AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks

Li, Jiaqi; Zhao, Zhifeng; Li, Rongpeng; Zhang, Honggang

doi:10.1109/jiot.2018.2883344

Cited by 189 publications

(71 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, artificial intelligence and its breeds are employed in intrusion detection system (IDS). Li et al [126] proposed an Artificial Intelligence-(AI) based mechanism for intrusion detection in SDN-driven IoT. This scheme is based on network traffic flow where the intrusion detection component of the network captures the flow and applies two algorithms for features extraction, i.e.…”

Section: Anomaly/intrusion Detectionmentioning

confidence: 99%

Machine Learning in IoT Security: Current Solutions and Future Challenges

Hussain

Hassan

et al. 2020

IEEE Commun. Surv. Tutorials

593

270

View full text Add to dashboard Cite

The future Internet of Things (IoT) will have a deep economical, commercial and social impact on our lives. The participating nodes in IoT networks are usually resourceconstrained, which makes them luring targets for cyber attacks. In this regard, extensive efforts have been made to address the security and privacy issues in IoT networks primarily through traditional cryptographic approaches. However, the unique characteristics of IoT nodes render the existing solutions insufficient to encompass the entire security spectrum of the IoT networks. This is, at least in part, because of the resource constraints, heterogeneity, massive real-time data generated by the IoT devices, and the extensively dynamic behavior of the networks. Therefore, Machine Learning (ML) and Deep Learning (DL) techniques, which are able to provide embedded intelligence in the IoT devices and networks, are leveraged to cope with different security problems. In this paper, we systematically review the security requirements, attack vectors, and the current security solutions for the IoT networks. We then shed light on the gaps in these security solutions that call for ML and DL approaches. We also discuss in detail the existing ML and DL solutions for addressing different security problems in IoT networks. At last, based on the detailed investigation of the existing solutions in the literature, we discuss the future research directions for ML-and DL-based IoT security.

show abstract

Section: Anomaly/intrusion Detectionmentioning

confidence: 99%

Machine Learning in IoT Security: Current Solutions and Future Challenges

Hussain

Hassan

et al. 2020

IEEE Commun. Surv. Tutorials

593

270

View full text Add to dashboard Cite

show abstract

“…The MDP is characterized by <S,A,r>, where S is the state space, A is the action space, and r is the immediate reward of the detection system. For evaluating the anomaly detection performance of an action (feature set and AI/ML algorithm), we consider common metrics [14] including precision (P r ), recall (R e ), F-score (F s ), accuracy (A c ), and false alarm rate (F a ). These metrics are calculated from the following observations: TP (True Positive) -number of attacks precisely detected; TN (True Negative) -number of normal patterns precisely classified; FP (False Positive) -number of normal patterns incorrectly classified; and FN (False Negative) -number of attacks unsuccessfully detected.…”

Section: Basic Architecturementioning

confidence: 99%

“….., f m } denotes a group of feasible feature sets composed of all available and suited features, e.g., a feature set f m consists of 4 features (average packets per flow, average packet size per flow, packet change ratio and flow change ratio). L = {l 1 , l 2 , ..., l n } represents a set of possible AI/ML algorithms that can be used for traffic flow classification, e.g., Support Vector Machine [12], Random Forest [14], and Self Organizing Map [15]. Then, a tuple, < f m , l n >, is referred as a combination of a feature set and an AI/ML algorithm.…”

Section: Basic Architecturementioning

confidence: 99%

“…The SDN network is controlled by an ONOS SDN controller [17]. We consider three well-known AI/ML based classifiers including Support Vector Machine (SVM-supervised learning) [12], Random Forest (RF-supervised learning) [14] and Self Organizing Maps (SOM-unsupervised learning) [15], hence L = {SV M, RF, SOM }. The applied feature set F is created by the following 10 suitable features: average packets per flow, average packet size per flow, packet change ratio, flow change ratio, average duration per flow, percentage of pairflows, growth of different ports, average flow inter-arrivaltime, fraction of TCP flows over total incoming flows and entropy of incoming flows.…”

Section: A Evaluation Scenario Setupmentioning

confidence: 99%

“…To evaluate the Q-MIND framework, we first compare our optimized anomaly detection solution based on Q-Learning with three other AI/ML-based anomaly detection/classification methods that apply different feature selection techniques, namely a Principal Component Analysis with a SVM classifier (PCASVM) [12], a Generic Algorithm with a SVM classifier (GASVM) [12] and a Binary Bat Algorithm with a RF classifier (BBARF) [14]. We evaluate the stealthy DoS attack detection performance both in the cross-validation and in the runtime phase.…”

Section: A Evaluation Scenario Setupmentioning

confidence: 99%

See 2 more Smart Citations

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Gias

Islam

Hương

et al. 2019

2019 IEEE Global Communications Conference (GLOBECOM)

View full text Add to dashboard Cite

Software Defined Networking (SDN) enables flexible and scalable network control and management. However, it also introduces new vulnerabilities that can be exploited by attackers. In particular, low-rate and slow or stealthy Denial-of-Service (DoS) attacks are recently attracting attention from researchers because of their detection challenges. In this paper, we propose a novel machine learning based defense framework named Q-MIND, to effectively detect and mitigate stealthy DoS attacks in SDN-based networks. We first analyze the adversary model of stealthy DoS attacks, the related vulnerabilities in SDN-based networks and the key characteristics of stealthy DoS attacks. Next, we describe and analyze an anomaly detection system that uses a Reinforcement Learning-based approach based on Q-Learning in order to maximize its detection performance. Finally we outline the complete Q-MIND defense framework that incorporates the optimal policy derived from the Q-Learning agent to efficiently defeat stealthy DoS attacks in SDN-based networks. An extensive comparison of the Q-MIND framework and currently existing methods shows that significant improvements in attack detection and mitigation performance are obtained by Q-MIND.

show abstract

An Economical Machine Learning Approach for Anomaly Detection in IoT Environment

Ambika¹

2022

Bioinformatics and Medical Applications

View full text Add to dashboard Cite

AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks

Cited by 189 publications

References 29 publications

Machine Learning in IoT Security: Current Solutions and Future Challenges

Machine Learning in IoT Security: Current Solutions and Future Challenges

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

An Economical Machine Learning Approach for Anomaly Detection in IoT Environment

Contact Info

Product

Resources

About