Skip to main content
SpringerLink
Log in

A New Data Model for Behavioral Based Anomaly Detection in IoT Device Monitoring

  • Conference paper
  • First Online:
Rough Sets (IJCRS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 14481))

Included in the following conference series:

Abstract

The paper presents the new model of data for Internet of Things (IoT) devices monitoring and anomaly detection. The model bases mostly on behavioral description of current state of device, however it contains also some additional information. Raw input data, coming from the external simulation software, are aggregated on two levels of detail: raw variable values preprocessing and time-based aggregation. It was shown, that a sample data following this model, data that contains anomalies, can be analyzed with standard anomaly detection methods and results of this application are very satisfactory. The data used in the paper are also publicly available.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adamczyk, B., Brzȩczek, M., Michalak, M., et al.: Dataset generation framework for evaluation of IoT Linux host-based intrusion detection systems. In: 2022 IEEE International Conference on Big Data (Big Data), pp. 6179–6187 (2022). https://doi.org/10.1109/BigData55660.2022.10020442

  2. CAIDA: Center of applied internet data analysis (1998–2013). https://www.caida.org/catalog/datasets/completed-datasets/. Accessed 16 Mar 2021

  3. Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: 2013 IEEE Wireless Communications and Networking Conference (WCNC), pp. 4487–4492, April 2013. https://doi.org/10.1109/WCNC.2013.6555301. ISSN 1558-2612

  4. Czerwiński, M., Michalak, M., Biczyk, P., et al.: Cybersecurity threat detection in the behavior of IoT devices: analysis of data mining competition results. In: 18th Conference on Computer Science and Intelligence Systems, FedCSIS 2023 (2023, in press)

    Google Scholar 

  5. Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, KDD 1996, pp. 226–231. AAAI Press (1996)

    Google Scholar 

  6. Garcia, S., Parmisano, A., Erquiaga, M.J.: IoT-23: a labeled dataset with malicious and benign IoT network traffic, January 2020. https://doi.org/10.5281/zenodo.4743746. More details here https://www.stratosphereips.org/datasets-iot23

  7. Joulin, A., Grave, E., Bojanowski, P., Mikolov, T.: Bag of tricks for efficient text classification. In: Proceedings of the 15th Conference of the European Chapter of the Association for Computational Linguistics: Volume 2, Short Papers, pp. 427–431. Association for Computational Linguistics, April 2017

    Google Scholar 

  8. Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset. arXiv (2018). https://doi.org/10.48550/ARXIV.1811.00701. https://arxiv.org/abs/1811.00701

  9. Kursa, M.B., Rudnicki, W.R.: Feature selection with the Boruta package. J. Stat. Softw. 36(11), 1–13 (2010). https://doi.org/10.18637/jss.v036.i11. https://www.jstatsoft.org/index.php/jss/article/view/v036i11

  10. Kyoto_University: Traffic data from Kyoto University’s honeypots (2015). https://www.takakura.com/Kyoto_data/. Accessed 17 Mar 2021

  11. MIT: MIT Lincoln Laboratory - DARPA datasets (1998–1999). https://www.ll.mit.edu/r-d/datasets. Accessed 16 Mar 2021

  12. Moustafa, N., Ahmed, M., Ahmed, S.: Data analytics-enabled intrusion detection: evaluations of ToN_IoT Linux datasets. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 727–735 (2020). https://doi.org/10.1109/TrustCom50675.2020.00100

  13. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942

  14. Pearson, K.: On lines and planes of closest fit to systems of points in space. London Edinburgh Dublin Philos. Mag. J. Sci. 2(11), 559–572 (1901). https://doi.org/10.1080/14786440109462720

    Article  Google Scholar 

  15. Pearson, K.: Detection of outliers and extreme events of ground level particulate matter using DBSCAN algorithm with local parameters. Water Air Soil Pollut. 233(5), 2003 (2022)

    Google Scholar 

  16. Sangster, B., O’Connor, T.J., Cook, T., et al.: Toward instrumenting network warfare competitions to generate labeled datasets. In: Proceedings of the 2nd Conference on Cyber Security Experimentation and Test, CSET 2009, p. 9. USENIX Association, USA (2009)

    Google Scholar 

  17. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012). https://doi.org/10.1016/j.cose.2011.12.012. https://www.sciencedirect.com/science/article/pii/S0167404811001672

  18. Sperotto, A., Sadre, R., van Vliet, F., Pras, A.: A labeled data set for flow-based intrusion detection. In: Nunzi, G., Scoglio, C., Li, X. (eds.) IPOM 2009. LNCS, vol. 5843, pp. 39–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04968-2_4

    Chapter  Google Scholar 

  19. Stolfo, S., Fan, W., Lee, W., et al.: Cost-based modeling and evaluation for data mining with application to fraud and intrusion detection: results from the JAM project, September 1999

    Google Scholar 

  20. Stratosphere: Stratosphere laboratory datasets (2020). https://www.stratosphereips.org/datasets-overview. Accessed 15 Mar 2021

  21. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6, July 2009. https://doi.org/10.1109/CISDA.2009.5356528

  22. Thang, T.M., Kim, J.: The anomaly detection by using DBSCAN clustering with multiple parameters. In: 2011 International Conference on Information Science and Applications, pp. 1–5 (2011). https://doi.org/10.1109/ICISA.2011.5772437

  23. Ullah, I., Mahmoud, Q.H.: A technique for generating a botnet dataset for anomalous activity detection in IoT networks. In: 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 134–140 (2020). https://doi.org/10.1109/SMC42975.2020.9283220

  24. Wawrowski, L., Michalak, M., Białas, A., et al.: Detecting anomalies and attacks in network traffic monitoring with classification methods and XAI-based explainability. Procedia Comput. Sci. 192(C), 2259–2268 (2021). https://doi.org/10.1016/j.procs.2021.08.239. https://doi.org/10.1016/j.procs.2021.08.239

  25. Yang, S., Kurose, J., Levine, B.: Disambiguation of residential wired and wireless access in a forensic setting, pp. 360–364, April 2013. https://doi.org/10.1109/INFCOM.2013.6566795

Download references

Acknowledgements

The project is financed by the Polish National Centre for Research and Development as part of the fourth CyberSecIdent-Cybersecurity and e-Identity competition (agreement number: CYBERSECIDENT/489240/IV/NCBR/2021.

Author information

Authors and Affiliations

  1. Łukasiewicz Research Network—Institute of Innovative Technologies EMAG, ul. Leopolda 31, 40-189, Katowice, Poland

    Marcin Michalak, Marek Hermansa, Iwona Kostorz & Łukasz Wawrowski

  2. QED Software sp. z o.o., ul. Mazowiecka 11/49, 00-052, Warszawa, Poland

    Piotr Biczyk & Michał Czerwiński

  3. EFIGO sp. z o.o., ul. M. Kopernika 8/6, 40-064, Katowice, Poland

    Błażej Adamczyk & Maksym Brzȩczek

  4. University of Warsaw, ul. Banacha 2, 02-097, Warszawa, Poland

    Michał Czerwiński

  5. Department of Computer Networks and Systems, Silesian University of Technology, Akademicka 16, 44-100, Gliwice, Poland

    Marcin Michalak & Błażej Adamczyk

  6. Faculty of Automatic Control, Electronics and Computer Science, Silesian University of Technology, Akademicka 16, 44-100, Gliwice, Poland

    Piotr Biczyk

Authors
  1. Marcin Michalak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Piotr Biczyk
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Błażej Adamczyk
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Maksym Brzȩczek
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marek Hermansa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Iwona Kostorz
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Łukasz Wawrowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Michał Czerwiński
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcin Michalak .

Editor information

Editors and Affiliations

  1. IRCCS Istituto Ortopedico Galeazzi, Milano, Italy

    Andrea Campagner

  2. Ghent University, Ghent, Belgium

    Oliver Urs Lenz

  3. Chongqing University of Posts and Telecommunications, Chongqing, China

    Shuyin Xia

  4. University of Warsaw, Warsaw, Poland

    Dominik Ślęzak

  5. AGH University of Science and Technology, Kraków, Poland

    Jarosław Wąs

  6. University of Regina, Regina, SK, Canada

    JingTao Yao

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Michalak, M. et al. (2023). A New Data Model for Behavioral Based Anomaly Detection in IoT Device Monitoring. In: Campagner, A., Urs Lenz, O., Xia, S., Ślęzak, D., Wąs, J., Yao, J. (eds) Rough Sets. IJCRS 2023. Lecture Notes in Computer Science(), vol 14481. Springer, Cham. https://doi.org/10.1007/978-3-031-50959-9_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-50959-9_41

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-50958-2

  • Online ISBN: 978-3-031-50959-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation