Skip to main content
Springer Nature Link
Log in

Towards an Attention-Based Threat Detection System for IoT Networks

  • Conference paper
  • First Online:
Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications (FDSE 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1688))

Included in the following conference series:

Abstract

The proliferation of the Internet of Things (IoT) serves demands in our life ranging from smart homes and smart cities to manufacturing and many other industries. As a result of the massive deployment of IoT devices, the risk of cyber-attacks on these devices also increases. The limitation in computing resources of IoT devices stops people from directly operating antivirus software on them. Therefore, these devices are vulnerable to cyber-attacks. In this research, we present our novel approach that could be applied to construct a lightweight Network Intrusion Detection System (NIDS) on IoT gateways. We utilize TabNet-the Google’s recently developed model for tabular data-as our detection model. The evaluation results on BOT-IoT and UNSW-NB15 datasets prove the ability of our proposal in intrusion detection tasks with the accuracy of 98,53% and 99,43%. Finally, we experiment with our approach on the Raspberry Pi 4 to prove the lightweight characteristic to deploy on IoT gateways.

T. N. Nguyen and K. M. Dang—These authors equally contributed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., Burnap, P.: A supervised intrusion detection system for smart home IoT devices. IEEE Internet Things J. 6(5), 9042–9053 (2019)

    Article  Google Scholar 

  2. Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1093–1110. USENIX Association, Vancouver, BC, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

  3. Arik, S., Pfister, T.: Tabnet: attentive interpretable tabular learning (2021)

    Google Scholar 

  4. Bai, L., Yao, L., Kanhere, S.S., Wang, X., Yang, Z.: Automatic device classification from network traffic streams of internet of things. In: 2018 IEEE 43rd Conference on Local Computer Networks (LCN), pp. 1–9. IEEE (2018)

    Google Scholar 

  5. Bowyer, K.W., Chawla, N.V., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. CoRR abs/1106.1813 (2011). http://arxiv.org/abs/1106.1813

  6. Dat-Thinh, N., Xuan-Ninh, H., Kim-Hung, L., Nassar, H.: Midsiot: a multistage intrusion detection system for internet of things. Wirel. Commun. Mob. Comput. 2022 (2022). https://doi.org/10.1155/2022/9173291

  7. Do, X.T., Le, K.H.: Towards remote deployment for intrusion detection system to IoT Edge Devices. In: Balas, V.E., Solanki, V.K., Kumar, R. (eds.) Recent Advances in Internet of Things and Machine Learning. Intelligent Systems Reference Library, vol. 215, pp. 301–316. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-90119-6_24

  8. Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7(8), 6882–6897 (2020). https://doi.org/10.1109/JIOT.2020.2970501

    Article  Google Scholar 

  9. Habibi Lashkari., A., Draper Gil., G., Mamun., M.S.I., Ghorbani., A.A.: Cicflowmeter https://www.unb.ca/cic/research/applications.html

  10. Hafeez, I., Antikainen, M., Ding, A.Y., Tarkoma, S.: IoT-keeper: detecting malicious IoT network activity using online traffic analysis at the edge. IEEE Trans. Network Serv. Manage. 17(1), 45–59 (2020)

    Article  Google Scholar 

  11. Hasan, M.: State of IoT 2022: number of connected IoT devices growing 18% to 14.4 billion globally (2022). https://iot-analytics.com/number-connected-iot-devices

  12. Koroniotis, N.: Designing an effective network forensic framework for the investigation of botnets in the internet of things (2020)

    Google Scholar 

  13. Koroniotis, N., Moustafa, N.: Enhancing network forensics with particle swarm and deep learning: the particle deep framework. CoRR abs/2005.00722 (2020). https://arxiv.org/abs/2005.00722

  14. Koroniotis, N., Moustafa, N., Schiliro, F., Gauravaram, P., Janicke, H.: A holistic review of cybersecurity and reliability perspectives in smart airports. IEEE Access 8, 209802–209834 (2020). https://doi.org/10.1109/ACCESS.2020.3036728

    Article  Google Scholar 

  15. Koroniotis, N., Moustafa, N., Sitnikova, E.: A new network forensic framework based on deep learning for internet of things networks: a particle deep framework. Future Gener. Comput. Syst. 110, 91–106 (2020). https://doi.org/10.1016/j.future.2020.03.042, https://www.sciencedirect.com/science/article/pii/S0167739X19325105

  16. Koroniotis, N., Moustafa, N., Sitnikova, E., Slay, J.: Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds.) MONAMI 2017. LNICST, vol. 235, pp. 30–44. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90775-8_3

    Chapter  Google Scholar 

  17. Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset (2018). https://doi.org/10.48550/ARXIV.1811.00701, https://arxiv.org/abs/1811.00701

  18. Le, K.H., Le-Minh, K.H., Thai, H.T.: Brainyedge: an AI-enabled framework for IoT edge computing. ICT Express (2021). https://doi.org/10.1016/j.icte.2021.12.007, https://www.sciencedirect.com/science/article/pii/S2405959521001727

  19. Le, K.H., Nguyen, M.H., Tran, T.D., Tran, N.D.: Imids: an intelligent intrusion detection system against cyber threats in IoT. Electron. 11(4) (2022). https://doi.org/10.3390/electronics11040524, https://www.mdpi.com/2079-9292/11/4/524

  20. Le Minh, K.H., Le, K.H., Le-Trung, Q.: Dlase: a light-weight framework supporting deep learning for edge devices. In: 2020 4th International Conference on Recent Advances in Signal Processing, Telecommunications & Computing (SigTelCom), pp. 103–108 (2020). https://doi.org/10.1109/SigTelCom49868.2020.9199058

  21. Marchal, S., Miettinen, M., Nguyen, T.D., Sadeghi, A.R., Asokan, N.: Audi: toward autonomous IoT device-type identification using periodic communication. IEEE J. Sel. Areas Commun. 37(6), 1402–1412 (2019). https://doi.org/10.1109/JSAC.2019.2904364

    Article  Google Scholar 

  22. Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59439-2_5

    Chapter  Google Scholar 

  23. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942

  24. Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)

    Article  Google Scholar 

  25. Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data 5(4), 481–494 (2019). https://doi.org/10.1109/TBDATA.2017.2715166

    Article  Google Scholar 

  26. Nguyen, P.C., Nguyen, Q.T., Le, K.H.: An ensemble feature selection algorithm for machine learning based intrusion detection system. In: 2021 8th NAFOSTED Conference on Information and Computer Science (NICS), pp. 50–54 (2021). https://doi.org/10.1109/NICS54270.2021.9701577

  27. Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: DÏot: a federated self-learning anomaly detection system for IoT (2018). https://doi.org/10.48550/ARXIV.1804.07474, https://arxiv.org/abs/1804.07474

  28. Nguyen, X.H., Nguyen, X.D., Huynh, H.H., Le, K.H.: Realguard: a lightweight network intrusion detection system for IoT gateways. Sensors 22(2) (2022). https://doi.org/10.3390/s22020432, https://www.mdpi.com/1424-8220/22/2/432

  29. Sarhan, M., Layeghy, S., Moustafa, N., Portmann, M.: NetFlow datasets for machine learning-based network intrusion detection systems. In: Deze, Z., Huang, H., Hou, R., Rho, S., Chilamkurti, N. (eds.) BDTA/WiCON -2020. LNICST, vol. 371, pp. 117–135. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72802-1_9

    Chapter  Google Scholar 

  30. Tiwatthanont, P.: Tcpdump and cicflowmeter. https://github.com/iPAS/TCPDUMP_and_CICFlowMeter

  31. Tran, B.S., Ho, T.H., Do, T.X., Le, K.H.: Empirical performance evaluation of machine learning based DDoS attack detections. In: Balas, V.E., Solanki, V.K., Kumar, R. (eds.) Recent Advances in Internet of Things and Machine Learning. Intelligent Systems Reference Library, vol. 215, pp. 283–299. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-90119-6_23

  32. Zhang, X., Chen, J., Zhou, Y., Han, L., Lin, J.: A multiple-layer representation learning model for network-based attack detection. IEEE Access 7, 91992–92008 (2019). https://doi.org/10.1109/ACCESS.2019.2927465

    Article  Google Scholar 

Download references

Acknowledgements

This research is supported by research funding from Faculty of Information Technology, University of Science, Vietnam National University - Ho Chi Minh City.

Author information

Authors and Affiliations

  1. University of Science, Ho Chi Minh City, Vietnam

    Thanh-Nhan Nguyen, Khanh-Mai Dang & Anh-Duy Tran

  2. University of Information Technology, Ho Chi Minh City, Vietnam

    Kim-Hung Le

  3. Vietnam National University, Ho Chi Minh City, Vietnam

    Thanh-Nhan Nguyen, Khanh-Mai Dang, Anh-Duy Tran & Kim-Hung Le

Authors
  1. Thanh-Nhan Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Khanh-Mai Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anh-Duy Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kim-Hung Le
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kim-Hung Le .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Food Industry, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Sungkyunkwan University, Seoul, Korea (Republic of)

    Tai M. Chung

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nguyen, TN., Dang, KM., Tran, AD., Le, KH. (2022). Towards an Attention-Based Threat Detection System for IoT Networks. In: Dang, T.K., Küng, J., Chung, T.M. (eds) Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications. FDSE 2022. Communications in Computer and Information Science, vol 1688. Springer, Singapore. https://doi.org/10.1007/978-981-19-8069-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-8069-5_20

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-8068-8

  • Online ISBN: 978-981-19-8069-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation