Hierarchical anomaly based intrusion detection and localization in IoT

Yahyaoui, Aymen; Abdellatif, Takoua; Attia, Rabah

doi:10.1109/iwcmc.2019.8766574

Cited by 32 publications

(18 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the proposed system was proven to be reliable ensuring a high detection rate and low energy consumption, it focuses only on WSN and does not consider IoT challenges as security attacks where the gateway is connected to cloud servers, and IP protocol is used. In our recent work [54], an anomaly detection system that considers both WSN and IoT anomalies detection using machine learning components depending on nodes capabilities is proposed. However, similar to the other cited works, ADS is used for reliability but the reliability of ADS itself is not addressed.…”

Section: B Anomaly and Event Detection Systems In Iotmentioning

confidence: 99%

“…5 (c), ADS relies on three main components: (1) Rule Based Anomaly Detector (RB-AD): this component has pre-defined rules for detecting communication anomalies (CA) like hello flooding attacks, selective forwarding attacks (SFA) and blackhole attacks (BHA) as used by [31], (2) Machine Learning Anomaly Detector Component (ML-AD): this component detects anomalies and attacks using machine learning techniques e.g. One Class Support Vector Machines (OCSVM) for WSN anomalies, Deep Learning for IoT anomalies as described in [54]. The choice of OCSVM and Deep Learning was motivated by lessons learned from comparative studies and works related to this field.…”

Section: A Cascaded Detection Approachmentioning

confidence: 99%

“…The dataset contains data packets relative to four types of intrusions mainly Probing, Remote to User (R2L), Denial of Service (DoS) and User-to-Root (U2R) as described in Table 7 in addition to normal traffic packets are injected. The same neural network architecture in [54] was used with 3 hidden layers containing 10, 50 and 10 neural nodes in order to identify records as normal or malicious. ReLU served as the activation function for the hidden layers whereas softmax was employed at the output layer.…”

Section: E Ads Evaluationmentioning

confidence: 99%

See 2 more Smart Citations

READ-IoT: Reliable Event and Anomaly Detection Framework for the Internet of Things

Yahyaoui

Abdellatif²,

Yangui³

et al. 2021

IEEE Access

Self Cite

View full text Add to dashboard Cite

Internet of Things (IoT) enables a myriad of applications by interconnecting software to physical objects. The objects range from wireless sensors to robots and include surveillance cameras. The applications are often critical (e.g. physical intrusion detection, fire fighting) and latency-sensitive. On the one hand, such applications rely on specific protocols (e.g. MQTT, COAP) and the network to communicate with the objects under very tight timeframe. On the other hand, anomalies (e.g. communication noise, sensors' failures, security attacks) are likely to occur in open IoT systems and can result by sending false alerts or the failure to properly detect critical events. To address that, IoT systems have to be equipped with anomaly detection processing in addition to the required event detection capability. This is a key feature that enables reliability and efficiency in IoT. However, anomaly detection systems can be themselves object of failures and attacks, and then can easily fall short to accomplish their mission. This paper introduces a Reliable Event and Anomaly Detection Framework for the Internet of Things (READ-IoT for short). The designed framework integrates events and anomalies detection into a single and common system that centralizes the management of both concepts. To enforce its reliability, the system relies on a reputationaware provisioning of detection capabilities that takes into account the vulnerability of the deployment hosts. As for validation, READ-IoT was implemented and evaluated using two real life applications, i.e. a fire detection and an unauthorized person detection applications. Several scenarios of anomalies and events were conducted using NSL-KDD public dataset, as well as, generated data to simulate routing attacks. The obtained results and performance measurements show the efficiency of READ-IoT in terms of event detection accuracy and real-time processing.

show abstract

Section: B Anomaly and Event Detection Systems In Iotmentioning

confidence: 99%

Section: A Cascaded Detection Approachmentioning

confidence: 99%

Section: E Ads Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

READ-IoT: Reliable Event and Anomaly Detection Framework for the Internet of Things

Yahyaoui

Abdellatif²,

Yangui³

et al. 2021

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…With the development in deep learning techniques, Ezeme et al introduced a hierarchical attention-based anomaly detection (HAbAD) model based on stacked Long Short-Term Memory (LSTM) Networks with Attention [9]. Yahyaoui et al proposed a detection protocol that dynamically executes the on-demand Support Vector Machine (SVM) classifier in a hierarchical way whenever an intrusion is suspected [10]. Nguyen et al proposed an autonomous self-learning distributed system, DIoT, to detect compromised IoT devices, which uses a novel self-learning approach to detect compromised devices [11].…”

Section: Related Workmentioning

confidence: 99%

HADIoT: A Hierarchical Anomaly Detection Framework for IoT

2020

View full text Add to dashboard Cite

The Internet of Things establishes the intimacy between the Internet and the physical world. Due to portable size, most IoT devices have limited computing and storage capabilities and are vulnerable to various malicious intrusions. Therefore, it is vital to have efficient approaches to distinguish the true IoT data from fake one, we term such methods as anomaly detection (AD). To detect anomalies accurately and efficiently, in this paper a 3-hierarchy joint local and global anomaly detection framework, HADIoT, is proposed, in which IoT devices generate and transmit sensory data to their local edge servers for local AD after data refinement which includes re-framing, normalization, complexity reduction via Principal Component Analysis, and symbol mapping. High detection accuracy is achieved by jointly local and global ADs. The local AD focuses on the data pattern consistency of individual devices via the Gated Recurrent Unit, and the processed data is then forwarded from edge servers to the cloud server for global AD. The global AD focuses on the analysis of the data pattern correlations between different IoT devices, using the Conditional Random Fields. For the maintenance of cyber-security, the proposed anomaly detection framework HADIoT enables to provide an accurate and faster anomaly detection for IoT applications, compared with existing anomaly detection methods. The performance of the proposed method is also empirically evaluated through simulations, using a real dataset-the Information Security Center of Excellence (ISCX) 2012 dataset. Simulation results demonstrate the effectiveness of the proposed framework in terms of True Positive Rate, False Positive Rate, Precision, Accuracy and F_score, compared with three benchmark schemes.

show abstract

“…Also, this may lead to extra delay for sending data which depends on bandwidth and processing capability offered. In the particular case of smart hospital infrastructure, resources are available in contradiction with hostile environments surveillance [ 11 ] where other solutions are required especially for energy optimization.…”

Section: Introductionmentioning

confidence: 99%

Efficient Anomaly Detection for Smart Hospital IoT Systems

Said

Yahyaoui

Abdellatif

2021

Sensors

Self Cite

View full text Add to dashboard Cite

In critical Internet of Things (IoT) application domains, such as the Defense Industry and Healthcare, false alerts have many negative effects, such as fear, disruption of emergency services, and waste of resources. Therefore, an alert must only be sent if triggered by a correct event. Nevertheless, IoT networks are exposed to intrusions, which affects event detection accuracy. In this paper, an Anomaly Detection System (ADS) is proposed in a smart hospital IoT system for detecting events of interest about patients’ health and environment and, at the same time, for network intrusions. Providing a single system for network infrastructure supervision and e-health monitoring has been shown to optimize resources and enforce the system reliability. Consequently, decisions regarding patients’ care and their environments’ adaptation are more accurate. The low latency is ensured, thanks to a deployment on the edge to allow for a processing close to data sources. The proposed ADS is implemented and evaluated while using Contiki Cooja simulator and the e-health event detection is based on a realistic data-set analysis. The results show a high detection accuracy for both e-health related events and IoT network intrusions.

show abstract

Hierarchical anomaly based intrusion detection and localization in IoT

Cited by 32 publications

References 11 publications

READ-IoT: Reliable Event and Anomaly Detection Framework for the Internet of Things

READ-IoT: Reliable Event and Anomaly Detection Framework for the Internet of Things

HADIoT: A Hierarchical Anomaly Detection Framework for IoT

Efficient Anomaly Detection for Smart Hospital IoT Systems

Contact Info

Product

Resources

About