research-article

Unsupervised machine learning for network-centric anomaly detection in IoT

Authors:

Randeep Bhatia,

T. V. Lakshman,

John GroganAuthors Info & Claims

Big-DAMA '19: Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks

Pages 42 - 48

https://doi.org/10.1145/3359992.3366641

Published: 09 December 2019 Publication History

Abstract

Industry 4.0 holds the promise of greater automation and productivity but also introduces new security risks to critical industrial control systems from unsecured devices and machines. Networks need to play a larger role in stopping attacks before they disrupt essential infrastructure as host-centric IT security solutions, such as anti-virus and software patching, have been ineffective in preventing IoT devices from getting compromised. We propose a network-centric, behavior-learning based, anomaly detection approach for securing such vulnerable environments. We demonstrate that the predictability of TCP traffic from IoT devices can be exploited to detect different types of DDoS attacks in real-time, using unsupervised machine learning (ML). From a small set of features, our ML classifier can separate normal and anomalous traffic. Our approach can be incorporated in a larger system for identifying compromised end-points despite IP spoofing, thus allowing the use of SDN-based mechanisms for blocking attack traffic close to the source. Compared to supervised ML methods, our unsupervised ML approaches are easier to instrument and are more effective in detecting new and unseen attacks.

References

[1]

M. Roesch Snort: Lightweight intrusion detection for networks Lisa. Vol. 99, 1999

[2]

P. Garcia-Teodoro et al. Anomaly-based network intrusion detection: Techniques, systems and challenges Computers and Security 28, 2009

[3]

M. Sakurada, Y. Takehisa Anomaly detection using autoencoders with nonlinear dimensionality reduction 2nd Workshop on Machine Learning for Sensory Data Analysis (MLSDA), 2014

[4]

R. Mitchell and I.-R. Chen A survey of intrusion detection techniques for cyber-physical systems ACM Computing Surveys 46.4, 2014

[5]

S. N. Shirazi, et al. Evaluation of anomaly detection techniques for scada communication resilience IEEE Resilience Week (RWS), 2016

[6]

Mahmood Yousefi-Azar, et al. Autoencoder-based feature learning for cyber security applications International Joint Conference on Neural Networks (IJCNN), 2017

[7]

S. Yadav, S. Subramanian Detection of Application Layer DDoS attack by feature learning using Stacked AutoEncoder International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT), 2016

[8]

A. L. Buczak, E. Guven A survey of data mining and machine learning methods for cyber security intrusion detection IEEE Communications Surveys & Tutorials 18.2 (2016)

[9]

M H. Bhuyan, et al. Network anomaly detection: methods, systems and tools IEEE communications surveys & tutorials 16.1 (2014)

[10]

R. Doshi, N. Apthorpe, N. Feamster Machine Learning DDoS Detection for Consumer Internet of Things Devices IEEE Deep Learning and Security Workshop 2018

[11]

R. Kwitt, U. Hofmann Unsupervised Anomaly Detection in Network Traffic by Means of Robust PCA 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07)

[12]

M.-L. Shyu, et al. A novel anomaly detection scheme based on principal component classifier In Proceedings of 3rd IEEE International Conference on Data Mining, 2003

[13]

P. Baldi Autoencoders, Unsupervised Learning, and Deep Architectures Proceedings of ICML workshop on unsupervised and transfer learning. 2012

[14]

R. Dargenio, et al. Exploring the Use of Autoencoders for Botnets Traffic Representation IEEE Deep Learning and Security Workshop 2018

[15]

S.R. Gaddam, et al. K-Means+ ID3: A novel method for supervised anomaly detection by cascading K-Means clustering and ID3 decision tree learning methods IEEE Transactions on Knowledge and Data Engineering, 2007

[16]

NJCCIC Mirai [Online]:https://www.cyber.nj.gov/threat-profiles/botnet-variants/mirai-botnet

[17]

A. Sivanathan, et al. Classifying IoT devices in smart environments using network traffic characteristics IEEE Transactions on Mobile Computing 2018

[18]

https://iotanalytics.unsw.edu.au/attack-data

[19]

J. Gama, et al. A survey on concept drift adaptation ACM computing surveys (CSUR) 46.4 (2014): 44

[20]

M. Harel, et al. Concept drift detection through resampling International Conference on Machine Learning 2014

[21]

D. C. Ferreira et al. Extreme Dimensionality Reduction for Network Attack Visualization with Autoencoders International Joint Conference on Neural Networks (IJCNN), 2019

[22]

T. Zseby, et al. Nightlights: Entropy- based metrics for classifying darkspace traffic patterns Passive and Active Measurement, Cham:Springer International Publishing, pp. 275--277, 2014.

Cited By

Kuppusamy PKhang A(2024)An Advanced Cybersecurity Model for High-Tech Farming Using Machine Learning ApproachAgriculture and Aquaculture Applications of Biosensors and Bioelectronics10.4018/979-8-3693-2069-3.ch026(458-492)Online publication date: 26-Apr-2024
https://doi.org/10.4018/979-8-3693-2069-3.ch026
Nag AHassan MMandal DChand NIslam MMeena VBenedetto F(2024)A Review of Machine Learning Methods for IoT Network-Centric Anomaly Detection2024 47th International Conference on Telecommunications and Signal Processing (TSP)10.1109/TSP63128.2024.10605928(26-31)Online publication date: 10-Jul-2024
https://doi.org/10.1109/TSP63128.2024.10605928
Wang YRimal BKoball CFahnlander MScheaffer JHammrich JGentry PWestlund DSalmen TFord C(2024)A Comprehensive Study of Supervised Machine Learning Assisted Approaches for IoT Device Identification2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556143(221-227)Online publication date: 19-Feb-2024
https://doi.org/10.1109/ICNC59896.2024.10556143
Show More Cited By

Index Terms

Unsupervised machine learning for network-centric anomaly detection in IoT
1. Computing methodologies
  1. Machine learning
    1. Learning settings
      1. Semi-supervised learning settings
    2. Machine learning approaches
      1. Neural networks
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Network security
    1. Denial-of-service attacks

Recommendations

Denial of service attack detection and mitigation for internet of things using looking-back-enabled machine learning techniques
Abstract
IoT (Internet of Things) systems are still facing a great number of attacks due to their integration in several areas of life. The most-reported attacks against IoT systems are "Denial of Service" (DoS) and "Distributed Denial of ...
Adversarial machine learning in IoT from an insider point of view
Abstract
With the rapid progress and significant successes in various applications, machine learning has been considered a crucial component in the Internet of Things ecosystem. However, machine learning models have recently been vulnerable to ...
DoS/DDoS-MQTT-IoT: A dataset for evaluating intrusions in IoT networks using the MQTT protocol
Abstract
Adversaries may exploit a range of vulnerabilities in Internet of Things (IoT) environments. These vulnerabilities are typically exploited to carry out attacks, such as denial-of-service (DoS) attacks, either against the IoT devices ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Big-DAMA '19: Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks

December 2019

53 pages

ISBN:9781450369992

DOI:10.1145/3359992

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CoNEXT '19

Sponsor:

SIGCOMM

CoNEXT '19: The 15th International Conference on emerging Networking EXperiments and Technologies

December 9, 2019

FL, Orlando, USA

Acceptance Rates

Big-DAMA '19 Paper Acceptance Rate 7 of 11 submissions, 64%;

Overall Acceptance Rate 7 of 11 submissions, 64%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
1,348
Total Downloads

Downloads (Last 12 months)199
Downloads (Last 6 weeks)13

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kuppusamy PKhang A(2024)An Advanced Cybersecurity Model for High-Tech Farming Using Machine Learning ApproachAgriculture and Aquaculture Applications of Biosensors and Bioelectronics10.4018/979-8-3693-2069-3.ch026(458-492)Online publication date: 26-Apr-2024
https://doi.org/10.4018/979-8-3693-2069-3.ch026
Nag AHassan MMandal DChand NIslam MMeena VBenedetto F(2024)A Review of Machine Learning Methods for IoT Network-Centric Anomaly Detection2024 47th International Conference on Telecommunications and Signal Processing (TSP)10.1109/TSP63128.2024.10605928(26-31)Online publication date: 10-Jul-2024
https://doi.org/10.1109/TSP63128.2024.10605928
Wang YRimal BKoball CFahnlander MScheaffer JHammrich JGentry PWestlund DSalmen TFord C(2024)A Comprehensive Study of Supervised Machine Learning Assisted Approaches for IoT Device Identification2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556143(221-227)Online publication date: 19-Feb-2024
https://doi.org/10.1109/ICNC59896.2024.10556143
Zohourian ADadkhah SMolyneaux HNeto EGhorbani A(2024)IoT-PRIDS: Leveraging packet representations for intrusion detection in IoT networksComputers & Security10.1016/j.cose.2024.104034146(104034)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104034
Alangari S(2024)An Unsupervised Machine Learning Algorithm for Attack and Anomaly Detection in IoT SensorsWireless Personal Communications10.1007/s11277-023-10811-8Online publication date: 9-Feb-2024
https://doi.org/10.1007/s11277-023-10811-8
Xu ADarbandi MJavaheri DNavimipour NYalcin SSalameh A(2023)The Management of IoT-Based Organizational and Industrial Digitalization Using Machine Learning MethodsSustainability10.3390/su1507593215:7(5932)Online publication date: 29-Mar-2023
https://doi.org/10.3390/su15075932
DeMedeiros KHendawi AAlvarez M(2023)A Survey of AI-Based Anomaly Detection in IoT and Sensor NetworksSensors10.3390/s2303135223:3(1352)Online publication date: 25-Jan-2023
https://doi.org/10.3390/s23031352
Koball CRimal BWang YSalmen TFord C(2023)IoT Device Identification Using Unsupervised Machine LearningInformation10.3390/info1406032014:6(320)Online publication date: 31-May-2023
https://doi.org/10.3390/info14060320
Jeffrey NTan QVillar J(2023)A Review of Anomaly Detection Strategies to Detect Threats to Cyber-Physical SystemsElectronics10.3390/electronics1215328312:15(3283)Online publication date: 30-Jul-2023
https://doi.org/10.3390/electronics12153283
Hoffpauir KSimmons JSchmidt NPittala RBriggs IMakani SJararweh Y(2023)A Survey on Edge Intelligence and Lightweight Machine Learning Support for Future Applications and ServicesJournal of Data and Information Quality10.1145/358175915:2(1-30)Online publication date: 25-Jan-2023
https://dl.acm.org/doi/10.1145/3581759
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents