Hybrid Classifier for Detecting Zero-Day Attacks on IoT Networks
Article Sidebar
PDF
191 views
Main Article Content
Abstract
Recently, Internet of Things (IoT) networks have been exposed to many electronic attacks, giving rise to concerns about the security of these networks, where their weaknesses and gaps can be exploited to access or steal data. These networks are threatened by several cyberattacks, one of which is the zero-day distributed denial-of-service (DDoS) attack, which is considered one of the dangerous attacks targeting network security. As such, it is necessary to find smart solutions to address such attacks swiftly. To address these attacks, this research proposed a hybrid IDS to detect cyber-attacks on IoT networks via machine learning (ML) algorithms, namely, XGBoost, K-nearest neighbors, and stochastic gradient descent (SGD), while classifiers are combined via an ML ensemble. Grid search CV was used to find the best hyperparameters for each classifier at each classification stage. Random projection was used to select the relevant features for training the model. In the evaluation and performance testing phase of the model, two cybersecurity datasets (CIC-IDS2017 and CIC-DDoS2019) were used to test the efficiency of the model in detecting zero-day threats. The best results were obtained for the CIC-DDoS2019 dataset, where 20 features out of the total selection were used. The model was able to achieve an accuracy of 99.91% and an intrusion detection time of 0.22 seconds. The confusion matrix results also revealed a reduction in false alarms. The results and their comparison with those of recent relevant studies demonstrated the effectiveness of the hybrid model in securing IoT networks from zero-day attacks as well as its superiority in terms of accuracy and intrusion detection time. This study is an important step in enhancing security in the IoT environment by presenting a new hybrid model that is capable of dealing with zero-day attacks that are difficult to detect with traditional models.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
S. Ali, S. U. Rehman, A. Imran, G. Adeem, Z. Iqbal, and K.-I. Kim, "Comparative evaluation of ai-based techniques for zero-day attacks detection," Electronics, vol. 11, no. 23, p. 3934, 2022.
Y. Wang, Z. Pan, J. Zheng, L. Qian, and M. Li, "A hybrid ensemble method for pulsar candidate classification," Astrophysics and Space Science, vol. 364, pp. 1-13, 2019.
S. Balasubramaniam et al., "Optimization enabled deep learning-based DDoS attack detection in cloud computing," International Journal of Intelligent Systems, vol. 2023, 2023.
R. Ahmad, I. Alsmadi, W. Alhamdani, and L. a. Tawalbeh, "Zero-day attack detection: a systematic literature review," Artificial Intelligence Review, vol. 56, no. 10, pp. 10733-10811, 2023.
K. Hamid, M. W. Iqbal, M. Aqeel, T. A. Rana, and M. Arif, "Cyber Security: Analysis for Detection and Removal of Zero-Day Attacks (ZDA)," in Artificial Intelligence & Blockchain in Cyber Physical Systems: CRC Press, pp. 172-196.
Y. Mezquita, R. Casado, A. Gonzalez-Briones, J. Prieto, J. M. Corchado, and A. AETiC, "Blockchain technology in IoT systems: review of the challenges," Annals of Emerging Technologies in Computing (AETiC), Print ISSN, pp. 2516-0281, 2019.
A. Jamil, M. Q. Ali, and M. E. A. Alkhalec, "Sinkhole attack detection and avoidance mechanism for RPL in wireless sensor networks," Annals of Emerging Technologies in Computing (AETiC), vol. 5, no. 5, pp. 94-101, 2021.
Z. Mahdi, N. Abdalhussien, N. Mahmood, and R. Zaki, "Detection of Real-Time Distributed Denial-of-Service (DDoS) Attacks on Internet of Things (IoT) Networks Using Machine Learning Algorithms," Computers, Materials and Continua, vol. 80, no. 2, pp. 2139-2159, 2024.
M. H. L. Louk and B. A. Tama, "Dual-IDS: A bagging-based gradient boosting decision tree model for network anomaly intrusion detection system," Expert Systems with Applications, vol. 213, p. 119030, 2023.
N. M. Zaed Mahdi "A Proposed Intrusion Detection System Based on an Improved Random Forest Using a Double Feature Selection Method," Trends in Applied Sciences Research, vol. 19, no. 1, p. 10, 2024.
I. Hidayat, M. Z. Ali, and A. Arshad, "Machine learning-based intrusion detection system: an experimental comparison," Journal of Computational and Cognitive Engineering, vol. 2, no. 2, pp. 88-97, 2023.
M. Roopak, S. Parkinson, G. Y. Tian, Y. Ran, S. Khan, and B. Chandrasekaran, "An Unsupervised Approach for the Detection of Zero-Day DDoS Attacks in IoT Networks."
S. Venkatesan, "Design an intrusion detection system based on feature selection using ML algorithms," Mathematical Statistician and Engineering Applications, vol. 72, no. 1, pp. 702-710, 2023.
N. Tekin, A. Acar, A. Aris, A. S. Uluagac, and V. C. Gungor, "Energy consumption of on-device machine learning models for IoT intrusion detection," Internet of Things, vol. 21, p. 100670, 2023.
U. M. Khaire and R. Dhanalakshmi, "Stability of feature selection algorithm: A review," Journal of King Saud University-Computer and Information Sciences, vol. 34, no. 4, pp. 1060-1073, 2022.
P. Dhal and C. Azad, "A comprehensive survey on feature selection in the various fields of machine learning," Applied Intelligence, vol. 52, no. 4, pp. 4543-4581, 2022.
S. Santhosh Kumar, M. Selvi, and A. Kannan, "A Comprehensive Survey on Machine Learning‐Based Intrusion Detection Systems for Secure Communication in Internet of Things," Computational Intelligence and Neuroscience, vol. 2023, no. 1, p. 8981988, 2023.
O. H. Abdulganiyu, T. Ait Tchakoucht, and Y. K. Saheed, "A systematic literature review for network intrusion detection system (IDS)," International journal of information security, vol. 22, no. 5, pp. 1125-1162, 2023.
K. He, D. D. Kim, and M. R. Asghar, "Adversarial machine learning for network intrusion detection systems: A comprehensive survey," IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 538-566, 2023.
A. M. Koay, R. K. L. Ko, H. Hettema, and K. Radke, "Machine learning in industrial control system (ICS) security: current landscape, opportunities and challenges," Journal of Intelligent Information Systems, vol. 60, no. 2, pp. 377-405, 2023.
M. B. Praveena and A. Devi, "A Survey on Different Methods for Zero-Day Attack Detection in IoT Edge Devices," NATURALISTA CAMPANO, vol. 28, no. 1, pp. 697-703, 2024.
M. Ramzan et al., "Distributed denial of service attack detection in network traffic using deep learning algorithm," Sensors, vol. 23, no. 20, p. 8642, 2023.
M. Mittal, K. Kumar, and S. Behal, "DL-2P-DDoSADF: Deep learning-based two-phase DDoS attack detection framework," Journal of Information Security and Applications, vol. 78, p. 103609, 2023.
S. Farhat, M. Abdelkader, A. Meddeb-Makhlouf, and F. Zarai, "Evaluation of DoS/DDoS Attack Detection with ML Techniques on CIC-IDS2017 Dataset," in ICISSP, 2023, pp. 287-295.
S. Wang, W. Xu, and Y. Liu, "Res-TranBiLSTM: An intelligent approach for intrusion detection in the Internet of Things," Computer Networks, vol. 235, p. 109982, 2023.
Y. K. Beshah, S. L. Abebe, and H. M. Melaku, "Drift Adaptive Online DDoS Attack Detection Framework for IoT System," Electronics, vol. 13, no. 6, p. 1004, 2024.
Z. M. Jiyad, A. Al Maruf, M. M. Haque, M. S. Gupta, A. Ahad, and Z. Aung, "DDoS Attack Classification Leveraging Data Balancing and Hyperparameter Tuning Approach Using Ensemble Machine Learning with XAI," in 2024 Third International Conference on Power, Control and Computing Technologies (ICPC2T), 2024, pp. 569-575: IEEE.
Y. Guo, "A review of Machine Learning-based zero-day attack detection: Challenges and future directions," Computer communications, vol. 198, pp. 175-185, 2023.
T. Zoppi, A. Ceccarelli, and A. Bondavalli, "Unsupervised algorithms to detect zero-day attacks: Strategy and application," Ieee Access, vol. 9, pp. 90603-90615, 2021.
M. Soltani, B. Ousat, M. J. Siavoshani, and A. H. Jahangir, "An adaptable deep learning-based intrusion detection system to zero-day attacks," Journal of Information Security and Applications, vol. 76, p. 103516, 2023.
B. M. Serinelli, A. Collen, and N. A. Nijdam, "On the analysis of open source datasets: validating IDS implementation for well-known and zero day attack detection," Procedia Computer Science, vol. 191, pp. 192-199, 2021.
A. Thakkar and R. Lohiya, "Fusion of statistical importance for feature selection in Deep Neural Network-based Intrusion Detection System," Information Fusion, vol. 90, pp. 353-363, 2023.
R. A. Ramadan and K. Yadav, "A novel hybrid intrusion detection system (IDS) for the detection of internet of things (IoT) network attacks," Annals of Emerging Technologies in Computing (AETiC), Print ISSN, pp. 2516-0281, 2020.
A. Halbouni, T. S. Gunawan, M. H. Habaebi, M. Halbouni, M. Kartiwi, and R. Ahmad, "Machine learning and deep learning approaches for cybersecurity: A review," IEEE Access, vol. 10, pp. 19572-19585, 2022.
I. E. Salem, M. M. Mijwil, A. W. Abdulqader, M. M. Ismaeel, A. Alkhazraji, and A. M. Z. Alaabdin, "Introduction to the data mining techniques in cybersecurity," Mesopotamian journal of cybersecurity, vol. 2022, pp. 28-37, 2022.
L. R. Ali, B. N. Shaker, and S. A. Jebur, "An extensive study of sentiment analysis techniques: A survey," in AIP Conference Proceedings, 2023, vol. 2591, no. 1: AIP Publishing.
L. A. E. Al-saeedi, F. J. Shakir, F. K. Hasan, G. G. Shayea, Y. L. Khaleel, and M. A. J. M. J. o. C. Habeeb, "Artificial Intelligence and Cybersecurity in Face Sale Contracts: Legal Issues and Frameworks," vol. 4, no. 2, pp. 129-142, 2024.
F. K. H. Mihna, M. A. Habeeb, Y. L. Khaleel, Y. H. Ali, and L. A. E. J. M. J. o. C. Al-saeedi, "Using information technology for comprehensive analysis and prediction in forensic evidence," vol. 4, no. 1, pp. 4-16, 2024.
Z. Shao, M. N. Ahmad, and A. Javed, "Comparison of Random Forest and XGBoost Classifiers Using Integrated Optical and SAR Features for Mapping Urban Impervious Surface," Remote Sensing, vol. 16, no. 4, p. 665, 2024.
L. Dhanya and R. Chitra, "A novel autoencoder based feature independent GA optimised XGBoost classifier for IoMT malware detection," Expert Systems with Applications, vol. 237, p. 121618, 2024.
P. Kalyani et al., "RETRACTED ARTICLE: Prediction of patient’s neurological recovery from cervical spinal cord injury through XGBoost learning approach," European Spine Journal, vol. 32, no. 6, pp. 2140-2148, 2023.
V. J. Pandya, "Comparing handwritten character recognition by AdaBoostClassifier and KNeighborsClassifier," in 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN), 2016, pp. 271-274: IEEE.
F. Kabir, S. Siddique, M. R. A. Kotwal, and M. N. Huda, "Bangla text document categorization using stochastic gradient descent (sgd) classifier," in 2015 international conference on cognitive computing and information processing (CCIP), 2015, pp. 1-4: IEEE.
D. Kalimeris et al., "Sgd on neural networks learns functions of increasing complexity," Advances in neural information processing systems, vol. 32, 2019.
M. Lu et al., "A stacking ensemble model of various machine learning models for daily runoff forecasting," Water, vol. 15, no. 7, p. 1265, 2023.
N. Pudjihartono, T. Fadason, A. W. Kempa-Liehr, and J. M. O'Sullivan, "A review of feature selection methods for machine learning-based disease risk prediction," Frontiers in Bioinformatics, vol. 2, p. 927312, 2022.
A. Kabán and H. Reeve, "Structure discovery in PAC-learning by random projections," Machine Learning, pp. 1-46, 2024.
X. Tan, J. Yang, and S. Rahardja, "Sparse random projection isolation forest for outlier detection," Pattern Recognition Letters, vol. 163, pp. 65-73, 2022.
N. M. Zaed Mahdi "Intrusion Detection Methodologies Based on Machine Learning:Feature Selection, Datasets, Performance Measures and Results," presented at the 7th National Conference on New Idea on Electrical Engineering, Isfahan, Iran, January 2023, 2023.
D. Kumar, R. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, "DDoS detection using deep learning," Procedia Computer Science, vol. 218, pp. 2420-2429, 2023.
H. Elubeyd and D. Yiltas-Kaplan, "Hybrid deep learning approach for automatic Dos/DDoS attacks detection in software-defined networks," Applied Sciences, vol. 13, no. 6, p. 3828, 2023.
A. Rosay, E. Cheval, F. Carlier, and P. Leroux, "Network intrusion detection: A comprehensive analysis of CIC-IDS2017," in 8th International Conference on Information Systems Security and Privacy, 2022, pp. 25-36: SCITEPRESS-Science and Technology Publications.
M. Cantone, C. Marocco, and A. Bria, "Generalization Challenges in Network Intrusion Detection: A Study on CIC-IDS2017 and CSE-CIC-IDS2018 Datasets," in 1st INTERNATIONAL PhD SYMPOSIUM ON ENGINEERING AND SPORT SCIENCE, p. 185.
R. Ma, X. Chen, and R. J. E. Zhai, "A DDoS Attack Detection Method Based on Natural Selection of Features and Models," vol. 12, no. 4, p. 1059, 2023.
Z. S. Mahdi, R. M. Zaki, L. J. S. Alzubaidi, and Privacy, "Advanced Hybrid Techniques for Cyberattack Detection and Defense in IoT Networks," p. e471, 2024.
R. M. Zaki, T. W. Khairi, and A. E. Ali, "Secure data sharing based on linear congruetial method in cloud computing," in Next Generation of Internet of Things: Proceedings of ICNGIoT 2021, 2021, pp. 129-140: Springer.