{"title":"基于物联网网络行为的跨层入侵检测","authors":"Amar Amouri, V. Alaparthy, S. Morgera","doi":"10.1109/WAMICON.2018.8363921","DOIUrl":null,"url":null,"abstract":"The intrusion detection systems gained major significance in the field of internet of things (IoT) as the communicating entities could reach thousands of nodes. An intrusion detection system (IDS) that uses a hybrid learning approach, consists of two stages of detection, local and global. The data collection for the classification purposes at the local detection phase is intended to mimic the network behavior rather than node behavior and the ability to infer the state of the node. A scheme based on obtaining datasets related to the packet counts for normal and malicious cases, collected using promiscuous mode, is adopted in the network. The local detection is conducted by the dedicated sniffers (DS) where each DS uses supervised learning approach based on decision trees to generate correctly classified instances (CCIs). The global stage collects the CCIs sent from the dedicated sniffers (DS) to the super node (SN) and applies an iterative linear regression to generate a time-based profile called the accumulated measure of fluctuation (AMoF) for malicious and normal nodes. A profile of a malicious and a normal node is obtained, and an anomaly is detected after three iterations (processed samples).","PeriodicalId":193359,"journal":{"name":"2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":"{\"title\":\"Cross layer-based intrusion detection based on network behavior for IoT\",\"authors\":\"Amar Amouri, V. Alaparthy, S. Morgera\",\"doi\":\"10.1109/WAMICON.2018.8363921\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The intrusion detection systems gained major significance in the field of internet of things (IoT) as the communicating entities could reach thousands of nodes. An intrusion detection system (IDS) that uses a hybrid learning approach, consists of two stages of detection, local and global. The data collection for the classification purposes at the local detection phase is intended to mimic the network behavior rather than node behavior and the ability to infer the state of the node. A scheme based on obtaining datasets related to the packet counts for normal and malicious cases, collected using promiscuous mode, is adopted in the network. The local detection is conducted by the dedicated sniffers (DS) where each DS uses supervised learning approach based on decision trees to generate correctly classified instances (CCIs). The global stage collects the CCIs sent from the dedicated sniffers (DS) to the super node (SN) and applies an iterative linear regression to generate a time-based profile called the accumulated measure of fluctuation (AMoF) for malicious and normal nodes. A profile of a malicious and a normal node is obtained, and an anomaly is detected after three iterations (processed samples).\",\"PeriodicalId\":193359,\"journal\":{\"name\":\"2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON)\",\"volume\":\"62 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"50\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAMICON.2018.8363921\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 19th Wireless and Microwave Technology Conference (WAMICON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAMICON.2018.8363921","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cross layer-based intrusion detection based on network behavior for IoT
The intrusion detection systems gained major significance in the field of internet of things (IoT) as the communicating entities could reach thousands of nodes. An intrusion detection system (IDS) that uses a hybrid learning approach, consists of two stages of detection, local and global. The data collection for the classification purposes at the local detection phase is intended to mimic the network behavior rather than node behavior and the ability to infer the state of the node. A scheme based on obtaining datasets related to the packet counts for normal and malicious cases, collected using promiscuous mode, is adopted in the network. The local detection is conducted by the dedicated sniffers (DS) where each DS uses supervised learning approach based on decision trees to generate correctly classified instances (CCIs). The global stage collects the CCIs sent from the dedicated sniffers (DS) to the super node (SN) and applies an iterative linear regression to generate a time-based profile called the accumulated measure of fluctuation (AMoF) for malicious and normal nodes. A profile of a malicious and a normal node is obtained, and an anomaly is detected after three iterations (processed samples).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
