Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2021 Dec 29;22(1):241.
doi: 10.3390/s22010241.

Attack-Aware IoT Network Traffic Routing Leveraging Ensemble Learning

Qasem Abu Al-Haija  1 Ahmad Al-Badawi  2
Affiliations

Attack-Aware IoT Network Traffic Routing Leveraging Ensemble Learning

Qasem Abu Al-Haija et al. Sensors (Basel). .

Abstract

Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%.

Keywords: Internet of Things; cybersecurity; ensemble learning; intrusion classification; intrusion detection; network layer.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest.

Figures

Figure 1
Figure 1
NIDS typical deployment in computer networks.
Figure 2
Figure 2
Workflow Diagram for attack-aware IoT network traffic routing via ML techniques.
Figure 3
Figure 3
Confusion matrix with other performance evaluation measures.
Figure 4
Figure 4
Timing complexity of both datasets using the six above mentioned ML models.
Figure 5
Figure 5
Confusion matrix for Ensemble Boosted Trees (EBT) classifier.
Figure 6
Figure 6
Matrix of PPV vs. FDR for each individual class using EBT classifier.
Figure 7
Figure 7
Matrix of TPR vs. FNR for each individual class using EBT classifier.
See this image and copyright information in PMC

References

    1. Ashton K. That ‘internet of things’ thing. RFID J. 2009;22:97–114.
    1. Feng X., Yang L.T., Wang L., Vinel A. Internet of things. Int. J. Commun. Syst. 2012;25:1101.
    1. Yuehong Y.I.N., Zeng Y., Chen X., Fan Y. The internet of things in healthcare: An overview. J. Ind. Inf. Integr. 2016;1:3–13.
    1. Wattana V., Xu L.D., Bi Z., Pungpapong V. Blockchain and internet of things for modern business process in digital economy—the state of the art. IEEE Trans. Comput. Soc. Syst. 2019;6:1420–1432.
    1. John P., Shpantzer G. Securing the Internet of Things Survey. SANS Institute; Rockville, MD, USA: 2014. pp. 1–22.

MeSH terms

LinkOut - more resources