Detecting the Cyber Attacks on IoT-Based Network Devices Using Machine Learning Algorithms

Yıl 2024, ERKEN GÖRÜNÜM, 1 - 1

M. Hanefi Calp , Resul Bütüner

https://doi.org/10.2339/politeknik.1340515

Öz

Today, the number and variety of cyber-attacks on all systems have increased with the widespread use of internet technology. Within these systems, Internet of Things (IoT)-based network devices are especially exposed to a lot of cyber-attacks and are vulnerable to these attacks. This adversely affects the operation of the devices in question, and the data is endangered due to security vulnerabilities. Therefore, in this study, a model that detects cyber-attacks to ensure security with machine learning (ML) algorithms were proposed by using the data obtained from the log records of an IoT-based system. For this, first, the dataset was created, and this dataset was preprocessed and prepared in accordance with the models. Then, Artificial Neural Network (ANN), Random Forest (RF), K-Nearest Neighbor (KNN), Naive Bayes (NB), and Logistic Regression (LR) algorithms were used to create the models. As a result, the best performance to detect cyber-attacks was obtained using the RF algorithm with a rate of 99.6%. Finally, the results obtained from all the models created were compared with other academic studies in the literature and it was seen that the proposed RF model produced very successful results compared to the others. Moreover, this study showed that RF was a promising method of attack detection.

Anahtar Kelimeler

Internet of things, network devices, security, cyber-attack, machine learning

Makine Öğrenimi Algoritmaları Kullanılarak IoT Tabanlı Ağ Cihazlarına Yönelik Siber Saldırıların Tespiti

Öz

Günümüzde internet teknolojisinin yaygınlaşmasıyla birlikte tüm sistemlere yönelik siber saldırıların sayısı ve çeşidi artmıştır. Bu sistemler içerisinde özellikle Nesnelerin İnterneti (IoT) tabanlı ağ cihazları çok sayıda siber saldırıya maruz kalmakta ve bu saldırılara karşı savunmasız kalmaktadır. Bu durum söz konusu cihazların çalışmasını olumsuz etkilemekte ve güvenlik açıkları nedeniyle veriler tehlikeye girmektedir. Bu nedenle bu çalışmada IoT tabanlı bir sistemin log kayıtlarından elde edilen veriler kullanılarak makine öğrenmesi (ML) algoritmaları ile güvenliği sağlamak için siber saldırıları tespit eden bir model önerilmiştir. Bunun için öncelikle veriseti oluşturulmuş ve bu veriseti ön işleme tabi tutularak modellere uygun olarak hazırlanmıştır. Ardından modelleri oluşturmak için Yapay Sinir Ağı (YSA), Rastgele Orman (RF), K-En Yakın Komşu (KNN), Naive Bayes (NB) ve Lojistik Regresyon (LR) algoritmaları kullanılmıştır. Sonuç olarak, siber saldırıları tespit etmede en iyi performans %99.6 ile RF algoritması kullanılarak elde edilmiştir. Son olarak oluşturulan tüm modellerden elde edilen sonuçlar literatürdeki diğer akademik çalışmalarla karşılaştırılmış ve önerilen RF modelinin diğerlerine göre oldukça başarılı sonuçlar ürettiği görülmüştür. Ayrıca, bu çalışma RF'nin gelecek vaat eden bir saldırı tespit yöntemi olduğunu göstermiştir.

Anahtar Kelimeler

Nesnelerin interneti, ağ cihazları, güvenlik, siber saldırı, makine öğrenimi

Kaynakça

• [1] Scarfone, K., Mell P, “Guide to intrusion detection and prevention systems (IDPS)”, NIST, ABD, (2007).
• [2] Ganapathy, S., Kulothungan K., Muthurajkumar S.,Vijayalakshmi M., Yogesh P. & Kannan A., “Intelligent feature selection and classification techniques for intrusion detection in networks: a survey”, EURASIP Journal on Wireless Communications and Networking, 1:273-289, (2013).
• [3] Kolias, C., Kambourakis G. & Maragoudakis M, “Swarm Intelligence in Intrusion Detection: A Survey”, Computers and Security, 30 (8): 625-642, (2011).
• [4] Behera, S., Pradhan, A., & Dash, R. “Deep neural network architecture for anomaly based intrusion detection system”. In 2018 5th International Conference on Signal Processing and Integrated Networks (SPIN) (pp. 270-274). IEEE, (2018, February).
• [5] Aksu, D., & Aydin, M. A. “Detecting port scan attempts with comparative analysis of deep learning and support vector machine algorithms”. In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (pp. 77-80). IEEE, (2018, December).
• [6] Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., & Venkatraman, S. “Deep learning approach for intelligent intrusion detection system”. IEEE Access, 7: 41525-41550, (2019).
• [7] Hajisalem, V., Babaie, S., “A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection”, Computer Networks, 136: 37-50, (2018).
• [8] Inayat, Z., Gani, A., Anuar, N. B., Khan, M. K. & Anwar, S., “Intrusion response systems: Foundations, design, and challenges”, Journal of Network and Computer Applications, 62: 53-74, (2016).
• [9] Ashoor, A. S., Gore, S., “Difference between intrusion detection system (IDS) and intrusion prevention system (IPS)”, In International Conference on Network Security and Applications, 497-501, Berlin, Heidelberg, (2011).
• [10] Jabez, J., Muthukumar, B., “Intrusion detection system (IDS): anomaly detection using outlier detection approach”, Procedia Computer Science, 48: 338-346, (2015).
• [11] Quepons, I., “Vulnerability and Trust”, PhaenEx, 13, 2: 1-10, (2020).
• [12] Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G. & Vázquez, E., “Anomaly-based network intrusion detection: Techniques, systems and challenges”, Computers and Security, 28: 1-2, 18-28, (2009).
• [13] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, in ICISSP, Prague, Czech Republic, pp. 108-116, (2018).
• [14] Ozgur, A., & Erdem, H. “Feature selection and multiple classifier fusion using genetic algorithms in intrusion detection systems”, Journal of the Faculty of Engineering and Architecture of Gazi University, 3(1), (2018).
• [15] Demir, F. “Investigation of performance of ML methods for cyber-attack detection””, Journal of Balikesir University Institute of Science, 23(2): 782-791, (2021).
• [16] Gazel, S. E. R., & Bati, C. T. Determining the Best Model with Deep Neural Networks: Keras Application on Mushroom Data”, YYU Journal of Agricultural Science, 29(3): 406-417, (2019).
• [17] Pehlivanoglu, M. K., Remzi, A. T. A. Y., & Odabas, D. E. “İki Seviyeli Hibrit Makine Öğrenmesi Yöntemi İle Saldırı Tespiti”, Gazi Mühendislik Bilimleri Dergisi (GMBD), 5(3): 258-272, (2019).
• [18] Cakir, B., & Angin, P. “Cyber Attack Detection Using Temporal Convolutional Networks: A Comparative Analysis”. European Journal of Science and Technology, 22: 204-211, (2021).
• [19] Hatipoğlu, C., & Tunacan, T. Hatipoglu, C., & Tunacan, T. “Cyber Attacks and Detection Method in Turkey: A Literature Review”. BSEU Journal of Science, (2021).
• [20] Aytan, B., & Barisci, N. “Siber Savunma Alanında Yapay Zekâ Tabanlı Saldırı Tespiti ve Analizi”. In Proceeding of the 2nd International Symposium on Innovative Approaches in Scientific Studies, Samsun, (2018, December).
• [21] Gurmen, C. “Performance comparison of ML methods for attack Detection systems”, (Master's thesis, institute of science), (2020).
• [22] Karimipour, H., Dehghantanha, A., Parizi, R. M., Choo, K. K. R., & Leung, H., “A deep and scalable unsupervised ML system for cyber-attack detection in large-scale smart grids”. IEEE Access, 7: 80778-80788, (2019).
• [23] Kavousi-Fard, A., Su, W., & Jin, T. “A machine-learning-based cyber attack detection model for wireless sensor networks in microgrids”. IEEE Transactions on Industrial Informatics, 17(1): 650-658, (2020).
• [24] Mousavinejad, E., Yang, F., Han, Q. L., & Vlacic, L. “A novel cyber-attack detection method in networked control systems”, IEEE transactions on cybernetics, 48(11): 3254-3264, (2018).
• [25] AlZubi, A. A., Al-Maitah, M., & Alarifi, A. “Cyber-attack detection in healthcare using cyber-physical system and ML techniques”. Soft Computing, 25(18): 12319-12332, (2021).
• [26] Smys, S. “DDOS attack detection in telecommunication network using ML”. Journal of Ubiquitous Computing and Communication Technologies (UCCT), 1(01): 33-44, (2019).
• [27] Asharf, J., Moustafa, N., Khurshid, H., Debie, E., Haider, W., & Wahab, A. “A review of intrusion detection systems using machine and deep learning in internet of things: challenges, solutions and future directions”. Electronics, 9(7): 1177, (2020).
• [28] Rashid, M. M., Kamruzzaman, J., Hassan, M. M., Imam, T., & Gordon, S. “Cyberattacks detection in IoT-based smart city applications using ML techniques”. International Journal of environmental research and public health, 17(24): 9347, (2020).
• [29] Alsamiri, J., & Alsubhi, K. “Internet of things cyber-attacks detection using ML”. Int. J. Adv. Comput. Sci. Appl, 10(12): 627-634, (2019).
• [30] Dutta, V., Choraś, M., Pawlicki, M., & Kozik, R. “A deep learning ensemble for network anomaly and cyber-attack detection”. Sensors, 20(16): 4583, (2020).
• [31] Awan, M. J., Farooq, U., Babar, H. M. A., Yasin, A., Nobanee, H., Hussain, M., ... & Zain, A. M. “Real-time DDoS attack detection system using big data approach”. Sustainability, 13(19): 10743, (2021).
• [32] Wu, M., Song, Z., & Moon, Y. B. “Detecting cyber-physical attacks in CyberManufacturing systems with ML methods”. Journal of intelligent manufacturing, 30(3): 1111-1123, (2019).
• [33] Savaş, T. & Savaş, S. “Tekdüzen Kaynak Bulucu Yoluyla Kimlik Avı Tespiti için Makine Öğrenmesi Algoritmalarının Özellik Tabanlı Performans Karşılaştırması”. Politeknik Dergisi , 25 (3): 1261-1270 . DOI: 10.2339/politeknik.1035286, (2022).
• [34] Catania C.A., Garino C.G., “Automatic network intrusion detection: Current techniques and open issues”, Computers & Electrical Engineering, 38 (5): 1062-1072, (2012).
• [35] Hubballi N., Suryanarayanan V., “False alarm minimization techniques in signature-based intrusion detection systems: A survey”, Computer Communications, 49: 1-17, (2014).
• [36] Cunningham R.K., Lippmann R.P., Fried D.J., Garfinkel S.L., Graf I. , Kendall K., Wyschogrod D. & Zissman M.A., “Evaluating intrusion detection systems without attacking your friends: The 1998 DARPA intrusion detection evaluation”, (1999).
• [37] Tavallaee M., Bagheri E., Lu W. & Ghorbani A.A., “A detailed analysis of the KDD CUP 99 dataset”, Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications, Piscataway, NJ, USA, (2009).
• [38] NSL-KDD, “Download Link of NSL-KDD in Github”. https://github.com/ati-ozgur/NSL_KDD. January 17, (2017). Access Date: 02 February 2022.
• [39] Özgür A., Erdem H., “A Review of KDD99 Dataset Usage in Intrusion Detection and ML between 2010 and 2015”, PeerJ Preprints 4:e1954v1, (2016).
• [40] Marquez-Viloria, D., Castano-Londono, L., & Guerrero-Gonzalez, N., “A Modified KNN Algorithm for High-Performance Computing on FPGA of Real-Time m-QAM Demodulators”. Electronics, 10(5): 627., (2021).
• [41] Rottondi, C. Barletta, L. Giusti, A. Tornatore, M. “Machine-Learning Method for Quality of Transmission Prediction of Unestablished Lightpaths”. J. Opt. Commun. Netw., 10: A286–A297, (2018).
• [42] Pérez, A.E., Torres, J.J.G., González, N.G. “KNN-based Demodulation in gridless Nyquist-WDM Systems affected by Interchannel Interference”. In Proceedings of the OSA Advanced Photonics Congress (AP) 2019 (IPR, Networks, NOMA, SPPCom, PVLED), Burlingame, CA, USA, 29 July–1 August 2019; p. SpTh1E.3, (2019).
• [43] Han, J., Pei, J., Kamber, M. “Data mining: concepts and techniques. Massachusetts”, USA: Morgan Kaufmann Publishers. 978-0-12-381479-1, (2011).
• [44] Breiman, L., “Random Forests”, ML, Kluwer Academic Publishers, 45(1): 5-32, (2001).
• [45] Resende, P. A. A., & Drummond, A. C. “A survey of random forest based methods for intrusion detection systems”. ACM Computing Surveys (CSUR), 51(3): 1-36, (2018).
• [46] Akar, O., Gungor, O., “Classification of multispectral images using Random Forest algorithm”, Journal of Geodesy and Geoinformation. 1 (2): 139-146. DOI: 10.9733/jgg.241212.1t, (2012).
• [47] Archer, K.J., “Empirical Characterization of Random Forest Variable Importance Measure, Computational Statistical Data Analysis”, Computational Statistics & Data Analysis, 52(4): 2249-2260, (2008).
• [48] Calp, M. H., & Kose, U. “Estimation of burned areas in forest fires using artificial neural networks”. Ingeniería Solidaria, 16(3): 1-22, (2020).
• [49] Calp, M. H. “An estimation of personnel food demand quantity for businesses by using artificial neural networks”, Journal of Polytechnic, 22(3): 675-686, (2019).
• [50] Bayram, S., Kaplan, K., Kuncan, M., Ertunç H. M.. “Ball Bearings space of time Statistical Feature Extraction and Neural Networks with Error Estimation Method Size”, Automatic Control National Meeting, TOK2013, Malatya, 26-28 September, (2013).
• [51] Öztemel, E. “Yapay sinir ağları”, PapatyaYayincilik, Istanbul, (2003).
• [52] Deng, H., Sun, Y., Chang, Y., Han, J., “Probabilistic Models for Classification”. C.C. Aggarwal (Eds.), Data Classification Algorithms and Applications (pp. 67-70), CRC Press, New York, USA, (2015).
• [53] Bayes, T., LII. “An essay towards solving a problem in the doctrine of chances”. By the late Rev. Mr. Bayes, FRS communicated by Mr. Price, in a letter to John Canton, AMFR S. Philosophical transactions of the Royal Society of London, 1763(53): 370-418, (1958).
• [54] Yildiz, H.K., et al. “A new feature extraction method for text classification”. in 2007 IEEE 15th Signal Processing and Communications Applications. June 2007. Eskisehir, Turkey: IEEE. DOI: 10.1109/SIU.2007.4298870, (2007).
• [55] Hosmer, D. W., Lemeshow, S., “Applied Logistic Regression”, John Wiley & Sons, New York, 5-50 (1989).
• [56] Kleinbaum, G., D., “A Self-learning Text Logistic Regression”, Springer, Atlanta, (1994).
• [57] Kaya, Y., “Predictive modeling in motor caravan insurance and comparison of methods applied”, (Master's thesis), Graduate School of Natural and Applied Sciences, Beykent University, Istanbul, (2017).
• [58] Tunç, Ü., Atalar, E., Gargi, M. S., Ergül Aydin, Z. “Classification of Fake, Bot, and Real Accounts on Instagram Using Machine Learning”. Politeknik Dergisi, 1-1. https://doi.org/10.2339/politeknik.1136226, (2023).
• [59] Pereira C.R., Nakamura R.Y.M., K., Costa A.P. & Papa J.P., “An Optimum-Path Forest framework for intrusion detection in computer networks”, Engineering Applications of Artificial Intelligence, 25: 1226-1234, (2012).
• [60] Mohammadi M., Raahemi B., Akbari A. & Nassersharif B., “New class-dependent feature transformation for intrusion detection systems”, Security and Communication Networks, 5: 1296-1311, (2012).
• [61] Seresht N.A., Azmi R., “MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach”, Engineering Applications of Artificial Intelligence, 35: 286-298, (2014).
• [62] Farid D.M., Zhang L., Rahman C.M., Hossain M.A. & Strachan R., “Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks”, Expert Systems with Applications, 41: 1937-1946, (2014).
• [63] Rastegari S., Hingston P. & Lam C.P., “Evolving statistical rulesets for network intrusion detection”, Applied Soft Computing, 33: 348-359, (2015).
• [64] Singh R., Kumar H. & Singla R. K., “An intrusion detection system using network traffic profiling and online sequential extreme learning machine”, Expert Systems with Applications, 42: 8609-8624, (2015).
• [65] Bhattacharya S., Selvakumar S., “LAWRA: a layered wrapper feature selection approach for network attack detection”, Security and Communication Networks, 8: 3459-3468, (2015).
• [66] Hoz L.E.D., Ortiz A., Ortega J. & Prieto B., “PCA filtering and probabilistic SOM for network intrusion detection”, Neurocomputing, 164: 71-81, (2015).
• [67] Kang S.H., Kim K.J., “A feature selection approach to find optimal feature subsets for the network intrusion detection system”, Cluster Computing, 19: 325-333, (2016).
• [68] Liu Q., Yin J., Leung V.C.M., Zhai J.H., Cai Z. & Lin J., “Applying a new localized generalization error model to design neural networks trained with extreme learning machine”, Neural Computing and Applications, 27: 59- 66, (2016).