Abstract
Intrusion detection systems (IDSs) are employed at various levels in the network to either detect or prevent an intrusion that could cause irrecoverable data damage in IoT applications. Nowadays, different machine learning (ML) and artificial intelligence techniques are used to develop prediction models for IDS. However, existing ML-based detection models mostly rely on associative features to determine the relationship between attacks and traffic variables. These features failed to discern correlation from causality, and thus, many times, they generated poor performance on the testing data. The method of drawing causal inferences can be helpful to researchers in focusing on the causes of the intrusion rather than the correlation of the attributes, which provide only limited information. However, the method of drawing causal inferences has few to no implementations in the IDS. This paper explores using a causal analysis method, the Bayesian causal network for the IDS, and attempts to determine the significant attributes that can lead to an accurate prediction model for the IDS. The presented causal inference method is validated via an experimental analysis of the message queuing telemetry transport protocol dataset. The result shows that the Bayesian network implementation of causal inference has achieved an average accuracy, precision, recall, and F1-score of 99.8%, 99.4%, 98.89%, and 99.13%, respectively, for different considered attack scenarios. The analysis of the results shows that the performance of the presented method is equivalent to or better than other machine learning solutions.
Similar content being viewed by others
Data availability
The datasets generated during and/or analyzed during the current study are available in the online repository, https://ieee-dataport.org/open-access/mqtt-iot-ids2020-mqtt-internet-things -intrusion-detection-dataset.
Notes
The concept in which the role of dependent and independent variables is reversed in a study and a new relation is established. More can be read at https://efinancemanagement.com/economics/reverse-causality.
References
Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., Ahmad, F.: Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol. 32(1), e4150 (2021)
Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., Burnap, P.: A supervised intrusion detection system for smart home IoT devices. IEEE Internet Things J. 6(5), 9042–9053 (2019)
Mighan, S.N., Kahani, M.: A novel scalable intrusion detection system based on deep learning. Int. J. Inf. Secur. 20(3), 387–403 (2021)
Alghamdi, S.A.: Novel trust-aware intrusion detection and prevention system for 5G MANET–cloud. Int. J. Inf. Secur. 21(3), 469–488 (2022)
Masdari, M., Khezri, H.: A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl. Soft Comput. 92, 106301 (2020)
Kumar, V., Sinha, D.: A robust intelligent zero-day cyber-attack detection technique. Complex Intell. Syst. 7(5), 2211–2234 (2021)
Otoum, Y., Nayak, A.: AS-IDS: anomaly and signature based IDS for the internet of things. J. Netw. Syst. Manag. 29(3), 1–26 (2021)
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019)
Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. (Basel) 9(20), 4396 (2019)
Dina, A.S., Manivannan, D.: Intrusion detection based on machine learning techniques in computer networks. Internet of Things 16, 100462 (2021)
Chaabouni, N., Mosbah, M., Zemmari, A., Sauvignac, C., Faruki, P.: Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutor. 21(3), 2671–2701 (2019)
Horchulhack, P., Viegas, E.K., Santin, A.O.: Toward feasible machine learning model updates in network-based intrusion detection. Comput. Netw. 202, 108618 (2022)
Zeng, Z.R., Peng, W., Zeng, D., Zeng, C., Chen, Y.F.: Intrusion detection framework based on causal reasoning for DDoS. J. Inf. Secur. Appl. 65, 103124 (2022)
Zeng, Z.R., Peng, W., Zeng, D.: Improving the stability of intrusion detection with causal deep learning. IEEE Trans. Netw. Serv. Manag. 19, 1–1 (2022)
Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E., Bellekens, X.: Mqtt-iot-ids2020: Mqtt internet of things intrusion detection dataset (2020)
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016)
Rai, K., Syamala Devi, M., Guleria, A.: Decision tree based algorithm for intrusion detection. Int. J. Adv. Netw. Appl. 7(4), 2828 (2016)
Dhaliwal, S.S., Nahid, A.-A., Abbas, R.: Effective intrusion detection system using XGBoost. Information 9(7), 149 (2018)
Dhanabal, L., Shantharajah, S.P.: A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446–452 (2015)
Otoum, S., Kantarci, B., Mouftah, H.T.: Detection of known and unknown intrusive sensor behavior in critical applications. IEEE Sens. Lett. 1(5), 1–4 (2017)
Otoum, S., Kantarci, B., Mouftah, H.T.: Mitigating false negative intruder decisions in WSN-based smart grid monitoring. In: 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 153–158 (2017)
Lin, Y.-D., Wang, Z.-Y., Lin, P.-C., Nguyen, V.-L., Hwang, R.-H., Lai, Y.-C.: Multi-datasource machine learning in intrusion detection: packet flows, system logs and host statistics. J. Inf. Secur. Appl. 68, 103248 (2022)
Kunang, Y.N., Nurmaini, S., Stiawan, D., Suprapto, B.Y.: Attack classification of an intrusion detection system using deep learning and hyperparameter optimization. J. Inf. Secur. Appl. 58, 102804 (2021)
Sethi, K., Madhav, Y.V., Kumar, R., Bera, P.: Attention based multi-agent intrusion detection systems using reinforcement learning. J. Inf. Secur. Appl. 61, 102923 (2021)
Reddy, D.K., Behera, H.S., Nayak, J., Naik, B., Ghosh, U., Sharma, P.K.: Exact greedy algorithm based split finding approach for intrusion detection in fog-enabled IoT environment. J. Inf. Secur. Appl. 60, 102866 (2021)
Zhang, Y., Cao, G., Wang, B., Li, X.: A novel ensemble method for k-nearest neighbor. Pattern Recogn. 85, 13–25 (2019)
Karatas, G., Demir, O., Sahingoz, O.K.: Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access 8, 32150–32162 (2020)
Roopa Devi, E.M., Suganthe, R.C.: Enhanced transductive support vector machine classification with Grey Wolf optimizer cuckoo search optimization for intrusion detection system. Concurr. Comput.: Pract. Exp. 32(4), e4999 (2020)
Ali, M.H., Al Mohammed, B.A.D., Ismail, A., Zolkipli, M.F.: A new intrusion detection system based on fast learning network and particle swarm optimization. IEEE Access 6, 20255–20261 (2018)
Shen, Y., Zheng, K., Chunhua, W., Zhang, M., Niu, X., Yang, Y.: An ensemble method based on selection using bat algorithm for intrusion detection. Comput. J. 61(4), 526–538 (2018)
Alaiz-Moreton, H., Aveleira-Mata, J., Ondicol-Garcia, J.: Muñoz-Castañeda, A.L., García, I., Benavides, C.: Multiclass classification procedure for detecting attacks on MQTT-IoT protocol. Complexity 2019, 1–11 (2019)
Mosaiyebzadeh, F., Rodriguez, L.G.A., Batista, D.M., Hirata, R.: A network intrusion detection system using deep learning against MQTT attacks in IoT. In: 2021 IEEE Latin-American Conference on Communications (LATINCOM), pp. 1–6. IEEE (2021)
Chesney, S., Roy, K.: AI empowered intrusion detection for MQTT networks. In: 2022 International Conference on Artificial Intelligence, Big Data, Computing and Data Communication Systems (icABCD), pp. 1–6. IEEE (2022)
Vaccari, I., Chiola, G., Aiello, M., Mongelli, M., Cambiaso, E.: MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20(22), 6578 (2020)
Khan, M.A., Khan, M.A., Jan, S.U., Ahmad, J., Jamal, S.S., Shah, A.A., Pitropakis, N., Buchanan, W.J.: A deep learning-based intrusion detection system for MQTT enabled IoT. Sensors 21(21), 7016 (2021)
Zang, M., Yan, Y.: Machine learning-based intrusion detection system for big data analytics in VANET. In: 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), pp. 1–5 (2021)
Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)
Aloqaily, M., Otoum, S., Al Ridhawi, I., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 101842 (2019). (Recent advances on security and privacy in Intelligent Transportation Systems)
Congyuan, X., Shen, J., Xin, D., Zhang, F.: An intrusion detection system using a deep neural network with gated recurrent units. IEEE Access 6, 48697–48707 (2018)
Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)
Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Introducing deep learning self-adaptive misuse network intrusion detection systems. IEEE Access 7, 13546–13560 (2019)
Jiang, K., Wang, W., Wang, A., Haibin, W.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020)
Mugan J.: A Developmental Approach to Learning Causal Models for Cyber Security, vol. 8751 (2013)
D’hooge, L., Verkerken, M., Volckaert, B., Wauters, T., De Turck, F.: Establishing the contaminating effect of metadata feature inclusion in machine-learned network intrusion detection models. In: Detection of Intrusions and Malware, and Vulnerability Assessment: 19th International Conference, DIMVA 2022, Cagliari, Italy, June 29–July 1, 2022, Proceedings, pp. 23–41. Springer, Berlin (2022)
Zeng, Z., Peng, W., Zhao, B.: Improving the accuracy of network intrusion detection with causal machine learning. Secur. Commun. Netw. 1–18, 2021 (2021)
Schölkopf, B.: Causality for machine learning. In: Probabilistic and Causal Inference: The Works of Judea Pearl, pp. 765–804 (2022)
Gelman, A.: Causality and Statistical Learning (2011)
Pearl, J.: Causal Inference in Statistics: An Overview (2009)
Morgan, S.L., Winship, C.: Counterfactuals and Causal Inference. Cambridge University Press, Cambridge (2015)
Yao, L., Chu, Z., Li, S., Li, Y., Gao, J., Zhang, A.: A survey on causal inference. ACM Trans. Knowl. Discov. Data (TKDD) 15(5), 1–46 (2021)
Pearl, J.: An introduction to causal inference. Int. J. Biostat. 6(2), 7 (2010)
Zhang, Y., Zhao, H., He, X., Pei, F.-D., Li, G.-G.: Bayesian prediction of earthquake network based on space-time influence domain. Physica A 445, 11 (2015)
Zheng, X., Dan, C., Aragam, B., Ravikumar, P., Xing, E.P.: Learning sparse nonparametric DAGs. In: International Conference on Artificial Intelligence and Statistics (2020)
Hindy, H., Bayne, E., Bures, M., Atkinson, R., Tachtatzis, C., Bellekens, X.: Machine learning based IoT intrusion detection system: an MQTT case study (MQTT-IoT-IDS2020 dataset) (2020)
Kherif, F., Latypova, A.: Principal Component Analysis (2020)
Salo, F., Nassif, A.B., Essex, A.: Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019)
Sharma, A., Kiciman, E.: Dowhy: an end-to-end library for causal inference (2020). arXiv:2011.04216
Acknowledgements
We have prepared an experimental package consisting of used MQTT-IoT-IDS2020 datasets, script files, and detailed instructions to run the experiments. The URL of the webpage is https://github.com/Srividya47/Bayesian-Causal-Model-for-MQTT.
Author information
Authors and Affiliations
Contributions
All authors designed and developed the proposed approach. The first author performed the experiments. All authors wrote and proofread the manuscript
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Bhaskara, S., Rathore, S.S. Causal effect analysis-based intrusion detection system for IoT applications. Int. J. Inf. Secur. 22, 931–946 (2023). https://doi.org/10.1007/s10207-023-00674-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00674-2