Abstract
In the recent years, the Internet of Things has been becoming a vulnerable target of intrusion attacks. As the academia and industry move towards bringing the Internet of Things (IoT) to every sector of our lives, much attention needs to be given to develop advanced Intrusion Detection Systems (IDS) to detect such attacks. In this work, we propose a novel network-based intrusion detection method which learns patterns of benign flows in a temporal codebook. Based on the temporally learnt codebook, we propose a feature representation method to transform the raw flow-based statistical features into more discriminative representations, called TempoCode-IoT. We develop an ensemble of machine learning-based classifiers optimized to discriminate the malicious flows from the benign ones, based on the proposed TempoCode-IoT. The effectiveness of the proposed method is empirically evaluated on a state-of-the-art realistic intrusion detection dataset as well as on a real botnet-infected IoT dataset, achieving high accuracies and low false positive rates across a variety of intrusion attacks. Moreover, the proposed method outperforms several state-of-the-art works based on the used datasets, proving the effectiveness of Tempo-Code-IoT over raw flow features, both in terms of accuracies and processing speeds.
Similar content being viewed by others
References
Aldwairi, T., Perera, D., Novotny, M.A.: An evaluation of the performance of restricted boltzmann machines as a model for anomaly network intrusion detection. Comput. Netw. 144, 111–119 (2018)
Almi’ani, M., Ghazleh, A.A., Al-Rahayfeh, A., Razaque, A.: Intelligent intrusion detection system using clustered self organized map. In: 2018 Fifth international conference on software defined systems (SDS), pp. 138–144 (2018)
Aloqaily, M., Otoum, S., Ridhawi, I.A., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks 90, 101842 (2019). Recent advances on security and privacy in Intelligent Transportation Systems
Arthur, D., Vassilvitskii, S.: How slow is the k-means method? In: Proceedings of the twenty-second annual symposium on computational geometry, SCG ’06, p. 144-153. Association for Computing Machinery, New York, NY, USA (2006). https://doi.org/10.1145/1137856.1137880
Atli, B.G., Miche, Y., Jung, A.: Network intrusion detection using flow statistics. In: 2018 IEEE Statistical Signal Processing Workshop (SSP), pp. 70–74 (2018)
Awad, M., Khanna, R.: Support Vector Machines for Classification, pp. 39–66. Apress, Berkeley, CA (2015)
Bottou, L., Chapelle, O., DeCoste, D., Weston, J.: Support Vector Machine Solvers, pp. 1–27 (2007)
Boukerche, A., Jucá, K.R.L., Notare, M.S.M.A., Sobral, J.B.M.: Biological inspired based intrusion detection models for mobile telecommunication systems. In: Olariu, S., Zomaya, A.Y. (eds.) Handbook of Bioinspired Algorithms and Applications. Chapman and Hall/CRC, New York (2005)
Boukerche, A., Jucá, K.R.L., Sobral, JaB, Annoni Notare, M.S.M.: An artificial immune based intrusion detection model for computer and telecommunication systems. Parallel Comput 30(5–6), 629–646 (2004)
Boukerche, A., Machado, R.B., Jucá, K.R.L., Sobral, JaBM, Notare, M.S.M.A.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Comput. Commun. 30(13), 2649–2660 (2007)
Breiman, L.: Bagging predictors. Mach. Learn. 24(2), 123–140 (1996)
Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2(2), 121–167 (1998)
Csurka, G., Dance, C.R., Fan, L., Willamowski, J., Bray, C.: Visual Categorization with bags of keypoints. In: Workshop on statistical learning in computer vision, ECCV, pp. 1–22 (2004)
Gil, G.D., Lashkari, A.H., Mamun, M., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related features. In: 2nd International conference on information systems security and privacy (ICISSP 2016), pp. 407–414 (2016)
Ioannou, C., Vassiliou, V.: An intrusion detection system for constrained wsn and iot nodes based on binary logistic regression. In: Proceedings of the 21st ACM international conference on modeling, analysis and simulation of wireless and mobile systems, MSWIM ’18, p. 259-263. Association for Computing Machinery, New York, NY, USA (2018)
Kaspersky: Kaspersky lab ddos intelligence quarterly report: amplification attacks and old botnets make a comeback (2018). “https://www.kaspersky.com/about/press-releases/2018-amplification-attacks-and-old-botnets”. Accessed 29 October 2018
Lee, W., Rezapour, A., Tzeng, W.: Monsieur poirot: detecting botnets using re-identification algorithm and nontrivial feature selection technique. In: 2018 IEEE international conference on communications (ICC), pp. 1–6 (2018)
Lin, W.C., Ke, S.W., Tsai, C.F.: Cann: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl.-Based Syst. 78, 13–21 (2015)
Machado, R.B., Boukerche, A., Sobral, J.B.M., Jucá, K.R.L., Notare, M.S.M.A.: A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations. In: 19th International parallel and distributed processing symposium (IPDPS 2005), CD-ROM / Abstracts Proceedings, 4-8 April 2005, Denver, CO, USA. IEEE Computer Society (2005)
Marir, N., Wang, H., Feng, G., Li, B., Jia, M.: Distributed abnormal behavior detection approach based on deep belief network and ensemble svm using spark. IEEE Access 6, 59657–59671 (2018)
Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., Elovici, Y.: N-baiot: network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)
Micro, T.: Ddos—security news—trend micro usa. https://www.trendmicro.com/vinfo/us/security/news/ddos
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: 25th Annual network and distributed system security symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 (2018)
Moustafa, N., Turnbull, B., Choo, K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2871719
Nõmm, S., Bahsi, H.: Unsupervised anomaly based botnet detection in iot networks. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA), pp. 1048–1053 (2018)
Nanni, L., Lumini, A.: Heterogeneous bag-of-features for object/scene recognition. Appl. Soft Comput. 13(4), 2171–2178 (2013)
Nofal, R.A., Tran, N., Garcia, C., Liu, Y., Dezfouli, B.: A comprehensive empirical analysis of tls handshake and record layer on iot platforms. In: Proceedings of the 22nd international ACM conference on modeling, analysis and simulation of wireless and mobile systems, MSWIM ’19, p. 61-70. Association for Computing Machinery, New York, NY, USA (2019)
Osborne, C., Day, Z.: The most interesting internet-connected vehicle hacks on record. https://www.zdnet.com/article/these-are-the-most-interesting-ways-to-hack-internet-connected-vehicles/
Otoum, S., Kantarci, B., Mouftah, H.: Empowering reinforcement learning on big sensed data for intrusion detection. In: ICC 2019 - 2019 IEEE international conference on communications (ICC), pp. 1–7 (2019)
Otoum, S., Kantarci, B., Mouftah, H.T.: On the feasibility of deep learning in sensor network intrusion detection. IEEE Netw. Lett. 1(2), 68–71 (2019)
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5(6), 4829–4842 (2018)
Sedjelmaci, H., Senouci, S.M., Abu-Rgheff, M.A.: An efficient and lightweight intrusion detection mechanism for service-oriented vehicular networks. IEEE Internet Things J. 1(6), 570–577 (2014)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International conference on information systems security and privacy (ICISSP) (2018)
Shasha, S., Mahmoud, M., Mannan, M., Youssef, A.: Playing with danger: A taxonomy and evaluation of threats to smart toys. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2877749
Siddiqui, A.J., Boukerche, A.: Encoded flow features for network intrusion detection in internet of things. In: 2020 IEEE 17th annual consumer communications networking conference (CCNC), pp. 1–6 (2020)
Soundar Raja James, R.J.P., Albasir, A.A., Naik, K., Zaman, M., Goel, N.: A power signal based dynamic approach to detecting anomalous behavior in wireless devices. In: Proceedings of the 16th ACM international symposium on mobility management and wireless access, MobiWac’18, p. 9-18. Association for Computing Machinery, New York, NY, USA (2018)
Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995)
Venkata Abhishek, N., Tandon, A., Lim, T.J., Sikdar, B.: Detecting forwarding misbehavior in clustered iot networks. In: Proceedings of the 14th ACM international symposium on QoS and security for wireless and mobile networks, Q2SWinet’18, p. 1-6. Association for Computing Machinery, New York, NY, USA (2018)
Yao, H., Fu, D., Zhang, P., Li, M., Liu, Y.: Msml: a novel multi-level semi-supervised machine learning framework for intrusion detection system. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2873125
Zhang, J., Chen, C., Xiang, Y., Zhou, W., Xiang, Y.: Internet traffic classification by aggregating correlated naive bayes predictions. IEEE Trans. Inform. Forensics Sec. 8(1), 5–15 (2013)
Zheng, J., Hu, M.: An anomaly intrusion detection system based on vector quantization. IEICE Trans. Inf. Syst. E89–D(1), 201–210 (2006)
Zhou, Z.H.: Ensemble Learning, pp. 270–273. Springer US, Boston, MA (2009)
Acknowledgements
This work is partially supported by NSERC CREATE TRANSIT, NSERC DIVA Strategic Research Network and Canada Research Chairs Program.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Siddiqui, A.J., Boukerche, A. TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things. Cluster Comput 24, 17–35 (2021). https://doi.org/10.1007/s10586-020-03153-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-020-03153-8