Skip to main content
SpringerLink
Log in

Generation & evaluation of datasets for anomaly-based intrusion detection systems in IoT environments

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) has garnered significant attention for its diverse applications, but the proliferation of devices introduces security threats. This paper addresses the need for comprehensive IoT-specific datasets to enhance research on intrusion detection systems (IDSs) and security mechanisms for IoT. Using the Cooja Simulator (Contiki-OS), we present a methodological approach for generating benign and malicious IoT-specific datasets, specifically leveraging a blackhole attack. We examine the impact of single and colluding blackhole attacks on the Routing Protocol for Low Power and Lossy Networks (RPL). Our results highlight a discernible decrease in packet delivery rate and a concurrent increase in average power consumption as malicious nodes escalate, underscoring the need to consider malicious scenarios in evaluating IoT network performance. The study provides crucial insights into compromised networks. Moreover, the generated datasets were employed for the training and assessment of various machine learning and deep learning models. Notably, the Decision Tree model outperformed other models, including Logistic Regression, Random Forest, Naïve Bayes, Support Vector Machine (SVM), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and CNN-LSTM. The Decision Tree consistently demonstrated exceptional performance, attaining a perfect score of 100% across all scenarios, setting it apart from the other models. The diverse performance exhibited by these models across different malicious scenarios emphasizes the importance of selecting appropriate models for effective intrusion detection in IoT networks. In conclusion, our study represents a valuable resource for the IoT research community, providing authentic datasets, insights into network compromise effects, and model performance evaluation. These findings not only emphasize the immediate need for robust security measures in IoT environments but also pave the way for future investigations into novel attacks and innovative mitigation strategies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability

Data sharing is applicable to this article, as datasets were generated or analyzed during the current study.

References

  1. Bhola B, Kumar R, Rani P, Sharma R, Mohammed MA, Yadav K, Alotaibi SD, Alkwai LM (2022) Quality-enabled decentralized dynamic IoT platform with scalable resources integration. IET Commun 1–10

  2. Choudhary V, Tanwar S (2023) A concise review on internet of things: architecture and its enabling technologies. Computational Intelligence for Engineering and Management Applications: Select Proceedings of CIEMA, pp 443–456

  3. Azizan AH, Mostafa SA, Mustapha A, Foozy CFM, Wahab MHA, Mohammed MA, Khalaf BA (2021) A machine learning approach for improving the performance of network intrusion detection systems. Annals Emerg Technol Comput (AETiC) 5(5):201–208

    Article  Google Scholar 

  4. Choudhary V, Tanwar S, Rana A (2021) Demystifying security and applications of the Internet of Things. In: 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), pp 1–5

  5. Alfoudi AS, Aziz MR, Alyasseri ZAA, Alsaeedi AH, Nuiaa RR, Mohammed MA, Abdulkareem KA, Jaber MM (2022) Hyper clustering model for dynamic network intrusion detection. IET Commun 1–13

  6. Essop I, Ribeiro JC, Papaioannou M, Zachos G, Mantas G, Rodriguez J (2021) Generating datasets for anomaly-based intrusion detection systems in iot and industrial iot networks. Sensors 21(4):1528

    Article  Google Scholar 

  7. Alsaedi A, Moustafa N, Tari Z, Mahmood A, Anwar A (2020) TON_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8:165130–165150

    Article  Google Scholar 

  8. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp 1–6

  9. Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1:108–116

    Google Scholar 

  10. KDD Cup (1999) Dataset Available online: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 June 2023

  11. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers Secur 31(3):357–374

    Article  Google Scholar 

  12. Farea AH, Küçük K (2021) Detections of IoT attacks via machine learning-based approaches with Cooja. EAI Endorsed Trans Internet Things 7(28):e1–e1

    Article  Google Scholar 

  13. Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference, pp 1–6

  14. Ullah I, Mahmoud QH (2020) A scheme for generating a dataset for anomalous activity detection in iot networks. Canadian conference on artificial intelligence. Springer International Publishing, Cham, pp 508–520

    Google Scholar 

  15. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Future Generation Comput Syst 100:779–796

    Article  Google Scholar 

  16. Moustafa N (2021) A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets. Sustainable Cities Soc 72:102994

    Article  Google Scholar 

  17. Albulayhi K, Abu Al-Haija Q, Alsuhibany SA, Jillepalli AA, Ashrafuzzaman M, Sheldon FT (2022) IoT intrusion detection using machine learning with a novel high performing feature selection method. Appl Sci 12(10):5015

    Article  Google Scholar 

  18. Alsulami AA, Al-Haija A, Tayeb Q, Alqahtani A (2022) An intrusion detection and classification system for IoT Traffic with Improved Data Engineering. Appl Sci 12(23):12336

    Article  Google Scholar 

  19. Sarwar A, Alnajim AM, Marwat SNK, Ahmed S, Alyahya S, Khan WU (2022) Enhanced anomaly detection system for iot based on improved dynamic SBPSO. Sensors 22(13):4926

    Article  Google Scholar 

  20. Baz M (2022) SEHIDS: self evolving host-based intrusion detection system for IoT Networks. Sensors 22(17):6505

    Article  Google Scholar 

  21. Albulayhi K, Smadi AA, Sheldon FT, Abercrombie RK (2021) IoT intrusion detection taxonomy, reference architecture, and analyses. Sensors 21(19):6432

    Article  Google Scholar 

  22. Ullah S, Ahmad J, Khan MA, Alkhammash EH, Hadjouni M, Ghadi YY,…, Pitropakis N (2022) A new intrusion detection system for the internet of things via deep convolutional neural network and feature engineering. Sensors 22(10):3607

  23. Qaddoura R, Al-Zoubi M, Faris A, Almomani I (2021) A multi-layer classification approach for intrusion detection in iot networks based on deep learning. Sensors 21(9):2987

    Article  Google Scholar 

  24. Islam N, Farhin F, Sultana I, Kaiser S, Rahman S, Mahmud M, Hosen S, Cho GH (2021) Towards machine learning based intrusion detection in IoT Networks. Computers Mater Continua 69(2):1801–1821

    Article  Google Scholar 

  25. Song Y, Hyun S, Cheong YG (2021) Analysis of autoencoders for network intrusion detection. Sensors 21(13):4294

    Article  Google Scholar 

  26. Hussein AY, Falcarin P, Sadiq AT (2021) Enhancement performance of random forest algorithm via one hot encoding for IoT IDS. Periodicals Eng Nat Sci 9(3):579–591

    Google Scholar 

  27. Dat-Thinh N, Xuan-Ninh H, Kim-Hung L (2022) MidSiot: a multistage intrusion detection system for internet of things. Wireless Commun Mob Comput 2022:1–15. https://doi.org/10.1155/2022/9173291

  28. Maniriho P, Niyigaba E, Bizimana Z, Twiringiyimana V, Mahoro LJ, Ahmad T (2020) Anomaly-based intrusion detection approach for iot networks using machine learning. In: 2020 International Conference on Computer Engineering, Network, and Intelligent Multimedia, 303–308

  29. Alkahtani H, Aldhyani TH (2021) Intrusion detection system to advance internet of things infrastructure-based deep learning algorithms. Complexity, pp 1–18

  30. Jiang J, Liu Y, Dezfouli B (2018) A root-based defense mechanism against RPL blackhole attacks in internet of things networks. In: 2018 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference, pp 1194–1199

  31. Patel HB, Jinwala DC (2019) Blackhole detection in 6LoWPAN based internet of things: an anomaly based approach. In: TENCON 2019–2019 IEEE Region 10 Conference (TENCON), pp 947–954

  32. Generated Datasets. https://amityedu96491-my.sharepoint.com/:f:/g/personal/vandana_choudhary_s_amity_edu/EmmqqicHSKZNjLy19a7GS84B2F4HWMGSfACZ9h5JMIz66A?e=hqlBRH.  Accessed 30 Jun 2023

  33. Contiki-OS. http://www.contiki-os.org/. Accessed 30 Mar 2023

  34. Moteiv Corporation Tmote Sky—Ultra Low Power IEEE 802.15.4 Compliant Wireless Sensor Module (2006) Available online: http://www.crew-project.eu/sites/default/files/tmote-sky-datasheet.pdf. Accessed 5 May 2023

  35. Wireshark Go Deep. https://www.wireshark.org/. Accessed 1 June 2023

  36. Choudhary V, Tanwar S, Choudhury T (2024) Evaluation of contemporary intrusion detection systems for internet of things environment. Multimed Tools Appl 83(3):7541–7581

Download references

Funding

No specific grants from funding agencies in the public, commercial, or not-for-profit sectors were received for this research.

Author information

Authors and Affiliations

  1. Amity Institute of Information Technology, Amity University Uttar Pradesh, Noida, India

    Vandana Choudhary & Sarvesh Tanwar

Authors
  1. Vandana Choudhary
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sarvesh Tanwar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sarvesh Tanwar.

Ethics declarations

Conflict of interest/Competing interests

The authors affirm that there are no conflicts of interest that could impact the work presented in this paper.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Choudhary, V., Tanwar, S. Generation & evaluation of datasets for anomaly-based intrusion detection systems in IoT environments. Multimed Tools Appl (2024). https://doi.org/10.1007/s11042-024-19066-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11042-024-19066-2

Keywords

Search

Navigation