Engineering the application of machine learning in an IDS based on IoT traffic flow

Detalhes bibliográficos
Autor(a) principal: Prazeres, Nuno
Data de Publicação: 2023
Outros Autores: Costa, Rogério Luís de C., Santos, Leonel, Rabadão, Carlos
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.8/8089
Resumo: Internet of Things (IoT) devices are now widely used, enabling intelligent services that, in association with new communication technologies like the 5G and broadband internet, boost smart-city environments. Despite their limited resources, IoT devices collect and share large amounts of data and are connected to the internet, becoming an attractive target for malicious actors. This work uses machine learning combined with an Intrusion Detection System (IDS) to detect possible attacks. Due to the limitations of IoT devices and low latency services, the IDS must have a specialized architecture. Furthermore, although machine learning-based solutions have high potential, there are still challenges related to training and generalization, which may impose constraints on the architecture. Our proposal is an IDS with a distributed architecture that relies on Fog computing to run specialized modules and use deep neural networks to identify malicious traffic inside IoT data flows. We compare our IoT-Flow IDS with three other architectures. We assess model generalization using test data from different datasets and evaluate their performance in terms of Recall, Precision, and F1-Score. Results confirm the feasibility of flowbased anomaly detection and the importance of network traffic segmentation and specialized models in the AI-based IDS for IoT.
id RCAP_8db75cc7c59e5de2618c392d2a9ce295
oai_identifier_str oai:iconline.ipleiria.pt:10400.8/8089
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Engineering the application of machine learning in an IDS based on IoT traffic flowIntrusion detection systemsInternet of thingsMachine learningSmart cityCybersecurityInternet of Things (IoT) devices are now widely used, enabling intelligent services that, in association with new communication technologies like the 5G and broadband internet, boost smart-city environments. Despite their limited resources, IoT devices collect and share large amounts of data and are connected to the internet, becoming an attractive target for malicious actors. This work uses machine learning combined with an Intrusion Detection System (IDS) to detect possible attacks. Due to the limitations of IoT devices and low latency services, the IDS must have a specialized architecture. Furthermore, although machine learning-based solutions have high potential, there are still challenges related to training and generalization, which may impose constraints on the architecture. Our proposal is an IDS with a distributed architecture that relies on Fog computing to run specialized modules and use deep neural networks to identify malicious traffic inside IoT data flows. We compare our IoT-Flow IDS with three other architectures. We assess model generalization using test data from different datasets and evaluate their performance in terms of Recall, Precision, and F1-Score. Results confirm the feasibility of flowbased anomaly detection and the importance of network traffic segmentation and specialized models in the AI-based IDS for IoT.IC-OnlinePrazeres, NunoCosta, Rogério Luís de C.Santos, LeonelRabadão, Carlos2023-02-01T11:54:51Z2023-022023-01-31T15:08:18Z2023-02-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10400.8/8089eng2667-3053cv-prod-313110110.1016/j.iswa.2023.200189info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-17T15:56:34Zoai:iconline.ipleiria.pt:10400.8/8089Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:50:53.589448Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Engineering the application of machine learning in an IDS based on IoT traffic flow
title Engineering the application of machine learning in an IDS based on IoT traffic flow
spellingShingle Engineering the application of machine learning in an IDS based on IoT traffic flow
Prazeres, Nuno
Intrusion detection systems
Internet of things
Machine learning
Smart city
Cybersecurity
title_short Engineering the application of machine learning in an IDS based on IoT traffic flow
title_full Engineering the application of machine learning in an IDS based on IoT traffic flow
title_fullStr Engineering the application of machine learning in an IDS based on IoT traffic flow
title_full_unstemmed Engineering the application of machine learning in an IDS based on IoT traffic flow
title_sort Engineering the application of machine learning in an IDS based on IoT traffic flow
author Prazeres, Nuno
author_facet Prazeres, Nuno
Costa, Rogério Luís de C.
Santos, Leonel
Rabadão, Carlos
author_role author
author2 Costa, Rogério Luís de C.
Santos, Leonel
Rabadão, Carlos
author2_role author
author
author
dc.contributor.none.fl_str_mv IC-Online
dc.contributor.author.fl_str_mv Prazeres, Nuno
Costa, Rogério Luís de C.
Santos, Leonel
Rabadão, Carlos
dc.subject.por.fl_str_mv Intrusion detection systems
Internet of things
Machine learning
Smart city
Cybersecurity
topic Intrusion detection systems
Internet of things
Machine learning
Smart city
Cybersecurity
description Internet of Things (IoT) devices are now widely used, enabling intelligent services that, in association with new communication technologies like the 5G and broadband internet, boost smart-city environments. Despite their limited resources, IoT devices collect and share large amounts of data and are connected to the internet, becoming an attractive target for malicious actors. This work uses machine learning combined with an Intrusion Detection System (IDS) to detect possible attacks. Due to the limitations of IoT devices and low latency services, the IDS must have a specialized architecture. Furthermore, although machine learning-based solutions have high potential, there are still challenges related to training and generalization, which may impose constraints on the architecture. Our proposal is an IDS with a distributed architecture that relies on Fog computing to run specialized modules and use deep neural networks to identify malicious traffic inside IoT data flows. We compare our IoT-Flow IDS with three other architectures. We assess model generalization using test data from different datasets and evaluate their performance in terms of Recall, Precision, and F1-Score. Results confirm the feasibility of flowbased anomaly detection and the importance of network traffic segmentation and specialized models in the AI-based IDS for IoT.
publishDate 2023
dc.date.none.fl_str_mv 2023-02-01T11:54:51Z
2023-02
2023-01-31T15:08:18Z
2023-02-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.8/8089
url http://hdl.handle.net/10400.8/8089
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2667-3053
cv-prod-3131101
10.1016/j.iswa.2023.200189
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137001013772288

Registros relacionados