Skip to main content
SpringerLink
Log in

A multiple-kernel clustering based intrusion detection scheme for 5G and IoT networks

  • Original Article
  • Published:
International Journal of Machine Learning and Cybernetics Aims and scope Submit manuscript

Abstract

The 5G network provides higher bandwidth and lower latency for edge IoT devices to access the core business network. But at the same time, it also expands the attack surface of the core network, which makes the enterprise network face greater security threats. To protect the security of core business, the network infrastructure must be able to recognize not only the known abnormal traffic, but also new emerging threats. Intrusion Detection Systems (IDSs) are widely used to protect the core network against external intrusions. Most of the existing research works design anomaly detection models for a specific set of traffic attributes. In fact, it is difficult for us to find the specific correspondence between traffic attributes and attack behaviors. Worse, some traffic attributes will be missing in the IoT environment, which further increases the difficulty of anomaly analysis. In traditional solutions, the missing attributes are usually filled with zero or mean values. Sometimes, the attributes are directly discarded. Both of these methods may result in lower detection accuracy. To solve this problem, we propose an intrusion detection method based on multiple-kernel clustering (MKC) algorithms. Be different from zero value filling and mean value filling, the proposed method completes the absent traffic property through similarity calculation. Experimental results show that this method can effectively improve the clustering accuracy of incomplete sampled data, at the same time it can reduce the sensitivity of the anomaly detection model to the selection of traffic feature, and has a better tolerance for poor-quality traffic sampled data.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Agarwal R, Joshi MV (2001) PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection). Report No 10598:1–17. https://doi.org/10.1137/1.9781611972719.29

    Article  Google Scholar 

  2. Ahmim A, Maglaras L, Ferrag MA, et al (2019) A novel hierarchical intrusion detection system based on decision tree and rules-based models. In: 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). IEEE, pp 228–233

  3. Al-Garadi MA, Mohamed A, Al-Ali AK et al (2020) A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun Surv Tutor 22:1646–1685. https://doi.org/10.1109/COMST.2020.2988293

    Article  Google Scholar 

  4. Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303. https://doi.org/10.1016/j.eswa.2016.09.041

    Article  Google Scholar 

  5. Anderson JA (1995) An introduction to neural networks. MIT Press, Cambridge

    Book  Google Scholar 

  6. Anderson JP (1980) Computer security threat monitoring and surveillance. James P. Anderson Co., Fort Washington

    Google Scholar 

  7. Aryal S, Santosh KC, Dazeley R (2020) usfAD: a robust anomaly detector based on unsupervised stochastic forest. Int J Mach Learn Cybernet. https://doi.org/10.1007/s13042-020-01225-0

    Article  Google Scholar 

  8. Awid dataset wireless security datasets project (2020) http://icsdweb.aegean.gr/awid/features.html

  9. Baba NM, Makhtar M, Fadzli SA, Awang MK (2015) Current issues in ensemble methods and its applications. J Theoret Appl Inf Technol 81:266–276

    Google Scholar 

  10. Benkhelifa E, Welsh T, Hamouda W (2018) A critical review of practices and challenges in intrusion detection systems for IoT: toward universal and resilient systems. IEEE Commun Surv Tutor 20:3496–3509. https://doi.org/10.1109/COMST.2018.2844742

    Article  Google Scholar 

  11. Bosman HHWJ, Iacca G, Tejada A et al (2015) Ensembles of incremental learners to detect anomalies in ad hoc sensor networks. Ad Hoc Netw 35:14–36. https://doi.org/10.1016/j.adhoc.2015.07.013

    Article  Google Scholar 

  12. Caminero G, Lopez-Martin M, Carro B (2019) Adversarial environment reinforcement learning algorithm for intrusion detection. Comput Netw 159:96–109. https://doi.org/10.1016/j.comnet.2019.05.013

    Article  Google Scholar 

  13. Chen S, Peng M, Xiong H, Yu X (2016) SVM intrusion detection model based on compressed sampling. J Electr Comput Eng 2016:1–6. https://doi.org/10.1155/2016/3095971

    Article  Google Scholar 

  14. Chettri L, Bera R (2020) A comprehensive survey on internet of things (IoT) toward 5G wireless systems. IEEE Internet Things J 7:16–32. https://doi.org/10.1109/JIOT.2019.2948888

    Article  Google Scholar 

  15. Chinese Software Developer Network UNSW_NB15 (2020) https://download.csdn.net/download/asialeebird/10795133

  16. D’Agostini G (1995) A multidimensional unfolding method based on Bayes’ theorem. Nucl Instrum Methods Phys Res, Sect A 362:487–498. https://doi.org/10.1016/0168-9002(95)00274-X

    Article  Google Scholar 

  17. Deng Z, Zhu X, Cheng D et al (2016) Efficient k NN classification algorithm for big data. Neurocomputing 195:143–148. https://doi.org/10.1016/j.neucom.2015.08.112

    Article  Google Scholar 

  18. Dieudonné J (1969) Foundations of modern analysis. Academic Press, Cambridge

    MATH  Google Scholar 

  19. Du XJ, Wu D (2006) Adaptive cell relay routing protocol for mobile ad hoc networks. IEEE Trans Veh Technol 55:278–285. https://doi.org/10.1109/TVT.2005.861196

    Article  Google Scholar 

  20. Dyn (2016) Incident Report for Oracle + Dyn. https://www.dynstatus.com/incidents/5r9mppc1kb77

  21. Fossaceca JM, Mazzuchi TA, Sarkani S (2015) MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst Appl 42:4062–4080. https://doi.org/10.1016/j.eswa.2014.12.040

    Article  Google Scholar 

  22. Fourati H, Maaloul R, Chaari L (2020) A survey of 5G network systems: challenges and machine learning approaches. Int J Mach Learn Cybernet. https://doi.org/10.1007/s13042-020-01178-4

    Article  Google Scholar 

  23. Gao N, Gao L, Gao Q, Wang H (2014) An intrusion detection model based on deep belief networks. In: 2014 Second international conference on advanced cloud and big data, IEEE, pp 247–252

  24. Garg S, Kaur K, Kumar N et al (2019) A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Trans Netw Serv Manage 16:924–935. https://doi.org/10.1109/TNSM.2019.2927886

    Article  Google Scholar 

  25. Gönen M, Alpaydın E (2011) Multiple kernel learning algorithms. J Mach Learn Res 12:2211–2268

    MathSciNet  MATH  Google Scholar 

  26. Gouveia A, Correia M (2017) A systematic approach for the application of restricted Boltzmann machines in network intrusion detection. In: Rojas I, Joya G, Catala A (eds) Advances in computational intelligence. Springer International Publishing, Cham, pp 432–446

    Chapter  Google Scholar 

  27. Gu J, Sun B, Du X et al (2018) Consortium Blockchain-based malware detection in mobile devices. IEEE Access 6:12118–12128. https://doi.org/10.1109/ACCESS.2018.2805783

    Article  Google Scholar 

  28. Guo Y, Ji T, Wang Q et al (2020) Unsupervised anomaly detection in IoT systems for smart cities. IEEE Trans Netw Sci Eng. https://doi.org/10.1109/TNSE.2020.3027543

    Article  Google Scholar 

  29. Haykin S (1999) Neural networks: a comprehensive foundation, 2nd edn. Prentice Hall, Hoboken

    MATH  Google Scholar 

  30. Heberlein LT, Dias GV, Levitt KN, et al (1990) A network security monitor. In: Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy, IEEE, pp 296–304

  31. Iam-On N (2020) Clustering data with the presence of attribute noise: a study of noise completely at random and ensemble of multiple k-means clusterings. Int J Mach Learn Cybernet 11:491–509. https://doi.org/10.1007/s13042-019-00989-4

    Article  Google Scholar 

  32. Illy P, Kaddoum G, Miranda Moreira C et al (2019) Securing Fog-to-Things environment using intrusion detection system based on ensemble learning. In: 2019 IEEE wireless communications and networking conference (WCNC), IEEE, pp 1–7

  33. ITU (2017) Minimum requirements related to technical performance for IMT-2020 radio interface(s)

  34. Kim J, Kim J, Thi Thu H Le, Kim H (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE, pp 1–5

  35. Li R, Li X, Lin C, Collinson M, and Mao R (2019) A Stable Variational Autoencoder for Text Modeling. In: The 12th International Conference on Natural Language Generation (INLG). SIGGEN, pp 594–599

  36. Li, R, Lin C, Collinson M, Li X, and Chen G (2019) A Dual-Attention Hierarchical Recurrent Neural Network for Dialogue Act Classification. In: The 23rd Conference on Computational Natural Language Learning (CoNLL), SIGNLL, pp 383–392

  37. Li X, Lin C, Wang C, Li R, and Guerin F. Latent Space Factorisation and Manipulation via Matrix Subspace Projection (2020). In: The 37th International Conference on Machine Learning (ICML), PMLR, pp 5916–5926

  38. Li M, Sun Y, Lu H et al (2019) Deep reinforcement learning for partially observable data poisoning attack in crowdsensing systems. IEEE Internet Things J 2019:1–1. https://doi.org/10.1109/jiot.2019.2962914

    Article  Google Scholar 

  39. Liang J, Ma M, Sadiq M, Yeung K-H (2019) A filter model for intrusion detection system in Vehicle Ad Hoc Networks: a hidden Markov methodology. Knowl-Based Syst 163:611–623. https://doi.org/10.1016/j.knosys.2018.09.022

    Article  Google Scholar 

  40. Liu X, Gao W, Zhu X et al (2019) Multiple Kernel k-means with incomplete Kernels. IEEE Trans Pattern Anal Mach Intell. https://doi.org/10.1109/TPAMI.2019.2892416

    Article  Google Scholar 

  41. Meng S, Huang W, Yin X et al (2020) Security-aware dynamic scheduling for real-time optimization in cloud-based industrial applications. IEEE Trans Industr Inf. https://doi.org/10.1109/TII.2020.2995348

    Article  Google Scholar 

  42. Ming Zhang, Xiaojiang Du, Nygard K (2005) Improving coverage performance in sensor networks by using mobile sensors. In: MILCOM 2005–2005 IEEE military communications conference, IEEE, pp 3335–3341

  43. Minh HQ, Niyogi P, Yao Y (2006) Mercer’s Theorem, feature maps, and smoothing, pp 154–168

  44. Mitchell T (1997) Machine learning. McGraw Hill, Hoboken

    MATH  Google Scholar 

  45. Nuo Y (2018) A novel selection method of network intrusion optimal route detection based on naive Bayesian. Int J Appl Dec Sci 11:1. https://doi.org/10.1504/IJADS.2018.088631

    Article  Google Scholar 

  46. Qi L, Hu C, Zhang X et al (2020) Privacy-aware data fusion and prediction with spatial-temporal context for smart city industrial environment. IEEE Trans Industr Inf. https://doi.org/10.1109/TII.2020.3012157

    Article  Google Scholar 

  47. Qiu J, Tian Z, Du C et al (2020) A survey on access control in the age of internet of things. IEEE Internet Things J 7:4682–4696. https://doi.org/10.1109/JIOT.2020.2969326

    Article  Google Scholar 

  48. Reynolds D (2009) Gaussian Mixture Models. In: Encyclopedia of Biometrics. Springer US, Boston, pp 659–66

  49. Rodriguez A, Laio A (2014) Clustering by fast search and find of density peaks. Science 344:1492–1496. https://doi.org/10.1126/science.1242072

    Article  Google Scholar 

  50. Schölkopf B, Smola A, Müller K-R (1998) Nonlinear component analysis as a kernel Eigenvalue problem. Neural Comput 10:1299–1319. https://doi.org/10.1162/089976698300017467

    Article  Google Scholar 

  51. Senthilnayaki B, Venkatalakshmi K, Kannan A (2019) Intrusion detection system using fuzzy rough set feature selection and modified KNN classifier. Int Arab J Inf Technol 16:746–753

    Google Scholar 

  52. Shafiq M, Tian Z, Bashir AK et al (2020) CorrAUC: a malicious Bot-IoT traffic detection method in IoT network using machine learning techniques. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.3002255

    Article  Google Scholar 

  53. Shah R, Qian Y, Kumar D et al (2017) Network intrusion detection through discriminative feature selection by using sparse logistic regression. Future Internet 9:81. https://doi.org/10.3390/fi9040081

    Article  Google Scholar 

  54. Singh T, Kumar N (2020) Machine learning models for intrusion detection in IoT environment: a comprehensive review. Comput Commun. https://doi.org/10.1016/j.comcom.2020.02.001

    Article  Google Scholar 

  55. Soucy P, Mineau GW(2001) A simple KNN algorithm for text categorization. In: Proceedings 2001 IEEE International Conference on Data Mining. IEEE Comput. Soc, pp 647–648

  56. Swarnkar M, Hubballi N (2016) OCPAD: one class Naive Bayes classifier for payload based anomaly detection. Expert Syst Appl 64:330–339. https://doi.org/10.1016/j.eswa.2016.07.036

    Article  Google Scholar 

  57. Tian Z, Gao X, Su S, Qiu J (2020) Vcash: a novel reputation framework for identifying denial of traffic service in internet of connected vehicles. IEEE Internet Things J 7:3901–3909. https://doi.org/10.1109/JIOT.2019.2951620

    Article  Google Scholar 

  58. Tian Z, Shi W, Wang Y et al (2019) Real-Time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Trans Industr Inf 15:4285–4294. https://doi.org/10.1109/TII.2019.2907754

    Article  Google Scholar 

  59. University of New Nrunswick NSL-KDD (2020) http://nsl.cs.unb.ca/NSL-KDD/

  60. Vapnik V (1998) Statistical learning theory. Wiley, Hoboken

    MATH  Google Scholar 

  61. Wang D, Chen D, Song B et al (2018) From IoT to 5G I-IoT: the next generation IoT-based intelligent algorithms and 5G technologies. IEEE Commun Mag 56:114–120. https://doi.org/10.1109/MCOM.2018.1701310

    Article  Google Scholar 

  62. Wang S, Li M, Hu N et al (2019) K-means clustering with incomplete data. IEEE Access 7:69162–69171. https://doi.org/10.1109/ACCESS.2019.2910287

    Article  Google Scholar 

  63. Wu X, Khosravi MR, Qi L et al (2020) Locally private frequency estimation of physical symptoms for infectious disease analysis in Internet of Medical Things. Comput Commun 162:139–151. https://doi.org/10.1016/j.comcom.2020.08.015

    Article  Google Scholar 

  64. Xiao L, Wan X, Dai C et al (2018) Security in mobile edge caching with reinforcement learning. IEEE Wirel Commun 25:116–122. https://doi.org/10.1109/MWC.2018.1700291

    Article  Google Scholar 

  65. Xue L, Yu Y, Li Y et al (2019) Efficient attribute-based encryption with attribute revocation for assured data deletion. Inf Sci 479:640–650. https://doi.org/10.1016/j.ins.2018.02.015

    Article  MATH  Google Scholar 

  66. Yousefi-Azar M, Varadharajan V, Hamey L, Tupakula U (2017) Autoencoder-based feature learning for cyber security applications. In: 2017 International Joint Conference on Neural Networks (IJCNN). IEEE, pp 3854–3861

  67. Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in Internet of Things. J Netw Comput Appl 84:25–37. https://doi.org/10.1016/j.jnca.2017.02.009

    Article  Google Scholar 

  68. Zetter K (2016) Inside the Cunning, Unprecedented Hack of Ukraines Power Grid. https://www.wired.com/2016/03/inside-cunning-%0Aunprecedented-hack-ukraines-power-grid/%0A

  69. SimpleMKL Toolbox (2008) http://asi.insa-rouen.fr/enseignants/~arakoto/code/mklindex.html

Download references

Acknowledgements

Acknowledgements and Reference heading should be left justified, bold, with the first letter capitalized but have no numbers. Text below continues as normal. Authors should thank those who contributed to the article but cannot be listed as an author.

Funding

Authors should describe sources of funding that have supported the work, including specific grant numbers, initials of authors who received the grant, and the URLs to sponsors’ websites. If there is no funding support, please write "The author(s) received no specific funding for this study. This work was supported by National Natural Science Foundation of China (Grant no. 61976064).

Author information

Authors and Affiliations

  1. Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, China

    Ning Hu, Zhihong Tian & Hui Lu

  2. Department of Computer and Information Sciences, Temple University, Philadelphia, USA

    Xiaojiang Du

  3. Computer Science and Engineering Department, Qatar University, Doha, Qatar

    Mohsen Guizani

Authors
  1. Ning Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhihong Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hui Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaojiang Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohsen Guizani
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Methodology: NH; project administration: ZT; conceptualization: HL, XD and MG: all authors have read and agreed to the published version of the manuscript.

Corresponding author

Correspondence to Hui Lu.

Ethics declarations

Conflicts of interest

The authors declare that they have no conflicts of interest to report regarding the present study. The authors claim that none of the material in the paper has been published or is under consideration for publication elsewhere.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hu, N., Tian, Z., Lu, H. et al. A multiple-kernel clustering based intrusion detection scheme for 5G and IoT networks. Int. J. Mach. Learn. & Cyber. 12, 3129–3144 (2021). https://doi.org/10.1007/s13042-020-01253-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13042-020-01253-w

Keywords

Search

Navigation