Abstract
The proliferation of the Internet of Things (IoT) serves demands in our life ranging from smart homes and smart cities to manufacturing and many other industries. As a result of the massive deployment of IoT devices, the risk of cyber-attacks on these devices also increases. The limitation in computing resources of IoT devices stops people from directly operating antivirus software on them. Therefore, these devices are vulnerable to cyber-attacks. In this research, we present our novel approach that could be applied to construct a lightweight Network Intrusion Detection System (NIDS) on IoT gateways. We utilize TabNet-the Google’s recently developed model for tabular data-as our detection model. The evaluation results on BOT-IoT and UNSW-NB15 datasets prove the ability of our proposal in intrusion detection tasks with the accuracy of 98,53% and 99,43%. Finally, we experiment with our approach on the Raspberry Pi 4 to prove the lightweight characteristic to deploy on IoT gateways.
T. N. Nguyen and K. M. Dang—These authors equally contributed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., Burnap, P.: A supervised intrusion detection system for smart home IoT devices. IEEE Internet Things J. 6(5), 9042–9053 (2019)
Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1093–1110. USENIX Association, Vancouver, BC, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
Arik, S., Pfister, T.: Tabnet: attentive interpretable tabular learning (2021)
Bai, L., Yao, L., Kanhere, S.S., Wang, X., Yang, Z.: Automatic device classification from network traffic streams of internet of things. In: 2018 IEEE 43rd Conference on Local Computer Networks (LCN), pp. 1–9. IEEE (2018)
Bowyer, K.W., Chawla, N.V., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. CoRR abs/1106.1813 (2011). http://arxiv.org/abs/1106.1813
Dat-Thinh, N., Xuan-Ninh, H., Kim-Hung, L., Nassar, H.: Midsiot: a multistage intrusion detection system for internet of things. Wirel. Commun. Mob. Comput. 2022 (2022). https://doi.org/10.1155/2022/9173291
Do, X.T., Le, K.H.: Towards remote deployment for intrusion detection system to IoT Edge Devices. In: Balas, V.E., Solanki, V.K., Kumar, R. (eds.) Recent Advances in Internet of Things and Machine Learning. Intelligent Systems Reference Library, vol. 215, pp. 301–316. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-90119-6_24
Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7(8), 6882–6897 (2020). https://doi.org/10.1109/JIOT.2020.2970501
Habibi Lashkari., A., Draper Gil., G., Mamun., M.S.I., Ghorbani., A.A.: Cicflowmeter https://www.unb.ca/cic/research/applications.html
Hafeez, I., Antikainen, M., Ding, A.Y., Tarkoma, S.: IoT-keeper: detecting malicious IoT network activity using online traffic analysis at the edge. IEEE Trans. Network Serv. Manage. 17(1), 45–59 (2020)
Hasan, M.: State of IoT 2022: number of connected IoT devices growing 18% to 14.4 billion globally (2022). https://iot-analytics.com/number-connected-iot-devices
Koroniotis, N.: Designing an effective network forensic framework for the investigation of botnets in the internet of things (2020)
Koroniotis, N., Moustafa, N.: Enhancing network forensics with particle swarm and deep learning: the particle deep framework. CoRR abs/2005.00722 (2020). https://arxiv.org/abs/2005.00722
Koroniotis, N., Moustafa, N., Schiliro, F., Gauravaram, P., Janicke, H.: A holistic review of cybersecurity and reliability perspectives in smart airports. IEEE Access 8, 209802–209834 (2020). https://doi.org/10.1109/ACCESS.2020.3036728
Koroniotis, N., Moustafa, N., Sitnikova, E.: A new network forensic framework based on deep learning for internet of things networks: a particle deep framework. Future Gener. Comput. Syst. 110, 91–106 (2020). https://doi.org/10.1016/j.future.2020.03.042, https://www.sciencedirect.com/science/article/pii/S0167739X19325105
Koroniotis, N., Moustafa, N., Sitnikova, E., Slay, J.: Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds.) MONAMI 2017. LNICST, vol. 235, pp. 30–44. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90775-8_3
Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset (2018). https://doi.org/10.48550/ARXIV.1811.00701, https://arxiv.org/abs/1811.00701
Le, K.H., Le-Minh, K.H., Thai, H.T.: Brainyedge: an AI-enabled framework for IoT edge computing. ICT Express (2021). https://doi.org/10.1016/j.icte.2021.12.007, https://www.sciencedirect.com/science/article/pii/S2405959521001727
Le, K.H., Nguyen, M.H., Tran, T.D., Tran, N.D.: Imids: an intelligent intrusion detection system against cyber threats in IoT. Electron. 11(4) (2022). https://doi.org/10.3390/electronics11040524, https://www.mdpi.com/2079-9292/11/4/524
Le Minh, K.H., Le, K.H., Le-Trung, Q.: Dlase: a light-weight framework supporting deep learning for edge devices. In: 2020 4th International Conference on Recent Advances in Signal Processing, Telecommunications & Computing (SigTelCom), pp. 103–108 (2020). https://doi.org/10.1109/SigTelCom49868.2020.9199058
Marchal, S., Miettinen, M., Nguyen, T.D., Sadeghi, A.R., Asokan, N.: Audi: toward autonomous IoT device-type identification using periodic communication. IEEE J. Sel. Areas Commun. 37(6), 1402–1412 (2019). https://doi.org/10.1109/JSAC.2019.2904364
Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_5
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)
Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data 5(4), 481–494 (2019). https://doi.org/10.1109/TBDATA.2017.2715166
Nguyen, P.C., Nguyen, Q.T., Le, K.H.: An ensemble feature selection algorithm for machine learning based intrusion detection system. In: 2021 8th NAFOSTED Conference on Information and Computer Science (NICS), pp. 50–54 (2021). https://doi.org/10.1109/NICS54270.2021.9701577
Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: DÏot: a federated self-learning anomaly detection system for IoT (2018). https://doi.org/10.48550/ARXIV.1804.07474, https://arxiv.org/abs/1804.07474
Nguyen, X.H., Nguyen, X.D., Huynh, H.H., Le, K.H.: Realguard: a lightweight network intrusion detection system for IoT gateways. Sensors 22(2) (2022). https://doi.org/10.3390/s22020432, https://www.mdpi.com/1424-8220/22/2/432
Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA/WiCON -2020. LNICST, vol. 371, pp. 117–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72802-1_9
Tiwatthanont, P.: Tcpdump and cicflowmeter. https://github.com/iPAS/TCPDUMP_and_CICFlowMeter
Tran, B.S., Ho, T.H., Do, T.X., Le, K.H.: Empirical performance evaluation of machine learning based DDoS attack detections. In: Balas, V.E., Solanki, V.K., Kumar, R. (eds.) Recent Advances in Internet of Things and Machine Learning. Intelligent Systems Reference Library, vol. 215, pp. 283–299. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-90119-6_23
Zhang, X., Chen, J., Zhou, Y., Han, L., Lin, J.: A multiple-layer representation learning model for network-based attack detection. IEEE Access 7, 91992–92008 (2019). https://doi.org/10.1109/ACCESS.2019.2927465
Acknowledgements
This research is supported by research funding from Faculty of Information Technology, University of Science, Vietnam National University - Ho Chi Minh City.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Nguyen, TN., Dang, KM., Tran, AD., Le, KH. (2022). Towards an Attention-Based Threat Detection System for IoT Networks. In: Dang, T.K., Küng, J., Chung, T.M. (eds) Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications. FDSE 2022. Communications in Computer and Information Science, vol 1688. Springer, Singapore. https://doi.org/10.1007/978-981-19-8069-5_20
Download citation
DOI: https://doi.org/10.1007/978-981-19-8069-5_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-8068-8
Online ISBN: 978-981-19-8069-5
eBook Packages: Computer ScienceComputer Science (R0)