Skip to main content
SpringerLink
Log in

Machine Learning Based Intrusion Detection Systems for IoT Applications

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Internet of Things (IoT) and its applications are the most popular research areas at present. The characteristics of IoT on one side make it easily applicable to real-life applications, whereas on the other side expose it to cyber threats. Denial of Service (DoS) is one of the most catastrophic attacks against IoT. In this paper, we investigate the prospects of using machine learning classification algorithms for securing IoT against DoS attacks. A comprehensive study is carried on the classifiers which can advance the development of anomaly-based intrusion detection systems (IDSs). Performance assessment of classifiers is done in terms of prominent metrics and validation methods. Popular datasets CIDDS-001, UNSW-NB15, and NSL-KDD are used for benchmarking classifiers. Friedman and Nemenyi tests are employed to analyze the significant differences among classifiers statistically. In addition, Raspberry Pi is used to evaluate the response time of classifiers on IoT specific hardware. We also discuss a methodology for selecting the best classifier as per application requirements. The main goals of this study are to motivate IoT security researchers for developing IDSs using ensemble learning, and suggesting appropriate methods for statistical assessment of classifier’s performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. (2014). Suricata: Open-source ids/ips/nsm engine. Retrieved November 3, 2019, from https://suricata-ids.org/.

  2. (2017). CIDDS-001 dataset. Retrieved November 3, 2019, from https://www.hs-coburg.de/forschung-kooperation/forschungsprojekte-oeffentlich/ingenieurwissenschaften/cidds-coburg-intrusion-detection-data-sets.html.

  3. (2017). NSL-KDD dataset. Retrieved November 3, 2019, from http://nsl.cs.unb.ca/nsl-kdd/.

  4. (2017). UNSW-NB15 dataset. Retrieved November 3, 2019, from https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-NB15-Datasets/.

  5. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys Tutorials, 17(4), 2347–2376.

    Google Scholar 

  6. Arış, A., Oktuğ, S. F., & Yalçın, S. B. Ö. (2015). Internet-of-things security: Denial of service attacks. In IEEE 23th signal processing and communications applications conference (SIU) (pp. 903–906).

  7. Ashton, K. (2009). That ‘Internet of Things’ thing. RFID Journal, 22(7), 97–114.

    Google Scholar 

  8. Axelsson, S. (2000). Intrusion detection systems: A survey and taxonomy. Technical report.

  9. Baykara, M., & Das, R. (2017). A novel hybrid approach for detection of webbased attacks in intrusion detection systems. International Journal of Computer Networks and Applications, 4(2), 62–76.

    Google Scholar 

  10. Bergstra, J., & Bengio, Y. (2012). Random search for hyper-parameter optimization. Journal of Machine Learning Research, 13(Feb), 281–305.

    MathSciNet  MATH  Google Scholar 

  11. Bishop, C. M. (2006). Pattern recognition and machine learning (Information science and statistics). Berlin: Springer.

    MATH  Google Scholar 

  12. Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5–32.

    MATH  Google Scholar 

  13. Breiman, L. (2017). Classification and regression trees. London: Routledge.

    Google Scholar 

  14. Butun, I., Morgera, S. D., & Sankar, R. (2014). A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials, 16(1), 266–282.

    Google Scholar 

  15. Chen, T., & Guestrin, C. (2016). Xgboost: A scalable tree boosting system. In ACM, proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining (pp. 785–794).

  16. Conover, W. J., & Conover, W. J. (1980). Practical nonparametric statistics. New York: Wiley.

    MATH  Google Scholar 

  17. Das, R., Tuna, A., Demirel, S., & Yurdakul, M. K. (2017). A survey on the Internet of Things solutions for the elderly and disabled: Applications, prospects, and challenges. International Journal of Computer Networks and Applications, 4(3), 84–92.

    Google Scholar 

  18. Debar, H., Dacier, M., & Wespi, A. (2000). A revised taxonomy for intrusion-detection systems. Annales Des Télécommunications, 55(7), 361–378.

    Google Scholar 

  19. Demšar, J. (2006). Statistical comparisons of classifiers over multiple data sets. Journal of Machine Learning Research, 7(Jan), 1–30.

    MathSciNet  MATH  Google Scholar 

  20. Dhanjani, N. (2013). Hacking lightbulbs: Security evaluation of the philips hue personal wireless lighting system. Retrieved November 3, 2019, from https://www.dhanjani.com/docs/Hacking.

  21. Diro, A. A., & Chilamkurti, N. (2018). Distributed attack detection scheme using deep learning approach for Internet of Things. Future Generation Computer Systems, 82, 761–768.

    Google Scholar 

  22. Douglas, P. K., Harris, S., Yuille, A., & Cohen, M. S. (2011). Performance comparison of machine learning algorithms and number of independent components used in FMRI decoding of belief vs. disbelief. Neuroimage, 56(2), 544–553.

    Google Scholar 

  23. Dunkels, A., Gronvall, B., & Voigt, T. (2004). Contiki—A lightweight and flexible operating system for tiny networked sensors. In IEEE 29th annual IEEE international conference on local computer networks (pp. 455–462).

  24. Dunn, O. J. (1961). Multiple comparisons among means. Journal of the American Statistical Association, 56(293), 52–64.

    MathSciNet  MATH  Google Scholar 

  25. Freund, Y., & Schapire, R. E. (1997). A decision-theoretic generalization of on-line learning and an application to boosting. Journal of Computer and System Sciences, 55(1), 119–139.

    MathSciNet  MATH  Google Scholar 

  26. Friedman, J. (2001). Greedy function approximation: A gradient boosting machine. The Annals of Statistics, 29(5), 1189–1232.

    MathSciNet  MATH  Google Scholar 

  27. Friedman, J. H. (2002). Stochastic gradient boosting. Computational Statistics & Data Analysis, 38(4), 367–378.

    MathSciNet  MATH  Google Scholar 

  28. Friedman, M. (1937). The use of ranks to avoid the assumption of normality implicit in the analysis of variance. Journal of the American Statistical Association, 32(200), 675–701.

    MATH  Google Scholar 

  29. Galar, M., Fernandez, A., Barrenechea, E., Bustince, H., & Herrera, F. (2011). A review on ensembles for the class imbalance problem: Bagging-, boosting-, and hybrid-based approaches. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 42(4), 463–484.

    Google Scholar 

  30. Gao, L., & Bai, X. (2014). A unified perspective on the factors influencing consumer acceptance of Internet of Things technology. Asia Pacific Journal of Marketing and Logistics, 26(2), 211–231.

    Google Scholar 

  31. Garcia, S., & Herrera, F. (2008). An extension on statistical comparisons of classifiers over multiple data sets for all pairwise comparisons. Journal of Machine Learning Research, 9(Dec), 2677–2694.

    MATH  Google Scholar 

  32. Garcia-Teodoro, p, Diaz-Verdejo, j, & Maciá-Fernández, G. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1–2), 18–28.

    Google Scholar 

  33. Geurts, P., Ernst, D., & Wehenkel, L. (2006). Extremely randomized trees. Machine Learning, 63(1), 3–42.

    MATH  Google Scholar 

  34. Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security for the Internet of Things: A survey of existing protocols and open research issues. IEEE Communications Surveys Tutorials, 17(3), 1294–1312.

    Google Scholar 

  35. Haykin, S. (1994). Neural networks: A comprehensive foundation. Englewood Cliffs: Prentice Hall PTR.

    MATH  Google Scholar 

  36. Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P. L., Iorkyase, E., Tachtatzis, C., et al. (2016). Threat analysis of IoT networks using artificial neural network intrusion detection system. In International symposium on networks, computers and communications (ISNCC) (pp. 1–6). IEEE.

  37. Hwang, Y. H. (2015). Iot security & privacy: Threats and challenges. In: Proceedings of the 1st ACM workshop on IoT privacy, trust, and security (pp. 1–1). New York, NY: ACM

  38. Kasinathan, P., Costamagna, G., Khaleel, H., Pastrone, C., & Spirito, M. A. (2013). Demo: An ids framework for Internet of Things empowered by 6lowpan. In Proceedings of the 2013 ACM SIGSAC conference on computer & communications security (CCS ’13) (pp. 1337–1340). New York, NY: ACM.

  39. Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). Denial-of-service detection in 6lowpan based Internet of Things. In IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob) (pp. 600–607).

  40. Kim, J. H. (2009). Estimating classification error rate: Repeated cross-validation, repeated hold-out and bootstrap. Computational Statistics & Data Analysis, 53(11), 3735–3745.

    MathSciNet  MATH  Google Scholar 

  41. Krawczyk, B., Minku, L. L., Gama, J., Stefanowski, J., & Woźniak, M. (2017). Ensemble learning for data stream analysis: A survey. Information Fusion, 37, 132–156.

    Google Scholar 

  42. Lee, T. H., Wen, C. H., Chang, L. H., Chiang, H. S., & Hsieh, M. C. (2014). A lightweight intrusion detection scheme based on energy consumption analysis in 6lowpan (pp. 1205–1213)., Advanced technologies, embedded and multimedia for human-centric computing Dordrecht: Springer.

    Google Scholar 

  43. Li, X., Lu, R., Liang, X., Shen, X., Chen, J., & Lin, X. (2011). Smart community: An Internet of Things application. IEEE Communications Magazine, 49(11), 68–75.

    Google Scholar 

  44. Lunt, T. F. (1993). A survey of intrusion detection. Computers & Security, 12, 405–418.

    Google Scholar 

  45. Medhat, M., Elshafey, K., & Rashed, A. (2019). Evaluation of optimum NPRACH performance in NB-IoT systems. International Journal of Computer Networks and Applications, 6(4), 55–64.

    Google Scholar 

  46. Misra, S., Krishna, P. V., Agarwal, H., Saxena, A., & Obaidat, M. S. (2011). A learning automata based solution for preventing distributed denial of service in Internet of Things. In IEEE, 4th international conference on cyber, physical and social computing, Internet of Things (ithings/cpscom) (pp. 114–122).

  47. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57.

    Google Scholar 

  48. Moosavi, S. R., Gia, T. N., Rahmani, A. M., Nigussie, E., Virtanen, S., Isoaho, J., et al. (2015). Sea: A secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways. Procedia Computer Science, 52, 452–459.

    Google Scholar 

  49. Mosenia, A., & Jha, N. K. (2017). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing, 5(4), 586–602.

    Google Scholar 

  50. Notra, S., Siddiqi, M., Gharakheili, H. H., Sivaraman, V., & Boreli, R. (2014). An experimental study of security and privacy risks with emerging household appliances. In 2014 IEEE conference on communications and network security (pp. 79–84). https://doi.org/10.1109/CNS.2014.6997469.

  51. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., et al. (2011). Scikit-learn: Machine learning in python. Journal of Machine Learning Research, 12(Oct), 2825–2830.

    MathSciNet  MATH  Google Scholar 

  52. Primartha, R., & Tama, B. A. (2017). Anomaly detection using random forest: A performance revisited. In 2017 International conference on data and software engineering (ICoDSE) (pp. 1–6). IEEE.

  53. Rodriguez, J. D., Perez, A., & Lozano, J. A. (2010). Sensitivity analysis of k-fold cross validation in prediction error estimation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 32(3), 569–575.

    Google Scholar 

  54. Rodríguez-Fdez, I., Canosa, A., Mucientes, M., & Bugarín, A. (2015). Stac: A web platform for the comparison of algorithms using statistical tests. In IEEE international conference on fuzzy systems (FUZZ-IEEE) (pp. 1–8).

  55. Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, 57(10), 2266–2279.

    Google Scholar 

  56. Ronen, E., & Shamir, A. (2016). Extended functionality attacks on IoT devices: The case of smart lights. In 2016 IEEE European symposium on security and privacy (EuroS P) (pp. 3–12). https://doi.org/10.1109/EuroSP.2016.13.

  57. Sagi, O., & Rokach, L. (2018). Ensemble learning: A survey. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 8(4), e1249.

    Google Scholar 

  58. Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2018). A roadmap for security challenges in the Internet of Things. Digital Communications and Networks, 4(2), 118–137.

    Google Scholar 

  59. Sivaraman, V., Gharakheili, H. H., Vishwanath, A., Boreli, R., & Mehani, O. (2015). Network-level security and privacy control for smart-home IoT devices. In IEEE 11th international conference on wireless and mobile computing, networking and communications (WiMob) (pp. 163–167). https://doi.org/10.1109/WiMOB.2015.7347956.

  60. Sonar, K., & Upadhyay, H. (2016). An approach to secure Internet of Things against DDOS. In Springer proceedings of international conference on ICT for sustainable development (pp. 367–376).

  61. Tama, B. A., & Rhee, K. H. (2019). An in-depth experimental study of anomaly detection using gradient boosted machine. Neural Computing and Applications, 31(4), 955–965.

    Google Scholar 

  62. Verma, A., & Ranga, V. (2018a). On evaluation of network intrusion detection systems: Statistical analysis of CIDDS-001 dataset using machine learning techniques. Pertanika Journal of Science & Technology, 26(3), 1307–1332.

    Google Scholar 

  63. Verma, A., & Ranga, V. (2018). Statistical analysis of CIDDS-001 dataset for network intrusion detection systems using distance-based machine learning. Procedia Computer Science, 125, 709–716.

    Google Scholar 

  64. Verma, A., & Ranga, V. (2019a). ELNIDS: Ensemble learning based network intrusion detection system for RPL based Internet of Things. In 2019 4th International conference on Internet of Things: Smart innovation and usages (IoT-SIU) (pp. 1–6). IEEE.

  65. Verma, A., & Ranga, V. (2019). Evaluation of network intrusion detection systems for RPL based 6LoWPAN networks in IoT. Wireless Personal Communications, 108(3), 1571–1594.

    Google Scholar 

  66. Williams, N., Zander, S., & Armitage, G. (2006). A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Computer Communication Review, 36(5), 5–16.

    Google Scholar 

  67. Wolpert, D. H., Macready, W. G., et al. (1997). No free lunch theorems for optimization. IEEE Transactions on Evolutionary Computation, 1(1), 67–82.

    Google Scholar 

  68. Zahoor, S., & Mir, R. N. (2018). Virtualization and IoT resource management: A survey. International Journal of Computer Networks and Applications, 5(4), 43–51.

    Google Scholar 

  69. Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25–37.

    Google Scholar 

  70. Zhao, C. W., Jayanand, J., & Son, C. L. (2015). Exploring IoT application using Raspberry Pi. International Journal of Computer Networks and Applications, 2(1), 27–34.

    Google Scholar 

  71. Zhao, K., & Ge, L. (2013). A survey on the Internet of Things security. In IEEE 9th international conference on computational intelligence and security (CIS) (pp. 663–667).

  72. Ziegeldorf, J. H., Morchon, O. G., & Wehrle, K. (2014). Privacy in the Internet of Things: Threats and challenges. Security and Communication Networks, 7(12), 2728–2742.

    Google Scholar 

Download references

Acknowledgements

This research was supported by the Ministry of Human Resource Development, Government of India.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, India

    Abhishek Verma & Virender Ranga

Authors
  1. Abhishek Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Virender Ranga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abhishek Verma.

Ethics declarations

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Verma, A., Ranga, V. Machine Learning Based Intrusion Detection Systems for IoT Applications. Wireless Pers Commun 111, 2287–2310 (2020). https://doi.org/10.1007/s11277-019-06986-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06986-8

Keywords

Search

Navigation