. “Hybrid approach to intrusion detection in fog-based IoT environments.”.
Computer Networks, 180:107417, 2020. DOI:
https://doi.org/10.1016/j.comnet.2020.107417.
[3] V. Chang et al. “A Survey on Intrusion Detection Systems for Fog and Cloud Computing.”. Future Internet, 14(3):89, 2022. DOI:
https://doi.org/10.3390/fi14030089.
[4] P. Mell and T. Grance. “The NIST definition of cloud
computing.”. Special Publication (NIST SP), National
Institute of Standards and Technology, Gaithersburg,
MD, 2011. DOI: https://doi.org/10.6028/NIST.SP.800-
145.
[5] M. Satyanarayanan. “A brief history of cloud offload: A personal journey from odyssey through
cyber foraging to cloudlets.”. GetMobile: Mobile
Computing and Communications, 18(4):19–23, 2015.
DOI: https://doi.org/10.1145/2721914.2721921.
[6] F. Bonomi et al. “Fog computing and its role in
the internet of things.”. In Proceedings of the First
Edition of the MCC Workshop on Mobile Cloud Computing, MCC ’12, page 13–16, New York, NY, USA,
2012. Association for Computing Machinery. DOI:
https://doi.org/10.1145/2342509.2342513.
[7] E. Mar´ın-Tordera et al. “Do we all really know what a fog node is? Current
trends towards an open definition.”. Computer Communications, 109:117–130, 2017. DOI:
https://doi.org/10.1016/j.comcom.2017.05.013.
[8] J. Singh, P. Singh, and S.S. Gill. “Fog computing: A taxonomy, systematic review, current trends
and research challenges.”. Journal of Parallel
and Distributed Computing, 157:56–85, 2021. DOI:
https://doi.org/10.1016/j.jpdc.2021.06.005.
[9] K.S. Kiran et al. “Building a intrusion detection system for IoT environment using machine learning techniques.”. Procedia Computer Science, 171:2372–2379, 2020. DOI:
https://doi.org/10.1016/j.procs.2020.04.257.
[10] W.H. Hassan. “Current research on Internet
of Things (IoT) security: A survey.”. Computer Networks, 148:283–294, 2019. DOI:
https://doi.org/10.1016/J.COMNET.2018.11.025.
[11] S. Sicari et al. “Security, privacy and trust
in Internet of Things: The road ahead.”.
Computer Networks, 76:146–164, 2015. DOI:
https://doi.org/10.1016/J.COMNET.2018.11.025.
[12] S. Roy, J. Li, and Y. Bai. “A Two-layer FogCloud Intrusion Detection Model for IoT Networks.”. Internet of Things, 19:100557, 2022. DOI:
https://doi.org/10.1016/j.iot.2022.100557.
[13] X. An et al. “Hypergraph clustering model-based
association analysis of DDOS attacks in fog computing intrusion detection system.”. EURASIP Journal
on Wireless Communications and Networking, 2018
(1):1–9, 2018. DOI: https://doi.org/10.1186/s13638-
018-1267-2.
[14] P. Illy et al. “Securing fog-to-things environment
using intrusion detection system based on ensemble
learning.”. In 2019 IEEE Wireless Communications
and Networking Conference (WCNC). IEEE, 2019.
DOI: https://doi.org/10.48550/arXiv.1901.10933.
[15] J. Pacheco et al. “Artificial neural networks-based
intrusion detection system for internet of things fog
nodes.”. IEEE Access, 8:73907–73918, 2020. DOI:
https://doi.org/10.1109/CISDA.2009.5356528.
[16] B. Sudqi Khater et al. “A lightweight perceptronbased intrusion detection system for fog computing.”. Applied Sciences, 9(1):178, 2019. DOI:
https://doi.org/10.3390/app9010178.
[17] M. Almiani et al. “Deep recurrent neural network
for IoT intrusion detection system.”. Simulation
Modelling Practice and Theory, 101:102031, 2020.
DOI: https://doi.org/10.1016/j.simpat.2019.102031.
[18] B.A. N.G. and S. Subramanian. “Anomaly detection framework for Internet of things traffic using vector convolutional deep learning approach in fog environment.”. Future Generation Computer Systems, 113:255–265, 2020. DOI:
https://doi.org/10.1016/j.future.2020.07.020.
[19] S. Manimurugan. “IoT-Fog-Cloud model for
anomaly detection using improved Naive Bayes
and principal component analysis.”. Journal of Ambient Intelligence and Humanized Computing, page
1–10, 2021. DOI: https://doi.org/10.1007/s12652-020-
02723-3.
[20] N. Moustafa and J. Slay. “UNSW-NB15: a
comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set).”. page 1–6, 2015. DOI:
https://doi.org/https://doi.org/10.1109/MilCIS.2015.7348942.
[21] M.S. Elsayed, N.-A. Le-Khac, and A.D. Jurcut. “InSDN: A novel SDN intrusion dataset.”.
IEEE Access, 8:165263–165284, 2020. DOI:
https://doi.org/10.1109/ACCESS.2020.3022633.
[22] M. Tavallaee et al. “A detailed analysis of the
KDD CUP 99 data set.”. In 2009 IEEE Symposium on Computational Intelligence for Security and
Defense Applications, page 1–6. IEEE, 2009. DOI:
https://doi.org/10.1109/CISDA.2009.5356528.[23] “ADFA IDS Datasets.”. URL https://research.unsw.
edu.au/projects/adfa-ids-datasets.
[24] M. Krzyszton and M. Marks. “ ´ Simulation of
watchdog placement for cooperative anomaly
detection in bluetooth mesh intrusion detection system.”. Simulation Modelling Practice and Theory, 101:102041, 2020. DOI:
https://doi.org/10.1016/j.simpat.2019.102041.
[25] M.A. Rahman et al. “Scalable machine
learning-based intrusion detection system
for IoT-enabled smart cities.”. Sustainable
Cities and Society, 61:102324, 2020. DOI:
https://doi.org/10.1016/j.scs.2020.102324.
[26] P. Maniriho et al. “Anomaly-based intrusion detection approach for IoT networks using machine
learning.”. In 2020 International Conference on
Computer Engineering, Network, and Intelligent Multimedia (CENIM), page 303–308. IEEE, 2020. DOI:
https://doi.org/10.1109/CENIM51130.2020.9297958.
[27] S.I. Popoola et al. “Hybrid deep learning
for botnet attack detection in the internetof-things networks.”. IEEE Internet of
Things Journal, 8(6):4944–4956, 2020. DOI:
https://doi.org/10.1109/MilCIS.2015.7348942.
[28] Y. Labiod, A. Amara Korba, and N. Ghoualmi. “Fog
Computing-Based Intrusion Detection Architecture to Protect IoT Networks.”. Wireless Personal Communications, 125:231–259, 2022. DOI:
https://doi.org/10.1007/s11277-022-09548-7.
[29] C.A. de Souza, C.B. Westphall, and R.B. Machado.
“Two-step ensemble approach for intrusion detection and identification in IoT and fog computing environments.”. Computers & Electrical Engineering, 98:107694, 2022. DOI:
https://doi.org/10.1016/j.compeleceng.2022.107694.
[30] S.P.K. Gudla et al. “DI-ADS: a deep intelligent distributed denial of service attack detection scheme
for fog-based IoT applications.”. Mathematical Problems in Engineering, 2022(1):3747302, 2022. DOI:
https://doi.org/10.1155/2022/3747302.
[31] F.-B. Mocnik. “An improved algorithm for
dynamic nearest-neighbour models.”. Journal
of Spatial Science, 67(3):411–438, 2020. DOI:
https://doi.org/10.1080/14498596.2020.1739575.
[32] S. Garcia, A. Parmisano, and M.J. Erquiaga. “IoT23: A labeled dataset with malicious and benign IoT network traffic.”. Zenodo, 2021. DOI:
https://doi.org/10.5281/zenodo.4743746.
and prevention in fog based IoT environments: A systematic literature review.”.
Computer Networks, 214:109154, 2022. DOI:
https://doi.org/10.1016/j.comnet.2022.109154.
[2] C.A. de Souza et al. “Hybrid approach to intrusion detection in fog-based IoT environments.”.
Computer Networks, 180:107417, 2020. DOI:
https://doi.org/10.1016/j.comnet.2020.107417.
[3] V. Chang et al. “A Survey on Intrusion Detection Systems for Fog and Cloud Computing.”. Future Internet, 14(3):89, 2022. DOI:
https://doi.org/10.3390/fi14030089.
[4] P. Mell and T. Grance. “The NIST definition of cloud
computing.”. Special Publication (NIST SP), National
Institute of Standards and Technology, Gaithersburg,
MD, 2011. DOI: https://doi.org/10.6028/NIST.SP.800-
145.
[5] M. Satyanarayanan. “A brief history of cloud offload: A personal journey from odyssey through
cyber foraging to cloudlets.”. GetMobile: Mobile
Computing and Communications, 18(4):19–23, 2015.
DOI: https://doi.org/10.1145/2721914.2721921.
[6] F. Bonomi et al. “Fog computing and its role in
the internet of things.”. In Proceedings of the First
Edition of the MCC Workshop on Mobile Cloud Computing, MCC ’12, page 13–16, New York, NY, USA,
2012. Association for Computing Machinery. DOI:
https://doi.org/10.1145/2342509.2342513.
[7] E. Mar´ın-Tordera et al. “Do we all really know what a fog node is? Current
trends towards an open definition.”. Computer Communications, 109:117–130, 2017. DOI:
https://doi.org/10.1016/j.comcom.2017.05.013.
[8] J. Singh, P. Singh, and S.S. Gill. “Fog computing: A taxonomy, systematic review, current trends
and research challenges.”. Journal of Parallel
and Distributed Computing, 157:56–85, 2021. DOI:
https://doi.org/10.1016/j.jpdc.2021.06.005.
[9] K.S. Kiran et al. “Building a intrusion detection system for IoT environment using machine learning techniques.”. Procedia Computer Science, 171:2372–2379, 2020. DOI:
https://doi.org/10.1016/j.procs.2020.04.257.
[10] W.H. Hassan. “Current research on Internet
of Things (IoT) security: A survey.”. Computer Networks, 148:283–294, 2019. DOI:
https://doi.org/10.1016/J.COMNET.2018.11.025.
[11] S. Sicari et al. “Security, privacy and trust
in Internet of Things: The road ahead.”.
Computer Networks, 76:146–164, 2015. DOI:
https://doi.org/10.1016/J.COMNET.2018.11.025.
[12] S. Roy, J. Li, and Y. Bai. “A Two-layer FogCloud Intrusion Detection Model for IoT Networks.”. Internet of Things, 19:100557, 2022. DOI:
https://doi.org/10.1016/j.iot.2022.100557.
[13] X. An et al. “Hypergraph clustering model-based
association analysis of DDOS attacks in fog computing intrusion detection system.”. EURASIP Journal
on Wireless Communications and Networking, 2018
(1):1–9, 2018. DOI: https://doi.org/10.1186/s13638-
018-1267-2.
[14] P. Illy et al. “Securing fog-to-things environment
using intrusion detection system based on ensemble
learning.”. In 2019 IEEE Wireless Communications
and Networking Conference (WCNC). IEEE, 2019.
DOI: https://doi.org/10.48550/arXiv.1901.10933.
[15] J. Pacheco et al. “Artificial neural networks-based
intrusion detection system for internet of things fog
nodes.”. IEEE Access, 8:73907–73918, 2020. DOI:
https://doi.org/10.1109/CISDA.2009.5356528.
[16] B. Sudqi Khater et al. “A lightweight perceptronbased intrusion detection system for fog computing.”. Applied Sciences, 9(1):178, 2019. DOI:
https://doi.org/10.3390/app9010178.
[17] M. Almiani et al. “Deep recurrent neural network
for IoT intrusion detection system.”. Simulation
Modelling Practice and Theory, 101:102031, 2020.
DOI: https://doi.org/10.1016/j.simpat.2019.102031.
[18] B.A. N.G. and S. Subramanian. “Anomaly detection framework for Internet of things traffic using vector convolutional deep learning approach in fog environment.”. Future Generation Computer Systems, 113:255–265, 2020. DOI:
https://doi.org/10.1016/j.future.2020.07.020.
[19] S. Manimurugan. “IoT-Fog-Cloud model for
anomaly detection using improved Naive Bayes
and principal component analysis.”. Journal of Ambient Intelligence and Humanized Computing, page
1–10, 2021. DOI: https://doi.org/10.1007/s12652-020-
02723-3.
[20] N. Moustafa and J. Slay. “UNSW-NB15: a
comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set).”. page 1–6, 2015. DOI:
https://doi.org/https://doi.org/10.1109/MilCIS.2015.7348942.
[21] M.S. Elsayed, N.-A. Le-Khac, and A.D. Jurcut. “InSDN: A novel SDN intrusion dataset.”.
IEEE Access, 8:165263–165284, 2020. DOI:
https://doi.org/10.1109/ACCESS.2020.3022633.
[22] M. Tavallaee et al. “A detailed analysis of the
KDD CUP 99 data set.”. In 2009 IEEE Symposium on Computational Intelligence for Security and
Defense Applications, page 1–6. IEEE, 2009. DOI:
https://doi.org/10.1109/CISDA.2009.5356528.[23] “ADFA IDS Datasets.”. URL https://research.unsw.
edu.au/projects/adfa-ids-datasets.
[24] M. Krzyszton and M. Marks. “ ´ Simulation of
watchdog placement for cooperative anomaly
detection in bluetooth mesh intrusion detection system.”. Simulation Modelling Practice and Theory, 101:102041, 2020. DOI:
https://doi.org/10.1016/j.simpat.2019.102041.
[25] M.A. Rahman et al. “Scalable machine
learning-based intrusion detection system
for IoT-enabled smart cities.”. Sustainable
Cities and Society, 61:102324, 2020. DOI:
https://doi.org/10.1016/j.scs.2020.102324.
[26] P. Maniriho et al. “Anomaly-based intrusion detection approach for IoT networks using machine
learning.”. In 2020 International Conference on
Computer Engineering, Network, and Intelligent Multimedia (CENIM), page 303–308. IEEE, 2020. DOI:
https://doi.org/10.1109/CENIM51130.2020.9297958.
[27] S.I. Popoola et al. “Hybrid deep learning
for botnet attack detection in the internetof-things networks.”. IEEE Internet of
Things Journal, 8(6):4944–4956, 2020. DOI:
https://doi.org/10.1109/MilCIS.2015.7348942.
[28] Y. Labiod, A. Amara Korba, and N. Ghoualmi. “Fog
Computing-Based Intrusion Detection Architecture to Protect IoT Networks.”. Wireless Personal Communications, 125:231–259, 2022. DOI:
https://doi.org/10.1007/s11277-022-09548-7.
[29] C.A. de Souza, C.B. Westphall, and R.B. Machado.
“Two-step ensemble approach for intrusion detection and identification in IoT and fog computing environments.”. Computers & Electrical Engineering, 98:107694, 2022. DOI:
https://doi.org/10.1016/j.compeleceng.2022.107694.
[30] S.P.K. Gudla et al. “DI-ADS: a deep intelligent distributed denial of service attack detection scheme
for fog-based IoT applications.”. Mathematical Problems in Engineering, 2022(1):3747302, 2022. DOI:
https://doi.org/10.1155/2022/3747302.
[31] F.-B. Mocnik. “An improved algorithm for
dynamic nearest-neighbour models.”. Journal
of Spatial Science, 67(3):411–438, 2020. DOI:
https://doi.org/10.1080/14498596.2020.1739575.
[32] S. Garcia, A. Parmisano, and M.J. Erquiaga. “IoT23: A labeled dataset with malicious and benign IoT network traffic.”. Zenodo, 2021. DOI:
https://doi.org/10.5281/zenodo.4743746.
)