A Hierarchical Deep Learning-Based Intrusion Detection Architecture for Clustered Internet of Things

J. Sens. Actuator Networks Pub Date : 2022-12-28 DOI:10.3390/jsan12010003

Rania A. Elsayed, Reem A. Hamada, M. Hammoudeh, Mahmoud Abdalla, S. Elsaid

{"title":"A Hierarchical Deep Learning-Based Intrusion Detection Architecture for Clustered Internet of Things","authors":"Rania A. Elsayed, Reem A. Hamada, M. Hammoudeh, Mahmoud Abdalla, S. Elsaid","doi":"10.3390/jsan12010003","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) system’s ever-expanding attack surface calls for a new intrusion detection system (IDS). These systems may include thousands of wireless devices that need to be protected from cyberattacks. Recent research efforts used machine learning to analyze and identify various attacks and abnormal behavior on IoT systems. Most of these techniques are characterized by low accuracy and they do not scale to today’s IoT-enabled smart cities applications. This article proposes a secure automatic two-levels intrusion detection system (SATIDS) which utilizes the minimum redundancy maximum relevance (MRMR) feature selection technique and an enhanced version of long short-term memory (LSTM) based on an artificial recurrent neural network (RNN) to enhance the IDS performance. SATIDS aims at detecting traffic anomalies with greater accuracy while also reducing the time it takes to perform this task. The proposed algorithm was trained and evaluated using two of the most recent datasets based on realistic data: ToN-IoT and InSDN datasets. The performance analysis of the proposed system proves that it can differentiate between attacks and normal traffic, identify the attack category, and finally define the type of sub-attack with high accuracy. Comparing the performance of the proposed system with the existing IDSs reveals that it outperforms its best rivals from the literature in detecting many types of attacks. It improves accuracy, detection rates, F1-score, and precision. Using 500 hidden and two LSTM layers achieves accuracy of 97.5%, precision of 98.4%, detection rate of 97.9%, and F1-score of 98.05% on ToN-IoT dataset, and precision of 99%, detection rate of 99.6%, and F1-score of 99.3% on InSDN dataset. Finally, SATIDS was applied to an IoT network which utilizes the energy harvesting real-time routing protocol (EHRT). EHRT optimizes the low-energy adaptive clustering hierarchy (LEACH) routing technique using a modified artificial fish swarm algorithm. The integration between the optimized LEACH and the proposed IDS enhances the network lifetime, energy consumption, and security.","PeriodicalId":288992,"journal":{"name":"J. Sens. Actuator Networks","volume":"132 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Sens. Actuator Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/jsan12010003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The Internet of Things (IoT) system’s ever-expanding attack surface calls for a new intrusion detection system (IDS). These systems may include thousands of wireless devices that need to be protected from cyberattacks. Recent research efforts used machine learning to analyze and identify various attacks and abnormal behavior on IoT systems. Most of these techniques are characterized by low accuracy and they do not scale to today’s IoT-enabled smart cities applications. This article proposes a secure automatic two-levels intrusion detection system (SATIDS) which utilizes the minimum redundancy maximum relevance (MRMR) feature selection technique and an enhanced version of long short-term memory (LSTM) based on an artificial recurrent neural network (RNN) to enhance the IDS performance. SATIDS aims at detecting traffic anomalies with greater accuracy while also reducing the time it takes to perform this task. The proposed algorithm was trained and evaluated using two of the most recent datasets based on realistic data: ToN-IoT and InSDN datasets. The performance analysis of the proposed system proves that it can differentiate between attacks and normal traffic, identify the attack category, and finally define the type of sub-attack with high accuracy. Comparing the performance of the proposed system with the existing IDSs reveals that it outperforms its best rivals from the literature in detecting many types of attacks. It improves accuracy, detection rates, F1-score, and precision. Using 500 hidden and two LSTM layers achieves accuracy of 97.5%, precision of 98.4%, detection rate of 97.9%, and F1-score of 98.05% on ToN-IoT dataset, and precision of 99%, detection rate of 99.6%, and F1-score of 99.3% on InSDN dataset. Finally, SATIDS was applied to an IoT network which utilizes the energy harvesting real-time routing protocol (EHRT). EHRT optimizes the low-energy adaptive clustering hierarchy (LEACH) routing technique using a modified artificial fish swarm algorithm. The integration between the optimized LEACH and the proposed IDS enhances the network lifetime, energy consumption, and security.

查看原文本刊更多论文

基于层次深度学习的集群物联网入侵检测体系结构

物联网(IoT)系统不断扩大的攻击面需要一种新的入侵检测系统(IDS)。这些系统可能包括成千上万的无线设备，需要保护它们免受网络攻击。最近的研究工作使用机器学习来分析和识别物联网系统上的各种攻击和异常行为。大多数这些技术的特点是精度低，不能扩展到当今支持物联网的智慧城市应用。本文提出了一种安全的自动两级入侵检测系统(SATIDS)，该系统利用最小冗余最大关联(MRMR)特征选择技术和基于人工递归神经网络(RNN)的增强型长短期记忆(LSTM)来提高入侵检测的性能。SATIDS旨在更准确地检测流量异常，同时减少执行此任务所需的时间。使用基于实际数据的两个最新数据集(ToN-IoT和InSDN数据集)对所提出的算法进行了训练和评估。性能分析表明，该系统能够很好地区分攻击和正常流量，识别攻击类型，并准确地定义子攻击类型。将所提出的系统与现有入侵防御系统的性能进行比较，发现它在检测多种类型的攻击方面优于文献中的最佳竞争对手。它提高了准确率、检出率、f1评分和精度。使用500个hidden层和2个LSTM层，在ToN-IoT数据集上的准确率为97.5%，精密度为98.4%，检测率为97.9%，F1-score为98.05%，在InSDN数据集上的准确率为99%，检测率为99.6%，F1-score为99.3%。最后，将SATIDS应用于利用能量收集实时路由协议(EHRT)的物联网网络。EHRT采用改进的人工鱼群算法对低能量自适应聚类分层(LEACH)路由技术进行优化。将优化后的LEACH与IDS集成在一起，提高了网络的生命周期、能耗和安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

J. Sens. Actuator Networks

自引率

0.00%

发文量