Machine Learning-based Intrusion Detection Technique for IoT: Simulation with Cooja

HTML PDF (1742KB), PP.1-23

Views: 0 Downloads: 0

Author(s)

Ali H. Farea 1,* Kerem Kucuk 2

1. Department of Computer Engineering at Kocaeli University, Kocaeli, Izmit - 41001, Turkey

2. Department of Software Engineering at Kocaeli University, Kocaeli, Izmit- 41001, Turkey

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2024.01.01

Received: 12 Jan. 2023 / Revised: 18 Feb. 2023 / Accepted: 30 Mar. 2023 / Published: 8 Feb. 2024

Index Terms

Attacks Analysis, Hybrid IDPS, IoT, 6LoWPAN Attacks, Lightweight Models, Machine Learning, Models Deployment

Abstract

The Internet of Things (IoT) is one of the promising technologies of the future. It offers many attractive features that we depend on nowadays with less effort and faster in real-time. However, it is still vulnerable to various threats and attacks due to the obstacles of its heterogeneous ecosystem, adaptive protocols, and self-configurations. In this paper, three different 6LoWPAN attacks are implemented in the IoT via Contiki OS to generate the proposed dataset that reflects the 6LoWPAN features in IoT. For analyzed attacks, six scenarios have been implemented. Three of these are free of malicious nodes, and the others scenarios include malicious nodes. The typical scenarios are a benchmark for the malicious scenarios for comparison, extraction, and exploration of the features that are affected by attackers. These features are used as criteria input to train and test our proposed hybrid Intrusion Detection and Prevention System (IDPS) to detect and prevent 6LoWPAN attacks in the IoT ecosystem. The proposed hybrid IDPS has been trained and tested with improved accuracy on both KoU-6LoWPAN-IoT and Edge IIoT datasets. In the proposed hybrid IDPS for the detention phase, the Artificial Neural Network (ANN) classifier achieved the highest accuracy among the models in both the 2-class and N-class. Before the accuracy improved in our proposed dataset with the 4-class and 2-class mode, the ANN classifier achieved 95.65% and 99.95%, respectively, while after the accuracy optimization reached 99.84% and 99.97%, respectively. For the Edge IIoT dataset, before the accuracy improved with the 15-class and 2-class modes, the ANN classifier achieved 95.14% and 99.86%, respectively, while after the accuracy optimized up to 97.64% and 99.94%, respectively. Also, the decision tree-based models achieved lightweight models due to their lower computational complexity, so these have an appropriate edge computing deployment. Whereas other ML models reach heavyweight models and are required more computational complexity, these models have an appropriate deployment in cloud or fog computing in IoT networks.

Cite This Paper

Ali H. Farea, Kerem Küçük, "Machine Learning-based Intrusion Detection Technique for IoT: Simulation with Cooja", International Journal of Computer Network and Information Security(IJCNIS), Vol.16, No.1, pp.1-23 2024. DOI:10.5815/ijcnis.2024.01.01

Reference

[1]I. Lee and K. Lee, “The Internet of Things (IoT): Applications, investments, and challenges for enterprises,” Bus. Horiz., vol. 58, no. 4, pp. 431–440, 2015, doi: 10.1016/j.bushor.2015.03.008.
[2]A. H. Farea and K. Küçük, “Detections of IoT Attacks via Machine Learning-Based Approaches with Cooja,” EAI Endorsed Trans. Internet Things, vol. 7, no. 28, pp. 1–12, 2022, doi: 10.4108/eetiot.v7i28.324.
[3]A. Gerodimos, L. Maglaras, M.A. Ferrag, N. Ayres, and I. Kantzavelou, "IoT: Communication protocols and security threats," Internet of Things and Cyber–Physical Systems, vol. 27, pp. 172–178, 2023. doi: 10.1016/j.iotcps.2022.12.003.
[4]D.-M. Ngo et al., “HH-NIDS: Heterogeneous Hardware-Based Network Intrusion Detection Framework for IoT Security,” Future Internet, vol. 15, no. 1, p. 9, Dec. 2022, doi: 10.3390/fi15010009.
[5]M. S. Mekala and P. Viswanathan, “A Survey: Smart agriculture IoT with cloud computing,” 2017 Int. Conf. Microelectron. Devices, Circuits Syst. ICMDCS 2017, vol. 2017-Janua, no. August 2017, pp. 1–7, 2017, doi: 10.1109/ICMDCS.2017.8211551.
[6]A. A. Laghari, K. Wu, R. A. Laghari, M. Ali, and A. A. Khan, “A Review and State of Art of Internet of Things (IoT),” Arch. Comput. Methods Eng., vol. 29, no. 3, pp. 1395–1413, 2022, doi: 10.1007/s11831-021-09622-6.
[7]F. T. Johnsen et al., “Application of IoT in military operations in a smart city,” 2018 Int. Conf. Mil. Commun. Inf. Syst. ICMCIS 2018, no. December, pp. 1–8, 2018, doi: 10.1109/ICMCIS.2018.8398690.
[8]G. Glissa and A. Meddeb, “6LowPSec: An end-to-end security protocol for 6LoWPAN,” Ad Hoc Networks, vol. 82, pp. 100–112, 2019, doi: 10.1016/j.adhoc.2018.01.013.
[9]J. Lu, D. Li, P. Wang, F. Zheng, and M. Wang, “Security-Aware Routing Protocol Based on Artificial Neural Network Algorithm and 6LoWPAN in the Internet of Things,” Wirel. Commun. Mob. Comput., vol. 2022, doi: 10.1155/2022/8374473.
[10]A. Verma and V. Ranga, “Security of RPL Based 6LoWPAN Networks in the Internet of Things: A Review,” IEEE Sens. J., vol. 20, no. 11, pp. 5666–5690, 2020, doi: 10.1109/JSEN.2020.2973677.
[11]S. Alyami, R. Alharbi, and F. Azzedin, “Fragmentation Attacks and Countermeasures on 6LoWPAN Internet of Things Networks: Survey and Simulation,” Sensors, vol. 22, no. 24, p. 9825, Dec. 2022, doi: 10.3390/s22249825.
[12]C. Miranda, G. Kaddoum, A. Boukhtouta, T. Madi, and H. A. Alameddine, “Intrusion Prevention Scheme Against Rank Attacks for Software-Defined Low Power IoT Networks,” IEEE Access, vol. 10, no. December, pp. 129970–129984, 2022, doi: 10.1109/ACCESS.2022.3228170.
[13]A. M. Pasikhani, J. A. Clark, P. Gope, and A. Alshahrani, “Intrusion Detection Systems in RPL-Based 6LoWPAN: A Systematic Literature Review,” IEEE Sens. J., vol. 21, no. 11, pp. 12940–12968, 2021, doi: 10.1109/JSEN.2021.3068240.
[14]T. A. Al-Amiedy, M. Anbar, B. Belaton, A. H. H. Kabla, I. H. Hasbullah, and Z. R. Alashhab, “A Systematic Literature Review on Machine and Deep Learning Approaches for Detecting Attacks in RPL-Based 6LoWPAN of Internet of Things,” Sensors, vol. 22, no. 9, 2022, doi: 10.3390/s22093400.
[15]A. Alsaedi, N. Moustafa, Z. Tari, A. Mahmood, and Adna N Anwar, “TON-IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems,” IEEE Access, vol. 8, pp. 165130–165150, 2020, doi: 10.1109/ACCESS.2020.3022862.
[16]S. M. Tahsien, H. Karimipour, and P. Spachos, “Machine learning based solutions for security of Internet of Things (IoT): A survey,” J. Netw. Comput. Appl., vol. 161, no. March, 2020, doi: 10.1016/j.jnca.2020.102630.
[17]R. Sikarwar, P. Yadav, and A. Dubey, “9 th IEEE International Conference on Communication Systems and Network Technologies A Survey on IOT enabled cloud platforms,” pp. 120–124, 2020, doi: 10.1109/CSNT.2020.23.
[18]L. Minh Dang, M. J. Piran, D. Han, K. Min, and H. Moon, “A survey on internet of things and cloud computing for healthcare,” Electron., vol. 8, no. 7, pp. 1–49, 2019, doi: 10.3390/electronics8070768.
[19]N. M. Abdulkareem, S. R. Zeebaree, M. A. M. Sadeeq, Di. M. Ahmed, A. S. Sami, and R. R. Zebari, “IoT and Cloud Computing Issues, Challenges and Opportunities: A Review,” Qubahan Acad. J., pp. 1–7, 2021, doi: 10.48161/issn.2709-8206.
[20]T. Pflanzner and A. Kertesz, “A Taxonomy and Survey of IoT Cloud Applications,” EAI Endorsed Trans. Internet Things, vol. 3, no. 12, p. 154391, 2018, doi: 10.4108/eai.6-4-2018.154391.
[21]“Edge IIoTset.” https://www.kaggle.com/datasets/mohamedamineferrag/edgeiiotset-cyber-security-dataset-of-iot-iiot (accessed Dec. 17, 2020).
[22]A. K. Bediya and R. Kumar, “Real time DDoS intrusion detection and monitoring framework in 6LoWPAN for internet of things,” 2020 IEEE Int. Conf. Comput. Power Commun. Technol. GUCON 2020, pp. 824–828, 2020, doi: 10.1109/GUCON48875.2020.9231139.
[23]H. B. Patel and D. C. Jinwala, “6MID: Mircochain based intrusion detection for 6LoWPAN based IoT networks,” in Procedia Computer Science, 2021, vol. 184, pp. 929–934. doi: 10.1016/j.procs.2021.04.023.
[24]V. Adat and B. B. Gupta, "A DDoS attack mitigation framework for internet of things," 2017 International Conference on Communication and Signal Processing (ICCSP), Chennai, India, 2017, pp. 2036-2041, doi: 10.1109/ICCSP.2017.8286761.
[25]S. Sicari, A. Rizzardi, D. Miorandi, and A. Coen-Porisini, “REATO: REActing TO Denial of Service attacks in the Internet of Things,” Comput. Networks, vol. 137, no. March, pp. 37–48, 2018, doi: 10.1016/j.comnet.2018.03.020.
[26]H. Djuitcheu, M. Debes, M. Aumuller, and J. Seitz, “Recent review of Distributed Denial of Service Attacks in the Internet of Things,” 5th Conf. Cloud Internet Things, CIoT 2022, no. May, pp. 32–39, 2022, doi: 10.1109/CIoT53061.2022.9766655.
[27]G. Potrino, F. de Rango and A. F. Santamaria, "Modeling and evaluation of a new IoT security system for mitigating DoS attacks to the MQTT broker," 2019 IEEE Wireless Communications and Networking Conference (WCNC), Marrakesh, Morocco, 2019, pp. 1-6, doi: 10.1109/WCNC.2019.8885553.
[28]D. C. J. Himanshu B. Patel, “Trust and Strainer Based Approach for Mitigating Blackhole Attack in 6LoWPAN: A Hybrid Approach,” IAENG Int. J. Comput. Sci., vol. 48, no. 4, 2021.
[29]Kale and Bhosale, “Detection of blackhole attack in distributed wireless sensor networks,” vol. 9, no. 3, pp. 172–175, 2021.
[30]Sahay Rashmi, Geethakumari G., Mitra Barsha, and Thejas V., Exponential Smoothing based Approach for Detection of Blackhole Attacks in IoT. 2018.
[31]A. Ahmed, Firoz and K. Young-Bae, “Mitigation of black hole attacks in Routing Protocol for Low Power and Lossy Networks,” Secur. Commun. Networks, vol. 9, no. 18, pp. 5143–5154, Dec. 2016, doi: 10.1002/sec.1684.
[32]V. Neerugatti and A. R. M. Reddy, “Detection and prevention of black hole attack in RPL protocol based on the threshold value of nodes in the internet of things networks,” Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 9 Special Issue 3, pp. 325–329, 2019, doi: 10.35940/ijitee.I3060.0789S319.
[33]S. Ali, M. A. Khan, J. Ahmad, A. W. Malik, and A. Ur Rehman, “Detection and prevention of Black Hole Attacks in IOT & WSN,” in 2018 3rd International Conference on Fog and Mobile Edge Computing, FMEC 2018, May 2018, pp. 217–226. doi: 10.1109/FMEC.2018.8364068.
[34]A. Nasution, V. Suryani, and A. Wardana, “IoT Object Security towards On-off Attack Using Trustworthiness Management,” 2020.
[35]N. Labraoui, M. Gueroui, and L. Sekhri, “On-Off Attacks Mitigation against Trust Systems in Wireless Sensor Networks To cite this version?: HAL Id?: hal-01789947 On-Off Attacks Mitigation against Trust Systems in Wireless Sensor Networks,” pp. 406–415, 2018.
[36]J. H. Mendoza, C. V. L., & Kleinschmidt, “Mitigating on-off attacks in the internet of things using a distributed trust management scheme,” Int. J. Distrib. Sens. Networks, vol. 2015, 2015, doi: 10.1155/2015/859731.
[37]F. Moradi, A. Sedaghatbaf, S. A. Asadollah, A. ?auševi?, and M. Sirjani, “On-Off Attack on a Blockchain-based IoT System,” IEEE Int. Conf. Emerg. Technol. Fact. Autom. ETFA, vol. 2019-September, pp. 1768–1773, 2019, doi: 10.1109/ETFA.2019.8868238.
[38]F. Moradi, A. Sedaghatbaf, S. Asadollah, and M. Sirjani, “On-Off Attack on a Blockchain-based IoT System,” IEEE Int. Conf. Emerg. Technol. Fact. Autom. ETFA, vol. 2019-Septe, pp. 1768–1773, 2019, doi: 10.1109/ETFA.2019.8868238.
[39]V. Suryani, S. Sulistyo, and Widyawan, “The Detection of On-Off Attacks for the Internet of Things Objects,” Proc. - 2018 Int. Conf. Control. Electron. Renew. Energy Commun. ICCEREC 2018, pp. 1–5, 2018, doi: 10.1109/ICCEREC.2018.8712098.
[40]P. Bedi et al., “Detection of attacks in IoT sensors networks using machine learning algorithm,” Microprocess. Microsyst., vol. 82, Apr. 2021, doi: 10.1016/j.micpro.2020.103814.
[41]M. Hasan, M. Milon Islam, M. Ishrak Islam Zarif, and M. Hashem, “Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches,” 2019, doi: 10.1016/j.iot.2019.10.
[42]A. Churcher et al., “An experimental analysis of attack classification using machine learning in IoT networks,” Sensors (Switzerland), vol. 21, no. 2, pp. 1–32, 2021, doi: 10.3390/s21020446.
[43]I. Alrashdi, A. Alqazzaz, E. Aloufi, R. Alharthi, M. Zohdy, and H. Ming, “AD-IoT: Anomaly detection of IoT cyberattacks in smart city using machine learning,” 2019 IEEE 9th Annu. Comput. Commun. Work. Conf. CCWC 2019, pp. 305–310, 2019, doi: 10.1109/CCWC.2019.8666450.
[44]D. Rani and N. C. Kaushal, “Supervised Machine Learning Based Network Intrusion Detection System for Internet of Things,” 2020 11th Int. Conf. Comput. Commun. Netw. Technol. ICCCNT 2020, 2020, doi: 10.1109/ICCCNT49239.2020.9225340.
[45]A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things,” Futur. Gener. Comput. Syst., vol. 82, pp. 761–768, May 2018, doi: 10.1016/j.future.2017.08.043.
[46]M. Al-Akhras, M. Alawairdhi, A. Alawairdhi, and S. Atawneh, “Using Machine Learning To Build A Classification Model For Iot Networks To Detect Attack Signatures,” Int. J. Comput. Networks Commun., vol. 12, no. 6, pp. 99–116, 2020, doi: 10.5121/ijcnc.2020.12607.
[47]D. R. Thamaraiselvi and S. Anitha Selva Mary, “Attack and Anomaly Detection in IoT Networks using Machine Learning,” Int. J. Comput. Sci. Mob. Comput., vol. 9, no. 10, pp. 95–103, 2020, doi: 10.47760/ijcsmc.2020.v09i10.012.
[48]A. A. Anitha and L. Arockiam, “A Review on Intrusion Detection Systems to Secure IoT Networks,” Int. J. Comput. Networks Appl., vol. 9, no. 1, p. 38, 2022, doi: 10.22247/ijcna/2022/211599.
[49]“Contiki OS.” https://anrg.usc.edu/contiki/index.php/Contiki_tutorials (accessed Jun. 12, 2022).
[50]“Computational Complexity of Machine Learning.” https://www.kaggle.com/general/263127 (accessed Jul. 17, 2022).
[51]“Computational Complexity of ML Models.” https://medium.com/analytics-vidhya/time-complexity-of-ml-models-4ec39fad2770 (accessed Jul. 17, 2022).
[52]“Computational Complexity of ML algorithms.” https://medium.com/analytics-vidhya/computational-complexity-of-ml-algorithms-1bdc88af1c7a (accessed Dec. 17, 2020).
[53]S. Bagui, X. Wang, and S. Bagui, “Machine Learning Based Intrusion Detection for IoT Botnet,” Int. J. Mach. Learn. Comput., vol. 11, no. 6, pp. 399–406, 2021, doi: 10.18178/ijmlc.2021.11.6.1068.
[54]M. Jeyaselvi, R. Kumar, M.S. Sathiskumar, and N.M.F. Qureshi, "A highly secured intrusion detection system for IoT using EXPSO-STFA feature selection for LAANN to detect attacks," Cluster Computing, vol. 25, pp. 1-18, 2023. doi: 10.1007/s10586-022-03303-x.