Feature extraction for machine learning-based intrusion detection in IoT networks

A large number of network security breaches in IoT networks have demonstrated the unreliability of current Network Intrusion Detection Systems(NIDSs).Consequently,network interruptions and loss of sensitive data have occurred,which led to an active research area for improving NIDS technologies.In an analysis of related works,it was observed that most researchers aim to obtain better classification results by using a set of untried combinations of Feature Reduction(FR)and Machine Learning(ML)techniques on NIDS datasets.However,these datasets are different in feature sets,attack types,and network design.Therefore,this paper aims to discover whether these techniques can be generalised across various datasets.Six ML models are utilised:a Deep Feed Forward(DFF),Convolutional Neural Network(CNN),Recurrent Neural Network(RNN),Decision Tree(DT),Logistic Regression(LR),and Naive Bayes(NB).The accuracy of three Feature Extraction(FE)algorithms is detected;Principal Component Analysis(PCA),Auto-encoder(AE),and Linear Discriminant Analysis(LDA),are evaluated using three benchmark datasets:UNSW-NB15,ToN-IoT and CSE-CIC-IDS2018.Although PCA and AE algorithms have been widely used,the determination of their optimal number of extracted dimensions has been overlooked.The results indicate that no clear FE method or ML model can achieve the best scores for all datasets.The optimal number of extracted dimensions has been identified for each dataset,and LDA degrades the performance of the ML models on two datasets.The variance is used to analyse the extracted dimensions of LDA and PCA.Finally,this paper concludes that the choice of datasets significantly alters the performance of the applied techniques.We believe that a universal(benchmark)feature set is needed to facilitate further advancement and progress of research in this field.

Enhancing IoT anomaly detection performance for federated learning

Federated Learning (FL) with mobile computing and the Internet of Things (IoT) is an effective cooperative learning approach. However, several technical challenges still need to be addressed. For instance, dividing the training process among several devices may impact the performance of Machine Learning (ML) algorithms, often significantly degrading prediction accuracy compared to centralized learning. One of the primary reasons for such performance degradation is that each device can access only a small fraction of data (that it generates), which limits the efficacy of the local ML model constructed on that device. The performance degradation could be exacerbated when the participating devices produce different classes of events, which is known as the class balance problem. Moreover, if the participating devices are of different types, each device may never observe the same types of events, which leads to the device heterogeneity problem. In this study, we investigate how data augmentation can be applied to address these challenges and improving detection performance in an anomaly detection task using IoT datasets. Our extensive experimental results with three publicly accessible IoT datasets show the performance improvement of up to 22.9% with the approach of data augmentation, compared to the baseline (without relying on data augmentation). In particular, stratified random sampling and uniform random sampling show the best improvement in detection performance with only a modest increase in computation time, whereas the data augmentation scheme using Generative Adversarial Networks is the most time-consuming with limited performance benefits.

Few-Shot Learning for Discovering Anomalous Behaviors in Edge Networks

Intrusion Detection Systems(IDSs)have a great interest these days to discover complex attack events and protect the critical infrastructures of the Internet of Things(IoT)networks.Existing IDSs based on shallow and deep network architectures demand high computational resources and high volumes of data to establish an adaptive detection engine that discovers new families of attacks from the edge of IoT networks.However,attackers exploit network gateways at the edge using new attacking scenarios(i.e.,zero-day attacks),such as ransomware and Distributed Denial of Service(DDoS)attacks.This paper proposes new IDS based on Few-Shot Deep Learning,named CNN-IDS,which can automatically identify zero-day attacks from the edge of a network and protect its IoT systems.The proposed system comprises two-methodological stages:1)a filtered Information Gain method is to select the most useful features from network data,and 2)one-dimensional Convolutional Neural Network(CNN)algorithm is to recognize new attack types from a network’s edge.The proposed model is trained and validated using two datasets of the UNSW-NB15 and Bot-IoT.The experimental results showed that it enhances about a 3%detection rate and around a 3%–4%falsepositive rate with the UNSW-NB15 dataset and about an 8%detection rate using the BoT-IoT dataset.

A Secured Message Transmission Protocol for Vehicular Ad Hoc Networks

Vehicular Ad hoc Networks(VANETs)become a very crucial addition in the Intelligent Transportation System(ITS).It is challenging for a VANET system to provide security services and parallelly maintain high throughput by utilizing limited resources.To overcome these challenges,we propose a blockchain-based Secured Cluster-based MAC(SCB-MAC)protocol.The nearby vehicles heading towards the same direction will form a cluster and each of the clusters has its blockchain to store and distribute the safety messages.The message which contains emergency information and requires Strict Delay Requirement(SDR)for transmission are called safety messages(SM).Cluster Members(CMs)sign SMs with their private keys while sending them to the blockchain to confirm authentication,integrity,and confidentiality of the message.A Certificate Authority(CA)is responsible for physical verification,key generation,and privacy preservation of the vehicles.We implemented a test scenario as proof of concept and tested the safety message transmission(SMT)protocol in a real-world platform.Computational and storage overhead analysis shows that the proposed protocol for SMT implements security,authentication,integrity,robustness,non-repudiation,etc.while maintaining the SDR.Messages that are less important compared to the SMs are called non-safety messages(NSM)and vehicles use RTS/CTS mechanism for NSM transmission.Numerical studies show that the proposed NSM transmission method maintains 6 times more throughput,2 times less delay and 125%less Packet Dropping Rate(PDR)than traditional MAC protocols.These results prove that the proposed protocol outperforms the traditional MAC protocols.

Quranic Script Optical Text Recognition Using Deep Learning in IoT Systems

Since the worldwide spread of internet-connected devices and rapid advances made in Internet of Things(IoT)systems,much research has been done in using machine learning methods to recognize IoT sensors data.This is particularly the case for optical character recognition of handwritten scripts.Recognizing text in images has several useful applications,including content-based image retrieval,searching and document archiving.The Arabic language is one of the mostly used tongues in the world.However,Arabic text recognition in imagery is still very much in the nascent stage,especially handwritten text.This is mainly due to the language complexities,different writing styles,variations in the shape of characters,diacritics,and connected nature of Arabic text.In this paper,two deep learning models were proposed.The first model was based on a sequence-to-sequence recognition,while the second model was based on a fully convolution network.To measure the performance of these models,a new dataset,called QTID(Quran Text Image Dataset)was devised.This is the first Arabic dataset that includes Arabic diacritics.It consists of 309,720 different 192×64 annotated Arabic word images,which comprise 2,494,428 characters in total taken from the Holy Quran.The annotated images in the dataset were randomly divided into 90%,5%,and 5%sets for training,validation,and testing purposes,respectively.Both models were set up to recognize the Arabic Othmani font in the QTID.Experimental results show that the proposed methods achieve state-of-the-art outcomes.Furthermore,the proposed models surpass expectations in terms of character recognition rate,F1-score,average precision,and recall values.They are superior to the best Arabic text recognition engines like Tesseract and ABBYY FineReader.

Privacy-preserved learning from non-i.i.d data in fog-assisted IoT:A federated learning approach

With the prevalence of the Internet of Things(IoT)systems,smart cities comprise complex networks,including sensors,actuators,appliances,and cyber services.The complexity and heterogeneity of smart cities have become vulnerable to sophisticated cyber-attacks,especially privacy-related attacks such as inference and data poisoning ones.Federated Learning(FL)has been regarded as a hopeful method to enable distributed learning with privacypreserved intelligence in IoT applications.Even though the significance of developing privacy-preserving FL has drawn as a great research interest,the current research only concentrates on FL with independent identically distributed(i.i.d)data and few studies have addressed the non-i.i.d setting.FL is known to be vulnerable to Generative Adversarial Network(GAN)attacks,where an adversary can presume to act as a contributor participating in the training process to acquire the private data of other contributors.This paper proposes an innovative Privacy Protection-based Federated Deep Learning(PP-FDL)framework,which accomplishes data protection against privacy-related GAN attacks,along with high classification rates from non-i.i.d data.PP-FDL is designed to enable fog nodes to cooperate to train the FDL model in a way that ensures contributors have no access to the data of each other,where class probabilities are protected utilizing a private identifier generated for each class.The PP-FDL framework is evaluated for image classification using simple convolutional networks which are trained using MNIST and CIFAR-10 datasets.The empirical results have revealed that PF-DFL can achieve data protection and the framework outperforms the other three state-of-the-art models with 3%–8%as accuracy improvements.