0% found this document useful (0 votes)
29 views9 pagesA Comprehensive Review of Machine Learning-Based Intrusion Detection Techniques For IoT Networks
Uploaded by
ghassancab5Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
29 views9 pagesA Comprehensive Review of Machine Learning-Based Intrusion Detection Techniques For IoT Networks
Uploaded by
ghassancab5Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
/ 9
A Comprehensive Review of Machine ®
Learning-Based Intrusion Detection
Techniques for IoT Networks
Ghassan Samara, Mohammad Aljaidi, Raed Alazaidah, Mais Haj Qasem,
‘Mohammad Hassan, Nabeel Al-Milli, Mohammad S. Al-Batah,
and Mohammad Kanan
Abstract The vast expansion of the Internet of Things (IoT) exposes itt the threat
of massive financial and reputational harm. The imperative to develop an emer-
gency action plan and countermeasures means that current concems can no longer
be put on hold. While many security concerns are present in the layers of ToT,
Distributed Denial of Service (DDoS) attacks receive specific treatment, and a part
of the survey ison the awareness, network, and application layers. These issues work
together to create multifaceted problems. DDoS attacks pose significant problems
for the intemet, as they can easily bring down Vulnerable targets. Different types of
DDoS attacks, as well as various IoT DDoS attacks, the effects of these attacks, and
responses to them are extensively discussed. This paper outlines different intrusion
detection techniques developed within the IoT network. It has already been agreed
‘that the JoT wil be used in all areas of our daily lives, including education, vehicles,
and healthcare. Furthermore, the diversity of connected devices, and its balance with
the quality of service, presents a challenge, and new issues are being developed for
JoT devices, such as scale and security needs. These issues must be examined, as
security often gets sidelined due to the cost, large-scale and real-time development,
and continuous use of IoT. A lack of security poses a significant risk, as consumers
do not feel confident about using loT products with less security
Keywords Machine learning - IOT - Distributed denial of service - Intrusion
detection techniques + Security
(6. Samara. M, AljpidiR, Alazaidah M1, Qasem -M Hassan, ALM
Department of Computer Science, Faculty of Information Technology, Zarga University, Zaza,
Jordan
M.S. AbBatah
Department of Computer Science, Faculty of Science and Information Technology, Jadara
‘University Ibid, Jordan
1M. Kanan (2)
Industrial Bngincering Deparment, College of Engincering, Jeddah 21448, Saudi Arabia
‘email: mkanan@ubtedaa
© The Author(s), under exclusive licens to Springer Nature Switzetland AG 2023, 365,
[A Hannoon and A. Mahmood (eds), Artificial Inelligence, Internet of Things
‘and Soctety 50, Studies in Computational Intelligence 1113,
ntpsfdoor/10,10071978-3-031-43300-9 38
466 G. Samara tal
1 Introduction
IoT refers to Internet-connected objects designed and molded through computer
networks. Rather than a small number of intelligent devices, loT means there are &
large number of cheaper non-smart devices. Intelligently programmed outputs, such
as scent from air fresheners and fuel in vehicles, are embedded in everyday usable
objects, programmed in various ways. AL this time, connected devices can function
beyond the needs of simple devices, such as lamps and umbrellas, and can connect,
‘buildings and communicate through networks, ToT devices imbued with technology
‘can do their job without the need for names and personalities.
‘Ubiquitous computing differs from ToT in that ‘things’ (such as a vehicle) may
‘collect and process data from humans and animals via the Internet, A sewing machine
may Keep track of thread left behind, stitches completed, and the maximum number
of stitches it ean do, Sensor software can record and preserve an object's perfor-
mance for a set period. Sensor displays employ actuators to provide outputs to the
‘human environment. The data collecting and Internet processing activate the exam=
ined outcomes. When it’s time to replace the thread, the sewing machine generates
an alert.
‘The integration of FoT and cloud computing yields effective collaboration between
the two approaches. The combination of these technologies is particularly beneficial
for physicians in terms of patient record monitoring through an on-demand system,
‘The cloud consistently provides strong support for IoT technology due to its capacity
for high usage, storage, energy, and processing. By incorporating IoT technology,
cloud computing expands its service offerings and capabilities. As axesult, the growth
of IoT-based clouds in smart environments is expected to increase, leading to the
‘emergence of new services and applications (1-4]
‘The combination of cloud-based and JoT: based technologies surpasses the eff
ciency of solely cloud-based applications. The integration of Big Data and MQLS
is being explored in various emerging applications. Cloud: based IoT offers valuable
advantages by facilitating efficient monitoring and access to information from any
location, Healthcare applications in the Web of Things have been utilized to collect
‘essential data and continuously update therapy parameters based on the severity of
the condition, Moreover, IoT devices and sensors measuring treatment parameters
‘can effectively idemtfy illnesses at an early stage before they are clinically detected.
‘The fundamental structure of the ToT architecture is ilustrated in Fig. |
‘Machine learning algorithms prove beneficial in decision-making, even when
handling vast amounts of data, The process of data analysis involves dealing with
factors such as velocity, diversity, and volume. Common approaches to data analysis
‘encompass neural network models, classification models, and clustering strategies.
Given the varied sources of data it becomes imperative to devise strategies to handle
the unique characteristics of each dataset, To address these challenges, several IoT
resources are available, offering scalability, speed, and options for determining the
optimal data model, The rapid evolution of loT presents both challenges and oppor-
tunities for advancements, With the accumulation of massive volumes of big data,
‘A Compichensive Review of Machine Leamning-Based Intrusion a7
ety
Tene \
Cor) or
carey oe
es
eS
Fig 1 Tot svete (5)
including images, text, and categorical data, secure storage in the cloud and access
‘through new healthcare applications are made possible {6-8}.
‘The rapid expansion of the Internet of Things (IoT) has revolutionized the way
‘we access information and conduct our daily lives. According to Gartner, the global
count of IoT devices is projected to reach 24 billion by 2020, However, this expo-
nential growth in JoT applications and devices also brings forth a range of new and
‘emerging security challenges. The heterogeneity of CPU architectures, limited inter-
faces, insecure configurations, vulnerable software programs, and the complexities
‘of patching embedded systems all contribute tothe susceptibility of the oT to various
critical security threats (9-13).
Before conducting further analysis to prevent and mitigate malware, itis crucial
to detect and classify it accurately. However, conventional security solutions based
‘on signatures are not suitable for the task due to the diverse CPU architectures and
resource constraints of loT devices [7].
In the past decade, there has been a significant advancement in the capabilities of
‘mobile applications, sensors, and actuators, enabling enhanced connectivity and the
‘execution of complex tasks. As of 2018, the number of connected devices surpassed
the global population, driving the growth of the Internet of Things (oT), which
468 G. Samara tal
{facilitates communication among advanced clectronics, sensors, and mobile devices.
‘With each new device, the amount of data collected continues to increase, presenting
an opportunity for artificial intelligence (AI) through machine learning (ML) and
‘new applications that can predict and identify novel patterns. Machine Learning and
the Internet of Things are two commonly mentioned technological concepts in our
daily lives (9)
‘The success and usability of both technologies have enabled the seamless inte~
gration of our lives into the ever-evolving technological ecosystem. However, to
fully hamess the advantages and create an environment where numerous devices can
‘connect and interact with machines, itis crucial to integrate machine learning and the
Internet of Things (ToT) [8]. Traditional data analytics often struggle to effectively
process rapidly changing and unstructured data, which is common in the IoT domain.
‘Machine learning data models, which are typically static, have limitations in handling.
‘such data, oT scenarios often require analyzing correlations between multiple sensor
inputs and external factors, resulting in a vast amount of data points within a short
timeframe, Currently, configuring ToT clusters presents a unique challenge, partic~
ularly in terms of decision-making, as it demands significant human intervention to
‘ensure the operational efficiency of the ToT infrastructure, InanIoT cluster, thousands
‘of sensors and other computing devices can lear and make autonomous decisions,
implementing machine learning techniques [1, 2, 12-14]
Involving data mining and machine learning in the use within IoTT has benefited
the research community inthe sense ofthe ability to analyze large quantities of data
and discover hidden patterns. Figute 2 provides an overview of the data mining track
‘within the IoT structure; the data is transformed from one standard to another to
reach the extraction or sevelation of knowledge.
Process of Data Mining
Ccolecton _Understncing Preparation «Modeling ©—=—vatuation
ig.2. Data mining phases
[A Compuchensive Review of Machine Leaming Based Intrusion 469
2 Literature Review
‘The Processor Module, as discussed in [15], favors the adoption of hybrid models and
‘methodologies that incorporate fuzzy logic and MADM (Multiple Attribute Decision
‘Making) methods, which have demonstrated significant effectiveness. These models,
generally follow a similar operational pattern, where fuzzy logic processing takes
place subsequent to the data collection process, guided by the criteria established in
the Collector Module. A classification technique employing a decision strategy is
then utilized. In this scenario, each criterion is assigned a weight to prioritize certain
services over others, influencing the selection of the next slice based on the current
application being used. Additionally, the user's profile is taken into account when
‘determining the weights [15]
Data mining is frequently employed in Intrusion Detection Systems (TDS) and
‘encompasses various strategies based on performance, model representation, priority
criteria, and algorithms. Categorization isa vital aspect of IDS models, where data
is classified into normal, damaging, or offensive categories. In this project, three
decision tee classification approaches, along with a support vector machine and a
Bayesian method, ate utilized. Each of these methods is discussed individually in
116),
In [17], the author discusses a network intrusion detection system that utilizes
supervised machine learning classifiers. Logistic Regression (LR) is employed for
problem categorization, including both binary and multiclass categories. One widely
‘used machine learning algorithm for classiication and regression analysis is the
Support Vector Machine (SVM). SVMis known forits ability o categorize data based
ontheir characteristics, by sorting and identifying the most distinct differences. SVMs
find applications in various fields such as text categorization, image categorization,
handwriting recognition, and scientific research. The Support Vector Machine is
also referred to as a Support Vector Network (SVN). Naive Bayes classifiers are
based on Bayes’ Theorem and comprise a family of algorithms rather than a single
algorithm. These classifiers assume independence between each par of features being
classified. Another classifier discussed is the Random Forest, proposed by Breiman,
‘which operates on the principle of creating a group of strong learners from a set of
‘weak learners, using proximity search, The widely used intrusion detection dataset,
KDDCUP99, did not provide satisfactory results, but an improved model with 42
features and four inspired attacks demonstrated better performance.
Ensemble methods are widely utilized by researchers due (o their exceptional
performance in classification problems. These methods are considered the most
advanced approach for addressing both supervised and unsupervised problems [18]
In terms of transferring data from the object layer to the higher layer, several crucial
\echnologies are uilized. One such technology is Wireless Fidelity (Wi-Fi), which is
