A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model

Abstract

The Internet of Things (IoT) is adding the advancement in the technology for creating smart environments to facilitate humans for various works. The technological developments provide many comfort and opportunities to the businesses and open the doors for the intruders or attackers to explore and exploit various attacks to evade the IoT networks’ security. Hence, security and privacy are the key anxiety to the IoT network model. Protection of computer and IoT networks from various types of attacks and threats is necessary. The traditional intrusion detection system (IDS) collects and uses massive data with unnecessary, irrelevant, and inappropriate features, which cause high detection time and low accuracy. This paper proposes an IDS to identify various attacks for IoT networks. A combination of Grey Wolf Optimization (GWO) and Particle Swarm Optimization (PSO) is used to extract relevant IoT network features. The extracted features are fed to a random forest (RF) classifier to achieve high attack detection accuracy. The experiments are conducted in the python programming environment to evaluate the proposed model on KDDCup99, NSL–KDD, and CICIDS-2017 datasets. The proposed GWO–PSO–RF NIDS model has achieved an average accuracy of 99.66% for multiclass classification. The accuracy of the proposed model has been compared with other similar approaches to show its effectiveness. The work presented here also addresses the issue of data imbalance.

References

1. 1.

   A. Ahmim, L. Maglaras, M. A. Ferrag, M. Derdour, and H. Janicke (2019) A novel hierarchical Intrusion detection system based on decision tree and rules-based models. In: 2019 15th international conference on Distributed Computing in Sensor Systems (DCOSS), Santorini island, Greece, Greece, 29–31 May 2019

2. 2.

   Ferrag MA, Maglaras L, Ahmim A, Derdour M, Janicke H (2020) RDTIDS: Rules and decision tree-based intrusion detection system for internet-of-things networks. Futur. Internet 12(3):44

3. 3.

   Saber M, Chadli S, Emharraf M, El Farissi I (2015) Modeling and implementation approach to evaluate the intrusion detection system. In: International conference on networked systems, pp 513–517

4. 4.

   Rubio-Loyola J, Sala D, Ali AI (2008) Maximizing packet loss monitoring accuracy for reliable trace collections. In: 2008 16th IEEE workshop on local and metropolitan area networks, pp 61–66

5. 5.

   Anwar S et al (2017) From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms 10(2):39

6. 6.

   Zamani M, Movahedi M (2013) Machine learning techniques for intrusion detection. arXiv Prepr. arXiv1312.2177

7. 7.

   Elhag S, Fernández A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems. Expert Syst Appl 42(1):193–202

8. 8.

   Lin W-C, Ke S-W, Tsai C-F (2015) CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl based Syst 78:13–21

9. 9.

   Zhang J, Zulkernine M (2006) A hybrid network intrusion detection technique using random forests. In: First international conference on availability, reliability and security (ARES’06), 2006, p 8

10. 10.

    Yang J, Deng J, Li S, Hao Y (2017) Improved traffic detection with support vector machine based on restricted Boltzmann machine. Soft Comput 21(11):3101–3112

11. 11.

    Tran NN, Sarker R, Hu J (2017) An approach for host-based intrusion detection system design using convolutional neural network. In: International conference on mobile networks and management, pp 116–126

12. 12.

    Rodda S (2018) Network intrusion detection systems using neural networks. Information systems design and intelligent applications. Springer, Berlin, pp 903–908

13. 13.

    Ali A, Shamsuddin SM, Ralescu AL et al (2015) Classification with class imbalance problem: a review. Int. J Adv Soft Comput Appl 7(3):176–204

14. 14.

    Abdulhammed R, Faezipour M, Abuzneid A, AbuMallouh A (2018) Deep and machine learning approaches for anomaly-based intrusion detection of imbalanced network traffic. IEEE Sens Lett 3(1):1–4

15. 15.

    Xiao Y, Xiao X (2019) An intrusion detection system based on a simplified residual network. Information 10(11):356

16. 16.

    Hamid Y, Sugumaran M, Journaux L (2016) A fusion of feature extraction and feature selection technique for network intrusion detection. Int J Secur Appl 10(8):151–158

17. 17.

    Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: synthetic minority over-sampling technique. J Artif Intell Res 16:321–357

18. 18.

    Dhaliwal SS, Nahid A-A, Abbas R (2018) Effective intrusion detection system using XGBoost. Information 9(7):149

19. 19.

    Verma P, Anwar S, Khan S, Mane SB (2018) Network intrusion detection using clustering and gradient boosting. In: 2018 9th International conference on computing, communication and networking technologies (ICCCNT), 2018, pp 1–7

20. 20.

    Kaja N, Shaout A, Ma D (2019) An intelligent intrusion detection system. Appl Intell 49(9):3235–3247

21. 21.

    Lee J, Park K (2019) GAN-based imbalanced data intrusion detection system. Pers Ubiq Comput:1–8

22. 22.

    Tkachenko R, Izonin I, Kryvinska N, Dronyuk I, Zub K (2020) An approach towards increasing prediction accuracy for the recovery of missing iot data based on the GRNN-SGTM ensemble. Sensors (Switzerland). https://doi.org/10.3390/s20092625

23. 23.

    Kasinathan P, Costamagna G, Khaleel H, Pastrone C, Spirito MA (2013) An IDS framework for internet of things empowered by 6LoWPAN. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp 1337–1340

24. 24.

    Kasinathan P, Pastrone C, Spirito MA, Vinkovits M (2013) Denial-of-Service detection in 6LoWPAN based Internet of Things. In: 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob), 2013, pp 600–607

25. 25.

    Lee T-H, Wen C-H, Chang L-H, Chiang H-S, Hsieh M-C (2014) A lightweight intrusion detection scheme based on energy consumption analysis in 6LowPAN. Advanced technologies, embedded and multimedia for human-centric computing. . Springer, Netherlands, pp 1205–1213

26. 26.

    Sonar K, Upadhyay H (2016) An approach to secure internet of things against DDoS. In: Proceedings of international conference on ICT for sustainable development, 2016, pp 367–376

27. 27.

    Venkatraman S, Surendiran B (2020) Adaptive hybrid intrusion detection system for crowd sourced multimedia internet of things systems. Multimed Tools Appl 79(5):3993–4010

28. 28.

    Zhou M, Han L, Lu H, Fu C (2020) Intrusion detection system for IoT heterogeneous perceptual network. Mob Netw Appl:1–14

29. 29.

    Elrawy MF, Awad AI, Hamed HFA (2018) Intrusion detection systems for IoT-based smart environments: a survey. J Cloud Comput 7(1):21

30. 30.

    Al-Hadhrami Y, Hussain FK (2020) Real time dataset generation framework for intrusion detection systems in IoT. Futur Gen Comput Syst

31. 31.

    Li Y et al (2020) Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Measurement 154:107450

32. 32.

    Ferrag MA, Maglaras L, Ahmim A, Derdour M, Janicke H (2020) RDTIDS: rules and decision tree-based intrusion detection system for internet-of-things networks. Futur Internet 12(3):44

33. 33.

    Babu MJ, Reddy AR (2020) SH-IDS: specification heuristics based intrusion detection system for IoT networks. Wirel Pers Commun:1–23

34. 34.

    Torres P et al (2016) A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access 5:21954–21961

35. 35.

    Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access 5:21954–21961

36. 36.

    Zarca AM et al (2019) Security management architecture for NFV/SDN-aware IoT systems. IEEE Internet Things J 6(5):8005–8020

37. 37.

    Kumar P, Chandra M, Emmanuel P (2020) An optimal intrusion detection system using GWO-SSA-DSAE model, no. Cc, pp 1–18

38. 38.

    Bagaa M, Taleb T, Bernabe JB, Skarmeta A (2020) A machine learning security framework for IoT systems. IEEE Access

39. 39.

    Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B (2010) An overview of IP flow-based intrusion detection. IEEE Commun Surv Tutor 12(3):343–356

40. 40.

    KDD Cup 1999 Data

41. 41.

    NSL-KDD|Kaggle

42. 42.

    IDS 2017|Datasets|Research|Canadian Institute for Cybersecurity|UNB

43. 43.

    Mirjalili SM, Mirjalili SM, Lewis A (2014) Grey wolf optimizer. Adv Eng Softw 69:46–61. https://doi.org/10.1016/j.advengsoft.2013.12.007

44. 44.

    Mohammadi-Ivatloo B, Moradi-Dalvand M, Rabiee A (2013) Combined heat and power economic dispatch problem solution using particle swarm optimization with time varying acceleration coefficients. Electr Power Syst Res 95:9–18

45. 45.

    Mittal N, Singh U, Sohi BS (2016) Modified grey wolf optimizer for global engineering optimization, vol 2016

46. 46.

    Machine learning random forest algorithm—Javatpoint

47. 47.

    Abdulhammed R, Musafer H, Alessa A, Faezipour M, Abuzneid A (2019) Features dimensionality reduction approaches for machine learning based network intrusion detection. Electron. https://doi.org/10.3390/electronics8030322

48. 48.

    De Gregorio M, Giordano M (2018) An experimental evaluation of weightless neural networks for multi-class classification. Appl Soft Comput 72:338–354

49. 49.

    Adnan MN, Islam MZ (2017) Forest PA: Constructing a decision forest by penalizing attributes used in previous trees. Expert Syst Appl 89:389–403

50. 50.

    Ibarguren I, Pérez JM, Muguerza J, Gurrutxaga I, Arbelaitz O (2015) Coverage-based resampling: Building robust consolidated decision trees. Knowl Based Syst 79:51–67

51. 51.

    Yulianto A, Sukarno P, Suwastika NA (2019) Improving adaboost-based intrusion detection system (IDS) performance on CIC IDS 2017 dataset. J Phys Conf Ser. https://doi.org/10.1088/1742-6596/1192/1/012018

52. 52.

    Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A, Venkatraman S (2019) Deep learning approach for intelligent intrusion detection system. IEEE Access 7:41525–41550

53. 53.

    Zhou Y, Cheng G, Jiang S, Dai M (2020) Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput Netw:107247

54. 54.

    Zhou Y et al (2019) Intrusion detection in sdn-based networks: deep recurrent neural network approach. arXiv Prepr. arXiv1904.01352, vol. 7, pp 175–195

55. 55.

    Hosseini S, Seilani H (2019) Anomaly process detection using negative selection algorithm and classification techniques. Evol Syst. https://doi.org/10.1007/s12530-019-09317-1

56. 56.

    Sapre S, Ahmadi P, Islam K (2019) A robust comparison of the KDDCup99 and NSL-KDD IoT network intrusion detection datasets through various machine learning algorithms

57. 57.

    Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768

58. 58.

    Li L, Yu Y, Bai S, Hou Y, Chen X (2017) An effective two-step intrusion detection approach based on binary classification and k-NN. IEEE Access 6:12060–12073

59. 59.

    Li Y et al (2020) “Robust detection for network intrusion of industrial IoT based on multi-CNN fusion. Meas J Int Meas Conf. https://doi.org/10.1016/j.measurement.2019.107450

60. 60.

    Dushimimana A, Tao T, Kindong R, Nishyirimbere A (2020) Bi-directional Recurrent Neural network for Intrusion Detection System (IDS) in the internet of things (IoT). Int J Adv Eng Res Sci 7(3):524–539. https://doi.org/10.22161/ijaers.73.68

61. 61.

    Kim J, Kim J, Kim H et al (2015) An approach to build an efficient intrusion detection classifier. J Platf Technol 3(4):43–52

62. 62.

    Putchala MK (2017) Deep learning approach for intrusion detection system (Ids) in the Internet of Things (Iot) network using gated recurrent neural networks (GRU). Thesis 1(1):1188–1197