An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things

Moustafa, Nour; Turnbull, Benjamin; Choo, Kim‐Kwang Raymond

doi:10.1109/jiot.2018.2871719

Cited by 418 publications

(209 citation statements)

References 19 publications

Supporting

Mentioning

208

Contrasting

Order By: Relevance

“…In this paper, ensemble learning [23] methods are used to develop IDS [24] modules. This is because ensemble learning provides advantages in the case of classification problems.…”

Section: Proposed Workmentioning

confidence: 99%

ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

Verma¹,

Ranga²

2020

Preprint

View full text Add to dashboard Cite

Internet of Things is realized by a large number of heterogeneous smart devices which sense, collect and share data with each other over the internet in order to control the physical world. Due to open nature, global connectivity and resource constrained nature of smart devices and wireless networks the Internet of Things is susceptible to various routing attacks. In this paper, we purpose an architecture of Ensemble Learning based Network Intrusion Detection System named ELNIDS for detecting routing attacks against IPv6 Routing Protocol for Low-Power and Lossy Networks. We implement four different ensemble based machine learning classifiers including Boosted Trees, Bagged Trees, Subspace Discriminant and RUSBoosted Trees. To evaluate proposed intrusion detection model we have used RPL-NIDDS17 dataset which contains packet traces of Sinkhole, Blackhole, Sybil, Clone ID, Selective Forwarding, Hello Flooding and Local Repair attacks. Simulation results show the effectiveness of the proposed architecture. We observe that ensemble of Boosted Trees achieve the highest Accuracy of 94.5% while Subspace Discriminant method achieves the lowest Accuracy of 77.8% among classifier validation methods. Similarly, an ensemble of RUSBoosted Trees achieves the highest Area under ROC value of 0.98 while lowest Area under ROC value of 0.87 is achieved by an ensemble of Subspace Discriminant among all classifier validation methods. All the implemented classifiers show acceptable performance results.

show abstract

“…In this paper, ensemble learning [23] methods are used to develop IDS [24] modules. This is because ensemble learning provides advantages in the case of classification problems.…”

Section: Proposed Workmentioning

confidence: 99%

ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

Verma¹,

Ranga²

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Moustafa and Slay presents a statistical analysis of the observations and attributes in UNSW‐NB15 and five different classifiers are used to determine the accuracy and FARs. Moustafa et al proposed an ensemble intrusion detection technique, AdaBoost, to detect malicious events. The AdaBoost ensemble learning method was developed using three machine learning techniques, decision tree, NB, and artificial neural networks on the UNSW‐NB15 and another dataset, NIMS botnet.…”

Section: Related Workmentioning

confidence: 99%

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Bagui

Kalaimannan

Nandi

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

This paper uses a hybrid feature selection process and classification techniques to classify cyber‐attacks in the UNSW‐NB15 dataset. A combination of k‐means clustering, and a correlation‐based feature selection, were used to come up with an optimum subset of features and then two classification techniques, one probabilistic, Naïve Bayes (NB), and a second, based on decision trees (J48), were employed. Our results show that this hybrid feature selection method in combination with the NB model was able to improve the classification accuracy of most attacks, especially the rare attacks. The false alarm rates were lower for most of the attacks, and particularly the rare attacks, with this combination of feature selection and the NB model. The J48 decision tree model, however, did not perform any better with the feature selection, but its classification rate for all attack families was already very high, with or without feature selection.

show abstract

“…Achieved T P R and F P R for different values of N supervised machine learning. In [19], a set of features is defined to describe MQTT, DNS and HTTP protocols. An AdaBoost ensemble learning algorithm, composed of three different machine learning models, is developed to detect attacks.…”

Section: Related Workmentioning

confidence: 99%

Anomalous Communications Detection in IoT Networks Using Sparse Autoencoders

Shahid

Blanc

Zhang

et al. 2019

2019 IEEE 18th International Symposium on Network Computing and Applications (NCA)

View full text Add to dashboard Cite

Nowadays, IoT devices have been widely deployed for enabling various smart services, such as, smart home or ehealthcare. However, security remains as one of the paramount concern as many IoT devices are vulnerable. Moreover, IoT malware are constantly evolving and getting more sophisticated. IoT devices are intended to perform very specific tasks, so their networking behavior is expected to be reasonably stable and predictable. Any significant behavioral deviation from the normal patterns would indicate anomalous events. In this paper, we present a method to detect anomalous network communications in IoT networks using a set of sparse autoencoders. The proposed approach allows us to differentiate malicious communications from legitimate ones. So that, if a device is compromised only malicious communications can be dropped while the service provided by the device is not totally interrupted. To characterize network behavior, bidirectional TCP flows are extracted and described using statistics on the size of the first N packets sent and received, along with statistics on the corresponding interarrival times between packets. A set of sparse autoencoders is then trained to learn the profile of the legitimate communications generated by an experimental smart home network. Depending on the value of N, the developed model achieves attack detection rates ranging from 86.9% to 91.2%, and false positive rates ranging from 0.1% to 0.5%.

show abstract

An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things

Cited by 418 publications

References 19 publications

ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Anomalous Communications Detection in IoT Networks Using Sparse Autoencoders

Contact Info

Product

Resources

About