Abstract
Cyber-attacks on Internet of Things (IoT) devices are becoming increasingly common due to the rapidly growing number of connected devices and the lack of security measures in many of these devices. Attackers can exploit these flaws using the internet and remote access. The Edge Service is a critical component of NetFlow-based malware detection systems, responsible for several key functions. Firstly, it receives raw network traffic data from the Edge Gateway installed at the network perimeter. Secondly, it processes the raw data to make it suitable for deep learning models by converting it into an appropriate format, normalizing it and extracting relevant features. The Edge Service also develops the deep learning network for malware detection and classification using Vectorized Convolutional Neural Networks (VCNN), multi Long Short-Term Memory (LSTM) models, and mayfly optimization techniques, and trains it on benchmark datasets (NBaIoT-balanced, UNSW-NB15 and UNSW_BOT_IoT-imbalanced) of benign and malicious network traffic to learn the patterns and characteristics of each type of traffic. Once the deep learning network is developed, the Edge Service uses it to detect and classify malware in real time by analyzing network traffic data to identify patterns and anomalies that may indicate the presence of malware. The Edge Service includes a Master Edge Node (MEN) responsible for all these functions. Edge Service plays a crucial role in detecting and preventing malware attacks by providing real-time protection and alerting potential threats.
Similar content being viewed by others
Availability of data and materials
Data sharing is not applicable to this article as no datasets was generated during the current study. All sources used are properly disclosed (citation). Literally copying of text must be indicated as such by using quotation marks and giving proper references. Implementation material will be provided based on the requirement.
References
Belkhiri H, Messai A, Belaoued M, Haider F (2019) Security in the internet of things: recent challenges and solutions. In: International Conference on Electrical Engineering and Control Applications, Constantine, Algeria, pp 1133–1145
Palo Alto Networks (2020) 2020 unit 42 IoT threat report. https://unit42.paloaltonetworks.com/iot-threat-report-2020/
Antonakakis M, April T, Bailey M, et al (2017) Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security17), Vancouver, BC, Canada, pp 1093–1110
Fadilpasic S (2020) Researchers discover iot botnet capable of launching various ddos attacks. https://www.itproportal.com/news/researchers-discover-iot-botnetcapable-of-launching-various-ddos-attacks/
Vijayan J (2020) New malware family assembles iot botnet. https://www.darkreading.com/iot/new-malware-familyassembles-iot-botnet–/d/d-id/1337578
Derhab A, Guerroumi M, Gumaei A et al (2019) Blockchain and random subspace learning-based ids for SDN-enabled industrial IOT security. Sensors 19(14):3119
Imran M, Durad MH, Khan FA, Derhab A (2019) Toward an optimal solution against denial of service attacks in software-defined networks. Future Gener Comput Syst 92:444–453
Du B, Peng H, Wang S et al (2020) Deep irregular convolutional residual LSTM for urban traffic passenger flows prediction. IEEE Trans Intell Transp Syst 21(3):972–985
Khan FA, Gumaei A (2019) A comparative study of machine learning classifiers for network intrusion detection. In: International Conference on Artificial Intelligence and Security. Springer, Cham, pp 75–86
Chen H, Engkvist O, Wang Y, Olivecrona M, Blaschke T (2018) The rise of deep learning in drug discovery. Drug Discov Today 23(6):1241–1250
Ning Z, Zhang K, Wang X et al (2020) Intelligent edge computing in internet of vehicles: a joint computation offloading and caching solution. IEEE Trans Intell Transp Syst 22:2212–2225
Bou-Harb E, Debbabi M, Assi C (2017) Big data behavioral analytics meet graph theory: on effective botnet takedowns. IEEE Netw 31(1):18–26
Karbab EMB, Debbabi M, Derhab A, Mouheb D (2020) Scalable and robust unsupervised android malware fingerprinting using community-based network partitioning. Comput Secur 96:101932
Marjani M, Nasaruddin F, Gani A et al (2017) Big IOT data analytics: architecture, opportunities, and open research challenges. IEEE Access 5:5247–5261
Aldweesh A, Derhab A, Emam AZ (2020) Deep learning approaches for anomaly-based intrusion detection systems: a survey, taxonomy, and open issues. Knowl Based Syst 189:105124
Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102419
Mahdavifar S, Ghorbani AA (2019) Application of deep learning to cybersecurity: a survey. Neurocomputing 347:149–176
Wang T, Zhang G, Liu A, Bhuiyan MZA, Jin Q (2018) A secure iot service architecture with an efficient balance dynamics based on cloud and edge computing. IEEE Internet Things J 6(3):4831–4843
Wang X, Ning Z, Guo S (2020) Multi-agent imitation learning for pervasive edge computing: a decentralized computation offloading algorithm. IEEE Trans Parallel Distrib Syst 32(2):411–425
Derhab A, Belaoued M, Guerroumi M, Khan FA (2020) Two-factor mutual authentication offloading for mobile cloud computing. IEEE Access 8:28956–28969
Boulemtafes A, Derhab A, Challal Y (2020) A review of privacy-preserving techniques for deep learning. Neurocomputing 384:21–45
McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the internet of things using deep learning approaches. In: 2018 International Joint Conference on Neural Networks (IJCNN). IEEE, pp 1–8
Kim J, Shim M, Hong S, Shin Y, Choi E (2020) Intelligent detection of IoT botnets using machine learning and deep learning. Appl Sci 10(19):7009
Homayoun S, Ahmadzadeh M, Hashemi S, Dehghantanha A, Khayami R (2018) BoTShark: a deep learning approach for botnet traffic detection. In: Cyber Threat Intelligence. Springer, Cham, pp 137–153
Hammoudeh M, Pimlott J, Belguith S, Epiphaniou G, Baker T, Kayes AS, Adebisi B, Bounceur A (2020) Network traffic analysis for threat detection in the Internet of Things. IEEE Internet Things Mag 3(4):40–45
HaddadPajouh H, Dehghantanha A, Khayami R, Choo K-KR (2018) A deep recurrent neural network based approach for internet of things malware threat hunting. Future Gener Comput Syst 85:88–96
Diro AA, Chilamkurti N (2017) Distributed attack detection scheme using deep learning approach for Internet of Things. Future Gener Comput Syst 82:1–5
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Breitenbacher D, Shabtai A, Elovici Y (2018) N-BaIoT: network-based detection of iot botnet attacks using deep autoencoders. In: IEEE Pervasive Computing, Special Issue—Securing the IoT
Butun I, Kantarci B, Erol-Kantarci M (2015) Anomaly detection and privacy preservation in cloud-centric internet of things. In: 2015 IEEE International Conference on Communication Workshop (ICCW). IEEE, pp 2610–2615
Midi D, Rullo A, Mudgerikar A, Bertino E (2017) Kalis a system for knowledge-driven adaptable intrusion detection for the Internet of Things. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, pp 656–666
Pa YMP, Suzuki S, Yoshioka K, Matsumoto T, Kasama T, Rossow C (2016) IoTPOT: a novel honeypot for revealing current IoT threats. J Inf Process 24(3):522–533
Summerville DH, Zach KM, Chen Y. Ultra-lightweight deep packet anomaly detection for Internet of Things devices. In: 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC). IEEE, pp 1–8
Satyanarayanan M (2015) A brief history of cloud offload: a personal journey from odyssey through cyber foraging to cloudlets. GetMobile Mob Comput Commun. 18(4):19–23
Ranjan R, Benatallah B, Dustdar S, Papazoglou MP (2015) Cloud resource orchestration programming: overview, issues, and directions. IEEE Internet Comput 19(5):46–56
Jonathan A, Ryden M, Oh K, Chandra A, Weissman J (2017) Nebula: distributed edge cloud for data intensive computing. IEEE Trans Parallel Distrib Syst 28(11):3229–3242
Tanganelli G, Vallati C, Mingozzi E (2017) Edge-centric distributed discovery and access in the internet of things. IEEE Internet Things J 5(1):425–438
Pan J, McElhannon J (2017) Future edge cloud and edge computing for internet of things applications. IEEE Internet Things J 5(1):439–449
Mollah MB, Azad MA, Vasilakos A (2017) Secure data sharing and searching at the edge of cloud-assisted internet of things. IEEE Cloud Comput 4(1):34–42
Satyanarayanan M, Simoens P, Xiao Y, Pillai P, Chen Z, Ha K et al (2015) Edge analytics in the Internet of Things. IEEE Pervasive Comput 14:24–31
Yazdinejad A, Dehghantanha A, Parizi RM et al (2023) Secure intelligent fuzzy blockchain framework: effective threat detection in IoT networks. Comput Ind 144:103801. https://doi.org/10.1016/j.compind.2022.103801
Srinidhi NN, Dilip Kumar SM, Venugopal KR (2019) Network optimizations in the Internet of Things: a review. Eng Sci Technol Int J 22:1–21. https://doi.org/10.1016/j.jestch.2018.09.003
Jo W, Kim S, Lee C, Shon T (2020) Packet preprocessing in CNN-based network intrusion detection system. Electronics 9(7):1151
Alotaibi B, Alotaibi M (2020) A stacked deep learning approach for IoT cyberattack detection. J Sens 18:2020
Chung H, Shin KS (2018) Genetic algorithm-optimized long short-term memory network for stock market prediction. Sustainability 10(10):3765
Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015. IEEE
Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 dataset and the comparison with the KDD99 dataset. Inf Secur J Glob Perspect 25:1–14
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Gener Comput Syst 100:779–796
Hassan MM, Gumaei A, Alsanad A, Alrubaian M, Fortino G (2020) A hybrid deep learning model for efficient intrusion detection in big data environment. Inf Sci 1(513):386–396
Alkahtani H, Aldhyani TH (2021) Botnet attack detection by using CNN-LSTM model for internet of things applications. Secur Commun Netw 10:2021
Funding
National Institute of Technology, Tiruchirappalli is providing the stipend to carry out this research work.
Author information
Authors and Affiliations
Contributions
The paper properly credits the meaningful contributions of the corresponding author and co-author.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper. The authors declare the following financial interests/personal relationships, which may be considered potential competing interests.
Ethical approval
This material is the authors' own original work, which has not been previously published elsewhere. The paper is not currently being considered for publication elsewhere. The paper reflects the author's own research and analysis in a truthful and complete manner.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Santhadevi, D., Janet, B. Stacked Deep Learning Framework for Edge-Based Intelligent Threat Detection in IoT Network. J Supercomput 79, 12622–12655 (2023). https://doi.org/10.1007/s11227-023-05153-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-023-05153-y