ABSTRACT
Internet of Things (IoT) is a global network that connects various types of objects "things" via internet. It becomes a core technology for various applications and more and more embedded within our daily lives and businesses. As the technology grows and evolves a number of issues will arise and be focused on in IoT, Security is one of the central issues in IoT in the last decade. However, most of today's IoT intrusion detection systems suffer from high false alarms rate with moderate accuracy and detection rates when it's not able to detect all types of IoT intrusions correctly. To overcome this problem, hybrid techniques are used. In this paper, hybrid learning approach combining partitioning clustering techniques with Hidden Markov Model (HMM) is proposed. Experimental results show that the proposed approach using K-Medoids has improved the detection rate as well as decreased the false positive rate.
- Shanzhi Chen, Hui Xu, Dake Liu, Bo Hu, Hucheng Wang," A Vision of IoT: Applications, Challenges, and Opportunities with China Perspective", IEEE Internet of Things Journal, Vol. 1, No. 4, August 2014.Google ScholarCross Ref
- A. Patcha and J-M Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer Network, 2007. Google ScholarDigital Library
- Al-Jarrah, O. Y., Alhussein, O., Yoo, P. D., Muhaidat, S., Taha, K., & Kim, K. (2016). Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE transactions on cybernetics, 46(8), 1796--1806 Hidden Markov Models." International Journal of Computer Science Issues (IJCSI) 15.5 (2018): 12300.Google ScholarCross Ref
- Corrales, D. C., Corrales, J. C., Sanchis, A., & Ledezma, A. (2016, October). Sequential classifiers for network intrusion detection based on data selection process. In Systems, Man, and Cybernetics (SMC), 2016 IEEE International Conference on (pp. 001827--001832). IEEE.Google Scholar
- Lin, W. C., Ke, S. W., & Tsai, C. F. (2015). CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-based systems, 78, 13--21. Google ScholarDigital Library
- Muniyandi, A. P., Rajeswari, R., & Rajaram, R. (2012). Network anomaly detection by cascading k-Means clustering and C4. 5 decision tree algorithm. Procedia Engineering, 30, 174--182Google Scholar
- R. Chitrakar, H. Chuanhe "Anomaly based Intrusion Detection using Hybrid Learning Approach of combining k-Medoids Clustering and Naïve Bayes Classification" In Proceedings of 8th IEEE International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM); (2012), pp. 1--5Google Scholar
- Setiawan, Bambang, Supeno Djanali, and Tohari Ahmad. "A Study on Intrusion Detection Using Centroid-Based Classification." Procedia Computer Science 124 (2017): 672--681.Google ScholarDigital Library
- Au, Wai-Ho, et al. "Attribute clustering for grouping, selection, and classification of gene expression data." IEEE/ACM transactions on computational biology and bioinformatics 2.2 (2005): 83--101. Google ScholarDigital Library
- Syarif, Iwan, Adam Prugel-Bennett, and Gary Wills. "Unsupervised clustering approach for network anomaly detection." International Conference on Networked Digital Technologies. Springer, Berlin, Heidelberg, 2012.Google Scholar
- Z. Ghahramani, "An introduction to hidden Markov models and Bayesian networks," International Journal of Pattern Recognition and Artificial Intelligence, vol. 15, no. 1, pp. 9--42, 2001.Google ScholarDigital Library
- L. E. Baum and T. Petrie, "Statistical inference for probabilistic functions of finite state markov chains," in The AnnaGoogle Scholar
- Sulaiman Alhaidari, Ali Alharbi and Mohamed Zohdy. "Detecting Distributed Denial of Service Attacks Using Hidden Markov Models." International Journal of Computer Science Issues (IJCSI) 15.5 (2018): 12300.Google Scholar
- Pa, Yin Minn Pa, et al. "Iotpot: A novel honeypot for revealing current iot threats." Journal of Information Processing 24.3 (2016): 522--533.Google ScholarCross Ref
- Arndt, Daniel. HOW TO: Calculating Flow Statistics Using NetMate. 4 Dec. 2016, dan.arndt.ca/nims/calculating-flow-statistics-using-netmate/.Google Scholar
- Alharbi, A., Alhaidari, S., Zohdy, M."Denial-of-Service, Probing, User to Root (U2R) & Remote to User (R2L) Attack Detection using Hidden Markov Models" International Journal of Computer and Information Technology (2018).Google Scholar
- Alhaidari, Sulaiman, and Zohdy, Mohamed. " feature pruning method for hidden markov model-based anomaly detection: a comparison of performance." Jordanian Journal of Computers and Information Technology (JJCIT) 4.3 (2018): 175--184.Google Scholar
Index Terms
- Hybrid Learning Approach of Combining Cluster-Based Partitioning and Hidden Markov Model for IoT Intrusion Detection
Recommendations
Intrusion Detection Method Based on Fuzzy Hidden Markov Model
FSKD '09: Proceedings of the 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery - Volume 03Because of the excellent performance of the HMM (Hidden Markov Model), it has been widely used in pattern recognition. Due to the high false alarm rate in the classical intrusion detection system(IDS) based on HMM, a fuzzy approach for the HMM, called ...
Intrusion detection method based on fuzzy hidden Markov model
FSKD'09: Proceedings of the 6th international conference on Fuzzy systems and knowledge discovery - Volume 3Because of the excellent performance of the HMM (Hidden Markov Model), it has been widely used in pattern recognition. Due to the high false alarm rate in the classical intrusion detection system(IDS) based on HMM, a fuzzy approach for the HMM, called ...
Combining incremental Hidden Markov Model and Adaboost algorithm for anomaly intrusion detection
CSI-KDD '09: Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence InformaticsTraditional Hidden Markov Model (HMM) has been successfully applied to anomaly intrusion detection. Incremental HMM (IHMM) further improves the training time of HMM. However, both HMM and IHMM still have the problem of high false positive rate. In this ...
Comments