基于主机数据聚合和多熵分析的物联网网络高效入侵检测

IF 3.4 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Access Pub Date : 2025-07-14 DOI:10.1109/ACCESS.2025.3589057

Yusei Katsura;Arata Endo;Ismail Arai;Kazutoshi Fujikawa

{"title":"基于主机数据聚合和多熵分析的物联网网络高效入侵检测","authors":"Yusei Katsura;Arata Endo;Ismail Arai;Kazutoshi Fujikawa","doi":"10.1109/ACCESS.2025.3589057","DOIUrl":null,"url":null,"abstract":"IoT devices have limited computational resources, posing challenges to implementing adequate security measures. As a result, numerous attacks targeting vulnerabilities in IoT devices have been observed. Against this backdrop, research on Intrusion Detection Systems (IDSs) leveraging machine learning in IoT environments has been actively conducted. However, packet-based and flow-based IDSs proposed in existing studies are vulnerable to attacks such as DoS and DDoS, which involve numerous packet or flow combination patterns. These methods also face challenges related to computational resource burdens caused by the increased volume of input data. This study proposes a lightweight IDS with the host-based approach, representing communication behaviors with multiple entropies. The host-based approach aggregates features from different communications sent by the same host, enabling a reduction in input data. Additionally, the method captures host-level communication behaviors by leveraging multiple entropies, focusing on characteristic patterns of IoT devices, such as periodic communication with specific servers during normal operation. This enables the reduction of computational resources during detection processing while maintaining detection accuracy, even when using fewer features and lightweight machine learning algorithms. The evaluation results demonstrate that the proposed method achieves a maximum reduction of 99.7% (2916 milliseconds) in processing time and 86.4% (633 MiB) in memory usage while maintaining an intrusion detection accuracy of 99.97%, proving its feasibility in constrained environments comparable to IoT gateways.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"125406-125419"},"PeriodicalIF":3.4000,"publicationDate":"2025-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11080017","citationCount":"0","resultStr":"{\"title\":\"Efficient IDS for IoT Networks Using Host-Based Data Aggregation and Multi-Entropy Analysis\",\"authors\":\"Yusei Katsura;Arata Endo;Ismail Arai;Kazutoshi Fujikawa\",\"doi\":\"10.1109/ACCESS.2025.3589057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IoT devices have limited computational resources, posing challenges to implementing adequate security measures. As a result, numerous attacks targeting vulnerabilities in IoT devices have been observed. Against this backdrop, research on Intrusion Detection Systems (IDSs) leveraging machine learning in IoT environments has been actively conducted. However, packet-based and flow-based IDSs proposed in existing studies are vulnerable to attacks such as DoS and DDoS, which involve numerous packet or flow combination patterns. These methods also face challenges related to computational resource burdens caused by the increased volume of input data. This study proposes a lightweight IDS with the host-based approach, representing communication behaviors with multiple entropies. The host-based approach aggregates features from different communications sent by the same host, enabling a reduction in input data. Additionally, the method captures host-level communication behaviors by leveraging multiple entropies, focusing on characteristic patterns of IoT devices, such as periodic communication with specific servers during normal operation. This enables the reduction of computational resources during detection processing while maintaining detection accuracy, even when using fewer features and lightweight machine learning algorithms. The evaluation results demonstrate that the proposed method achieves a maximum reduction of 99.7% (2916 milliseconds) in processing time and 86.4% (633 MiB) in memory usage while maintaining an intrusion detection accuracy of 99.97%, proving its feasibility in constrained environments comparable to IoT gateways.\",\"PeriodicalId\":13079,\"journal\":{\"name\":\"IEEE Access\",\"volume\":\"13 \",\"pages\":\"125406-125419\"},\"PeriodicalIF\":3.4000,\"publicationDate\":\"2025-07-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11080017\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Access\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11080017/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11080017/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

物联网设备的计算资源有限，对实施适当的安全措施提出了挑战。因此，已经观察到许多针对物联网设备漏洞的攻击。在此背景下，利用物联网环境中的机器学习的入侵检测系统（ids）的研究一直在积极进行。然而，现有研究中提出的基于数据包和基于流的入侵防御系统容易受到DoS和DDoS等攻击，这些攻击涉及大量的数据包或流组合模式。这些方法也面临着输入数据量增加所带来的计算资源负担的挑战。本研究提出了一种基于主机的轻量级入侵检测系统，以多熵方式表示通信行为。基于主机的方法聚合来自同一主机发送的不同通信的特性，从而减少输入数据。此外，该方法通过利用多个熵捕获主机级通信行为，重点关注物联网设备的特征模式，例如在正常运行期间与特定服务器的定期通信。这使得在检测处理过程中减少计算资源，同时保持检测精度，即使使用更少的特征和轻量级机器学习算法。评估结果表明，该方法在保持99.97%的入侵检测准确率的同时，最大减少了99.7%（2916毫秒）的处理时间和86.4% （633 MiB）的内存使用，证明了其在物联网网关等受限环境下的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Efficient IDS for IoT Networks Using Host-Based Data Aggregation and Multi-Entropy Analysis

IoT devices have limited computational resources, posing challenges to implementing adequate security measures. As a result, numerous attacks targeting vulnerabilities in IoT devices have been observed. Against this backdrop, research on Intrusion Detection Systems (IDSs) leveraging machine learning in IoT environments has been actively conducted. However, packet-based and flow-based IDSs proposed in existing studies are vulnerable to attacks such as DoS and DDoS, which involve numerous packet or flow combination patterns. These methods also face challenges related to computational resource burdens caused by the increased volume of input data. This study proposes a lightweight IDS with the host-based approach, representing communication behaviors with multiple entropies. The host-based approach aggregates features from different communications sent by the same host, enabling a reduction in input data. Additionally, the method captures host-level communication behaviors by leveraging multiple entropies, focusing on characteristic patterns of IoT devices, such as periodic communication with specific servers during normal operation. This enables the reduction of computational resources during detection processing while maintaining detection accuracy, even when using fewer features and lightweight machine learning algorithms. The evaluation results demonstrate that the proposed method achieves a maximum reduction of 99.7% (2916 milliseconds) in processing time and 86.4% (633 MiB) in memory usage while maintaining an intrusion detection accuracy of 99.97%, proving its feasibility in constrained environments comparable to IoT gateways.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.