Cargando…

SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks

The Internet of Things (IoT) offers unprecedented opportunities to access anything from anywhere and at any time. It is, therefore, not surprising that the IoT acts as a paramount infrastructure for most modern and envisaged systems, including but not limited to smart homes, e-health, and intelligen...

Descripción completa

Detalles Bibliográficos
Autor principal: Baz, Mohammed
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2022
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9460002/
https://www.ncbi.nlm.nih.gov/pubmed/36080962
http://dx.doi.org/10.3390/s22176505
_version_ 1784786643892305920
author Baz, Mohammed
author_facet Baz, Mohammed
author_sort Baz, Mohammed
collection PubMed
description The Internet of Things (IoT) offers unprecedented opportunities to access anything from anywhere and at any time. It is, therefore, not surprising that the IoT acts as a paramount infrastructure for most modern and envisaged systems, including but not limited to smart homes, e-health, and intelligent transportation systems. However, the prevalence of IoT networks and the important role they play in various critical aspects of our lives make them a target for various types of advanced cyberattacks: Dyn attack, BrickerBot, Sonic, Smart Deadbolts, and Silex are just a few examples. Motivated by the need to protect IoT networks, this paper proposes SEHIDS: Self Evolving Host-based Intrusion Detection System. The underlying approach of SEHIDS is to equip each IoT node with a simple Artificial Neural Networks (ANN) architecture and a lightweight mechanism through which an IoT device can train this architecture online and evolves it whenever its performance prediction is degraded. By this means, SEHIDS enables each node to generate the ANN architecture required to detect the threats it faces, which makes SEHIDS suitable for the heterogeneity and turbulence of traffic amongst nodes. Moreover, the gradual evolution of the SEHIDS architecture facilitates retaining it to its near-minimal configurations, which saves the resources required to compute, store, and manipulate the model’s parameters and speeds up the convergence of the model to the zero-classification regions. It is noteworthy that SEHIDS specifies the evolving criteria based on the outcomes of the built-in model’s loss function, which is, in turn, facilitates using SEHIDS to develop the two common types of IDS: signature-based and anomaly-based. Where in the signature-based IDS version, a supervised architecture (i.e., multilayer perceptron architecture) is used to classify different types of attacks, while in the anomaly-based IDS version, an unsupervised architecture (i.e., replicator neuronal network) is used to distinguish benign from malicious traffic. Comprehensive assessments for SEHIDS from different perspectives were conducted with three recent datasets containing a variety of cyberattacks targeting IoT networks: BoT-IoT, TON-IOT, and IoTID20. These results of assessments demonstrate that SEHIDS is able to make accurate predictions of 1 True Positive and is suitable for IoT networks with the order of small fractions of the resources of typical IoT devices.
format Online
Article
Text
id pubmed-9460002
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-94600022022-09-10 SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks Baz, Mohammed Sensors (Basel) Article The Internet of Things (IoT) offers unprecedented opportunities to access anything from anywhere and at any time. It is, therefore, not surprising that the IoT acts as a paramount infrastructure for most modern and envisaged systems, including but not limited to smart homes, e-health, and intelligent transportation systems. However, the prevalence of IoT networks and the important role they play in various critical aspects of our lives make them a target for various types of advanced cyberattacks: Dyn attack, BrickerBot, Sonic, Smart Deadbolts, and Silex are just a few examples. Motivated by the need to protect IoT networks, this paper proposes SEHIDS: Self Evolving Host-based Intrusion Detection System. The underlying approach of SEHIDS is to equip each IoT node with a simple Artificial Neural Networks (ANN) architecture and a lightweight mechanism through which an IoT device can train this architecture online and evolves it whenever its performance prediction is degraded. By this means, SEHIDS enables each node to generate the ANN architecture required to detect the threats it faces, which makes SEHIDS suitable for the heterogeneity and turbulence of traffic amongst nodes. Moreover, the gradual evolution of the SEHIDS architecture facilitates retaining it to its near-minimal configurations, which saves the resources required to compute, store, and manipulate the model’s parameters and speeds up the convergence of the model to the zero-classification regions. It is noteworthy that SEHIDS specifies the evolving criteria based on the outcomes of the built-in model’s loss function, which is, in turn, facilitates using SEHIDS to develop the two common types of IDS: signature-based and anomaly-based. Where in the signature-based IDS version, a supervised architecture (i.e., multilayer perceptron architecture) is used to classify different types of attacks, while in the anomaly-based IDS version, an unsupervised architecture (i.e., replicator neuronal network) is used to distinguish benign from malicious traffic. Comprehensive assessments for SEHIDS from different perspectives were conducted with three recent datasets containing a variety of cyberattacks targeting IoT networks: BoT-IoT, TON-IOT, and IoTID20. These results of assessments demonstrate that SEHIDS is able to make accurate predictions of 1 True Positive and is suitable for IoT networks with the order of small fractions of the resources of typical IoT devices. MDPI 2022-08-29 /pmc/articles/PMC9460002/ /pubmed/36080962 http://dx.doi.org/10.3390/s22176505 Text en © 2022 by the author. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Baz, Mohammed
SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks
title SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks
title_full SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks
title_fullStr SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks
title_full_unstemmed SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks
title_short SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks
title_sort sehids: self evolving host-based intrusion detection system for iot networks
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9460002/
https://www.ncbi.nlm.nih.gov/pubmed/36080962
http://dx.doi.org/10.3390/s22176505
work_keys_str_mv AT bazmohammed sehidsselfevolvinghostbasedintrusiondetectionsystemforiotnetworks