Hierarchical multistep approach for intrusion detection and identification in IoT and Fog computing-based environments

Abstract

Special security techniques, such as intrusion detection mechanisms, are indispensable in modern computer systems. With the emergence of the Internet of Things they have become even more important. It is important to detect and identify the attack in a category so that countermeasures specific to the threat category can be resolved. However, most existing multiclass detection approaches have some weaknesses, mainly related to detecting specific categories of attacks and problems with false positives. This article addresses this research problem and advances state-of-the-art, bringing contributions to a two-stage detection architecture called DNNET-Ensemble, combining binary and multiclass detection. While the benign traffic can be quickly released on the first detection, the intrusive traffic can be subjected to a robust analysis approach without causing delay issues. Additionally, we propose the DNNET binary approach for the binary detection level, which can provide more accurate and faster binary detection. We present the proposal of a federated strategy to train the neural model of the DNNET method without sending data to the cloud, thus preserving the privacy of local data. The proposed Hybrid Attribute Selection strategy can find an optimal subset of attributes through a wrapper method with a lower training cost due to pre-selection using a filter method. Furthermore, the proposed Soft-SMOTE improvement allows operating with a balanced dataset with a minor training time increase, even in scenarios where there are a large number of classes with a large imbalance among them. Results obtained from experiments on renowned intrusion datasets and laboratory experiments demonstrate that the approach can achieve superior detection rates and false positive performance compared to other state-of-the-art approaches.