Skip to main content
SpringerLink
Log in

Causal effect analysis-based intrusion detection system for IoT applications

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Intrusion detection systems (IDSs) are employed at various levels in the network to either detect or prevent an intrusion that could cause irrecoverable data damage in IoT applications. Nowadays, different machine learning (ML) and artificial intelligence techniques are used to develop prediction models for IDS. However, existing ML-based detection models mostly rely on associative features to determine the relationship between attacks and traffic variables. These features failed to discern correlation from causality, and thus, many times, they generated poor performance on the testing data. The method of drawing causal inferences can be helpful to researchers in focusing on the causes of the intrusion rather than the correlation of the attributes, which provide only limited information. However, the method of drawing causal inferences has few to no implementations in the IDS. This paper explores using a causal analysis method, the Bayesian causal network for the IDS, and attempts to determine the significant attributes that can lead to an accurate prediction model for the IDS. The presented causal inference method is validated via an experimental analysis of the message queuing telemetry transport protocol dataset. The result shows that the Bayesian network implementation of causal inference has achieved an average accuracy, precision, recall, and F1-score of 99.8%, 99.4%, 98.89%, and 99.13%, respectively, for different considered attack scenarios. The analysis of the results shows that the performance of the presented method is equivalent to or better than other machine learning solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data availability

The datasets generated during and/or analyzed during the current study are available in the online repository, https://ieee-dataport.org/open-access/mqtt-iot-ids2020-mqtt-internet-things -intrusion-detection-dataset.

Notes

  1. https://www.snort.org/.

  2. https://zeek.org/.

  3. https://www.ossec.net/.

  4. https://www.manageengine.com/products/eventlog/ids-ips-monitoring-reporting.html.

  5. https://www.latentview.com/blog/causal-inference-exploring-the-how-behind-the-why/.

  6. https://dx.doi.org/10.21227/bhxy-ep04.

  7. https://scikit-learn.org/stable/modules/naive_bayes.html.

  8. https://scikit-learn.org/stable/modules/svm.html.

  9. https://scikit-learn.org/stable/modules/generated/sklearn.neighbors.KNeighborsClassifier.html.

  10. https://scikit-learn.org/stable/modules/tree.html.

  11. https://www.kaggle.com/.

  12. https://causalnex.readthedocs.io/en/latest/.

  13. The concept in which the role of dependent and independent variables is reversed in a study and a new relation is established. More can be read at https://efinancemanagement.com/economics/reverse-causality.

  14. https://github.com/Microsoft/dowhy.

References

  1. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., Ahmad, F.: Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol. 32(1), e4150 (2021)

    Google Scholar 

  2. Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., Burnap, P.: A supervised intrusion detection system for smart home IoT devices. IEEE Internet Things J. 6(5), 9042–9053 (2019)

    Article  Google Scholar 

  3. Mighan, S.N., Kahani, M.: A novel scalable intrusion detection system based on deep learning. Int. J. Inf. Secur. 20(3), 387–403 (2021)

    Article  Google Scholar 

  4. Alghamdi, S.A.: Novel trust-aware intrusion detection and prevention system for 5G MANET–cloud. Int. J. Inf. Secur. 21(3), 469–488 (2022)

    Article  MathSciNet  Google Scholar 

  5. Masdari, M., Khezri, H.: A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl. Soft Comput. 92, 106301 (2020)

    Article  Google Scholar 

  6. Kumar, V., Sinha, D.: A robust intelligent zero-day cyber-attack detection technique. Complex Intell. Syst. 7(5), 2211–2234 (2021)

    Article  Google Scholar 

  7. Otoum, Y., Nayak, A.: AS-IDS: anomaly and signature based IDS for the internet of things. J. Netw. Syst. Manag. 29(3), 1–26 (2021)

    Article  Google Scholar 

  8. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019)

    Article  Google Scholar 

  9. Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. (Basel) 9(20), 4396 (2019)

    Article  Google Scholar 

  10. Dina, A.S., Manivannan, D.: Intrusion detection based on machine learning techniques in computer networks. Internet of Things 16, 100462 (2021)

    Article  Google Scholar 

  11. Chaabouni, N., Mosbah, M., Zemmari, A., Sauvignac, C., Faruki, P.: Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutor. 21(3), 2671–2701 (2019)

    Article  Google Scholar 

  12. Horchulhack, P., Viegas, E.K., Santin, A.O.: Toward feasible machine learning model updates in network-based intrusion detection. Comput. Netw. 202, 108618 (2022)

    Article  Google Scholar 

  13. Zeng, Z.R., Peng, W., Zeng, D., Zeng, C., Chen, Y.F.: Intrusion detection framework based on causal reasoning for DDoS. J. Inf. Secur. Appl. 65, 103124 (2022)

    Google Scholar 

  14. Zeng, Z.R., Peng, W., Zeng, D.: Improving the stability of intrusion detection with causal deep learning. IEEE Trans. Netw. Serv. Manag. 19, 1–1 (2022)

    Article  Google Scholar 

  15. Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E., Bellekens, X.: Mqtt-iot-ids2020: Mqtt internet of things intrusion detection dataset (2020)

  16. Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016)

    Article  Google Scholar 

  17. Rai, K., Syamala Devi, M., Guleria, A.: Decision tree based algorithm for intrusion detection. Int. J. Adv. Netw. Appl. 7(4), 2828 (2016)

    Google Scholar 

  18. Dhaliwal, S.S., Nahid, A.-A., Abbas, R.: Effective intrusion detection system using XGBoost. Information 9(7), 149 (2018)

    Article  Google Scholar 

  19. Dhanabal, L., Shantharajah, S.P.: A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6), 446–452 (2015)

    Google Scholar 

  20. Otoum, S., Kantarci, B., Mouftah, H.T.: Detection of known and unknown intrusive sensor behavior in critical applications. IEEE Sens. Lett. 1(5), 1–4 (2017)

    Article  Google Scholar 

  21. Otoum, S., Kantarci, B., Mouftah, H.T.: Mitigating false negative intruder decisions in WSN-based smart grid monitoring. In: 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 153–158 (2017)

  22. Lin, Y.-D., Wang, Z.-Y., Lin, P.-C., Nguyen, V.-L., Hwang, R.-H., Lai, Y.-C.: Multi-datasource machine learning in intrusion detection: packet flows, system logs and host statistics. J. Inf. Secur. Appl. 68, 103248 (2022)

    Google Scholar 

  23. Kunang, Y.N., Nurmaini, S., Stiawan, D., Suprapto, B.Y.: Attack classification of an intrusion detection system using deep learning and hyperparameter optimization. J. Inf. Secur. Appl. 58, 102804 (2021)

    Google Scholar 

  24. Sethi, K., Madhav, Y.V., Kumar, R., Bera, P.: Attention based multi-agent intrusion detection systems using reinforcement learning. J. Inf. Secur. Appl. 61, 102923 (2021)

    Google Scholar 

  25. Reddy, D.K., Behera, H.S., Nayak, J., Naik, B., Ghosh, U., Sharma, P.K.: Exact greedy algorithm based split finding approach for intrusion detection in fog-enabled IoT environment. J. Inf. Secur. Appl. 60, 102866 (2021)

    Google Scholar 

  26. Zhang, Y., Cao, G., Wang, B., Li, X.: A novel ensemble method for k-nearest neighbor. Pattern Recogn. 85, 13–25 (2019)

    Article  Google Scholar 

  27. Karatas, G., Demir, O., Sahingoz, O.K.: Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access 8, 32150–32162 (2020)

    Article  Google Scholar 

  28. Roopa Devi, E.M., Suganthe, R.C.: Enhanced transductive support vector machine classification with Grey Wolf optimizer cuckoo search optimization for intrusion detection system. Concurr. Comput.: Pract. Exp. 32(4), e4999 (2020)

    Article  Google Scholar 

  29. Ali, M.H., Al Mohammed, B.A.D., Ismail, A., Zolkipli, M.F.: A new intrusion detection system based on fast learning network and particle swarm optimization. IEEE Access 6, 20255–20261 (2018)

    Article  Google Scholar 

  30. Shen, Y., Zheng, K., Chunhua, W., Zhang, M., Niu, X., Yang, Y.: An ensemble method based on selection using bat algorithm for intrusion detection. Comput. J. 61(4), 526–538 (2018)

    Article  Google Scholar 

  31. Alaiz-Moreton, H., Aveleira-Mata, J., Ondicol-Garcia, J.: Muñoz-Castañeda, A.L., García, I., Benavides, C.: Multiclass classification procedure for detecting attacks on MQTT-IoT protocol. Complexity 2019, 1–11 (2019)

  32. Mosaiyebzadeh, F., Rodriguez, L.G.A., Batista, D.M., Hirata, R.: A network intrusion detection system using deep learning against MQTT attacks in IoT. In: 2021 IEEE Latin-American Conference on Communications (LATINCOM), pp. 1–6. IEEE (2021)

  33. Chesney, S., Roy, K.: AI empowered intrusion detection for MQTT networks. In: 2022 International Conference on Artificial Intelligence, Big Data, Computing and Data Communication Systems (icABCD), pp. 1–6. IEEE (2022)

  34. Vaccari, I., Chiola, G., Aiello, M., Mongelli, M., Cambiaso, E.: MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20(22), 6578 (2020)

    Article  Google Scholar 

  35. Khan, M.A., Khan, M.A., Jan, S.U., Ahmad, J., Jamal, S.S., Shah, A.A., Pitropakis, N., Buchanan, W.J.: A deep learning-based intrusion detection system for MQTT enabled IoT. Sensors 21(21), 7016 (2021)

    Article  Google Scholar 

  36. Zang, M., Yan, Y.: Machine learning-based intrusion detection system for big data analytics in VANET. In: 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), pp. 1–5 (2021)

  37. Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)

    Article  Google Scholar 

  38. Aloqaily, M., Otoum, S., Al Ridhawi, I., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 101842 (2019). (Recent advances on security and privacy in Intelligent Transportation Systems)

    Article  Google Scholar 

  39. Congyuan, X., Shen, J., Xin, D., Zhang, F.: An intrusion detection system using a deep neural network with gated recurrent units. IEEE Access 6, 48697–48707 (2018)

    Article  Google Scholar 

  40. Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)

    Article  Google Scholar 

  41. Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Introducing deep learning self-adaptive misuse network intrusion detection systems. IEEE Access 7, 13546–13560 (2019)

    Article  Google Scholar 

  42. Jiang, K., Wang, W., Wang, A., Haibin, W.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020)

    Article  Google Scholar 

  43. Mugan J.: A Developmental Approach to Learning Causal Models for Cyber Security, vol. 8751 (2013)

  44. D’hooge, L., Verkerken, M., Volckaert, B., Wauters, T., De Turck, F.: Establishing the contaminating effect of metadata feature inclusion in machine-learned network intrusion detection models. In: Detection of Intrusions and Malware, and Vulnerability Assessment: 19th International Conference, DIMVA 2022, Cagliari, Italy, June 29–July 1, 2022, Proceedings, pp. 23–41. Springer, Berlin (2022)

  45. Zeng, Z., Peng, W., Zhao, B.: Improving the accuracy of network intrusion detection with causal machine learning. Secur. Commun. Netw. 1–18, 2021 (2021)

    Google Scholar 

  46. Schölkopf, B.: Causality for machine learning. In: Probabilistic and Causal Inference: The Works of Judea Pearl, pp. 765–804 (2022)

  47. Gelman, A.: Causality and Statistical Learning (2011)

  48. Pearl, J.: Causal Inference in Statistics: An Overview (2009)

  49. Morgan, S.L., Winship, C.: Counterfactuals and Causal Inference. Cambridge University Press, Cambridge (2015)

    Google Scholar 

  50. Yao, L., Chu, Z., Li, S., Li, Y., Gao, J., Zhang, A.: A survey on causal inference. ACM Trans. Knowl. Discov. Data (TKDD) 15(5), 1–46 (2021)

    Article  Google Scholar 

  51. Pearl, J.: An introduction to causal inference. Int. J. Biostat. 6(2), 7 (2010)

    Article  MathSciNet  Google Scholar 

  52. Zhang, Y., Zhao, H., He, X., Pei, F.-D., Li, G.-G.: Bayesian prediction of earthquake network based on space-time influence domain. Physica A 445, 11 (2015)

    MathSciNet  Google Scholar 

  53. Zheng, X., Dan, C., Aragam, B., Ravikumar, P., Xing, E.P.: Learning sparse nonparametric DAGs. In: International Conference on Artificial Intelligence and Statistics (2020)

  54. Hindy, H., Bayne, E., Bures, M., Atkinson, R., Tachtatzis, C., Bellekens, X.: Machine learning based IoT intrusion detection system: an MQTT case study (MQTT-IoT-IDS2020 dataset) (2020)

  55. Kherif, F., Latypova, A.: Principal Component Analysis (2020)

  56. Salo, F., Nassif, A.B., Essex, A.: Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput. Netw. 148, 164–175 (2019)

    Article  Google Scholar 

  57. Sharma, A., Kiciman, E.: Dowhy: an end-to-end library for causal inference (2020). arXiv:2011.04216

Download references

Acknowledgements

We have prepared an experimental package consisting of used MQTT-IoT-IDS2020 datasets, script files, and detailed instructions to run the experiments. The URL of the webpage is https://github.com/Srividya47/Bayesian-Causal-Model-for-MQTT.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, ABV-Indian Institute of Information Technology and Management Gwalior, Gwalior, India

    Srividya Bhaskara & Santosh Singh Rathore

Authors
  1. Srividya Bhaskara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Santosh Singh Rathore
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors designed and developed the proposed approach. The first author performed the experiments. All authors wrote and proofread the manuscript

Corresponding author

Correspondence to Santosh Singh Rathore.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bhaskara, S., Rathore, S.S. Causal effect analysis-based intrusion detection system for IoT applications. Int. J. Inf. Secur. 22, 931–946 (2023). https://doi.org/10.1007/s10207-023-00674-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00674-2

Keywords

Search

Navigation