Abstract
With an increasing number of network devices, the need for a robust intrusion detection system is also increasing for ensuring ubiquitous and secure Internet of Things (IoT) network traffic flow. Most of the existing intrusion detection systems do not consider the dataset imbalance and model maintenance, subsequently this leads to high bias, high false positive and false negative rates leading to security breaches. To mitigate these shortcomings, an ensemble learning model is proposed to detect anomalous behaviour in IoT network flow. The proposed machine learning pipeline uses voting between a random forest classifier and an XGBoost classifier, thus combining the bagging and the boosting algorithms, to classify the network flow as normal or anomalous. The proposed model is trained on two standard benchmark datasets: UNSW-NB15 and BoT-IoT and it attained an accuracy of 99.7% and 99.66% respectively with false positive rates of 0.0027 and 0.0042 over the two datasets with 10 folds cross-validation. If the network flow is classified as anomalous, the category of anomaly is predicted for which accuracies of 99.53% and 99.65% are attained. With such high accuracies and low false positive rate, the proposed framework can be deployed to detect any malicious or anomalous behaviour in IoT networks in the real-world conditions like in smart cities.
Similar content being viewed by others
Data availability statement
The datasets used during the current study are available in the UNSW-NB15 and BoT-IoT repository.
References
Ahmad R, Alsmadi I (2021) Machine learning approaches to IoT security: a systematic literature review. Internet Things 100365
Alaba FA, Othman M, Hashem IAT, Alotaibi F (2017) Internet of things security: a survey. J Netw Comput Appl 88:10–28
Alimi OA, Ouahada K, Abu-Mahfouz AM, Rimer S, Alimi KOA (2021) A review of research works on supervised learning algorithms for SCADA intrusion detection and classification. Sustainability 13(17):9597
Alsoufi MA, Razak S, Siraj MM, Nafea I, Ghaleb FA, Saeed F, Nasser M (2021) Anomaly-based intrusion detection systems in IoT using deep learning: a systematic literature review. Appl Sci 11(18):8383
Al-Taleb N, Saqib NA, Dash S et al (2020) Cyber threat intelligence for secure smart city. arXiv preprint arXiv:2007.13233
Arko AR, Khan SH, Preety A, Biswas MH (2019) Anomaly detection in IoT using machine learning algorithms. PhD thesis, Brac University
Auld T, Moore AW, Gull SF (2007) Bayesian neural networks for internet traffic classification. IEEE Trans Neural Netw 18(1):223–239
Aversano L, Bernardi ML, Cimitile M, Pecori R (2021) A systematic review on deep learning approaches for IoT security. Comput Sci Rev 40:100389
Belhadi A, Djenouri Y, Srivastava G, Lin JCW (2021) Reinforcement learning multi-agent system for faults diagnosis of mircoservices in industrial settings. Comput Commun 177:213–219
Buitinck L, Louppe G, Blondel M, Pedregosa F, Mueller A, Grisel O, Niculae V, Prettenhofer P, Gramfort A, Grobler J et al (2013) API design for machine learning software: experiences from the scikit-learn project. arXiv preprint arXiv:1309.0238
Burhan M, Rehman RA, Khan B, Kim BS (2018) IoT elements, layered architectures and security issues: a comprehensive survey. Sensors 18(9):2796
Calabretta M, Pecori R, Vecchio M, Veltri L (2018a) MQTT-auth: a token-based solution to endow MQTT with authentication and authorization capabilities. J Commun Softw Syst 14(4):320–331
Calabretta M, Pecori R, Veltri L (2018b) A token-based protocol for securing MQTT communications. In: 2018 26th International conference on software, telecommunications and computer networks (SoftCOM), IEEE, p 1–6
Cauteruccio F, Cinelli L, Corradini E, Terracina G, Ursino D, Virgili L, Savaglio C, Liotta A, Fortino G (2021) A framework for anomaly detection and classification in multiple IoT scenarios. Future Gen Comput Syst 114:322–335
Cervantes C, Poplade D, Nogueira M, Santos A (2015) Detection of sinkhole attacks for supporting secure routing on 6lowpan for internet of things. In: 2015 IFIP/IEEE international symposium on integrated network management (IM), IEEE, p 606–611
Chaabouni N, Mosbah M, Zemmari A, Sauvignac C, Faruki P (2019) Network intrusion detection for IoT security based on learning techniques. IEEE Commun Surv Tutor 21(3):2671–2701
Cheng Y, Xu Y, Zhong H, Liu Y (2020) Leveraging semisupervised hierarchical stacking temporal convolutional network for anomaly detection in iot communication. IEEE Internet of Things J 8(1):144–155
Cho EJ, Kim JH, Hong CS (2009) Attack model and detection scheme for botnet on 6lowpan. In: Asia-Pacific network operations and management symposium, Springer, p 515–518
da Costa KA, Papa JP, Lisboa CO, Munoz R, de Albuquerque VHC (2019) Internet of things: a survey on machine learning-based intrusion detection approaches. Comput Netw 151:147–157
Derhab A, Aldweesh A, Emam AZ, Khan FA (2020) Intrusion detection system for internet of things based on temporal convolution neural network and efficient feature engineering. Wirel Commun Mob Comput 2020
Dietterich TG (2000) An experimental comparison of three methods for constructing ensembles of decision trees: bagging, boosting, and randomization. Mach Learn 40(2):139–157
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Future Gen Comput Syst 82:761–768
Djenouri Y, Djenouri D, Belhadi A, Srivastava G, Lin JCW (2021) Emergent deep learning for anomaly detection in internet of everything. IEEE Internet Things J
Dong X, Yu Z, Cao W, Shi Y, Ma Q (2020) A survey on ensemble learning. Front Comput Sci 14(2):241–258
Engen V (2010) Machine learning for network based intrusion detection: an investigation into discrepancies in findings with the KDD CUP’99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data. PhD thesis, Bournemouth University
Fakirah J, Zishan LM, Mooruth R, Johnstone MN, Yang W (2021) A low-cost machine learning based network intrusion detection system with data privacy preservation. arXiv preprint arXiv:2107.02362
Garg S, Kaur K, Kumar N, Kaddoum G, Zomaya AY, Ranjan R (2019) A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Trans Netw Serv Manag 16(3):924–935
Golomb T, Mirsky Y, Elovici Y (2018) Ciota: Collaborative IoT anomaly detection via blockchain. arXiv preprint arXiv:1803.03807
Hasan M, Islam MM, Zarif MII, Hashem M (2019) Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet of Things 7:100059
Honeine P, Noumir Z, Richard C (2013) Multiclass classification machines with the complexity of a single binary classifier. Signal Process 93(5):1013–1026
Jung W, Zhao H, Sun M, Zhou G (2020) IoT botnet detection via power consumption modeling. Smart Health 15:100103
Kaur G (2020) A comparison of two hybrid ensemble techniques for network anomaly detection in spark distributed environment. J Inf Secur Appl 55:102601
Khoshgoftaar TM, Van Hulse J, Napolitano A (2010) Comparing boosting and bagging techniques with noisy and imbalanced data. IEEE Trans Syst Man Cybern Part A Syst Hum 41(3):552–568
Khraisat A, Gondal I, Vamplew P, Kamruzzaman J, Alazab A (2019) A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks. Electronics 8(11):1210
Kim J, Kim J, Kim H, Shim M, Choi E (2020) Cnn-based network intrusion detection against denial-of-service attacks. Electronics 9(6):916
Koroniotis N, Moustafa N, Sitnikova E, Slay J (2017) Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques. In: International conference on mobile networks and management, Springer, p 30–44
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset. Future Gen Comput Syst 100:779–796
Kotsiantis S, Pintelas P (2004) Combining bagging and boosting. Int J Comput Intell 1(4):324–333
Krawczyk B, Minku LL, Gama J, Stefanowski J, Woźniak M (2017) Ensemble learning for data stream analysis: a survey. Inf Fusion 37:132–156
Kumar V, Das AK, Sinha D (2020) Statistical analysis of the UNSW-NB15 dataset for intrusion detection. In: Computational intelligence in pattern recognition, Springer, pp 279–294
Latif S, Idrees Z, Zou Z, Ahmad J (2020) Drann: A deep random neural network model for intrusion detection in industrial IoT. In: 2020 International conference on UK-China emerging technologies (UCET), IEEE, p 1–4
Li X, Xu M, Vijayakumar P, Kumar N, Liu X (2020a) Detection of low-frequency and multi-stage attacks in industrial internet of things. IEEE Trans Veh Technol 69(8):8820–8831
Lin JCW, Srivastava G, Zhang Y, Djenouri Y, Aloqaily M (2020) Privacy-preserving multiobjective sanitization model in 6G IoT environments. IEEE Internet Things J 8(7):5340–5349
Li Y, Xu Y, Liu Z, Hou H, Zheng Y, Xin Y, Zhao Y, Cui L (2020b) Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Measurement 154
Lopez-Martin M, Carro B, Sanchez-Esguevillas A, Lloret J (2017) Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in IoT. Sensors 17(9):1967
Lopez-Martin M, Carro B, Sanchez-Esguevillas A, Lloret J (2017) Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5:18042–18050
Manimurugan S, Al-Mutairi S, Aborokbah MM, Chilamkurti N, Ganesan S, Patan R (2020) Effective attack detection in internet of medical things smart environment using a deep belief neural network. IEEE Access 8:77396–77404
Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J Glob Perspect 25(1–3):18–31
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military communications and information systems conference (MilCIS), IEEE, p 1–6
Moustafa N, Creech G, Slay J (2018a) Anomaly detection system using beta mixture models and outlier detection. In: Progress in computing, analytics and networking, Springer, p 125–135
Moustafa N, Turnbull B, Choo KKR (2018b) An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J 6(3):4815–4830
Moustafa N, Hu J, Slay J (2019) A holistic review of network anomaly detection systems: a comprehensive survey. J Netw Comput Appl 128:33–55
Muna AH, Moustafa N, Sitnikova E (2018) Identification of malicious activities in industrial internet of things based on deep learning models. J Inf Secur Appl 41:1–11
Munir M, Siddiqui SA, Dengel A, Ahmed S (2018) Deepant: a deep learning approach for unsupervised anomaly detection in time series. IEEE Access 7:1991–2005
Nawir M, Amir A, Yaakob N, Lynn OB (2019) Effective and efficient network anomaly detection system using machine learning algorithm. Bull Electr Eng Inform 8(1):46–51
Parra GDLT, Rad P, Choo KKR, Beebe N (2020) Detecting internet of things attacks using distributed deep learning. J Netw Comput Appl 163:102662
Parveen AN, Inbarani HH, Kumar ES (2012) Performance analysis of unsupervised feature selection methods. In: 2012 International conference on computing. communication and applications, IEEE, p 1–7
Pavlov DY, Gorodilov A, Brunk CA (2010) BAGBOO: a scalable hybrid bagging-the-boosting model. In: Proceedings of the 19th ACM international conference on Information and knowledge management, p 1897–1900
Pecori R, Tayebi A, Vannucci A, Veltri L (2020) IoT attack detection with deep learning analysis. In: 2020 International joint conference on neural networks (IJCNN), IEEE, p 1–8
Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V et al (2011) Scikit-learn: machine learning in python. J Mach Learn Res
Primartha R, Tama BA (2017) Anomaly detection using random forest: a performance revisited. In: 2017 International conference on data and software engineering (ICoDSE), IEEE, p 1–6
Protogerou A, Papadopoulos S, Drosou A, Tzovaras D, Refanidis I (2021) A graph neural network method for distributed anomaly detection in IoT. Evol Syst 12(1):19–36
Sarhan M, Layeghy S, Moustafa N, Portmann M (2021) A cyber threat intelligence sharing scheme based on federated learning for network intrusion detection. arXiv preprint arXiv:2111.02791
Sethi P, Sarangi SR (2017) Internet of things: architectures, protocols, and applications. J Electr Comput Eng 2017
Shi WC, Sun HM (2020) Deepbot: a time-based botnet detection with deep learning. Soft Comput 24:16605–16616
Tahsien SM, Karimipour H, Spachos P (2020) Machine learning based solutions for security of internet of things (IoT): a survey. J Netw Comput Appl 161:102630
Tama BA, Rhee KH (2017) Attack classification analysis of IoT network via deep learning approach. Res Briefs Inf Commun Technol Evol(ReBICTE) 3:1–9
Timčenko V, Gajin S (2018) Machine learning based network anomaly detection for IoT environments. In: ICIST-2018 conference
Ullah I, Mahmoud QH (2019) A two-level hybrid model for anomalous activity detection in IoT networks. In: 2019 16th IEEE annual consumer communications & networking conference (CCNC), IEEE, p 1–6
Xu R, Cheng Y, Liu Z, Xie Y, Yang Y (2020a) Improved long short-term memory based anomaly detection with concept drift adaptive method for supporting iot services. Future Gen Comput Syst 112:228–242
Xu S, Qian Y, Hu RQ (2020b) Edge intelligence assisted gateway defense in cyber security. IEEE Netw 34(4):14–19
Yap BW, Abd Rani K, Abd Rahman HA, Fong S, Khairudin Z, Abdullah NN (2014) An application of oversampling, undersampling, bagging and boosting in handling imbalanced datasets. In: Proceedings of the first international conference on advanced data and information engineering (DaEng-2013), Springer, p 13–22
Yin C, Zhang S, Wang J, Xiong NN (2020) Anomaly detection based on convolutional recurrent autoencoder for IoT time series. IEEE Trans Syst Man Cybern Syst
Zhong Y, Chen W, Wang Z, Chen Y, Wang K, Li Y, Yin X, Shi X, Yang J, Li K (2020) Helad: a novel network anomaly detection model based on heterogeneous ensemble learning. Comput Netw 169:107049
Zhou ZH (2009) Ensemble learning. Encycl Biometr 1:270–273
Funding
Not applicable.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Srivastav, D., Srivastava, P. A two-tier hybrid ensemble learning pipeline for intrusion detection systems in IoT networks. J Ambient Intell Human Comput 14, 3913–3927 (2023). https://doi.org/10.1007/s12652-022-04461-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-022-04461-0