IoT Protocol-Enabled IDS based on Machine Learning
Received: 21 September 2023 | Revised: 23 October 2023 | Accepted: 4 November 2023 | Online: 5 December 2023
Corresponding author: Tahani Gazdar
Abstract
During the last decade, Internet of Things (IoT) devices have become widely used in smart homes, smart cities, factories, and many other areas to facilitate daily activities. As IoT devices are vulnerable to many attacks, especially if they are not frequently updated, Intrusion Detection Systems (IDSs) must be used to defend them. Many existing IDSs focus on specific types of IoT application layer protocols, such as MQTT, CoAP, and HTTP. Additionally, many existing IDSs based on machine learning are inefficient in detecting attacks in IoT applications because they use non-IoT-dedicated datasets. Therefore, there is no comprehensive IDS that can detect intrusions that specifically target IoT devices and their various application layer protocols. This paper proposes a new comprehensive IDS for IoT applications called IP-IDS, which can equivalently detect MQTT, HTTP, and CoAP-directed intrusions with high accuracy. Three different datasets were used to train the model: Bot-IoT, MQTT-IoT-IDS2020, and CoAP-DDoS. The obtained results showed that the proposed model outperformed the existing models trained on the same datasets. Additionally, the proposed DT and LSTM models reached an accuracy of 99.9%.
Keywords:
IDS, IoT, DT, LSTMDownloads
References
J. Asharf, N. Moustafa, H. Khurshid, E. Debie, W. Haider, and A. Wahab, "A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things: Challenges, Solutions and Future Directions," Electronics, vol. 9, no. 7, Jul. 2020, Art. no. 1177.
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges," Cybersecurity, vol. 2, no. 1, Jul. 2019, Art. no. 20.
M. Husnain et al., "Preventing MQTT Vulnerabilities Using IoT-Enabled Intrusion Detection System," Sensors, vol. 22, no. 2, Jan. 2022, Art. no. 567.
G. Nebbione and M. C. Calzarossa, "Security of IoT Application Layer Protocols: Challenges and Findings," Future Internet, vol. 12, no. 3, Mar. 2020, Art. no. 55.
K. Aldriwish, "A Deep Learning Approach for Malware and Software Piracy Threat Detection," Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7757–7762, Dec. 2021.
M. H. H. Khairi, S. H. S. Ariffin, N. M. A. Latiff, A. S. Abdullah, and M. K. Hassan, "A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)," Engineering, Technology & Applied Science Research, vol. 8, no. 2, pp. 2724–2730, Apr. 2018.
Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, "Network intrusion detection system: A systematic study of machine learning and deep learning approaches," Transactions on Emerging Telecommunications Technologies, vol. 32, no. 1, 2021, Art. no. e4150.
M. A. Khan et al., "A Deep Learning-Based Intrusion Detection System for MQTT Enabled IoT," Sensors, vol. 21, no. 21, Jan. 2021, Art. no. 7016.
T. Gazdar, "An Efficient Intrusion Detection System for Attacks Detection in MQTT Protocol Using Machine Learning," International Journal of Computer Science and Network Security, vol. 22, no. 11, pp. 791–798, Nov. 2022.
E. Jove et al., "Intelligent One-Class Classifiers for the Development of an Intrusion Detection System: The MQTT Case Study," Electronics, vol. 11, no. 3, Jan. 2022, Art. no. 422.
J. Granjal, J. M. Silva, and N. Lourenço, "Intrusion Detection and Prevention in CoAP Wireless Sensor Networks Using Anomaly Detection," Sensors, vol. 18, no. 8, Aug. 2018, Art. no. 2445.
J. G. Almaraz-Rivera, J. A. Perez-Diaz, and J. A. Cantoral-Ceballos, "Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models," Sensors, vol. 22, no. 9, Jan. 2022, Art. no. 3367.
B. Susilo and R. F. Sari, "Intrusion Detection in IoT Networks Using Deep Learning Algorithm," Information, vol. 11, no. 5, May 2020, Art. no. 279.
X. H. Nguyen, X. D. Nguyen, H. H. Huynh, and K. H. Le, "Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways," Sensors, vol. 22, no. 2, Jan. 2022, Art. no. 432.
T. Gazdar, "A New IDS for Smart Home based on Machine Learning," in 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN), 2022, pp. 393–400.
R. Malik, Y. Singh, Z. A. Sheikh, P. Anand, P. K. Singh, and T. C. Workneh, "An Improved Deep Belief Network IDS on IoT-Based Network for Traffic Systems," Journal of Advanced Transportation, vol. 2022, Apr. 2022, Art. no. e7892130.
T. M. Booij, I. Chiscop, E. Meeuwissen, N. Moustafa, and F. T. Den Hartog, "ToN_IoT: The role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion data sets," IEEE Internet of Things Journal, vol. 9, no. 1, pp. 485–496, 2021.
M. Anwer, S. M. Khan, M. U. Farooq, and Waseemullah, "Attack Detection in IoT using Machine Learning," Engineering, Technology & Applied Science Research, vol. 11, no. 3, pp. 7273–7278, Jun. 2021.
H. Hindy, E. Bayne, M. Bures, R. Atkinson, C. Tachtatzis, and X. Bellekens, "Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset)," in Selected Papers from the 12th International Networking Conference, 2021, pp. 73–84.
J. Mathews, P. Chatterjee, and S. Banik, "CoAP-DoS: An IoT Network Intrusion Data Set," in 2022 6th International Conference on Cryptography, Security and Privacy (CSP), Tianjin, China, Jan. 2022, pp. 91–95.
N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, "Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset," Future Generation Computer Systems, vol. 100, pp. 779–796, Nov. 2019.
F. Laghrissi, S. Douzi, K. Douzi, and B. Hssina, "Intrusion detection systems using long short-term memory (LSTM)," Journal of Big Data, vol. 8, no. 1, May 2021, Art. no. 65.
L. Serrano, Grokking Machine Learning. Shelter Island, NY, USA: Simon and Schuster, 2021.
R. G. Kerry et al., "An overview of remote monitoring methods in biodiversity conservation," Environmental Science and Pollution Research, vol. 29, no. 53, pp. 80179–80221, Nov. 2022.
B. Charbuty and A. Abdulazeez, "Classification Based on Decision Tree Algorithm for Machine Learning," Journal of Applied Science and Technology Trends, vol. 2, no. 01, pp. 20–28, Mar. 2021.
L. D. Manocchio, S. Layeghy, and M. Portmann, "Network Intrusion Detection System in a Light Bulb," in 2022 32nd International Telecommunication Networks and Applications Conference (ITNAC), Wellington, New Zealand, Aug. 2022, pp. 1–8.
K. Saurabh et al., "LBDMIDS: LSTM Based Deep Learning Model for Intrusion Detection Systems for IoT Networks," in 2022 IEEE World AI IoT Congress (AIIoT), Jun. 2022, pp. 753–759.
R. A. Manzano Sanchez, M. Zaman, N. Goel, K. Naik, and R. Joshi, "Towards Developing a Robust Intrusion Detection Model Using Hadoop–Spark and Data Augmentation for IoT Networks," Sensors, vol. 22, no. 20, Art. no. 7726, Jan. 2022.
R. Teki̇n, O. Yaman, and T. Tuncer, "Decision Tree Based Intrusion Detection Method in the Internet of Things," International Journal of Innovative Engineering Applications, vol. 6, no. 1, pp. 17–23, Jun. 2022.
"Flask Documentation (3.0.x)." https://flask.palletsprojects.com/en/3.0.x/.
Downloads
How to Cite
License
Copyright (c) 2023 Rehab Alsulami, Batoul Alqarni , Rawan Alshomrani, Fatimah Mashat , Tahani Gazdar
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
