Machine Learning Based Intrusion Detection System for IoT Networks

Abstract

The Internet of Things (IoT) is poised to impact several aspects of our lives with its fast proliferation in many areas such as wearable devices, smart sensors, smart cities, autonomous vehicles, and home appliances. IoT devices are characterized by their connectivity, pervasiveness, and limited processing capability. The number of IoT devices in the world is increasing rapidly. This explosion of IoT devices, which can be easily increased compared to desktop computers, has led to a spike in IoT-based cyber-attack incidents. Examples of such attacks are Mirai and BASHLITE malware launched from compromised surveillance devices, which are common in smart cities, resulting in paralysis of Internet-based services through distributed denial of service (DDoS) attacks. Such DDoS attacks on IoT devices and their networks further threaten the emerging concept of sustainable smart cities. To alleviate this challenge, there is a requirement to develop new techniques for detecting attacks initiated from compromised IoT devices. Machine Learning (ML) and deep learning(DL) techniques are in this context the most appropriate detective control approach against attacks generated from IoT devices. The aim of this research work is to evaluate various feature engineering, ML, DL, and statistical learning-based techniques to effectively design a scheme for detecting anomalous events in IoT networks. In particular, we propose two models for design of an anomalybased intrusion detection systems. One is based on DL technique, that is, Long short-term memory (LSTM)-Autoencoder and the other utilizes statistical learning-based model called Beta Mixture Model (BMM)- Correlation Entropy (Correntropy) model. We also leverage strengths of Software Defined Networks(SDN) be proposing ML techniques based IDS which is designed to work on SDN Controller and compare the results of the selected ML techniques. The aim of proposed methodology is to capture the underlying parameters of the stochastic complexity of network flow data and use those parameters to capture normal behaviour of the network traffic. Any deviation detected from this normal behaviour is flagged as an anomaly. We test our proposed schemes on multiple benchmarked IoT botnet datasets. The evaluations results demonstrate that our proposed schemes produce better or competitive results in comparison to other similar intrusion detection systems.