Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2020 Jan 14;20(2):461.
doi: 10.3390/s20020461.

A Machine Learning Based Intrusion Detection System for Mobile Internet of Things

Amar Amouri  1 Vishwa T Alaparthy  2 Salvatore D Morgera  1
Affiliations

A Machine Learning Based Intrusion Detection System for Mobile Internet of Things

Amar Amouri et al. Sensors (Basel). .

Abstract

Intrusion detection systems plays a pivotal role in detecting malicious activities that denigrate the performance of the network. Mobile adhoc networks (MANETs) and wireless sensor networks (WSNs) are a form of wireless network that can transfer data without any need of infrastructure for their operation. A more novel paradigm of networking, namely Internet of Things (IoT) has emerged recently which can be considered as a superset to the afore mentioned paradigms. Their distributed nature and the limited resources available, present a considerable challenge for providing security to these networks. The need for an intrusion detection system (IDS) that can acclimate with such challenges is of extreme significance. Previously, we proposed a cross layer-based IDS with two layers of detection. It uses a heuristic approach which is based on the variability of the correctly classified instances (CCIs), which we refer to as the accumulated measure of fluctuation (AMoF). The current, proposed IDS is composed of two stages; stage one collects data through dedicated sniffers (DSs) and generates the CCI which is sent in a periodic fashion to the super node (SN), and in stage two the SN performs the linear regression process for the collected CCIs from different DSs in order to differentiate the benign from the malicious nodes. In this work, the detection characterization is presented for different extreme scenarios in the network, pertaining to the power level and node velocity for two different mobility models: Random way point (RWP), and Gauss Markov (GM). Malicious activity used in the work are the blackhole and the distributed denial of service (DDoS) attacks. Detection rates are in excess of 98% for high power/node velocity scenarios while they drop to around 90% for low power/node velocity scenarios.

Keywords: AMoF; IoT; WSN; intrusion detection systems; linear regression; random forest.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

Figure 1
Figure 1
A two stage cross layer IDS.
Figure 2
Figure 2
The most frequent features counted over all reporting times for the blackhole and flooding for both NS15P7 and NS1P3 scenarios: (a) Most frequent features in the blackhole case; (b) most frequent features in the flooding case.
Figure 3
Figure 3
The AMoF and the fitted slope for different nodes for scenario NS15P7: (a) The AMoF for different NUT; (b) the fitted slope for NS15P7_FL_RWP 25/5.
Figure 4
Figure 4
The AMoF and the fitted slope for different nodes for scenario NS15P7: (a) The AMoF for different NUT; (b) the fitted slope for NS15P7_BH_RWP 25/5.
Figure 5
Figure 5
The AMoF and the fitted slope for different nodes for scenario NS15P7: (a) The AMoF for different NUT; (b) the fitted slope for NS15P7_FL_GM 25/5.
Figure 6
Figure 6
The AMoF and the fitted slope for different nodes for scenario NS15P7: (a) The AMoF for different NUT; (b) the fitted slope for NS15P7_BH_GM 25/5.
Figure 7
Figure 7
The AMoF and the fitted slope for different nodes for scenario NS1P3: (a) The AMoF for different NUT; (b) the fitted slope for NS1P3_FL_RWP 25/5.
Figure 8
Figure 8
The AMoF and the fitted slope for different nodes for scenario NS1P3: (a) The AMoF for different NUT; (b) the fitted slope for NS1P3_BH_RWP 25/5.
Figure 9
Figure 9
The AMoF and the fitted slope for different nodes for scenario NS1P3: (a) The AMoF for different NUT; (b) the fitted slope for NS1P3_FL_GM 25/5.
Figure 10
Figure 10
The AMoF and the fitted slope for different nodes for scenario NS1P3: (a) The AMoF for different NUT; (b) the fitted slope for NS1P3_BH_GM 25/5.
See this image and copyright information in PMC

References

    1. Mishra A., Sudan K., Soliman H. Detecting Border Intrusion Using Wireless Sensor Network and Artificial Neural Network; Proceedings of the 6th IEEE international conference on distributed computing in sensor systems workshops (DCOSSW); Santa Barbara, CA, USA. 21–23 June 2010; pp. 1–6.
    1. Diro A.A., Chilamkurti N. Distributed Attack Detection Scheme Using Deep Learning Approach for Internet of Things. Future Gener. Comput. Syst. 2018;82:761–768. doi: 10.1016/j.future.2017.08.043. - DOI
    1. Kaplantzis S., Shilton A., Nallasamy M., Sekercioglu Y. Detecting Selective Forwarding Attacks in Wireless Sensor Networks Using Support Vector Machines; Proceedings of the 3rd IEEE International Conference on Intelligent Sensors, Sensor Networks and Information; Melbourne, Australia. 3–6 December 2007; pp. 335–340.
    1. Amouri A., Jaimes L.G., Manthena R., Morgera S.D., Vergara-Laurens I.J. A simple scheme for pseudo clustering algorithm for cross layer intrusion detection in MANET; Proceedings of the 7th IEEE Latin-American Conference on Communications (LATINCOM); Arequipa, Peru. 4–6 November 2015; pp. 1–6.
    1. Sutharshan R., Leckie C., Palaniswami M., Bezdek J.C. Anomaly Detection in Wireless Sensor Networks. IEEE Wirel. Commun. 2008;15:34–40.

LinkOut - more resources