The Internet of Things (IoT) is a new computing paradigm that allows all kinds of items to communicate with each other over the Internet. IoT devices are frequently deployed in hostile and unsecure environments, increasing their vulnerability to various threats. In order to safeguard IoT devices from intruder attacks, security solutions are required. An Intrusion Detection System (IDS) is a tool that analyzes a system’s or network’s activities and events to detect attacks.
Intrusion Detection for IOT
The Internet of Things (IOT) is a system of physical devices with connectivity, software and sensors that can interact with other linked devices through the internet (Sai Kirana et al., 2020, p. 2372). IDS is a software / hardware system that monitors, detects, and alerts the computer system or network when an intrusion or attack occurs. Because of these devices pervasiveness and the ease with which they can be monitored and controlled from afar, a wide range of novel applications in diverse domains, like energy management devices, linked industrial and manufacturing sensors and equipment, health monitoring devices, wearable devices and smart home devices, and so on, are rapidly emerging (Fenanir et al., 2019, p. 203). Anomaly-based detection, Signature-based detection, and Hybrid-based detection are three prevalent types of intrusion detection (Saranyaa et al., 2020, p. 1252). Anomaly-based intrusion detection is also described as behavior-based detection since it models the users ’ behavior, networks, and host systems and creates an alert or alarm for the administrator anytime the behavior deviates from the norm.
Signature-based IDSs, sometimes referred as knowledge-based detection, rely on a database of previously identified attack signatures and recognized system vulnerabilities (Saranyaa et al., 2020, p. 1252). A hybrid based detection system combines anomaly-based and signature-based intrusion detection. The IDS should be small and flexible to the restricted nodes’ processing (Fenanir et al., 2019, p. 203). Because of the processing capacity and energy usage constraints, installing an operational intrusion detection device in every node of an IOT network is not practical. The Message Queuing Telemetry Transport (MQTT) protocol is one of the most distinctive IOT machine-to-machine protocols of communication (Hindy et al., 2020, p. 2).
IOT network security
The Internet’s broad use has resulted in an increase in the necessity of network security. In a May 2017 poll, Synopsys found a lack of faith in the medical devices security, with 67 percent of manufacturers saying an attack on a medical device is likely to happen over the next 12 months and just 17 percent implementing actions to minimize it (Eirini et al., 2019). These can have severe consequences, such as triggering hardware damage, affecting system availability, triggering system outages, and even physically harming persons. Due to the protocols and devices heterogeneity, direct internet exposure of devices, and resource limits on devices, protecting IOT devices from attacks is a problem.
Intrusion attempts, service attacks denial and viruses among other things, occur because of several elements such as the IOT devices vulnerabilities. To avoid such circumstances, more steps that are comprehensive should be employed, enabling software engineers and IOT devices to strengthen their security mitigation procedures. Traditional IT security ecosystems include vendor-supplied software patches, widespread use of end-point defenses (such as, anti-virus), static perimeter network defenses (for example, IDS, firewalls) and widespread use of end-point defenses (such as, anti-virus). However, because of the devices heterogeneity and their use instances, as well as vendor/device limits, these approaches are unable to accommodate IOT deployments.
Attacks that may face IOT Devices
Distributed denial-of-service (DDoS) and Man-in-the-middle (MITM) cyber attacks are prominent IOT threats. A method to safeguard IOT devices from similar threats is currently being developed. The Focus solution secures IOT devices with a virtual private network (VPN). The wireless sensor networks and internet, which are the major elements of IOT, are both insecure, making it subject to many attacks. Wearable gadgets, for example, must avoid leaking patient health data to a connected smartphone. The same researchers suggest a different framework for real-time intrusion detection that includes anomaly-based intrusion detection specifications and modules in the IOT for spotting different forms of routing attacks: collectors and selective routing attacks. Insecure gateways, energy bleeding, and spoofing are also among the threats that IOT devices face (Xiao et al., 2018, p. xx).
Because IOT platforms are so important, a variety of platforms have been presented in recent years. In reality, over 300 platforms with various features and capabilities are accessible now, both commercially and openly. Despite the benefits of having a variety of IOT platforms to select from, finding the right one can be difficult. SiteWhere and ThingsBoard are two well-known open-source platforms. MQTT (Message Queuing Telemetry Transport) and HTTP REST (Representational state transfer) are used to assess the systems (Ismail et al., 2018, p. 2). MQTT uses Machine Learning (ML) techniques in detected attacks based on MQTT. The ML tries to profile the nodes’ normal behavior and spot any anomalies in the network flow. The results show that the system can differentiate between malicious and benign nodes.
However, rather than a real testbed, the ML efficiency is determined in a simulated network. As a result, more testing is needed to see how effective their system is against a broader range of attacks and devices. The following are the steps involved in creating a system for an IOT platform utilizing Machine Learning:
- Create a testbed to mimic an IOT-based ecosystem.
- To produce attacks, create adversarial systems.
- Capture network data flow and derive attributes for both attack and normal scenarios.
- Develop and design machine learning algorithms for detecting and categorizing network attacks.
ThingsBoard outperforms SiteWhere in REST, according to the results. SiteWhere outperforms ThingsBoard in MQTT in terms of performance, however at the cost of a high error rate. Furthermore, ThingsBoard outperforms SiteWhere when message size grows(Ismail et al., 2018, p. 4).
We give some commonly used datasets and methodology in studies linked to IOT and security challenges in this part (Hindy et al., 2020, p. 2). In evaluating intrusion detection in computer systems, three datasets are used: UNSW-NB15, NSL-KDD, and KDD Cup 99. KDD Cup 1999: MIT Lincoln Labs developed this dataset, which offers a basic dataset derived from simulating ecosystem of military network and by incorporating numerous attacks (Costaa et al., 2019, p. 205). A relationship is represented as a TCP packets pattern with 42 features that are labeled as either attack or normal in the KDD Cup 99 dataset. NSL-KDD: It took 9 weeks for the Canadian Institute for Cyber Security to compile this dataset. It is an updated and condensed version of the KDD Cup 99 dataset. The NSL-KDD dataset attacks format and categorization are the same as in KDD Cup 99, with the exception that duplicate entries have been removed from the dataset.
The procedure for selecting the most essential characteristics from a dataset is known as feature selection. In creating a machine learning-based IDS for IOT, the following are the most important considerations:
- Lightweight – does not necessitate a lot of computer processing power.
- Stand-alone – meaning it is not reliant on any other program or alerting system.
- Fast – in order to minimize the impact of harmful behavior, it must be recognized practically instantly.
- Working over encrypted traffic – most commercial IOT devices use transport encryption to communicate (Eirini et al., 2019).
Processing is a technique for converting raw data into the format required by machine learning methods. Normalization, binarization and transformation, are all included in this process. The dataset is first modified to examine a two-label binary classification problem, namely normal and attack traffic, and afterwards the data transformation and normalization approach is used to the dataset. We use the dataset because:
- In a normal operational context, the dataset is based on a real MQTT IOT network.
- The dataset includes a MQTT brute-force attack, along with generic networking scanning attacks.
- For researchers to create and analyze IOT intrusion detection systems they can use this dataset.
- MQTT scenarios and attacks data are included for the first time in the dataset.
Enhancing the IOT network security
Supervised learning, unsupervised learning, as well as Semi-Supervised ML algorithm are all examples of machine learning techniques that have been used to improve network security. The supervised algorithm works with data that has been fully class labeled and determines the connection between the data and its classification (Saranyaa et al., 2020, p. 1253). This can be accomplished using either regression or classification techniques like random forest, deep neural network (DNN), neural network, K-nearest neighbor (K-NN), naive Bayes and support vector machine (SVM). There are two phases in the classification process: training and testing. With the help of the response variable, training data can be collected.
Unsupervised learning explores the similarities between unlabeled data to group them into various categories, whereas supervised learning requires labeled data. IOT devices, for instance, can identify DoS threats using multivariate correlation analysis while using IGMM in PHY-layer identity verification alongside privacy protection. Between supervised and unsupervised learning, the semi-supervised machine-learning method falls. For training, these learning techniques use unlabeled data, as well as a little quantity of labelled data for vast sets of unlabeled data. This algorithm uses numerous tiers of unpredictable K-Means clustering to boost classifier diversity and deliver effective intrusion detection (Xiao et al., 2018, p. 3).
The Internet of Things is becoming more popular, and numerous associated applications have emerged. However, the IoT has a security issue that must be addressed while taking into account the restrictions and obstacles that the IoT context presents. In this research, we offer a machine-learning-based lightweight intrusion detection approach. This methodology can recognize new threats and defend IOT nodes from both internal and external threats.
Costaa, K., Papaa, J. P., Lisboaa, C. O., Munoz, R., & Hugo, V. (2019). Internet of Things: A survey on machine learning-based intrusion detection approaches.
Eirini, A., Lowri, W., Slowinska, M., Theodorakopoulos, G., & Burnap, P. (2019, October 31). A supervised intrusion detection system for smart home IoT devices -ORCA. -ORCA. https://orca.cf.ac.uk/123767/
Fenanir, S., Semchedine, F., & Baadache, A. (2019). A Machine Learning-Based Lightweight Intrusion Detection System for the Internet of Things.
Hindy, H., Bayne, E., Bures, M., Atkinson, R., Tachtatzis, C., & Bellekens, X. (2020). Machine Learning Based IoT Intrusion Detection System: An MQTT Case Study (MQTT-IoT-IDS2020 Dataset).
Ismail, A. A., Hamza, H. S., & Kotb, A. M. (2018). Performance Evaluation of Open Source IoT Platforms.
Sai Kirana, K. V., Kamakshi Devisettya, R. N., Kalyana, N. P., Mukundinia, K., & Karthi, R. (2020). Building a Intrusion Detection System for IoT Environment using Machine Learning Techniques.
Saranyaa, T., Sridevi, S., Deisyc, C., Chungd, T. D., & Ahamed Khan, M. K. (2020). Performance Analysis of Machine Learning Algorithms in Intrusion Detection System: A Review.
Xiao, L., Wan, X., Li, X., Zhang, Y., & Wu, D. (2018). IoT Security Techniques Based on Machine Learning.