Intrusion detection systems (Computer security)

Maintaining security in IoT systems depends on intrusion detection since these networks' sensitivity to cyber-attacks is growing. Based on the IoT23 dataset, this study explores the use of several Machine Learning (ML) and Deep Learning (DL) along with the hybrid models for binary and multi-class intrusion detection. The standalone machine and deep learning models like Random Forest (RF), Extreme Gradient Boosting (XGBoost), Artificial Neural Network (ANN), K-Nearest Neighbors (KNN), Support Vector Machine (SVM), and Convolutional Neural Network (CNN) were used. Furthermore, two hybrid models were created by combining machine learning techniques: RF, XGBoost, AdaBoost, KNN, and SVM and these hybrid models were voting based hybrid classifier. Where one is for binary, and the other one is for multi-class classification. These models were tested using precision, recall, accuracy, and F1-score criteria and compared the performance of each model. This work thoroughly explains how hybrid, standalone ML and DL techniques could improve IDS (Intrusion Detection System) in terms of accuracy and scalability in IoT (Internet of Things).

The Internet of Things (IoT) has undergone remarkable expansion in recent years, leading to a proliferation of devices capable of connecting to the internet, collecting data, and sharing information. However, this rapid growth has also introduced a myriad of security challenges, resulting in an uptick in cyber-attacks targeting IoT infrastructures. To mitigate these threats and ensure the integrity of data, researchers have been actively engaged in the development of robust Intrusion Detection Systems (IDS) utilizing various machine learning (ML) techniques. This dissertation presents a comprehensive overview of three distinct approaches toward IoT intrusion detection, each leveraging ML methodologies to enhance security measures. The first approach focuses on a multi-class classification algorithm, integrating models such as random forest, logistic regression (LR), decision tree (DT), and Xgboost. Through meticulous evaluation utilizing evaluation metrics including F1 score, recall, and precision under the Receiver Operating Characteristics (ROC) curve, this approach demonstrates a remarkable 99 % accuracy in detecting IoT attacks. In the second approach, a deep ensemble model comprising Multilayer Perceptron (MLP), Convolutional Neural Network (CNN), and Long Short-Term Memory (LSTM) architectures is proposed for intrusion detection in IoT environments. Evaluation on the UNSW 2018 IoT Botnet dataset showcases the proficiency of this approach, achieving an accuracy of 98.4 % in identifying malicious activities. Lastly, the dissertation explores a real-time Intrusion Detection System (IDS) framework deployed within the Pyspark architecture, aimed at efficiently detecting IoT attacks while minimizing detection time.

Connectivity and automation have expanded with the development of autonomous vehicle technology. One of several automotive serial protocols that can be used in a wide range of vehicles is the controller area network (CAN). The growing functionality and connectivity of modern vehicles make them more vulnerable to cyberattacks aimed at vehicular networks. The CAN bus protocol is vulnerable to numerous attacks as it lacks security mechanisms by design. It is crucial to design intrusion detection systems (IDS) with high accuracy to detect attacks on the CAN bus. In this dissertation, to address all these concerns, we design an effective machine learning-based IDS scheme for binary classification that utilizes eight supervised ML algorithms, along with ensemble classifiers, to detect normal and abnormal activities in the CAN bus. Moreover, we design an effective ensemble learning-based IDS scheme for detecting and classifying DoS, fuzzing, replay, and spoofing attacks. These are common CAN bus attacks that can threaten the safety of a vehicle’s driver, passengers, and pedestrians. For this purpose, we utilize supervised machine learning in combination with ensemble methods. Ensemble learning aims to achieve better classification results through the use of different classifiers that are combined into a single classifier. Furthermore, in the pursuit of real-time attack detection and classification, we use the Kappa architecture for efficient data processing, enhancing the IDS’s accuracy and effectiveness. We build this system using the most recent CAN intrusion dataset provided by the IEEE DataPort. We carried out the performance evaluation of the proposed system in terms of accuracy, precision, recall, F1-score, and area under curve receiver operator characteristic (ROC-AUC). For the binary classification, the ensemble classifiers outperformed the individual supervised ML classifiers and improved the effectiveness of the classifier. For detecting and classifying CAN bus attacks, the ensemble learning methods resulted in a robust and accurate multiclassification IDS for common CAN bus attacks. The stacking ensemble method outperformed other recently proposed methods, achieving the highest performance. For the real-time attack detection and classification, the ensemble methods significantly enhance the accuracy the real-time CAN bus attack detection and classification. By combining the strengths of multiple models, the stacking ensemble technique outperformed individual supervised models and other ensembles.

The Internet of Things (IoT) refers to a network of interconnected nodes constantly engaged in communication, data exchange, and the utilization of various network protocols. Previous research has demonstrated that IoT devices are highly susceptible to cyber-attacks, posing a significant threat to data security. This vulnerability is primarily attributed to their susceptibility to exploitation and their resource constraints. To counter these threats, Intrusion Detection Systems (IDS) are employed. This study aims to contribute to the field by enhancing IDS detection efficiency through the integration of Ensemble Learning (EL) methods with traditional Machine Learning (ML) and deep learning (DL) models. To bolster IDS performance, we initially utilize a binary ML classification approach to classify IoT network traffic as either normal or abnormal, employing EL methods such as Stacking and Voting. Once this binary ML model exhibits high detection rates, we extend our approach by incorporating a ML multi-class framework to classify attack types. This further enhances IDS performance by implementing the same Ensemble Learning methods. Additionally, for further enhancement and evaluation of the intrusion detection system, we employ DL methods, leveraging deep learning techniques, ensemble feature selections, and ensemble methods. Our DL approach is designed to classify IoT network traffic. This comprehensive approach encompasses various supervised ML, and DL algorithms with ensemble methods. The proposed models are trained on TON-IoT network traffic datasets. The ensemble approaches are evaluated using a comprehensive metrics and compared for their effectiveness in addressing this classification tasks. The ensemble classifiers achieved higher accuracy rates compared to individual models, a result attributed to the diversity of learning mechanisms and strengths harnessed through ensemble learning. By combining these strategies, we successfully improved prediction accuracy while minimizing classification errors. The outcomes of these methodologies underscore their potential to significantly enhance the effectiveness of the Intrusion Detection System.

Cyber attack is a strong threat to the digital world. So, it’s very essential to keep the network safe. Network Intrusion Detection system is the system to address this problem. Network Intrusion Detection system functions like a firewall, and monitors incoming and outgoing traffic like ingress and egress filtering fire wall. Network Intrusion Detection System does anomaly and hybrid detection for detecting known and unknown attacks. My thesis discusses about the several network cyber attacks we face nowadays and I created several Deep learning models to detect accurately, I used NSL-KDD dataset which is a popular dataset, that contains several network attacks. After experimenting with different deep learning models I found some disparities in the training accuracy and validation accuracy, which is a clear indication of overfitting. To reduce the overfitting I introduced regularization and dropout in the models and experimented with different hyperparameters.

The proliferation of Internet of Things (IoT) devices in various networks is being matched by an increase in related cybersecurity risks. To help counter these risks, big datasets such as Bot-IoT were designed to train machine learning algorithms on network-based intrusion detection for IoT devices. From a binary classification perspective, there is a high-class imbalance in Bot-IoT between each of the attack categories and the normal category, and also between the combined attack categories and the normal category. Within the scope of predicting botnet attacks in IoT networks, this dissertation demonstrates the usefulness and efficiency of novel machine learning methods, such as an easy-to-classify method and a unique set of ensemble feature selection techniques. The focus of this work is on the full Bot-IoT dataset, as well as each of the four attack categories of Bot-IoT, namely, Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Reconnaissance, and Information Theft. Since resources and services become inaccessible during DoS and DDoS attacks, this interruption is costly to an organization in terms of both time and money. Reconnaissance attacks often signify the first stage of a cyberattack and preventing them from occurring usually means the end of the intended cyberattack. Information Theft attacks not only erode consumer confidence but may also compromise intellectual property and national security. For the DoS experiment, the ensemble feature selection approach led to the best performance, while for the DDoS experiment, the full set of Bot-IoT features resulted in the best performance. Regarding the Reconnaissance experiment, the ensemble feature selection approach effected the best performance. In relation to the Information Theft experiment, the ensemble feature selection techniques did not affect performance, positively or negatively. However, the ensemble feature selection approach is recommended for this experiment because feature reduction eases computational burden and may provide clarity through improved data visualization. For the full Bot-IoT big dataset, an explainable machine learning approach was taken using the Decision Tree classifier. An easy-to-learn Decision Tree model for predicting attacks was obtained with only three features, which is a significant result for big data.

The integrity of network communications is constantly being challenged by more sophisticated intrusion techniques. Attackers are shifting to stealthier and more complex forms of attacks in an attempt to bypass known mitigation strategies. Also, many detection methods for popular network attacks have been developed using outdated or non-representative attack data. To effectively develop modern detection methodologies, there exists a need to acquire data that can fully encompass the behaviors of persistent and emerging threats. When collecting modern day network traffic for intrusion detection, substantial amounts of traffic can be collected, much of which consists of relatively few attack instances as compared to normal traffic. This skewed distribution between normal and attack data can lead to high levels of class imbalance. Machine learning techniques can be used to aid in attack detection, but large levels of imbalance between normal (majority) and attack (minority) instances can lead to inaccurate detection results.