Volume 21, Issue 3 (12-2024)
JSDP 2024, 21(3): 3-22 |
Back to browse issues page
Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
Teymouri A, Deypir M. Two-level intrusion detection system for Internet of Things network based on deep learning. JSDP 2024; 21 (3) : 1
URL: http://jsdp.rcisp.ac.ir/article-1-1388-en.html
URL: http://jsdp.rcisp.ac.ir/article-1-1388-en.html
Abstract: (758 Views)
Along with the growth in the use of Internet of Things networks for various applications, threats and attacks related to these types of networks have also increased. Intrusion detection systems are designed and used to detect and identify attacks in this type of networks, and to identify intrusions or abuses that are going to take place from the network, and to inform the relevant authorities about this issue. In most intrusion detection systems, various methods and algorithms are used, including deep neural networks (DNNs), support vector machines (SVM), or multilayer perceptron (MLP), and other traditional machine learning models. Each method has advantages and disadvantages, but it usually has a lower accuracy rate than combined methods. In recent years, the idea of combining classifications has been used for anomaly-based diagnosis. In this research, to reach better accuracy, we used the combination of principal component analysis (PCA) and convolutional neural network (CNN) algorithms to design our intrusion detection system. In the initial step of the proposed method, after preprocessing including conversions and normalizations, valuable features for classification are extracted. In this study, the NSL-KDD dataset, which has been mentioned in many scientific articles as a valid reference dataset in the field of intrusion detection, has been used. In fact, due to the high number of data dimensions and the high dispersion of feature values, we used a dimension reduction method. The dimensionality reduction method used in this research is principal component analysis (PCA). In the PCA method, the dimensions of the data are reduced in such a way that the reduced dimension data also includes the vital information of the dataset. We used PCA in order to reduce the size and volume of the input data to help increase the efficiency of our main algorithm and the new data generated with this algorithm is provided to the CNN classifier. A convolutional neural network is a special type of neural network with multiple layers that processes data that has a grid arrangement and then extracts important features from them. Here, accurate pattern learning and deep insight from the given data are our two main reasons for using CNN. In the proposed approach, we have two level classification including binary CNN and multi-class CNN, for detecting attacks and exact type of them, respectively. That is, firstly attacks and normal data are identified by binary classification and then by multi-class classification, the types of attacks are identified and separated. In fact, the type of attacks which includes one of DoS, U2R, R2L and Probe cases is determined using second convolutional neural network. Based on the obtained results, we have witnessed the growth of the accuracy rate of the proposed method compared to many other popular methods. In the evaluation of accuracy parameter values for different phases of training and testing, competitive results are observed for binary classification phase. Here we consider the number of 15 rounds. As it is clear from the graph related to training, the accuracy values in the final courses have reached 0.94. The accuracy of the test has also approached the value of 0.9 in the last round. Also, the results obtained in multi-class CNN are such that the accuracy value is 0.99 in the classification of the training data samples and 0.97 in the classification of the test data samples. Moreover, the cost graphs for training and testing courses of multi-class CNN are shown. The cost of training and testing in the final round is 0.06 and 0.09, respectively.
Article number: 1
Keywords: Intrusion detection system, Convolutional neural network (CNN), Binary classifier, Multi-class classifier, Principal component analysis (PCA).
Type of Study: Research |
Subject:
Paper
Received: 2023/07/21 | Accepted: 2024/08/18 | Published: 2025/01/17 | ePublished: 2025/01/17
Received: 2023/07/21 | Accepted: 2024/08/18 | Published: 2025/01/17 | ePublished: 2025/01/17
References
1. S. Prabavathy, K. Sundarakantham, and S. M. Shalinie. "Design of cognitive fog computing for intrusion detection in internet of things,", vol. 20, no. 3, pp. 291-298, 2018. [DOI:10.1109/JCN.2018.000041]
2. P. Kasinathan, C. Pastrone, M. A. Spirito, and M. Vinkovits. "Denial-of-Service detection in 6LoWPAN based Internet of Things,", pp. 600-607, 2013 [DOI:10.1109/WiMOB.2013.6673419]
3. G. Appice, A. Paolo Caforio, F. Andresini, & D. Malerba, "Improving cyber-threat detection by moving the boundary around the normal samples. In Machine Intelligence and Big Data Analytics for Cybersecurity Applications," pp. 105-127, 2021. [DOI:10.1007/978-3-030-57024-8_5]
4. S. Hajj, R. El Sibai, J. Bou Abdo, J. Demerjian, A. Makhoul, & C. Guyeux, "Anomaly‐based intrusion detection systems: The requirements, methods, measurements, and datasets. Transactions on Emerging Telecommunications Technologies", 32(4), e4240, 2021. [DOI:10.1002/ett.4240]
5. M. Nobakht, V. Sivaraman, and R. Boreli, "A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow," 11th International conference on availability, reliability and security (ARES), pp. 147-156, 2016. [DOI:10.1109/ARES.2016.64]
6. H. Bostani and M. Sheikhan, "Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach," Computer Communications, vol. 98, pp. 52-71, 2017. [DOI:10.1016/j.comcom.2016.12.001]
7. M. Lopez-Martin, B. Carro, A. Sanchez-Esguevillas, and J. Lloret. "Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot," Sensors, vol. 17, no. 9, p. 1967, 2017. [DOI:10.3390/s17091967] [PMID] []
8. S. Rathore and J. H. Park, "Semi-supervised learning based distributed attack detection framework for IoT," Applied Soft Computing, vol. 72, pp. 79-89, 2018. [DOI:10.1016/j.asoc.2018.05.049]
9. Diro and N. Chilamkurti. "Distributed attack detection scheme using deep learning approach for Internet of Things," Future Generation Computer Systems, vol. 82, pp. 761-768, 2018. [DOI:10.1016/j.future.2017.08.043]
10. V. Kumari and P. R. K. Varma. "A semi-supervised intrusion detection system using active learning SVM and fuzzy c-means clustering," in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pp. 481-485, 2017. [DOI:10.1109/I-SMAC.2017.8058397]
11. Z. K. Zhang, M. C. Y. Cho, C.-W. Wang, C.-W. Hsu, C.-K. Chen, and S. Shieh. "IoT security: ongoing challenges and research opportunities," in 2014 IEEE 7th international conference on service-oriented computing and applications, pp. 230-234, 2014. [DOI:10.1109/SOCA.2014.58]
12. M. Cheema, H. K. Qureshi, C. Chrysostomou, & M. Lestas, "Utilizing blockchain for distributed machine learning based intrusion detection in internet of things." In 2020 16th International Conference on Distributed Computing in Sensor Systems pp. 429-435, 2020. [DOI:10.1109/DCOSS49796.2020.00074]
13. T. Hagemann, & Katsarou, K. A systematic "review on anomaly detection for cloud computing environments. In 2020 3rd Artificial Intelligence and Cloud Computing Conference." pp. 83-96, 2020. [DOI:10.1145/3442536.3442550]
14. AbuGhazleh, A. Al-Rahayfeh, S. Atiewi, and A. Razaque. "Deep recurrent neural network for IoT intrusion detection system," Simulation Modelling Practice and Theory, vol. 101, pp. 10203, 2020. [DOI:10.1016/j.simpat.2019.102031]
15. Dhanabsl, S.P. Shantharajah, "A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms." PP. 2319-5940, 2015.
16. Mackiewicz, and W. ratajczak, "Principal components analysis(PCA)" pp. 0098-3004, 1993. [DOI:10.1016/0098-3004(93)90090-R]
17. S. Indolia, A. K. Goswami, S. P. Mishra, and P. Asopa, "Conceptual Understanding of Convolutional Neural Network- A Deep Learning Approach" pp. 10-1016, 2018. [DOI:10.1016/j.procs.2018.05.069]
18. S. Raza, L. Wallgren, and T. Voigt. "SVELTE: Real-time intrusion detection in the Internet of Things," Ad hoc networks, vol. 11, no. 8, pp. 2661-2674, 2013. [DOI:10.1016/j.adhoc.2013.04.014]
19. Jun and C. Chi. "Design of complex event-processing IDS in internet of things," in 2014 Sixth International Conference on Measuring Technology and Mechatronics Automation, pp. 226-229, 2014. [DOI:10.1109/ICMTMA.2014.57] [PMID]
20. T. S. Naseri, and F. S. Gharehchopogh, "A Feature Selection Based on the Farmland Fertility Algorithm for Improved Intrusion Detection Systems". Journal of Network and Systems Management, 30(3), pp. 1-27, 2022. [DOI:10.1007/s10922-022-09653-9]
21. S. K. Amalapuram, A.Tadwai, , R.Vinta, , S. S.Channappayya, and B. R. Tamma, "Continual Learning for Anomaly based Network Intrusion Detection". In 2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS), pp. 497-505, 2022. [DOI:10.1109/COMSNETS53615.2022.9668482]
22. D.Teixeira, , S. Malta, , and P.Pinto, "A Vote-Based Architecture to Generate Classified Datasets and Improve Performance of Intrusion Detection Systems Based on Supervised Learning". Future Internet, 14(3), 72, 2022. [DOI:10.3390/fi14030072]
23. E. Gharavi, H. Veisi, "Using RST-based deep neural networks to improve text representation", Signal and Data Processing, 20 (1), pp. 181-197, 2023. [DOI:10.61186/jsdp.20.1.181]
24. S. Abbasi, S. Nejatian, H. Parvin, K. Bagherifard, V. Rezaie, "The ensemble clustering with maximize diversity using evolutionary optimization algorithms", Signal and Data Processing, 19 (4), pp. 95-120, 2023. [DOI:10.61186/jsdp.19.4.95]
Send email to the article author
| Rights and permissions | |
 |
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
