Skip to main content
SpringerLink
Log in

TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

In the recent years, the Internet of Things has been becoming a vulnerable target of intrusion attacks. As the academia and industry move towards bringing the Internet of Things (IoT) to every sector of our lives, much attention needs to be given to develop advanced Intrusion Detection Systems (IDS) to detect such attacks. In this work, we propose a novel network-based intrusion detection method which learns patterns of benign flows in a temporal codebook. Based on the temporally learnt codebook, we propose a feature representation method to transform the raw flow-based statistical features into more discriminative representations, called TempoCode-IoT. We develop an ensemble of machine learning-based classifiers optimized to discriminate the malicious flows from the benign ones, based on the proposed TempoCode-IoT. The effectiveness of the proposed method is empirically evaluated on a state-of-the-art realistic intrusion detection dataset as well as on a real botnet-infected IoT dataset, achieving high accuracies and low false positive rates across a variety of intrusion attacks. Moreover, the proposed method outperforms several state-of-the-art works based on the used datasets, proving the effectiveness of Tempo-Code-IoT over raw flow features, both in terms of accuracies and processing speeds.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Aldwairi, T., Perera, D., Novotny, M.A.: An evaluation of the performance of restricted boltzmann machines as a model for anomaly network intrusion detection. Comput. Netw. 144, 111–119 (2018)

    Article  Google Scholar 

  2. Almi’ani, M., Ghazleh, A.A., Al-Rahayfeh, A., Razaque, A.: Intelligent intrusion detection system using clustered self organized map. In: 2018 Fifth international conference on software defined systems (SDS), pp. 138–144 (2018)

  3. Aloqaily, M., Otoum, S., Ridhawi, I.A., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks 90, 101842 (2019). Recent advances on security and privacy in Intelligent Transportation Systems

  4. Arthur, D., Vassilvitskii, S.: How slow is the k-means method? In: Proceedings of the twenty-second annual symposium on computational geometry, SCG ’06, p. 144-153. Association for Computing Machinery, New York, NY, USA (2006). https://doi.org/10.1145/1137856.1137880

  5. Atli, B.G., Miche, Y., Jung, A.: Network intrusion detection using flow statistics. In: 2018 IEEE Statistical Signal Processing Workshop (SSP), pp. 70–74 (2018)

  6. Awad, M., Khanna, R.: Support Vector Machines for Classification, pp. 39–66. Apress, Berkeley, CA (2015)

    Google Scholar 

  7. Bottou, L., Chapelle, O., DeCoste, D., Weston, J.: Support Vector Machine Solvers, pp. 1–27 (2007)

  8. Boukerche, A., Jucá, K.R.L., Notare, M.S.M.A., Sobral, J.B.M.: Biological inspired based intrusion detection models for mobile telecommunication systems. In: Olariu, S., Zomaya, A.Y. (eds.) Handbook of Bioinspired Algorithms and Applications. Chapman and Hall/CRC, New York (2005)

    Google Scholar 

  9. Boukerche, A., Jucá, K.R.L., Sobral, JaB, Annoni Notare, M.S.M.: An artificial immune based intrusion detection model for computer and telecommunication systems. Parallel Comput 30(5–6), 629–646 (2004)

    Article  Google Scholar 

  10. Boukerche, A., Machado, R.B., Jucá, K.R.L., Sobral, JaBM, Notare, M.S.M.A.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Comput. Commun. 30(13), 2649–2660 (2007)

    Article  Google Scholar 

  11. Breiman, L.: Bagging predictors. Mach. Learn. 24(2), 123–140 (1996)

    MATH  Google Scholar 

  12. Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Min. Knowl. Discov. 2(2), 121–167 (1998)

    Article  Google Scholar 

  13. Csurka, G., Dance, C.R., Fan, L., Willamowski, J., Bray, C.: Visual Categorization with bags of keypoints. In: Workshop on statistical learning in computer vision, ECCV, pp. 1–22 (2004)

  14. Gil, G.D., Lashkari, A.H., Mamun, M., Ghorbani, A.A.: Characterization of encrypted and vpn traffic using time-related features. In: 2nd International conference on information systems security and privacy (ICISSP 2016), pp. 407–414 (2016)

  15. Ioannou, C., Vassiliou, V.: An intrusion detection system for constrained wsn and iot nodes based on binary logistic regression. In: Proceedings of the 21st ACM international conference on modeling, analysis and simulation of wireless and mobile systems, MSWIM ’18, p. 259-263. Association for Computing Machinery, New York, NY, USA (2018)

  16. Kaspersky: Kaspersky lab ddos intelligence quarterly report: amplification attacks and old botnets make a comeback (2018). “https://www.kaspersky.com/about/press-releases/2018-amplification-attacks-and-old-botnets”. Accessed 29 October 2018

  17. Lee, W., Rezapour, A., Tzeng, W.: Monsieur poirot: detecting botnets using re-identification algorithm and nontrivial feature selection technique. In: 2018 IEEE international conference on communications (ICC), pp. 1–6 (2018)

  18. Lin, W.C., Ke, S.W., Tsai, C.F.: Cann: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl.-Based Syst. 78, 13–21 (2015)

    Article  Google Scholar 

  19. Machado, R.B., Boukerche, A., Sobral, J.B.M., Jucá, K.R.L., Notare, M.S.M.A.: A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations. In: 19th International parallel and distributed processing symposium (IPDPS 2005), CD-ROM / Abstracts Proceedings, 4-8 April 2005, Denver, CO, USA. IEEE Computer Society (2005)

  20. Marir, N., Wang, H., Feng, G., Li, B., Jia, M.: Distributed abnormal behavior detection approach based on deep belief network and ensemble svm using spark. IEEE Access 6, 59657–59671 (2018)

    Article  Google Scholar 

  21. Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Shabtai, A., Breitenbacher, D., Elovici, Y.: N-baiot: network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)

    Article  Google Scholar 

  22. Micro, T.: Ddos—security news—trend micro usa. https://www.trendmicro.com/vinfo/us/security/news/ddos

  23. Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: 25th Annual network and distributed system security symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018 (2018)

  24. Moustafa, N., Turnbull, B., Choo, K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2871719

    Article  Google Scholar 

  25. Nõmm, S., Bahsi, H.: Unsupervised anomaly based botnet detection in iot networks. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA), pp. 1048–1053 (2018)

  26. Nanni, L., Lumini, A.: Heterogeneous bag-of-features for object/scene recognition. Appl. Soft Comput. 13(4), 2171–2178 (2013)

    Article  Google Scholar 

  27. Nofal, R.A., Tran, N., Garcia, C., Liu, Y., Dezfouli, B.: A comprehensive empirical analysis of tls handshake and record layer on iot platforms. In: Proceedings of the 22nd international ACM conference on modeling, analysis and simulation of wireless and mobile systems, MSWIM ’19, p. 61-70. Association for Computing Machinery, New York, NY, USA (2019)

  28. Osborne, C., Day, Z.: The most interesting internet-connected vehicle hacks on record. https://www.zdnet.com/article/these-are-the-most-interesting-ways-to-hack-internet-connected-vehicles/

  29. Otoum, S., Kantarci, B., Mouftah, H.: Empowering reinforcement learning on big sensed data for intrusion detection. In: ICC 2019 - 2019 IEEE international conference on communications (ICC), pp. 1–7 (2019)

  30. Otoum, S., Kantarci, B., Mouftah, H.T.: On the feasibility of deep learning in sensor network intrusion detection. IEEE Netw. Lett. 1(2), 68–71 (2019)

    Article  Google Scholar 

  31. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  32. Restuccia, F., D’Oro, S., Melodia, T.: Securing the internet of things in the age of machine learning and software-defined networking. IEEE Internet Things J. 5(6), 4829–4842 (2018)

    Article  Google Scholar 

  33. Sedjelmaci, H., Senouci, S.M., Abu-Rgheff, M.A.: An efficient and lightweight intrusion detection mechanism for service-oriented vehicular networks. IEEE Internet Things J. 1(6), 570–577 (2014)

    Article  Google Scholar 

  34. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 4th International conference on information systems security and privacy (ICISSP) (2018)

  35. Shasha, S., Mahmoud, M., Mannan, M., Youssef, A.: Playing with danger: A taxonomy and evaluation of threats to smart toys. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2877749

    Article  Google Scholar 

  36. Siddiqui, A.J., Boukerche, A.: Encoded flow features for network intrusion detection in internet of things. In: 2020 IEEE 17th annual consumer communications networking conference (CCNC), pp. 1–6 (2020)

  37. Soundar Raja James, R.J.P., Albasir, A.A., Naik, K., Zaman, M., Goel, N.: A power signal based dynamic approach to detecting anomalous behavior in wireless devices. In: Proceedings of the 16th ACM international symposium on mobility management and wireless access, MobiWac’18, p. 9-18. Association for Computing Machinery, New York, NY, USA (2018)

  38. Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995)

    Book  Google Scholar 

  39. Venkata Abhishek, N., Tandon, A., Lim, T.J., Sikdar, B.: Detecting forwarding misbehavior in clustered iot networks. In: Proceedings of the 14th ACM international symposium on QoS and security for wireless and mobile networks, Q2SWinet’18, p. 1-6. Association for Computing Machinery, New York, NY, USA (2018)

  40. Yao, H., Fu, D., Zhang, P., Li, M., Liu, Y.: Msml: a novel multi-level semi-supervised machine learning framework for intrusion detection system. IEEE Internet Things J. (2018). https://doi.org/10.1109/JIOT.2018.2873125

    Article  Google Scholar 

  41. Zhang, J., Chen, C., Xiang, Y., Zhou, W., Xiang, Y.: Internet traffic classification by aggregating correlated naive bayes predictions. IEEE Trans. Inform. Forensics Sec. 8(1), 5–15 (2013)

    Article  Google Scholar 

  42. Zheng, J., Hu, M.: An anomaly intrusion detection system based on vector quantization. IEICE Trans. Inf. Syst. E89–D(1), 201–210 (2006)

    Article  Google Scholar 

  43. Zhou, Z.H.: Ensemble Learning, pp. 270–273. Springer US, Boston, MA (2009)

    Google Scholar 

Download references

Acknowledgements

This work is partially supported by NSERC CREATE TRANSIT, NSERC DIVA Strategic Research Network and Canada Research Chairs Program.

Author information

Authors and Affiliations

  1. PARADISE Lab, School of Electrical and Computer Engineering, University of Ottawa, Ottawa, Canada

    Abdul Jabbar Siddiqui & Azzedine Boukerche

Authors
  1. Abdul Jabbar Siddiqui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azzedine Boukerche
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abdul Jabbar Siddiqui.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Siddiqui, A.J., Boukerche, A. TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things. Cluster Comput 24, 17–35 (2021). https://doi.org/10.1007/s10586-020-03153-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03153-8

Keywords

Search

Navigation