A distributed ensemble design based intrusion detection system using fog computing to protect the internet of things networks

被引:88
作者
Kumar, Prabhat [1 ]
Gupta, Govind P. [1 ]
Tripathi, Rakesh [1 ]
机构
[1] Natl Inst Technol, Dept Informat Technol, Raipur 492010, CG, India
关键词
Intrusion detection system; Anomaly detection; Ensemble learning; Fog computing; Internet of things (IoT); Feature selection; SECURITY;
D O I
10.1007/s12652-020-02696-3
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
With the development of internet of things (IoT), capabilities of computing, networking infrastructure, storage of data and management have come very close to the edge of networks. This has accelerated the necessity of Fog computing paradigm. Due to availability of Internet, most of our business operations are integrated with IoT platform. Fog computing has enhanced the strategy of collecting and processing, huge amount of data. On the other hand, attacks and malicious activities has adverse consequences on the development of IoT, Fog, and cloud computing. This has led to development of many security models using fog computing to protect IoT network. Therefore, for dynamic and highly scalable IoT environment, a distributed architecture based intrusion detection system (IDS) is required that can distribute the existing centralized computing to local fog nodes and can efficiently detect modern IoT attacks. This paper proposes a novel distributed ensemble design based IDS using Fog computing, which combines k-nearest neighbors, XGBoost, and Gaussian naive Bayes as first-level individual learners. At second-level, the prediction results obtained from first level is used by Random Forest for final classification. Most of the existing proposals are tested using KDD99 or NSL-KDD dataset. However, these datasets are obsolete and lack modern IoT-based attacks. In this paper, UNSW-NB15 and actual IoT-based dataset namely, DS2OS are used for verifying the effectiveness of the proposed system. The experimental result revealed that the proposed distributed IDS with UNSW-NB15 can achieve higher detection rate upto 71.18% for Backdoor, 68.98% for Analysis, 92.25% for Reconnaissance and 85.42% for DoS attacks. Similarly, with DS2OS dataset, detection rate is upto 99.99% for most of the attack vectors.
引用
收藏
页码:9555 / 9572
页数:18
相关论文
共 45 条
  • [1] Alazab Mamoun, 2014, Journal of Networks, V9, P2878, DOI 10.4304/jnw.9.11.2878-2891
  • [2] Deep recurrent neural network for IoT intrusion detection system
    Almiani, Muder
    AbuGhazleh, Alia
    Al-Rahayfeh, Amer
    Atiewi, Saleh
    Razaque, Abdul
    [J]. SIMULATION MODELLING PRACTICE AND THEORY, 2020, 101
  • [3] Fog Computing for the Internet of Things: Security and Privacy Issues
    Alrawais, Arwa
    Alhothaily, Abdulrahman
    Hu, Chunqiang
    Cheng, Xiuzhen
    [J]. IEEE INTERNET COMPUTING, 2017, 21 (02) : 34 - 42
  • [4] [Anonymous], 2015, CISCO VISUAL NETWORK
  • [5] Using machine learning techniques to identify rare cyber-attacks on the UNSW-NB15 dataset
    Bagui, Sikha
    Kalaimannan, Ezhil
    Bagui, Subhash
    Nandi, Debarghya
    Pinto, Anthony
    [J]. SECURITY AND PRIVACY, 2019, 2 (06)
  • [6] Correntropy-Based Evolving Fuzzy Neural System
    Bao, Rong-Jing
    Rong, Hai-Jun
    Angelov, Plamen P.
    Chen, Badong
    Wong, Pak Kin
    [J]. IEEE TRANSACTIONS ON FUZZY SYSTEMS, 2018, 26 (03) : 1324 - 1338
  • [7] Performance Evaluation of Supervised Machine Learning Algorithms for Intrusion Detection
    Belavagi, Manjula C.
    Muniyal, Balachandra
    [J]. TWELFTH INTERNATIONAL CONFERENCE ON COMMUNICATION NETWORKS, ICCN 2016 / TWELFTH INTERNATIONAL CONFERENCE ON DATA MINING AND WAREHOUSING, ICDMW 2016 / TWELFTH INTERNATIONAL CONFERENCE ON IMAGE AND SIGNAL PROCESSING, ICISP 2016, 2016, 89 : 117 - 123
  • [8] A Novel PCA-Firefly Based XGBoost Classification Model for Intrusion Detection in Networks Using GPU
    Bhattacharya, Sweta
    Krishnan, Siva Rama S.
    Maddikunta, Praveen Kumar Reddy
    Kaluri, Rajesh
    Singh, Saurabh
    Gadekallu, Thippa Reddy
    Alazab, Mamoun
    Tariq, Usman
    [J]. ELECTRONICS, 2020, 9 (02)
  • [9] Network Intrusion Detection for IoT Security Based on Learning Techniques
    Chaabouni, Nadia
    Mosbah, Mohamed
    Zemmari, Akka
    Sauvignac, Cyrille
    Faruki, Parvez
    [J]. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2019, 21 (03): : 2671 - 2701
  • [10] XGBoost: A Scalable Tree Boosting System
    Chen, Tianqi
    Guestrin, Carlos
    [J]. KDD'16: PROCEEDINGS OF THE 22ND ACM SIGKDD INTERNATIONAL CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING, 2016, : 785 - 794