Abstract
Internet of things (IoT) is vulnerable to the intrusion that may lead to security threats in the IoT ecosystem. Due to different architecture and protocol stack, the traditional intrusion detection system (IDS) does not work well for generating alarm during possible intrusion in IoT. Machine learning is one of the potential tools for effective intrusion detection. However, to apply them in IoT, it may need customization to work with IoT traffic. The situation becomes adverse when the attack patterns are not known Apriori. To mislead IDS, attackers frequently change the attack patterns. As a result, traditional machine learning methods usually fail to handle such dynamic intrusion effectively. In this work, we try to assess seven (07) well-known classification models for their suitability in the IoT network in detecting novel/dynamic attacks. It is more vulnerable and lethal for a system, if a detection system misclassifies a novel (unseen) attack as normal traffic. During our study, we assess such scenario of misclassification by our candidate models. Our result reveals that random forest performs better in detecting seen IoT attacks. SVM is superior in keeping a low misclassification rate for dynamic attacks as regular traffic. Our investigation further concludes that the best IDS system is not always the best detector for handling novel attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The words novel/unseen/unknown/dynamic for never seen before the attack will be used interchangeably.
- 2.
- 3.
References
Ashton, K., et al.: That ‘internet of things’ thing. RFID J. 22(7), 97–114 (2009)
Borgia, E.: The internet of things vision: key features, applications and open issues. Comput. Commun. 54, 1–31 (2014)
Bamakan, S.M.H., Wang, H., Yingjie, T., Shi, Y.: An effective intrusion detection framework based on mclp/svm optimized by time-varying chaos particle swarm optimization. Neurocomputing 199, 90–102 (2016)
Farnaaz, N., Jabbar, M.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89(1), 213–217 (2016)
Singh, R., Kumar, H., Singla, R.: An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst. Appl. 42(22), 8609–8624 (2015)
Wang, H., Gu, J., Wang, S.: An effective intrusion detection framework based on SVM with feature augmentation. Knowl.-Based Syst. 136, 130–139 (2017)
da Costa, K.A., Papa, J.P., Lisboa, C.O., Munoz, R., de Albuquerque, V.H.C.: Internet of things: a survey on machine learning-based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019)
Zarpelão, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25–37 (2017)
Meng, W.: Intrusion detection in the era of IoT: building trust via traffic filtering and sampling. Computer 51(7), 36–43 (2018)
Bostani, H., Sheikhan, M.: Hybrid of anomaly-based and specification-based ids for internet of things using unsupervised OPF based on mapreduce approach. Comput. Commun. 98, 52–71 (2017)
Diro, A.A., Chilamkurti, N.: Distributed attack detection scheme using deep learning approach for internet of things. Future Gener. Comput. Syst. 82, 761–768 (2018)
Azmoodeh, A., Dehghantanha, A., Choo, K.K.R.: Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4(1), 88–95 (2018)
Mukherjee, S., Sharma, N.: Intrusion detection using Naive Bayes classifier with feature reduction. Procedia Technol. 4, 119–128 (2012)
Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft. Comput. 20(1), 343–357 (2016)
Ozay, M., Esnaola, I., Vural, F.T.Y., Kulkarni, S.R., Poor, H.V.: Machine learning methods for attack detection in the smart grid. IEEE Trans. Neural Netw. Learn. Syst. 27(8), 1773–1786 (2015)
Alsheikh, M.A., Lin, S., Niyato, D., Tan, H.P.: Machine learning in wireless sensor networks: algorithms, strategies, and applications. IEEE Commun. Surv. Tutor. 16(4), 1996–2018 (2014)
Branch, J.W., Giannella, C., Szymanski, B., Wolff, R., Kargupta, H.: In-network outlier detection in wireless sensor networks. Knowl. Inf. Syst. 34(1), 23–54 (2013)
Xiao, L., Li, Y., Han, G., Liu, G., Zhuang, W.: Phy-layer spoofing detection with reinforcement learning in wireless networks. IEEE Trans. Veh. Technol. 65(12), 10037–10047 (2016)
Xiao, L., Li, Y., Huang, X., Du, X.: Cloud-based malware detection game for mobile devices with offloading. IEEE Trans. Mob. Comput. 16(10), 2742–2750 (2017)
Xiao, L., Xie, C., Chen, T., Dai, H., Poor, H.V.: A mobile offloading game against smart attacks. IEEE Access 4, 2281–2291 (2016)
Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: Ddos in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Raza, S., Wallgren, L., Voigt, T.: Svelte: real-time intrusion detection in the internet of things. Ad Hoc Netw. 11(8), 2661–2674 (2013)
Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21–27 (1967)
Jagadish, H.V., Ooi, B.C., Tan, K.L., Yu, C., Zhang, R.: idistance: an adaptive b+-tree based indexing method for nearest neighbor search. ACM Trans. Database Syst. (TODS) 30(2), 364–397 (2005)
McCallum, A., Nigam, K., et al.: A comparison of event models for Naive Bayes text classification. In: AAAI-98 Workshop on Learning for Text Categorization, vol. 752, pp. 41–48. Citeseer (1998)
Zhang, H.: The optimality of Naive Bayes. AA 1(2), 3 (2004)
Panda, M., Patra, M.R.: Network intrusion detection using Naive Bayes. Int. J. Comput. Sci. Netw. Secur. 7(12), 258–263 (2007)
Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)
Cristianini, N., Shawe-Taylor, J., et al.: An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods. Cambridge University Press (2000)
Kotsiantis, S.B.: Decision trees: a recent overview. Artif. Intell. Rev. 39(4), 261–283 (2013)
Loh, W.Y.: Classification and regression trees. Wiley Interdisc. Rev. Data Min. Knowl. Discov. 1(1), 14–23 (2011)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Freund, Y., Schapire, R., Abe, N.: A short introduction to boosting. Journal-Japanese Society For Artificial Intelligence 14(771–780), 1612 (1999)
Jumutc, V., Langone, R., Suykens, J.A.: Regularized and sparse stochastic k-means for distributed large-scale clustering. In: 2015 IEEE International Conference on Big Data (Big Data). pp. 2535–2540. IEEE (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Chettri, L., Roy, S. (2021). How Good Are Classification Models in Handling Dynamic Intrusion Attacks in IoT?. In: Udgata, S.K., Sethi, S., Srirama, S.N. (eds) Intelligent Systems. Lecture Notes in Networks and Systems, vol 185. Springer, Singapore. https://doi.org/10.1007/978-981-33-6081-5_8
Download citation
DOI: https://doi.org/10.1007/978-981-33-6081-5_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6080-8
Online ISBN: 978-981-33-6081-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)