Contextual Deep Semantic Feature Driven Multi-Types Network Intrusion Detection System for IoT-Edge Networks

Shaho Hassen; Ahmed Abdlrazaq

doi:10.21271/ZJPAS.36.6.14

Authors

Shaho Ismael Hassen Department of Petro-Chemical Engineering, College of Engineering Salahaddin University-Erbil, Erbil, Kurdistan Region, Iraq
Ahmed Abdlrazaq ICT Center,Salahaddin University-Erbil,Erbil, Kurdistan Region, Iraq

DOI:

https://doi.org/10.21271/ZJPAS.36.6.14

Keywords:

Edge-IoT Network, Network Intrusion Detection, Semantic Contextual Feature Learning, Cascaded Recurrent Networks, Bi-LSTM

Abstract

Recent years have witnessed an exponential rise in wireless networks and allied interoperable distributed computing frameworks, where the different sensory units transfer real-world event data to the network analyzer for run-time decisions. There exists an array of applications employing edge- internet of things (Edge-IoT) where the edge nodes collect local data to perform real-time decisions. However, the at-hand edge-IoT systems being decentralized, infrastructure-less, and dynamic remain vulnerable to man-in-the-middle attacks, intrusion, denial of service attacks, etc. Though in the past, numerous efforts were made towards intrusion detection in IoT networks, the major approaches focused merely on standalone intrusion detection, and therefore their scalability towards multiple attack detection remains unaddressed. On the contrary, applying a unit intrusion detection system for each type of attack can impose resource exhaustion and delay. Recently authors have used deep learning methods like convolutional neural network (CNN), and long- and short-term memory (LSTM) to perform learning-based intrusion detection. However, being reliant on merely local features its reliability remains suspicious. Such methods ignore long-term dependency problems that limit their efficacy in intrusion detection in temporal Edge-IoT network traffic. With this motivation, in this paper, a contextual deep semantic feature-driven multi-type intrusion detection model (CDS-MNIDS) is proposed for Edge-IoT networks. The proposed CDS-MNIDS model at first performs network traffic segmentation from the temporal network traces obtained from the network gateway. Subsequently, the node’s dynamic features including the node’s address, packet size, transmission behavior, etc., are processed for Word2Vec encoding, followed by a cascaded deep network-based learning and prediction. The CDS-MNIDS model embodied a cascaded deep network encompassing LSTM and bidirectional LSTM networks, where the first extracted local features. At the same time, the latter obtained contextual features from the input local feature vector. The extracted local and contextual features were projected to the global average pooling layer followed by the fully connected layer that in conjunction with the Softmax layer performed multi-class classification.

References

Abdullah, A., Alsolami, B., Alyahya, C. & Alotibi, C. 2018. INTRUSION DETECTION OF DOS ATTACKS IN WSNS USING CLASSIFICATION TECHNIUQES. Journal of Fundamental and Applied Sciences, 10, 298-303.

Abuadlla, Y., Kvascev, G., Gajin, S. & Jovanovic, Z. 2014. Flow-based anomaly intrusion detection system using two neural network stages. Computer Science and Information Systems, 11, 601-622.

Aburomman, A. A. & Ibne Reaz, M. B. 2016. A novel SVM-kNN-PSO ensemble method for intrusion detection system. Applied Soft Computing, 38, 360-372.

Ahmad, I., Basheri, M., Iqbal, M. J. & Rahim, A. 2018. Performance Comparison of Support Vector Machine, Random Forest, and Extreme Learning Machine for Intrusion Detection. IEEE Access, 6, 33789-33795.

Al-Qatf, M., Lasheng, Y., Al-Habib, M. & Al-Sabahi, K. 2018. Deep Learning Approach Combining Sparse Autoencoder With SVM for Network Intrusion Detection. IEEE Access, 6, 52843-52856.

Beghdad, R. 2008. Critical study of neural networks in detecting intrusions. Computers & Security, 27, 168-175.

Butun, I., Österberg, P. & Song, H. 2020. Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures. IEEE Communications Surveys & Tutorials, 22, 616-644.

Casas, P., Mazel, J. & Owezarski, P. UNADA: Unsupervised Network Anomaly Detection Using Sub-space Outliers Ranking. In: DOMINGO-PASCUAL, J., MANZONI, P., PALAZZO, S., PONT, A. & SCOGLIO, C., eds. NETWORKING 2011, 2011 Berlin, Heidelberg. Springer Berlin Heidelberg, 40-51.

Chen, H., Meng, C., Shan, Z., Fu, Z. & Bhargava, B. K. 2019. A Novel Low-Rate Denial of Service Attack Detection Approach in ZigBee Wireless Sensor Network by Combining Hilbert-Huang Transformation and Trust Evaluation. IEEE Access, 7, 32853-32866.

Elbahadır, H. & Erdem, E. Modeling Intrusion Detection System Using Machine Learning Algorithms in Wireless Sensor Networks. 2021 6th International Conference on Computer Science and Engineering (UBMK), 2021. 401-406.

Elbasiony, R. M., Sallam, E. A., Eltobely, T. E. & Fahmy, M. M. 2013. A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Engineering Journal, 4, 753-762.

Farivar, F., Haghighi, M. S., Jolfaei, A. & Alazab, M. 2020. Artificial Intelligence for Detection, Estimation, and Compensation of Malicious Attacks in Nonlinear Cyber-Physical Systems and Industrial IoT. IEEE Transactions on Industrial Informatics, 16, 2716-2725.

Farnaaz, N. & Jabbar, M. A. 2016. Random Forest Modeling for Network Intrusion Detection System. Procedia Computer Science, 89, 213-217.

Gao, X., Shan, C., Hu, C., Niu, Z. & Liu, Z. 2019. An Adaptive Ensemble Machine Learning Model for Intrusion Detection. IEEE Access, 7, 82512-82521.

Gauthama Raman, M. R., Somu, N., Kirthivasan, K., Liscano, R. & Shankar Sriram, V. S. 2017. An efficient intrusion detection system based on hypergraph - Genetic algorithm for parameter optimization and feature selection in support vector machine. Knowledge-Based Systems, 134, 1-12.

Huang, H., Ding, S., Zhao, L., Huang, H., Chen, L., Gao, H. & Ahmed, S. H. 2020. Real-Time Fault Detection for IIoT Facilities Using GBRBM-Based DNN. IEEE Internet of Things Journal, 7, 5713-5722.

Jaber, A. N., Zolkipli, M. F., Shakir, H. A. & Jassim, M. R. 2018. Host Based Intrusion Detection and Prevention Model Against DDoS Attack in Cloud Computing.

Jadidi, Z., Muthukkumarasamy, V. & Sithirasenan, E. Metaheuristic algorithms based Flow Anomaly Detector. 2013 19th Asia-Pacific Conference on Communications (APCC), 2013/8// 2013. IEEE, 717-722.

Jiang, F., Fu, Y., Gupta, B. B., Liang, Y., Rho, S., Lou, F., Meng, F. & Tian, Z. 2020a. Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security. IEEE Transactions on Sustainable Computing, 5, 204-212.

Jiang, S., Zhao, J. & Xu, X. 2020b. SLGBM: An Intrusion Detection Mechanism for Wireless Sensor Networks in Smart Environments. IEEE Access, 8, 169548-169558.

Kabir, E., Hu, J., Wang, H. & Zhuo, G. 2018. A novel statistical technique for intrusion detection systems. Future Generation Computer Systems, 79, 303-318.

Khan, T., Singh, K., Hoang Son, L., Abdel-Basset, M., Viet Long, H., Singh, S. P. & Manjul, M. 2019. A Novel and Comprehensive Trust Estimation Clustering Based Approach for Large Scale Wireless Sensor Networks. IEEE Access, 7, 58221-58240.

Kuang, F., Xu, W. & Zhang, S. 2014. A novel hybrid KPCA and SVM with GA model for intrusion detection. Applied Soft Computing, 18, 178-184.

Kumarshrivas, A. & Kumar Dewangan, A. 2014. An Ensemble Model for Classification of Attacks with Feature Selection based on KDD99 and NSL-KDD Data Set. International Journal of Computer Applications, 99, 8-13.

Lakhina, A., Crovella, M. & Diot, C. 2005. Mining anomalies using traffic feature distributions. ACM SIGCOMM computer communication review, 35, 217-228.

Latah, M. & Toker, L. 2020. An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks. CCF Transactions on Networking, 3, 261-271.

Lee, Y.-J., Yeh, Y.-R. & Wang, Y.-C. F. 2013. Anomaly Detection via Online Oversampling Principal Component Analysis. IEEE Transactions on Knowledge and Data Engineering, 25, 1460-1470.

Li, L., Yu, Y., Bai, S., Hou, Y. & Chen, X. 2018. An Effective Two-Step Intrusion Detection Approach Based on Binary Classification and k -NN. IEEE Access, 6, 12060-12073.

Li, T., Xie, S., Zeng, Z., Dong, M. & Liu, A. 2022. ATPS: An AI Based Trust-Aware and Privacy-Preserving System for Vehicle Managements in Sustainable VANETs. IEEE Transactions on Intelligent Transportation Systems, 23, 19837-19851.

Liao, H., Zhou, Z., Zhao, X., Zhang, L., Mumtaz, S., Jolfaei, A., Ahmed, S. H. & Bashir, A. K. 2020. Learning-Based Context-Aware Resource Allocation for Edge-Computing-Empowered Industrial IoT. IEEE Internet of Things Journal, 7, 4260-4277.

Liu, S., Guo, C., Al-Turjman, F., Muhammad, K. & De Albuquerque, V. H. C. 2020. Reliability of response region: A novel mechanism in visual tracking by edge computing for IIoT environments. Mechanical Systems and Signal Processing, 138, 106537-106537.

Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A. & Lloret, J. 2017. Conditional Variational Autoencoder for Prediction and Feature Recovery Applied to Intrusion Detection in IoT. Sensors, 17, 1967-1967.

Marir, N., Wang, H., Feng, G., Li, B. & Jia, M. 2018. Distributed Abnormal Behavior Detection Approach Based on Deep Belief Network and Ensemble SVM Using Spark. IEEE Access, 6, 59657-59671.

Mirsky, Y., Doitshman, T., Elovici, Y. & Shabtai, A. 2018. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection.

S. Liu, C. G., F. Al-Turjman, K. Muhammad, and V. H. C. De Albuquerque. 2020. Reliability of response region: A novel mechanism in visual tracking by edge computing for IIoT environments. Mechanical Systems and Signal Processing, vol. 138, p. 106537.

Song, S., Ling, L. & Manikopoulo, C. N. Flow-based Statistical Aggregation Schemes for Network Anomaly Detection. 2006 IEEE International Conference on Networking, Sensing and Control, 2006. 786-791.

Stevanovic, M. & Pedersen, J. M. An efficient flow-based botnet detection using supervised machine learning. 2014 International Conference on Computing, Networking and Communications (ICNC), 2014. 797-801.

Teng, S., Wu, N., Zhu, H., Teng, L. & Zhang, W. 2018. SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA Journal of Automatica Sinica, 5, 108-118.

Tran, Q. A., Jiang, F. & Hu, J. A Real-Time NetFlow-based Intrusion Detection System with Improved BBNN and High-Frequency Field Programmable Gate Arrays. 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, 2012. 201-208.

Umamaheshwari, S., Kumar, S. A. & Sasikala, S. Towards Building Robust Intrusion Detection System in Wireless Sensor Networks using Machine Learning and Feature Selection. 2021 International Conference on Advancements in Electrical, Electronics, Communication, Computing and Automation (ICAECA), 2021/10// 2021. IEEE, 1-6.

Vinayakumar, R., Alazab, M., Srinivasan, S., Pham, Q.-V., Padannayil, S. K. & Simran, K. 2020. A Visualized Botnet Detection System Based Deep Learning for the Internet of Things Networks of Smart Cities. IEEE Transactions on Industry Applications, 56, 4436-4456.

Wahba, Y., Elsalamouny, E. & Eltaweel, G. 2015. Improving the Performance of Multi-class Intrusion Detection Systems using Feature Reduction. CoRR, abs/1507.06692.

Wang, H., Gu, J. & Wang, S. 2017. An effective intrusion detection framework based on SVM with feature augmentation. Knowledge-Based Systems, 136, 130-139.