Feature Engineering for Cyber-attack detection in Internet of Things
Автор: Maheshi B. Dissanayake
Статья в выпуске: 6 Vol.11, 2021 года.
Internet of Things (IoT) consists of group of devices which communicates information over private networks. One of the key challenges faced by IoT networks is the security breaches. With the objective of automating the detection of possible security breaches in five categories, IoT traffic created with Message Queue Telemetry Transport (MQTT) protocol is analyzed. The five categories of cyber-attacks considered are brute force, denial of service (DoS), flooding, malformed data, and SlowITe attacks along with legitimate traffic. The popular five machine learning (ML) models, LightGBM, Random Forest, MLP, AdaBoost, and Decision Tree Classifiers are trained to predict cyber-attacks. In traditional traffic analysis all the available features of MQTT traffic were utilized for the ML modeling and in this work, we challenge the practice by showing that automated feature selection improves the performance of the overall ML models. The average accuracy, precision, recall and the F1 score are used as performance evaluation metrics. It is observed that all models in average are able to achieve 90% of accuracy in classification, while MLP model is trained 10 times faster than the other models. Further the optimal number of features for correct classification is identified as 10 features through Monte Carlo analysis. With the reduced features, it is possible to detect DoS, flooding, and SlowITe attacks with more than 90% accuracy and precision. Yet, it is difficult to tell apart brute force and malformed data attacks.
IoT Traffic, Machine learning, cyber attacks, Feature importance, DoS, Brute Force attack
Короткий адрес: https://readera.org/15018252
IDR: 15018252 | DOI: 10.5815/ijwmt.2021.06.05
Список литературы Feature Engineering for Cyber-attack detection in Internet of Things
- M. O. Al Enany, H. M. Harb, and G. Attiya, “A Comparative analysis of MQTT and IoT application protocols,” in Proceedings of the 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRISs2021 International Conference on Electronic Engineering (ICEEM), pp. 1–6, Menouf, Egypt, July 2021
- Vaccari, I.; Chiola, G.; Aiello, M.; Mongelli, M.; Cambiaso, E. MQTTset, a New Dataset for Machine Learning Techniques on MQTT. Sensors 2020, 20, 6578.
- Khurana, U., Samulowitz, H., and Turaga, D. Feature engineering for predictive modeling using reinforcement learning. In Thirty-Second AAAI Conference on Artificial Intelligence, April. 2018.
- I. Vaccari, S. Narteni, M. Aiello, M. Mongelli and E. Cambiaso, "Exploiting Internet of Things Protocols for Malicious Data Exfiltration Activities," in IEEE Access, vol. 9, pp. 104261-104280, 2021
- Komar, M.; Dorosh, V.; Hladiy, G.; Sachenko, A. Deep neural network for detection of cyber attacks. In Proceedings of the 2018 IEEE First International Conference on System Analysis & Intelligent Computing (SAIC), Kiev, Ukraine, 8–12 October 2018; pp. 1–4.
- Ferrag, M.A.; Maglaras, L.; Moschoyiannis, S.; Janicke, H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J. Inf. Secur. Appl. 2020, 50, 102419.
- M.; Fu, X.; Syed, N.; Baig, Z.; Teo, G.; Robles-Kelly, A. Deep Learning-Based Intrusion Detection for IoT Networks. In Proceedings of the 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), Kyoto, Japan, 1–3 December 2019; pp. 256–25609.
- Khraisat, A.; Gondal, I.; Vamplew, P.; Kamruzzaman, J.; Alazab, A. A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks. Electronics 2019, 8, 1210.
- Ciklabakkal, E. et al. ARTEMIS: An Intrusion Detection System for MQTT Attacks in Internet of Things. In Proceedings of the 2019 38th Symposium on Reliable Distributed Systems (SRDS), Lyon, France, 1–4 October 2019; pp. 369–3692.
- Morales, L.V.V.; López-Vizcaíno, M.; Iglesias, D.F.; Díaz, V.M.C. Anomaly Detection in IoT: Methods, Techniques and Tools. Proceedings 2019, 21, 4.
- Alaiz-Moreton, H. et al. Multiclass classification procedure for detecting attacks on MQTT-IoT protocol. Complexity 2019, 2019, 6516253
- Saritas, M.M.; Yasar, A. Performance analysis of ANN and Naive Bayes classification algorithm for data classification. Int. J. Intell. Syst. Appl. Eng. 2019, 7, 88–91
- Vaccari, I., Aiello, M., & Cambiaso, E. SlowITe, a Novel Denial of Service Attack Affecting MQTT. Sensors 2020 (Basel, Switzerland), 20(10), 2932.
- Bonaccorso, Giuseppe. Machine learning algorithms. Packt Publishing Ltd, 2017.
- Ghori, K. M. et al., "Performance Analysis of Different Types of Machine Learning Classifiers for Non-Technical Loss Detection," in IEEE Access, vol. 8, pp. 16033-16048, 2020
- Ho, T.K., Random Decision Forest. Proceedings of the 3rd International Conference on Document Analysis and Recognition, Montreal, 14-16 August 1995, 278-282.
- Yoav Freund, Robert Schapire, and Naoki Abe. A short introduction to boosting. JournalJapanese Society For Artificial Intelligence, 14(771-780):1612, 1999.
- Guolin Ke, et al. LightGBM: a highly efficient gradient boosting decision tree. In Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS'17). Curran Associates Inc., Red Hook, NY, USA, 3149–3157, 2017
- Derek Johnson, Mohammed Ketel,"IoT: Application Protocols and Security", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.4, pp.1-8, 2019
- Asifa Nazir, Sahil Sholla, Adil Bashir, " An Ontology based Approach for Context-Aware Security in the Internet of Things (IoT)", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.11, No.1, pp. 28-46, 2021
- Syed Kashan Ali Shah, Waqas Mahmood, " Smart Home Automation Using IOT and its Low Cost Implementation ", International Journal of Engineering and Manufacturing (IJEM), Vol.10, No.5, pp.28-36, 2020.
- Samah Osama M. Kamel, Sanaa Abou Elhamayed, "Mitigating the Impact of IoT Routing Attacks on Power Consumption in IoT Healthcare Environment using Convolutional Neural Network", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.4, pp.11-29, 2020
- Ahmet Ali Süzen, "A Risk-Assessment of Cyber Attacks and Defense Strategies in Industry 4.0 Ecosystem", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.1, pp.1-12, 2020
- Seunghyun Park, Jin-Young Choi, "Malware Detection in Self-Driving Vehicles Using Machine Learning Algorithms", Journal of Advanced Transportation, vol. 2020, Article ID 3035741, 9 pages, 2020.