AU2021106250A4 - An iot based intrusion detection system - Google Patents
An iot based intrusion detection system Download PDFInfo
- Publication number
- AU2021106250A4 AU2021106250A4 AU2021106250A AU2021106250A AU2021106250A4 AU 2021106250 A4 AU2021106250 A4 AU 2021106250A4 AU 2021106250 A AU2021106250 A AU 2021106250A AU 2021106250 A AU2021106250 A AU 2021106250A AU 2021106250 A4 AU2021106250 A4 AU 2021106250A4
- Authority
- AU
- Australia
- Prior art keywords
- data
- module
- dataset
- intrusion detection
- classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 claims abstract description 63
- 238000007781 pre-processing Methods 0.000 claims abstract description 20
- 230000010152 pollination Effects 0.000 claims abstract description 18
- 238000000605 extraction Methods 0.000 claims abstract description 14
- 239000013598 vector Substances 0.000 claims abstract description 12
- 230000002547 anomalous effect Effects 0.000 claims description 2
- 238000013135 deep learning Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 claims description 2
- 230000008901 benefit Effects 0.000 description 12
- 238000013528 artificial neural network Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 3
- 238000010187 selection method Methods 0.000 description 3
- 230000010136 biotic pollination Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- HPTJABJPZMULFH-UHFFFAOYSA-N 12-[(Cyclohexylcarbamoyl)amino]dodecanoic acid Chemical compound OC(=O)CCCCCCCCCCCNC(=O)NC1CCCCC1 HPTJABJPZMULFH-UHFFFAOYSA-N 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010154 cross-pollination Effects 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010006 flight Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007477 logistic regression Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
- 238000004579 scanning voltage microscopy Methods 0.000 description 1
- 230000010153 self-pollination Effects 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Breeding Of Plants And Reproduction By Means Of Culturing (AREA)
Abstract
An intrusion detection system (100) for IOT devices, comprises of:an
input module (102) for acquiring a plurality of data from plurality of
the IOT devices connected in a network to form a dataset, wherein the
dataset is created using smart space orchestration module to create
synthetic data from the plurality of data acquired; a pre-processing
module (104) connected to the input module (102) for eliminating
missing data from the dataset and obtaining a continuous value,
wherein the plurality of data is converted into feature vector upon pre
processing the dataset; a feature extraction module (106) connected
to the pre-processing module (104) for extracting and analyzing one
or more features related to intrusion detection using a flower
pollination algorithm; and a classification module (108) connected to
the feature extraction module (106) for classifying the one or more
features extracted to identify type of intrusion using a classification
technique.
14
Accuracy
100
995
98.5
97.5
Methods
FIGURE 3a
Precision
99A
99.2
99
98.8
98A
~9tA
98.2
98
97.9
97A
Methods
FIGURE 3b
Description
Accuracy 100
995
98.5
97.5
Methods
FIGURE 3a
Precision 99A 99.2 99 98.8 98A ~9tA 98.2 98 97.9
97A
Methods
FIGURE 3b
The present invention generally relates to internet of things. More particularly, the present invention relates to a system and a method for detecting attacks in IOT networks.
Internet of Things (IoT) is an emerging technology that involves in monitoring the environment and the IoT networks and are most vulnerable to attacks due to various number of devices connected in the network. The Intrusion detection technique has been applied to analyze the anomaly in the network.
Machine learning techniques has been applied in the Intrusion detection system (IDS) and observed the higher performance in identifying the intrusion and malware. The existing method involves in IDS tends to be ineffective due to drawbacks of big data, centralization and low privacy.
The existing method has the drawback of the lower performance in the detection of the intrusion on IoT and is also inefficient in handling the streaming data of IoT system. Most of the method in the IDS has low efficiency in the intrusion detection. The Existing models have the limitation of inefficiency in the intrusion detection due to the overfit in the models.
To overcome the limitation of the existing method, the FPA method is proposed to increase the performance of the Intrusion detection in IoT. The FPA method has the advantages of the long-distance pollination and the flower consistency that effectively analyze the feature. The classifiers such as Logistic regression, SVM, ANN, decision tree and RF are used to analyze the performance of the proposed FPA method in IoT intrusion detection.
The technical advancements disclosed by the present invention overcomes the limitations and disadvantages of existing and convention systems and methods.
The present invention generally relates to a system and a method for intrusion detection in IOT.
An object of the present invention is to provide a system that increases the performance of the Intrusion detection in IoT.
Another object of the present invention is to provide a flower pollution algorithm having the long-distance pollination that effectively analyze the feature.
Another object of the present invention is to provide a system that provides a dataset with reduced missing values.
Another object of the present invention is to provide a system that selects the relevant features to improve the efficiency of the classification.
According to an aspect of the present invention, an intrusion detection system for IOT devices, wherein the system comprises of: an input module for acquiring a plurality of data from plurality of the IOT devices connected in a network to form a dataset, wherein the dataset is created using smart space orchestration module to create synthetic data from the plurality of data acquired; a pre-processing module is connected to the input module for eliminating missing data from the dataset and obtaining a continuous value, wherein the plurality of data is converted into feature vector upon pre-processing the dataset; a feature extraction module is connected to the pre-processing module for extracting and analyzing one or more features related to intrusion detection using a flower pollination algorithm; and a classification module is connected to the feature extraction module for classifying the one or more features extracted to identify type of intrusion using a classification technique.
According to an aspect of the present invention, the different steps involved in the method for intrusion detection in IOT devices, the step comprises of: acquiring using an input module, a plurality of data from plurality of the IOT devices to form a dataset; pre-processing the dataset, using a pre-processing module for eliminating missing data from the dataset and obtaining a continuous value, wherein converting the plurality of data into feature vector having a set of categorical data and a set of numerical data; extracting and analyzing one or more features using a feature extraction module for intrusion detection using a flower pollination algorithm, and classifying the one or more features extracted using a classification module to identify type of intrusion using a classification technique.
To further clarify advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.
These and other features, aspects, and advantages of the present invention will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:
Figure 1 illustrates a block diagram of the components involved in the intrusion detection system,
Figure 2illustrates a flowchart of the different steps involved in the method for intrusion detection in IOT devices, and
Figure 3a and 3billustrate a graphical representation of the accuracy and precision of the FPA-ANN module used in the system.
Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have been necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present invention. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.
For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the drawings and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.
It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof.
Reference throughout this specification to "an aspect", "another aspect" or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process or method. Similarly, one or more devices or sub-systems or elements or structures or components proceeded by "comprises...a" does not, without more constraints, preclude the existence of other devices or other sub-systems or other elements or other structures or other components or additional devices or additional sub-systems or additional elements or additional structures or additional components.
The term "Least recently used algorithm (LRU)" algorithm mainly makes use of the property of algorithms, that is locality of reference which means that data or code requested recently will be requested again and again. In other words, it replaces the least recently used page inside the cache memory.
The term "Least frequently used algorithm (LFU)" algorithm considers the frequency count of page, that is number of times page gets accessed. It assumes that the more the page's frequency, the more it gets accessed again. In other words, it replaces least frequently used page inside the cache memory if no space is there for newly requested page.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The system, methods, and examples provided herein are illustrative only and not intended to be limiting.
Embodiments of the present invention will be described below in detail with reference to the accompanying drawings.
Figure 1 illustrates a block diagram of the components involved in the intrusion detection system, wherein the system comprises of: an input module (102), a pre-processing module (104), a feature extraction module (106), and a classification module (108).
The input module (102) for acquiring a plurality of data from plurality of the IOT devices connected in a network to form a dataset, wherein the dataset is created using smart space orchestration module to create synthetic data from the plurality of data acquired.
The IoT environment is created based on Distributed Smart Space Orchestration System (DS20S) to create synthetic data. The architecture is a collection of micro-services that communicate based on the Message Queuing Telemetry Transport (MQTT) protocol.
According to an embodiment, the dataset consists of 357,952 sample sand 13 features with normal data of 347,935 and anomalous data of ,017 that contains eight classes, which is used for classification. Features "Accessed Node Type" and "Value" contain the missing data of 148 and 2050, respectively. According to an alternate embodiment, the values may vary.
The pre-processing module (104) is connected to the input module (102) for eliminating missing data from the dataset and obtaining a continuous value, wherein the plurality of data is converted into feature vector upon pre-processing the dataset.
The "Accessed Node Type" column and "Value" column in DS20S dataset contain missing data that rise the anomaly in data transferring. "Accessed Node Type" feature has categorical value and the "Value" feature has continuous values. Apart from this, the timestamp column is eliminated from the dataset as this has a minimum correlation in the dataset's predicator variable normality.
The categorical data in the dataset are classified as ordinary and nominal values, and the numerical dataset is classified into Discrete and Continuous values. The next process involves to categorize the data into vectors and there are many ways to convert the values into vectors. The Label encoding techniques are used to convert the data into a feature vector. Most of the dataset features contain nominal categorical value and many unique values. The label encoding technique is applied in the dataset to convert values into a vector.
The feature extraction module (106) is connected to the pre processing module (104) for extracting and analyzing one or more features related to intrusion detection using a flower pollination algorithm (FPA).
The FPA method is the recent optimization technique and it has been used in the global optimization process. The FPA technique used in this research for feature selection in the IDS in IoT system. The FPA method is to idealize the flower pollination process with flower constancy and pollinator behavior. The four major rules involve in the FPA is given as follows:
1. In the global pollination process, the biotic and cross-pollination is considered and performed based on the Levy flights technique.
2. In local pollination process, a biotic and self-pollination is performed.
3. Flower constancy is considered as the reproduction probability that is proportional to the two similar flowers involved.
4. A switch probability p E [0,1] is applied to control the global and local pollination. The physical proximity and other factors such as wind local pollination have the influence on the fraction p in the overall pollination activities.
The classification module (108) is connected to the feature extraction module for classifying the one or more features extracted to identify type of intrusion using a classification technique.
The classification technique is Artificial Neural Network (ANN) which is the machine learning technique that is the basic for various deep learning algorithms. The raw data are used to train the ANN and this method has a greater number of turning parameter that makes the complex structure. This method requires more computation time to optimize the error than other techniques. For this purpose, the Neural Network algorithm are trained in the Graphics Processing Unit (GPU) using CUDA programming.
Each node of ANN is trained with the feature set X = X1,X2,X3,...Xn. The features are multiplied using some random weights, W = W1,W2,W3, ... , Wn and added with bias values, b = blb2,...bn. The values are provided as input to the non-linear activation function.
Figure 2illustrates a flowchart of the different steps involved in the method for intrusion detection in IOT devices, the step comprises of:
Step (202) discloses about acquiring using an input module (102), a plurality of data from plurality of the IOT devices to form a dataset.
Step (204) discloses about pre-processing the dataset, using a pre processing module (104) for eliminating missing data from the dataset and obtaining a continuous value, wherein converting the plurality of data into feature vector having a set of categorical data and a set of numerical data.
Step (206) discloses about extracting and analyzing one or more features using a feature extraction module (106) for intrusion detection using a flower pollination algorithm.
Step (208) discloses about classifying the one or more features extracted using a classification module (108) to identify type of intrusion using a classification technique.
Figure 3a and 3billustrate a graphical representation of the accuracy and precision of the FPA-ANN module used in the system.
The proposed FPA method has the higher accuracy of 99.5
% compared to the standard ANN and has the accuracy of 99.4 %. The FPA method has the advantages of the long-distance pollination and flower consistency, which increase the performance of the feature analysis. The long-distance pollination helps to analyze more feature and flower consistency helps to select more relevant features.
Figure 3a discloses about the accuracy of the various methods with FPA feature selection in the IoT intrusion detection. The classifier with FPA feature selection method is achieved accuracy compared to the existing classifiers. The proposed FPA-ANN method selects the relevant features for the classification that improves the efficiency of the classification and existing ANN method selects the features from the dataset without analysis. The FPA method has the advantage of better convergence that improve the efficiency of the intrusion detection model. The FPA with RF classifier has the accuracy of 99.5 %, while the existing RF method has the accuracy of 99.4 % in the IoT intrusion detection. The FPA method with the DT and ANN achieved high accuracy.
Figure 3b discloses about the precision value for the various method in the IoT intrusion detection is measured. The high precision value is achieved using the FPA in the feature selection method. The FPA method has better convergence that provides the relevant features for the classifier to improve the efficiency of the method. The FPA feature selection method increases the precision value in the IoT intrusion detection system. The FPA-ANN has the precision value of 99.1 % and the standard method as the precision value of 99 %.
The drawings and the forgoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, orders of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples. Numerous variations, whether explicitly given in the specification or not, such as differences in structure, dimension, and use of material, are possible. The scope of embodiments is at least as broad as given by the following claims.
Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any component(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential feature or component of any or all the claims.
Claims (7)
1. An intrusion detection system (100) for IOT devices, wherein the system (100) comprises of:
an input module(102) for acquiring a plurality of data from plurality of the IOT devices connected in a network to form a dataset, wherein the dataset is created using smart space orchestration module to create synthetic data from the plurality of data acquired;
a pre-processing module (104) connected to the input module (102)for eliminating missing data from the dataset and obtaining a continuous value, wherein the plurality of data is converted into feature vector upon pre-processing the dataset;
a feature extraction module (106) connected to the pre-processing module (104)for extracting and analyzing one or more features related to intrusion detection using a flower pollination algorithm; and
a classification module (108)connected to the feature extraction module (106) for classifying the one or more features extracted to identify type of intrusion using a classification technique.
2.The system as claimed in claim 1, wherein the dataset includes a plurality of normal data and anomalous data with a plurality of classes that are classified using the classification module (108).
3. The system as claimed in claim 1, wherein a timestamp column is eliminated from the dataset by the pre-processing module (104).
4. The system as claimed in claim 1, wherein an encoding technique converts the plurality of data into the feature vector.
5. The system as claimed in claim 1, wherein the flower pollination algorithm optimizes training data of the feature extraction module (106) for accurate feature extraction.
6. The system as claimed in claim 1, wherein the classification technique is a deep learning algorithm that is trained in graphics processing module (GPU) using a programming technique such as Compute unified device architecture (CUDA) programming, wherein each of the plurality of feature is multiplied with a random weight and added with bias values.
7. An intrusion detection method for IOT devices, wherein the method comprises of:
acquiring using an input module (102), a plurality of data from plurality of the IOT devices to form a dataset;
pre-processing the dataset, using a pre-processing module (104) for eliminating missing data from the dataset and obtaining a continuous value, wherein converting the plurality of data into feature vector having a set of categorical data and a set of numerical data;
extracting and analyzing one or more features using a feature extraction module (106) for intrusion detection using a flower pollination algorithm; and
classifying the one or more features extracted using a classification module (108) to identify type of intrusion using a classification technique.
FIGURE 1
FIGURE 2
FIGURE 3a
FIGURE 3b
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2021106250A AU2021106250A4 (en) | 2021-08-20 | 2021-08-20 | An iot based intrusion detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2021106250A AU2021106250A4 (en) | 2021-08-20 | 2021-08-20 | An iot based intrusion detection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2021106250A4 true AU2021106250A4 (en) | 2021-12-02 |
Family
ID=78716481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2021106250A Ceased AU2021106250A4 (en) | 2021-08-20 | 2021-08-20 | An iot based intrusion detection system |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2021106250A4 (en) |
-
2021
- 2021-08-20 AU AU2021106250A patent/AU2021106250A4/en not_active Ceased
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109471938B (en) | Text classification method and terminal | |
| CN108717408B (en) | Sensitive word real-time monitoring method, electronic equipment, storage medium and system | |
| CN110351301B (en) | HTTP request double-layer progressive anomaly detection method | |
| US20190325344A1 (en) | Machine learning predictive labeling system | |
| JP2007503034A (en) | Method and apparatus for automatically online detecting and classifying anomalous objects in a data stream | |
| CN114244603B (en) | Anomaly detection and comparison embedded model training and detection method, device and medium | |
| CN108629358B (en) | Object class prediction method and device | |
| KR101968309B1 (en) | SYSTEM AND METHOD FOR text classification | |
| CN110636445A (en) | WIFI-based indoor positioning method, device, equipment and medium | |
| CN111476317B (en) | Plant protection image non-dense pest detection method based on reinforcement learning technology | |
| CN110659495A (en) | Malicious code family classification method | |
| CN113326177A (en) | Index anomaly detection method, device, equipment and storage medium | |
| CN116260642A (en) | Knowledge distillation space-time neural network-based lightweight Internet of things malicious traffic identification method | |
| CN114330469A (en) | Rapid and accurate encrypted flow classification method and system | |
| CN115705279A (en) | Intelligent fault early warning method and device based on index data | |
| AU2021106250A4 (en) | An iot based intrusion detection system | |
| CN113434857A (en) | User behavior safety analysis method and system applying deep learning | |
| CN113114691A (en) | Network intrusion detection method, system, equipment and readable storage medium | |
| CN115374711B (en) | Service life prediction method of rotating multi-component system and related device | |
| CN116150371A (en) | Asset repayment plan mass data processing method based on sharingJDBC | |
| CN114338058A (en) | Information processing method, device and storage medium | |
| JP2016053976A (en) | Data generation method, device and program, retrieval processing method, and device and program | |
| CN110650130A (en) | Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model | |
| AU2021107017A4 (en) | A machine learning-based system for detection of diseases and other breakout for effective counter measures | |
| CN116775744B (en) | Multi-source data fusion method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |