Abstract
The 5G network provides higher bandwidth and lower latency for edge IoT devices to access the core business network. But at the same time, it also expands the attack surface of the core network, which makes the enterprise network face greater security threats. To protect the security of core business, the network infrastructure must be able to recognize not only the known abnormal traffic, but also new emerging threats. Intrusion Detection Systems (IDSs) are widely used to protect the core network against external intrusions. Most of the existing research works design anomaly detection models for a specific set of traffic attributes. In fact, it is difficult for us to find the specific correspondence between traffic attributes and attack behaviors. Worse, some traffic attributes will be missing in the IoT environment, which further increases the difficulty of anomaly analysis. In traditional solutions, the missing attributes are usually filled with zero or mean values. Sometimes, the attributes are directly discarded. Both of these methods may result in lower detection accuracy. To solve this problem, we propose an intrusion detection method based on multiple-kernel clustering (MKC) algorithms. Be different from zero value filling and mean value filling, the proposed method completes the absent traffic property through similarity calculation. Experimental results show that this method can effectively improve the clustering accuracy of incomplete sampled data, at the same time it can reduce the sensitivity of the anomaly detection model to the selection of traffic feature, and has a better tolerance for poor-quality traffic sampled data.
Similar content being viewed by others
References
Agarwal R, Joshi MV (2001) PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection). Report No 10598:1–17. https://doi.org/10.1137/1.9781611972719.29
Ahmim A, Maglaras L, Ferrag MA, et al (2019) A novel hierarchical intrusion detection system based on decision tree and rules-based models. In: 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). IEEE, pp 228–233
Al-Garadi MA, Mohamed A, Al-Ali AK et al (2020) A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun Surv Tutor 22:1646–1685. https://doi.org/10.1109/COMST.2020.2988293
Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303. https://doi.org/10.1016/j.eswa.2016.09.041
Anderson JA (1995) An introduction to neural networks. MIT Press, Cambridge
Anderson JP (1980) Computer security threat monitoring and surveillance. James P. Anderson Co., Fort Washington
Aryal S, Santosh KC, Dazeley R (2020) usfAD: a robust anomaly detector based on unsupervised stochastic forest. Int J Mach Learn Cybernet. https://doi.org/10.1007/s13042-020-01225-0
Awid dataset wireless security datasets project (2020) http://icsdweb.aegean.gr/awid/features.html
Baba NM, Makhtar M, Fadzli SA, Awang MK (2015) Current issues in ensemble methods and its applications. J Theoret Appl Inf Technol 81:266–276
Benkhelifa E, Welsh T, Hamouda W (2018) A critical review of practices and challenges in intrusion detection systems for IoT: toward universal and resilient systems. IEEE Commun Surv Tutor 20:3496–3509. https://doi.org/10.1109/COMST.2018.2844742
Bosman HHWJ, Iacca G, Tejada A et al (2015) Ensembles of incremental learners to detect anomalies in ad hoc sensor networks. Ad Hoc Netw 35:14–36. https://doi.org/10.1016/j.adhoc.2015.07.013
Caminero G, Lopez-Martin M, Carro B (2019) Adversarial environment reinforcement learning algorithm for intrusion detection. Comput Netw 159:96–109. https://doi.org/10.1016/j.comnet.2019.05.013
Chen S, Peng M, Xiong H, Yu X (2016) SVM intrusion detection model based on compressed sampling. J Electr Comput Eng 2016:1–6. https://doi.org/10.1155/2016/3095971
Chettri L, Bera R (2020) A comprehensive survey on internet of things (IoT) toward 5G wireless systems. IEEE Internet Things J 7:16–32. https://doi.org/10.1109/JIOT.2019.2948888
Chinese Software Developer Network UNSW_NB15 (2020) https://download.csdn.net/download/asialeebird/10795133
D’Agostini G (1995) A multidimensional unfolding method based on Bayes’ theorem. Nucl Instrum Methods Phys Res, Sect A 362:487–498. https://doi.org/10.1016/0168-9002(95)00274-X
Deng Z, Zhu X, Cheng D et al (2016) Efficient k NN classification algorithm for big data. Neurocomputing 195:143–148. https://doi.org/10.1016/j.neucom.2015.08.112
Dieudonné J (1969) Foundations of modern analysis. Academic Press, Cambridge
Du XJ, Wu D (2006) Adaptive cell relay routing protocol for mobile ad hoc networks. IEEE Trans Veh Technol 55:278–285. https://doi.org/10.1109/TVT.2005.861196
Dyn (2016) Incident Report for Oracle + Dyn. https://www.dynstatus.com/incidents/5r9mppc1kb77
Fossaceca JM, Mazzuchi TA, Sarkani S (2015) MARK-ELM: application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Syst Appl 42:4062–4080. https://doi.org/10.1016/j.eswa.2014.12.040
Fourati H, Maaloul R, Chaari L (2020) A survey of 5G network systems: challenges and machine learning approaches. Int J Mach Learn Cybernet. https://doi.org/10.1007/s13042-020-01178-4
Gao N, Gao L, Gao Q, Wang H (2014) An intrusion detection model based on deep belief networks. In: 2014 Second international conference on advanced cloud and big data, IEEE, pp 247–252
Garg S, Kaur K, Kumar N et al (2019) A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Trans Netw Serv Manage 16:924–935. https://doi.org/10.1109/TNSM.2019.2927886
Gönen M, Alpaydın E (2011) Multiple kernel learning algorithms. J Mach Learn Res 12:2211–2268
Gouveia A, Correia M (2017) A systematic approach for the application of restricted Boltzmann machines in network intrusion detection. In: Rojas I, Joya G, Catala A (eds) Advances in computational intelligence. Springer International Publishing, Cham, pp 432–446
Gu J, Sun B, Du X et al (2018) Consortium Blockchain-based malware detection in mobile devices. IEEE Access 6:12118–12128. https://doi.org/10.1109/ACCESS.2018.2805783
Guo Y, Ji T, Wang Q et al (2020) Unsupervised anomaly detection in IoT systems for smart cities. IEEE Trans Netw Sci Eng. https://doi.org/10.1109/TNSE.2020.3027543
Haykin S (1999) Neural networks: a comprehensive foundation, 2nd edn. Prentice Hall, Hoboken
Heberlein LT, Dias GV, Levitt KN, et al (1990) A network security monitor. In: Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy, IEEE, pp 296–304
Iam-On N (2020) Clustering data with the presence of attribute noise: a study of noise completely at random and ensemble of multiple k-means clusterings. Int J Mach Learn Cybernet 11:491–509. https://doi.org/10.1007/s13042-019-00989-4
Illy P, Kaddoum G, Miranda Moreira C et al (2019) Securing Fog-to-Things environment using intrusion detection system based on ensemble learning. In: 2019 IEEE wireless communications and networking conference (WCNC), IEEE, pp 1–7
ITU (2017) Minimum requirements related to technical performance for IMT-2020 radio interface(s)
Kim J, Kim J, Thi Thu H Le, Kim H (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE, pp 1–5
Li R, Li X, Lin C, Collinson M, and Mao R (2019) A Stable Variational Autoencoder for Text Modeling. In: The 12th International Conference on Natural Language Generation (INLG). SIGGEN, pp 594–599
Li, R, Lin C, Collinson M, Li X, and Chen G (2019) A Dual-Attention Hierarchical Recurrent Neural Network for Dialogue Act Classification. In: The 23rd Conference on Computational Natural Language Learning (CoNLL), SIGNLL, pp 383–392
Li X, Lin C, Wang C, Li R, and Guerin F. Latent Space Factorisation and Manipulation via Matrix Subspace Projection (2020). In: The 37th International Conference on Machine Learning (ICML), PMLR, pp 5916–5926
Li M, Sun Y, Lu H et al (2019) Deep reinforcement learning for partially observable data poisoning attack in crowdsensing systems. IEEE Internet Things J 2019:1–1. https://doi.org/10.1109/jiot.2019.2962914
Liang J, Ma M, Sadiq M, Yeung K-H (2019) A filter model for intrusion detection system in Vehicle Ad Hoc Networks: a hidden Markov methodology. Knowl-Based Syst 163:611–623. https://doi.org/10.1016/j.knosys.2018.09.022
Liu X, Gao W, Zhu X et al (2019) Multiple Kernel k-means with incomplete Kernels. IEEE Trans Pattern Anal Mach Intell. https://doi.org/10.1109/TPAMI.2019.2892416
Meng S, Huang W, Yin X et al (2020) Security-aware dynamic scheduling for real-time optimization in cloud-based industrial applications. IEEE Trans Industr Inf. https://doi.org/10.1109/TII.2020.2995348
Ming Zhang, Xiaojiang Du, Nygard K (2005) Improving coverage performance in sensor networks by using mobile sensors. In: MILCOM 2005–2005 IEEE military communications conference, IEEE, pp 3335–3341
Minh HQ, Niyogi P, Yao Y (2006) Mercer’s Theorem, feature maps, and smoothing, pp 154–168
Mitchell T (1997) Machine learning. McGraw Hill, Hoboken
Nuo Y (2018) A novel selection method of network intrusion optimal route detection based on naive Bayesian. Int J Appl Dec Sci 11:1. https://doi.org/10.1504/IJADS.2018.088631
Qi L, Hu C, Zhang X et al (2020) Privacy-aware data fusion and prediction with spatial-temporal context for smart city industrial environment. IEEE Trans Industr Inf. https://doi.org/10.1109/TII.2020.3012157
Qiu J, Tian Z, Du C et al (2020) A survey on access control in the age of internet of things. IEEE Internet Things J 7:4682–4696. https://doi.org/10.1109/JIOT.2020.2969326
Reynolds D (2009) Gaussian Mixture Models. In: Encyclopedia of Biometrics. Springer US, Boston, pp 659–66
Rodriguez A, Laio A (2014) Clustering by fast search and find of density peaks. Science 344:1492–1496. https://doi.org/10.1126/science.1242072
Schölkopf B, Smola A, Müller K-R (1998) Nonlinear component analysis as a kernel Eigenvalue problem. Neural Comput 10:1299–1319. https://doi.org/10.1162/089976698300017467
Senthilnayaki B, Venkatalakshmi K, Kannan A (2019) Intrusion detection system using fuzzy rough set feature selection and modified KNN classifier. Int Arab J Inf Technol 16:746–753
Shafiq M, Tian Z, Bashir AK et al (2020) CorrAUC: a malicious Bot-IoT traffic detection method in IoT network using machine learning techniques. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.3002255
Shah R, Qian Y, Kumar D et al (2017) Network intrusion detection through discriminative feature selection by using sparse logistic regression. Future Internet 9:81. https://doi.org/10.3390/fi9040081
Singh T, Kumar N (2020) Machine learning models for intrusion detection in IoT environment: a comprehensive review. Comput Commun. https://doi.org/10.1016/j.comcom.2020.02.001
Soucy P, Mineau GW(2001) A simple KNN algorithm for text categorization. In: Proceedings 2001 IEEE International Conference on Data Mining. IEEE Comput. Soc, pp 647–648
Swarnkar M, Hubballi N (2016) OCPAD: one class Naive Bayes classifier for payload based anomaly detection. Expert Syst Appl 64:330–339. https://doi.org/10.1016/j.eswa.2016.07.036
Tian Z, Gao X, Su S, Qiu J (2020) Vcash: a novel reputation framework for identifying denial of traffic service in internet of connected vehicles. IEEE Internet Things J 7:3901–3909. https://doi.org/10.1109/JIOT.2019.2951620
Tian Z, Shi W, Wang Y et al (2019) Real-Time lateral movement detection based on evidence reasoning network for edge computing environment. IEEE Trans Industr Inf 15:4285–4294. https://doi.org/10.1109/TII.2019.2907754
University of New Nrunswick NSL-KDD (2020) http://nsl.cs.unb.ca/NSL-KDD/
Vapnik V (1998) Statistical learning theory. Wiley, Hoboken
Wang D, Chen D, Song B et al (2018) From IoT to 5G I-IoT: the next generation IoT-based intelligent algorithms and 5G technologies. IEEE Commun Mag 56:114–120. https://doi.org/10.1109/MCOM.2018.1701310
Wang S, Li M, Hu N et al (2019) K-means clustering with incomplete data. IEEE Access 7:69162–69171. https://doi.org/10.1109/ACCESS.2019.2910287
Wu X, Khosravi MR, Qi L et al (2020) Locally private frequency estimation of physical symptoms for infectious disease analysis in Internet of Medical Things. Comput Commun 162:139–151. https://doi.org/10.1016/j.comcom.2020.08.015
Xiao L, Wan X, Dai C et al (2018) Security in mobile edge caching with reinforcement learning. IEEE Wirel Commun 25:116–122. https://doi.org/10.1109/MWC.2018.1700291
Xue L, Yu Y, Li Y et al (2019) Efficient attribute-based encryption with attribute revocation for assured data deletion. Inf Sci 479:640–650. https://doi.org/10.1016/j.ins.2018.02.015
Yousefi-Azar M, Varadharajan V, Hamey L, Tupakula U (2017) Autoencoder-based feature learning for cyber security applications. In: 2017 International Joint Conference on Neural Networks (IJCNN). IEEE, pp 3854–3861
Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in Internet of Things. J Netw Comput Appl 84:25–37. https://doi.org/10.1016/j.jnca.2017.02.009
Zetter K (2016) Inside the Cunning, Unprecedented Hack of Ukraines Power Grid. https://www.wired.com/2016/03/inside-cunning-%0Aunprecedented-hack-ukraines-power-grid/%0A
SimpleMKL Toolbox (2008) http://asi.insa-rouen.fr/enseignants/~arakoto/code/mklindex.html
Acknowledgements
Acknowledgements and Reference heading should be left justified, bold, with the first letter capitalized but have no numbers. Text below continues as normal. Authors should thank those who contributed to the article but cannot be listed as an author.
Funding
Authors should describe sources of funding that have supported the work, including specific grant numbers, initials of authors who received the grant, and the URLs to sponsors’ websites. If there is no funding support, please write "The author(s) received no specific funding for this study. This work was supported by National Natural Science Foundation of China (Grant no. 61976064).
Author information
Authors and Affiliations
Contributions
Methodology: NH; project administration: ZT; conceptualization: HL, XD and MG: all authors have read and agreed to the published version of the manuscript.
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that they have no conflicts of interest to report regarding the present study. The authors claim that none of the material in the paper has been published or is under consideration for publication elsewhere.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations
Rights and permissions
About this article
Cite this article
Hu, N., Tian, Z., Lu, H. et al. A multiple-kernel clustering based intrusion detection scheme for 5G and IoT networks. Int. J. Mach. Learn. & Cyber. 12, 3129–3144 (2021). https://doi.org/10.1007/s13042-020-01253-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13042-020-01253-w