Abstract
The Internet of Things (IoT) has garnered significant attention for its diverse applications, but the proliferation of devices introduces security threats. This paper addresses the need for comprehensive IoT-specific datasets to enhance research on intrusion detection systems (IDSs) and security mechanisms for IoT. Using the Cooja Simulator (Contiki-OS), we present a methodological approach for generating benign and malicious IoT-specific datasets, specifically leveraging a blackhole attack. We examine the impact of single and colluding blackhole attacks on the Routing Protocol for Low Power and Lossy Networks (RPL). Our results highlight a discernible decrease in packet delivery rate and a concurrent increase in average power consumption as malicious nodes escalate, underscoring the need to consider malicious scenarios in evaluating IoT network performance. The study provides crucial insights into compromised networks. Moreover, the generated datasets were employed for the training and assessment of various machine learning and deep learning models. Notably, the Decision Tree model outperformed other models, including Logistic Regression, Random Forest, Naïve Bayes, Support Vector Machine (SVM), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and CNN-LSTM. The Decision Tree consistently demonstrated exceptional performance, attaining a perfect score of 100% across all scenarios, setting it apart from the other models. The diverse performance exhibited by these models across different malicious scenarios emphasizes the importance of selecting appropriate models for effective intrusion detection in IoT networks. In conclusion, our study represents a valuable resource for the IoT research community, providing authentic datasets, insights into network compromise effects, and model performance evaluation. These findings not only emphasize the immediate need for robust security measures in IoT environments but also pave the way for future investigations into novel attacks and innovative mitigation strategies.
Similar content being viewed by others
Data availability
Data sharing is applicable to this article, as datasets were generated or analyzed during the current study.
References
Bhola B, Kumar R, Rani P, Sharma R, Mohammed MA, Yadav K, Alotaibi SD, Alkwai LM (2022) Quality-enabled decentralized dynamic IoT platform with scalable resources integration. IET Commun 1–10
Choudhary V, Tanwar S (2023) A concise review on internet of things: architecture and its enabling technologies. Computational Intelligence for Engineering and Management Applications: Select Proceedings of CIEMA, pp 443–456
Azizan AH, Mostafa SA, Mustapha A, Foozy CFM, Wahab MHA, Mohammed MA, Khalaf BA (2021) A machine learning approach for improving the performance of network intrusion detection systems. Annals Emerg Technol Comput (AETiC) 5(5):201–208
Choudhary V, Tanwar S, Rana A (2021) Demystifying security and applications of the Internet of Things. In: 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions), pp 1–5
Alfoudi AS, Aziz MR, Alyasseri ZAA, Alsaeedi AH, Nuiaa RR, Mohammed MA, Abdulkareem KA, Jaber MM (2022) Hyper clustering model for dynamic network intrusion detection. IET Commun 1–13
Essop I, Ribeiro JC, Papaioannou M, Zachos G, Mantas G, Rodriguez J (2021) Generating datasets for anomaly-based intrusion detection systems in iot and industrial iot networks. Sensors 21(4):1528
Alsaedi A, Moustafa N, Tari Z, Mahmood A, Anwar A (2020) TON_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8:165130–165150
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp 1–6
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 1:108–116
KDD Cup (1999) Dataset Available online: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 29 June 2023
Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers Secur 31(3):357–374
Farea AH, Küçük K (2021) Detections of IoT attacks via machine learning-based approaches with Cooja. EAI Endorsed Trans Internet Things 7(28):e1–e1
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference, pp 1–6
Ullah I, Mahmoud QH (2020) A scheme for generating a dataset for anomalous activity detection in iot networks. Canadian conference on artificial intelligence. Springer International Publishing, Cham, pp 508–520
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Future Generation Comput Syst 100:779–796
Moustafa N (2021) A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets. Sustainable Cities Soc 72:102994
Albulayhi K, Abu Al-Haija Q, Alsuhibany SA, Jillepalli AA, Ashrafuzzaman M, Sheldon FT (2022) IoT intrusion detection using machine learning with a novel high performing feature selection method. Appl Sci 12(10):5015
Alsulami AA, Al-Haija A, Tayeb Q, Alqahtani A (2022) An intrusion detection and classification system for IoT Traffic with Improved Data Engineering. Appl Sci 12(23):12336
Sarwar A, Alnajim AM, Marwat SNK, Ahmed S, Alyahya S, Khan WU (2022) Enhanced anomaly detection system for iot based on improved dynamic SBPSO. Sensors 22(13):4926
Baz M (2022) SEHIDS: self evolving host-based intrusion detection system for IoT Networks. Sensors 22(17):6505
Albulayhi K, Smadi AA, Sheldon FT, Abercrombie RK (2021) IoT intrusion detection taxonomy, reference architecture, and analyses. Sensors 21(19):6432
Ullah S, Ahmad J, Khan MA, Alkhammash EH, Hadjouni M, Ghadi YY,…, Pitropakis N (2022) A new intrusion detection system for the internet of things via deep convolutional neural network and feature engineering. Sensors 22(10):3607
Qaddoura R, Al-Zoubi M, Faris A, Almomani I (2021) A multi-layer classification approach for intrusion detection in iot networks based on deep learning. Sensors 21(9):2987
Islam N, Farhin F, Sultana I, Kaiser S, Rahman S, Mahmud M, Hosen S, Cho GH (2021) Towards machine learning based intrusion detection in IoT Networks. Computers Mater Continua 69(2):1801–1821
Song Y, Hyun S, Cheong YG (2021) Analysis of autoencoders for network intrusion detection. Sensors 21(13):4294
Hussein AY, Falcarin P, Sadiq AT (2021) Enhancement performance of random forest algorithm via one hot encoding for IoT IDS. Periodicals Eng Nat Sci 9(3):579–591
Dat-Thinh N, Xuan-Ninh H, Kim-Hung L (2022) MidSiot: a multistage intrusion detection system for internet of things. Wireless Commun Mob Comput 2022:1–15. https://doi.org/10.1155/2022/9173291
Maniriho P, Niyigaba E, Bizimana Z, Twiringiyimana V, Mahoro LJ, Ahmad T (2020) Anomaly-based intrusion detection approach for iot networks using machine learning. In: 2020 International Conference on Computer Engineering, Network, and Intelligent Multimedia, 303–308
Alkahtani H, Aldhyani TH (2021) Intrusion detection system to advance internet of things infrastructure-based deep learning algorithms. Complexity, pp 1–18
Jiang J, Liu Y, Dezfouli B (2018) A root-based defense mechanism against RPL blackhole attacks in internet of things networks. In: 2018 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference, pp 1194–1199
Patel HB, Jinwala DC (2019) Blackhole detection in 6LoWPAN based internet of things: an anomaly based approach. In: TENCON 2019–2019 IEEE Region 10 Conference (TENCON), pp 947–954
Generated Datasets. https://amityedu96491-my.sharepoint.com/:f:/g/personal/vandana_choudhary_s_amity_edu/EmmqqicHSKZNjLy19a7GS84B2F4HWMGSfACZ9h5JMIz66A?e=hqlBRH. Accessed 30 Jun 2023
Contiki-OS. http://www.contiki-os.org/. Accessed 30 Mar 2023
Moteiv Corporation Tmote Sky—Ultra Low Power IEEE 802.15.4 Compliant Wireless Sensor Module (2006) Available online: http://www.crew-project.eu/sites/default/files/tmote-sky-datasheet.pdf. Accessed 5 May 2023
Wireshark Go Deep. https://www.wireshark.org/. Accessed 1 June 2023
Choudhary V, Tanwar S, Choudhury T (2024) Evaluation of contemporary intrusion detection systems for internet of things environment. Multimed Tools Appl 83(3):7541–7581
Funding
No specific grants from funding agencies in the public, commercial, or not-for-profit sectors were received for this research.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest/Competing interests
The authors affirm that there are no conflicts of interest that could impact the work presented in this paper.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Choudhary, V., Tanwar, S. Generation & evaluation of datasets for anomaly-based intrusion detection systems in IoT environments. Multimed Tools Appl (2024). https://doi.org/10.1007/s11042-024-19066-2
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11042-024-19066-2