Skip to content

Latest commit

 

History

History

li-jing

Hi there 👋

😄 My name is Jing, and I'm pursuing a PhD in computer science at UTM.

  • I'm currently working on an intelligent security framework for the IoT ecosystem, utilising machine learning and deep learning.
  • In order to implement this security model, a wide range of multidisciplinary expertise, including cyber security, the internet of things, intrusion detection and prevention, anomaly detection, machine learning, and deep learning, must be studied and put into practise.
  • As a result, I'd like to thank github for providing a platform for me to create and manage multiple knowledge repositories.

📚 Here are some topics in my repos:

  • 📚 The Things of PhD Journey: All the things involving research knowledge, publication, practical skills, awesome courses, domain area expertise, and all the necessary and interesting things will be collected and synthesized for who want to try and pursue the PhD journey (will keep updating).
  • 📚 Daily Literature Review: This is the repository for daily literature review to collect the-state-of-the art ideas and methodologies in academia and provide future research directions.
  • 🔭 Code Base for Research: The coding practice involving data cleaning, data visualization, exploration data analysis, feature selection, machine learning and deep learning.
  • 📫 ChatGPT for Research: Repo for the stuff that created by ChatGPT, let's see how ChatGPT can help on research work.
  • 🌱 Construction of IoT Security Frameworks: This is the coding practice repo of constructing end-to-end machine learning and deep learning-based security frameworks for IoT security.
  • 👯 Cyber Security: This is the coding repo related to cyber security involving network intrusion detection using well-known datasets like KDD cup ‘99, NSL-KDD, UNSW_NB15.
  • 📫 Awesome ML for Cybersecurity: A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.

Overall Status:

😄 The work finished:

  1. Proposal writing and defense have been completed
  2. SLR articles writing is on the way
  3. Draft SLR Paper is ready on 2023-02-20

📚 The work ongoing:

  1. Experimental papers is under the plan and to be written
  2. SLR paper is considered as good candidate from the journal, revision within 30 days is on the way. |2023-03-22|

📚 The plan to be accomplished:

  1. The 2nd empirical paper, Ensemble model for feature selection
  2. The 3rd empirical paper, Hybrid metahuristic algorithm for feature selection
  3. The 4th empirical paper, Optimization for hyperparameters
  4. The 5th empirical paper, Effective and Real time application
  5. Balabala...

📚 #Literatures Daily

Contents:

2023-02-16

Journal paper: Deeper Fine-Tuned Autoencoder for User Datagram Protocol Flooding Network Traffic Detection in Internet of Things, Ömer KASIM (  omerksm@gmail.com ), Kutahya Dumlupinar University: Kutahya Dumlupinar Universitesi https://orcid.org/0000-0003-4021-5412

  • Idea: prefer deeper model for higher performance rather than shallow models, proposed a classification with high accuracy and performance can be performed by encoding the selected features deeper
  • Datasets: N-BaIoT and NSL-KDD
  • Attacks: botnet is User Datagram Protocol (UDP) flooding
  • Model: Fine Tuned Stacked Autoencoder
  • Result: Experiments in the study showed that the number of optimally selected features was significantly reduced, resulting in the lowest detection time. The accuracy, sensitivity, Cohen kappa, specificity and f1 score of the proposed model were quite high

Conference paper: Attack Detection in IoT Using Machine Learning—A Survey , Saeed Ali Haifa Ali & J. Vakula Rani Conference paper First Online: 04 February 2023, Intelligent Cyber Physical Systems and Internet of Things ICoICI 2022

  • Idea: The goal of this paper is to provide a study on the attacks in IoT architectures such as the sensing layer, network layer, and application layer, then present ML and DL that contributed to the solution in attack detection. In addition, we discuss the challenges of IoT architectures.

A book: Internet of Things - New Trends, Challenges and Hurdles, by Manuel Domínguez-Morales, Ángel Varela-Vaca and Lourdes Miró-Amarante, Submitted: November 8th, 2022 Published: February 8th, 2023 DOI: 10.5772/intechopen.108960

  • Idea: Written by leading experts in the field, this book serves as a showcase of the breadth of IoT research conducted in recent years for people who, while not experts in the field, do have prior knowledge of the IoT. The book also serves curious, non-technical readers, enabling them to understand necessary concepts and terminologies associated with the IoT.
  • Audience: for how do have prior knowledge of the IoT

2023-02-17

Journal paper: Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning , Ahmed Abdelkhalek & Maggie Mashaly The Journal of Supercomputing (2023)

  • Idea: In this paper, a data resampling technique is proposed based on Adaptive Synthetic (ADASYN) and Tomek Links algorithms in combination with different deep learning models to mitigate the class imbalance problem.
  • Keyword: Imbalance class
  • Datasets: NSL-KDD
  • Models: ML, DNN, CNN and CNN-BLSTM models
  • Classification: both binary and multi-classification
  • Result: The experimental results show that in binary classification, the proposed method improves the performance of the NIDS and outperforms state-of-the-art models with an achieved accuracy of 99.8%. In multi-class classification, the results were also improved, outperforming state-of-the-art models with an achieved accuracy of 99.98%.

Journal paper: NEW NEURAL NETWORK-BASED INTRUSION DETECTION SYSTEM DESIGN BY USING BAT AND ANT COLONY ALGORITHMS, Ouail MJAHED et al. 2023

  • Keyword: Hybridization of metha-heuristic algorithms
  • Idea: Hybridization of two metha-heuristic algorithms, involving Ant Colony Optimization (ACO) and Bat Algorithm (BA), to imporve a Back-propagation Neural Network (BPNN) adopted, and to reduce neurons and layers of the NN model.
  • Datasets: CICIDS2017 dataset
  • Models: NN model
  • Result: ACO- and BA-based NNs (referred to as ACONN and BANN, respectively) can achieve favourable performances. ACONN produces a tested efficiency, purity and F1 score of 98.91 %, 99.17 % and 99.04 %, respectively, versus 96.04 %, 96.13 % and 96.09 %, respectively, for BPNN.

Journal paper: Explainable AI-Based DDOS Attack Identification Method for IoT Networks, by Chathuranga Sampath Kalutharage 2023

  • Keyword: Explainable AI
  • Idea: we propose an explainable artificial intelligence (XAI)-based novel method to identify DDoS attacks. This DDoS attack detection method defines security policies based on each feature threshold value for application-layer-based, volumetric-based, and transport control protocol (TCP) state-exhaustion-based features.
  • Datasets: USB-IDS
  • Attacks: DDoS attacks
  • Models: A fully connected autoencoder model with RELU enabled
  • Result: The results of the comparison show that the proposed method provides greater detection accuracy and attack certainty than the state-of-the-art methods.

Journal paper: A deep learning approach for intrusion detection in Internet of Things using focal loss function, by Ayesha S. Dina 2023

  • Keyword: focal loss function, imbalance problem
  • Idea: we leverage the specialized loss function, called focal loss, that automatically down-weighs easy examples and focuses on the hard negatives by facilitating dynamically scaled-gradient updates for training effective ML models.
  • Datasets: Bot-IoT, WuSt-IIoT-2021, and WuSt-EHMS-2020
  • Attacks: normal/attacks
  • Models: FNN, CNN
  • Result: (CNN-Focal) performed better with respect to accuracy, precision, F1 score and MCC score by as much as 24%, 39%, 39%, and 60%, respectively, compared to baseline model CNN-ORG over the Bot-IoT dataset. Its performance was also much better than some of the state-of-the art approaches that we compared.

2023-02-18

Journal paper: A deep learning approach for intrusion detection in Internet of Things using focal loss function, by Chao Wang, Electronics 2023, 12(4), 930;

  • Keyword: Semi-supervised learning, Feature extraction, two-stage detectors
  • Idea: Semi-supervised anomaly detection algorithms for the cases with no attack labels, combined with two stage detectors. To be specific, the autoencoder (AE) is applied to extract representative features of normal data in the first step, and then two semi-supervised detectors, the one-class support vector machine (OCSVM) and Gaussian mixture model (GMM), are trained on the derived features. The two detectors collaborate to detect anomalous samples. The OCSVM predicts the abnormal samples initially, and after that, the GMM is applied to recheck the misclassified samples further.
  • Datasets: Bot-IoT and IDS2018
  • Attacks: normal/attacks
  • Models: autoencoder (AE) for extracting representative features, OCSVM and GMM as the detectors to detect anormal cases.
  • Result: The results of the experiment indicate the effectiveness of the suggested approach. In one part, the AE boosts the performance of detectors. In another part, the combination method produces better results than a single detector.

Journal paper: Threats Detection in the Internet of Things Using Convolutional neural networks, long short-term memory, and gated recurrent units, by Naomi A. Bajao, © 2023 The Authors. Published by Mesopotamian Academic Press

  • Keyword: Convolutional neural networks (CNNs), long shortterm memory (LSTM), and gated recurrent units (GRUs)
  • Idea: Comparison on three deep learning algorithms. interruption location techniques that utilise them.
  • Datasets: NSL-KDD

Journal paper: A two-stage intrusion detection method based on light gradient boosting machine and autoencoder, by Hao Zhang et al., Mathematical Biosciences and Engineering, 2023, Volume 20, Issue 4: 6966-6992. doi: 10.3934/mbe.2023301

  • Keyword: RFE, Focal loss, LightGBM, autoencoder
  • Challenges: dimensionality, zero-day attack
  • Idea: Two-stage detectors. This paper proposes a novel detection framework based on light gradient boosting machine (LightGBM) and autoencoder.
  • Methodology: The recursive feature elimination (RFE) method is first used for dimensionality reduction in this framework. Then a focal loss (FL) function is introduced into the LightGBM classifier to boost the learning of difficult samples. Finally, a two-stage prediction step with LightGBM and autoencoder is performed. In the first stage, pre-decision is conducted with LightGBM. In the second stage, a residual is used to make a secondary decision for samples with a normal class.
  • Datasets: NSL-KDD and UNSWNB15
  • Future work: In future work, we will mainly focus on two aspects: First, since the threshold of the autoencoder is the key factor affecting the model, we will develop a method to set the threshold automatically. Second, we segment the attack types and adopt a suitable sampling method to further improve the model performance.

Journal paper: A new deep-learning with swarm based feature selection for intelligent intrusion detection for the Internet of things, by R. Anushiya 2023, Measurement: Sensors, Available online 13 February 2023, 100700

  • Keyword: GA, FSO, CNN
  • Idea: GA-FR-CNN (Genetic Algorithm and Faster Recurrent Convolution Neural Network), a brand-new feature selection method for IDSs, Network dataset's complexities are greatly reduced and the usage of AAFSO (Assimilated Artificial Fish Swarm Optimization) method to improve recommended systems assisted in identifying characteristics that were important to the problem.
  • Datasets: Bot-IoT
  • Attacks:
  • Models:
  • Result:

2023-02-22

A Survey: Network Feature Measurement Based on Machine Learning by Muyi Sun et al., Appl. Sci. 2023, 13(4), 2551; https://doi.org/10.3390/app13042551

  • Keyword: network management, machine learning
  • Idea: ML applications in the field of network measurement

Anomaly based network intrusion detection for IoT attacks using deep learning techniqueby Bhawana Sharma, Computers and Electrical Engineering Volume 107, April 2023, 108626

  • Keyword: Feature selection by DNN, various tuning on hyper parameters, GAN for class imbalance
  • Idea: a filter-based feature selection Deep Neural Network (DNN) model where highly correlated features are dropped has been presented, further, the model is tuned with various parameters and hyper parameters, Generative Adversarial Networks (GANs) were used to generate synthetic data of minority attacks to resolve class imbalance issues in the dataset and achieved 91% accuracy with balanced class dataset.
  • Datasets: UNSW-NB15

Android-IoT Malware Classification and Detection Approach Using Deep URL Features Analysis by Farhan Ullah et al, Journal of Database Management (JDM) 34(2)

  • Idea: Malware classification on encrypt application traffic with URL

A NOVEL APPROACH FOR A NEW MECHANISM IN NETWORK INTRUSION DETECTION SYSTEM by PACHIPULUSU RENUKA DEVI et al., Dogo Rangsang Research Journal 2023

  • Keyword: ANN, SVM, wrapper feature selection
  • Idea: comparison between ANN and SVM with wrapper FS, and ANN outperformed SVM.
  • Datasets: NSL-KDD

CSK-CNN: Network Intrusion Detection Model Based on Two-Layer Convolution Neural Network for Handling Imbalanced Dataset by Jiaming Song et al., Information 2023, 14(2), 130; https://doi.org/10.3390/info14020130

  • Problem: The performance of classifier is not very good in identifying abnormal traffic for minority classes.
  • Keyword: minority classes, two-layer classifier,
  • Idea: CSK combines the cluster based Synthetic Minority Over Sampling Technique (Cluster-SMOTE) and K-means based under sampling algorithm. Through the two-layer network, abnormal traffic can not only be identified, but also be classified into specific attack types.
  • Datasets: UNSW-NB15 and CICIDS2017
  • Attacks: layer1 for abnormal, layer2 for specific attacks
  • Metrics: accuracy, recall, precision, F1-score, ROC curve, AUC value, training time and testing time
  • Results: The experiment shows that the proposed CSK-CNN in this paper is obviously superior to other comparison algorithms in terms of network intrusion detection performance, and is suitable for deployment in the real network environment.

2023-02-23

An Ensemble Tree-Based Model for Intrusion Detection in Industrial Internet of Things Networks by JB Awotunde et al., Applied Science, 2023

  • Problem: the requisite machine learning models require some time to detect assaults because of the diverse IIoT network traffic properties.
  • Keyword: ensemble models, feature selection, IIoT
  • Idea: this study proposes ensemble models enabled with a feature selection classifier for Intrusion Detection in the IIoT network.
  • Methodology: The Chi-Square Statistical method was used for feature selection, and various ensemble classifiers, such as eXtreme gradient boosting (XGBoost), Bagging, extra trees (ET), random forest (RF), and AdaBoost can be used for the detection of intrusion applied to the Telemetry data of the TON_IoT datasets.
  • Datasets: Telemetry dataset of ToN_IoT datasets
  • Classification: binary and multi-classification
  • Metrics: accuracy, recall, precision, F1-score, and confusion matrix
  • Results: The results indicate that the XGBoost ensemble showed superior performance with the highest accuracy over other models across the datasets in detecting and classifying IIoT attacks.
  • Limitations: One of the major limitations of the proposed model is the inability to deal with the class imbalance that arises from the datasets used to test the performance of the proposed model.
  • Future directions: 1. make use of imbalanced algorithms to balance the dataset. 2. focus on applying deep learning models to optimize their hyper-parameters to improve the dataset classification performance for the IDS. 3. The proposed model will be applied to other IIoT-based datasets.

2023-02-24

Flow-based intrusion detection system in Vehicular Ad hoc Network using context-aware feature extraction by Erfan A. Shams et al., 2023 Vehicular Communications

  • Problem: The safety that is provided by VANETs can be easily compromised by malicious users. Hence there is a need for an Intrusion Detection System (IDS).
  • Keyword: Vehicular Ad hoc Network (VANET), IDS, CNN,
  • Idea: We designed an IDS model that can collect network data cooperatively from vehicles and Roadside Units (RSUs).
  • Methodology: employed a multi-class IDS using Convolutional Neural Network (CNN) with a novel feature extraction method known as Context-Aware Feature Extraction-Based CNN (CAFECNN)
  • Results: The results show that the proposed model is stronger in identification of hard-to-detect passive attacks compared to traditional machine learning methods.
  • Future directions: work on the feature extraction method to ensure that it can unify the most popular network data collection methods into a single format that can be employed for developing or extending the capability of existing IDS models without the need to restructure the entire system. This includes applying the system to other types of networks such as wireless sensor networks.

A Machine Learning-Based Intrusion Detection System for IoT Electric Vehicle Charging Stations (EVCSs)

  • Problem: The risks associated with cyber-attacks on IoT systems are also increasing at the same pace.
  • Keyword: electric vehicle charging station management systems (EVCSMSs), IDS, IoT, machine learning
  • Idea: IDS using machine learning models applied on EVCS industry.
  • Methodology: The proposed system uses a real IoT dataset derived from real IoT traffic. Multiple classifying algorithms are evaluated. Results were obtained on both binary and multiclass traffic models.
  • Datasets: IoT-23
  • Classification: binary and multi-classification
  • Metrics: precision, recall, and F-1 score
  • Limitations: Did not use DLs, building model offline, just use IoT-23 dataset and will try real data from EVC, also other datasets.
  • Results: The proposed algorithm can also be applied to any critical industrial control system (ICS), such as SCADA systems and green hydrogen control systems, to enhance their security resilience as they were originally built without taking security into consideration.
  • Limitations: One of the major limitations of the proposed model is the inability to deal with the class imbalance that arises from the datasets used to test the performance of the proposed model.
  • Future directions: 1. build a dedicated dataset for EVCSs. 2. find the minimum amount of data to be used in training while preserving the same accuracy level 3. measuring the impact of feature selection and consider new methodological steps to developing deep learning models.

Intrusion detection model of Internet of Things based on LightGBM by Guosheng Zhao et al., 2023 IEICE Transactions on Communications

  • Problem: Traditional intrusion detection systems (IDS) focus on high accuracy and low false alarm rate (FAR), making them often have too high spatiotemporal complexity to be deployed in IoT devices.
  • Keyword: CNN, LightGBM, IDS, IoT
  • Idea: an intrusion detection model of IoT based on the light gradient boosting machine (LightGBM)
  • Methodology: The proposed method was evaluated using the NSL-KDD dataset (KDD TEST PLUS and KDD TEST21) for validation and testing. Many efficient features were selected using an enhanced technique, namely, the particle swarm optimization. The selected features serve for effective classification using an enhanced LSTM framework, where it is used to efficiently classify and detect the attack data from the normal data.
  • Datasets: NSL-KDD, UNSW-NB15, CICIDS2017, CSE-CIC-IDS2018, and BOT _DATASET
  • Classification: binary and multi-classification
  • Metrics: accuracy, precision, recall, and error rate
  • Results: Results show that the training time of the proposed system is much less than that of other methods for different classes. Finally, the performance of the proposed ELSTM-RNN framework is analyzed using various metrics, such as accuracy, precision, recall, and error rate. Our proposed method outperformed LPBoost and DNNs methods.
  • Future directions: The use of XAI algorithms to interpret and develop the provided PSO-driven strategy,

Optimization of Intrusion Detection Using Likely Point PSO and Enhanced LSTM-RNN Hybrid Technique in Communication Networks by AHMED ABD EL-BASET DONKOL et al., 2023

  • Problem: inefficient against new/distinct attacks, IDS has various problems involving gradient vanishing, generalization, and overfitting issues.
  • Idea: the enhanced long-short term memory (ELSTM) technique with recurrent neural network (RNN) (ELSTM-RNN) to enhance security in IDS

2023-02-25

Anomaly Detection In IoT Networks Using Hybrid Method Based On PCA-XGBoost by Ali Taghavirashidizadeh et al., 2022 8th Iranian Conference on Signal Processing and Intelligent Systems (ICSPIS)

  • Problem: With the increasing use of IoT infrastructure in various fields, threats and attacks on these infrastructures are also growing.
  • Keyword: anomaly detection; Intrusion Detection; internet of things; principal component analysis; XGBoost.
  • Idea: combining feature dimensionality reduction and machine learning methods
  • Methodology: a method based on a combination of Principal Component Analysis (PCA) and XGBoost algorithms for anomaly detection in IoT was presented
  • Datasets: UNSW-NB15
  • Classification: binary classification
  • Metrics: accuracy, precision, recall, and f1-score
  • Results: the performance of PCA-XGBoost outperformed other ML methods, involving DT, KNN, SVM, LR
  • Future directions: we can also focus on identifying the type of attack. In addition to the XGBoost algorithm, metaheuristic algorithms can also be used to reduce more efficient features. Deep learning algorithms can also be used for classification.
  • My comments: relatively simple method without enough explanation, but can be a way to start experiment.

2023-02-26

Hybrid Intrusion Detection System Based on Combination of Random Forest and Autoencoder by Chao Wang et al., 2023, symmetry, MDPI

  • Problem: difficult to deal with unknown attacks, high false positive rate
  • Keyword: intrusion detection; random forest; autoencoder; hybrid model; unknown attack
  • Idea: As different models learn data characteristics from different perspectives, in this work we propose a hybrid IDS which leverages both random forest (RF) and autoencoder (AE).
  • Methodology: The hybrid model operates in two steps. In particular, in the first step, we utilize the probability output of the RF classifier to determine whether a sample belongs to attack. The unknown attacks can be identified with the assistance of the probability output. In the second step, an additional AE is coupled to reduce the false positive rate. To simulate an unknown attack in experiments, we explicitly remove some samples belonging to one attack class from the training set.
  • Datasets: IDS2018, BOT-IOT
  • Classification: binary classification
  • Metrics: accuracy, precision, recall, f1-score, and FAR
  • Results: The experimental results prove that the combina- tion method boosts the detection rate and reduces the FPR in comparison to the single detection methods.
  • Future directions: Only one type of attack was set as the unknown during the experiments; it is important to set more than one type of attack as the unknown to test the model. We plan to expand the method into a multi-class approach to provide more diagnostic information for security operators in the future.
  • My comments: an approach on handling unknown attack, and reducing false positive rate.

2023-03-01

Survey: A Deep Learning and Optimization Method for Detecting Network Intrusion in IOT by Rekha Gangula et al., 2022 Second International Conference on Advanced Technologies in Intelligent Control, Environment, Computing and Communication Engineering ICATIECE

  • Problem: Researchers and engineers must be able to interpret the complicated structure from imprecise information, recognize the dynamic anomaly patterns, and find anomalies when there aren't enough labels to describe them. As a result, using deep learning techniques rather than conventional shallow learning methods is necessary to improve anomalous detection capability.
  • Keyword: intrusion detection, neural networks, optimization, Internet of things, accuracy, false alarm rate.
  • Idea: DL vs traditional shallow ML on IDS in IoT
  • Methodology: This article offers a survey on anomalous intrusion detection using deep learning techniques, with a focus on IoT devices utilized in real-world issues that have limited resources.
  • Metrics: accuracy, precision, recall, f1-score, and FAR
  • Results: The results of the research that were evaluated demonstrated that deep learning is better to traditional learning when it comes to high identification efficiency and low rate of false alarms.
  • Future directions: how to manage amount of alerts, how to handle useless info for deep learning, constant updated model in IoT for unknown attacks, further investigation on IDS and blockchain.
  • My comments: seems like a follow-up topic on DL on IDS IoT and a quick survey paper.

ADCL: Towards An Adaptive Network Intrusion Detection System Using Collaborative Learning in IoT Networks by Zuchao Ma et al., 2023 IEEE internet of things

  • Problem: It is well-known that the NIDS performance depends heavily on the effectiveness of detection model, which can be influenced significantly by the learning mechanism and the available training data. Many existing studies try to mitigate the above challenges, but few of them consider the adaptability and the cost of deploying an NIDS, the integrity of learning process, the capacity of model based on concrete traffic samples at the same time.
  • Keyword: Intrusion Detection, System Adaptability, Collaborative Learning, Multiple Model, Internet of Things
  • Idea: propose a collaborative learning based detection framework called ADCL, which can mitigate the limitations on the knowledge of a single model by leveraging multiple models trained in similar environments and detecting intrusions in a collaborative manner.
  • Results: Our evaluation results indicate that ADCL can provide better performance compared with a single model on detecting various attacks in IoT networks. Specifically, ADCL improves F-score by up to 80% for adaptability, 42% in mitigating the reliance on learning integrity, 85% for model capacity. Furthermore, the detection results of ADCL guide those single models to update and increase the F-score by 15%.
  • Future directions:
  • My comments: Interesting idea, a model selection mechanism with mulitple models tranined, using suitable detector for attack detection.

2023-03-03

Review: Zero-day attack detection: a systematic literature review by Rasheed Ahmad et al., Artificial Intelligence Review (2023)

  • Problem: Many of the recently proposed solutions lack a holistic IDS approach due to explicitly relying on attack signature repositories, outdated datasets or the lack of considering zero-day (unknown) attacks while developing, training, or testing the machine learning (ML) or deep learning (DL)-based models. Overlooking these factors makes the proposed IDS less robust or practical in real-time environments. On the other hand, detecting zero-day attacks is a challenging subject, despite the many solutions proposed over the past many years.
  • Keyword: Zero-day attacks · Unknown attacks · Anomaly detection · Intrusion detection · Closed and open set recognition
  • Idea: SLR from the point of view on zero-day attacks in IDS. One of the goals of this systematic literature review (SLR) is to provide a research asset to future researchers on various methodologies, techniques, ML and DL algorithms that researchers used for the detection of zero-day attacks.
  • Results: completing the gap in providing a single repository of finding ML and DL-based tools and techniques used by researchers for the detection of zero-day attacks.
  • Future directions: Not all attacks require the same mitigation strategy. some other researchers grouped various subclasses of attacks into a few main attack classes. ML and DL models must be trained and tested on the diverse dataset to avoid training or testing bias issues and achieve optimum performance results on zero-day attacks. Quality datasets play a major role in building a comprehensive IDS. When building a DL-based model, it is essential to consider factors (e.g., memory, computational power, deployment layer) that can impact the model performance in a live environment.
  • My comments: this paper provide a guide for the methods and techniques to build IDS towards zero-day attacks.

Fog-cloud based intrusion detection system using Recurrent Neural Networks and feature selection for IoT networks by Naeem Firdous Syed et al., Computer Networks Volume 225, April 2023, 109662

  • Problem: Deep learning techniques perform better in detecting attacks compared to shallow machine learning algorithms and can be used for intrusion detection. However, communication overheads due to large volume of IoT data and computation requirements for deep learning models prevents effective application of deep learning models closer to the constrained devices. Existing IDS techniques are either based on shallow learning algorithms or not trained on relevant IoT datasets and furthermore not designed for distributed fog-cloud deployment.
  • Keyword: IoT, Fog-cloud, Deep learning, IDS
  • Idea: proposed a novel fog-cloud based IoT intrusion detection framework which incorporates a distributed processing by splitting the dataset according to attack class and a feature selection step on time-series IoT data. This is followed by a deep learning Recurrent Neural Network (SimpleRNN and Bi-directional Long Short-Term Memory (LSTM)) for attack detection.
  • Sub-idea: This is achieved by first splitting the time-series based IoT network data according to the attack class, where a multi-class problem is converted to binary class problem. This is followed by applying simple feature reduction techniques such as Group Method of Data Handling (GMDH), Mutual Information (MI) and Chi-Square Statistic to reduce the data size for training the DL models. The reduced datasets are then uploaded to a cloud node to train the DL algorithm and an optimised DL model is deployed to the edge or fog nodes for detecting IoT attacks. (good to refer!)
  • Methodology: DL: SimpleRNN, Bi-directional Long Short-Term Memory (LSTM), FS: GMDH-LR-COV, GMDH-LR, MI, Chi-Sqr.
  • image
  • Datasets: BOT-IOT
  • Environment: A high performance computing (HPC) cluster with 8 GeForce GTX 1080 Ti GPU running on Intel(R) Xeon(R) Gold 5120 CPU @ 2.20 GHz with 256 GB memory was deployed to run the experiments. TensorFlow library and Keras libraries were used for implementing the SimpleRNN and bi-directional LSTM modules.
  • Classification: splitting the dataset according to classes, so transform from multi-classification into binary classification.
  • Metrics: Dataset size, accuracy, precision, recall, f1-score, Area Under the Curve (AUC), Time to train (s)
  • Results: Results show that feature selection methods significantly reduced the dataset size by 90% under the computation requirements without compromising on the attack detection ability. The models built on reduced dataset achieved higher recall rate compared to models trained on full feature set without loosing class differentiation ability. The SimpleRNN and Bi-LSTM models also did not suffer any underfitting or overfitting with the reduced feature space. The proposed deep learning based IoT intrusion detection framework is suitable for fog-cloud based deployment and can scale well even with large volumes of IoT data.
  • Future directions: /
  • My comments: Fog-based architecture with model trainined, validated and tested in cloud and model deployed at fog level closer to IoT devices to reduce latency of attack detection, DL for high performance, Four FS for dimensionality reduction, BoT-IoT for comprehensive IoT scenarios, comparison with that of full features. Dataset spliting step is very interesting!

2023-03-06

Improve the Security of Industrial Control System: A Fine-Grained Classification Method for DoS Attacks on Modbus/TCP by Hao Zhang et al., Mobile Networks and Applications (2023)

  • Application: Industrial Control Systems(ICS), vulnerability on Modbus protocol (DDoS attack)
  • Problem: Traditional detection methods cannot perform well on fine-grained detection tasks which could contribute to locating targets of attacks and preventing the destruction.
  • Keyword: ICS · Modbus · DoS · DDoS · Deep learning · Fine-grained classification
  • Idea: proposed a Neural Network architecture named MODLSTM, which consists of three parts: input preprocessing, feature recoding, and traffic classification.
  • Dataset: CICDDOS2019
  • Methodology: PCA for visualization, LSTM
  • Validation: Confusion matrix of (a)Binary (b)Multiclassy task, Recall Precision Accuracy Class number
  • Results: In the experiments, the effectiveness and robustness have been evaluated about the model, which gives 90.04% accuracy in the DoS attacks fine-grained task and 98.43% accuracy in the public DDoS dataset(increased by 0.71% and 0.07% respectively). The results show that the proposed method has more satisfactory abilities to detect DoS attacks related to Modbus, compared with other works.
  • Future directions: However, the experiments just involved some serial attacks, in our real world, there are many malicious attacks happening in parallel. The first is to explore a dataset for parallel network attacks in Modbus devices, and discuss appropriate classifications method. On this basis, we will construct a more robust ICS firewall capable of facing multiple attack modes.
  • My comments: A paper focusing on specific attacks that have influence on specific veritical like industry IoT.

An ensemble deep learning based IDS for IoT using Lambda architecture by Rubayyi Alghamdi et al., Cybersecurity volume 6, Article number: 5 (2023)

  • Problem: Building an Intrusion Detection System (IDS) for IoT networks is challenging as they enable a massive amount of data to be aggregated, which is difficult to handle and analyze in real time mainly because of the heterogeneous nature of IoT devices.
  • Keyword: IoT, IDS, Lambda architecture, Cyber-attacks, Deep learning, Ensemble learning
  • Idea: Quick binary classifier + ensemble multi-classifiers. Binary classification uses Long Short Term Memory (LSTM) to differentiate between malicious and benign traffic, while the multi-class classifier uses an ensemble of LSTM, Convolutional Neural Network and Artificial Neural Network classifiers to detect the type of attacks.
  • Dataset: IoT-23
  • Classifier: binary using LSTM, while multi-classifier using LSTM, CNN, ANN / majority voting or weighted ensemble
  • Methodology: Binary + multi-classifier, with Lamda architecture (batch mode for model training + stream mode for detecting)
  • image
  • image
  • image
  • Validation: Confusion matrix of (a)Binary (b)Multiclassy task, Recall Precision Accuracy Class number
  • Environment: We implemented the proposed deep ensemble-based IDS model in Python 3.7 with Tensorflow 2.6. to validate the efficacy of the proposed architecture. The experiment was done on a core-i5 machine with 64-bit Operating System (OS) and 16GB RAM. The software stack con- tained Java (JDK) 11, Hadoop 2.7, Spark v3.0, Pyspark 3.0, and Kafka 2.6.
  • Results: The proposed approach gives high accuracy of over 99.93% and saves useful processing time due to the multi-pronged classification strategy and using the lambda architecture. We also demonstrate that the ensemble approach results in higher detection accuracy and precision as compared to using the simple approach. We also demonstrate that using the Lambda architecture enhances system performance in terms of throughput.
  • Future directions: In the future, we intend to employ more deep-learning approaches in the ensemble model to augment detection accuracy and system performance further. We also intend to test the proposed framework in a real-world production IoT environment to validate its performance further. Another important goal is to use Automated Machine Learning techniques for tuning the hyperparameters.
  • My comments: quick binary and ensemble multi-classification, Lamda architecuture used considering IoT characteristics.

BLoCNet: a hybrid, dataset-independent intrusion detection system using deep learning by Brandon Bowen et al., International Journal of Information Security (2023)

  • Problem: Most models achieve high accuracy, they may not always detect underrepresented attacks. Also, their accuracy depends on the dataset, its features, and the proportion of samples.
  • Keyword: Cybersecurity · Intrusion detection · Deep learning · CNN · BLSTM
  • Idea: Quick binary classifier CNN + hybrid classifiers for identifying specific attacks. This paper proposes BLoCNet, a hybrid DL model that combines convolutional neural network (CNN) and bidirectional long short-term memory (BLSTM) layers. CNN allows the IDS to recognize patterns in the features of the network data in a fast computation time. The results are sent to two BLSTM layers, which capitalize on the forward and backward propagation of data to identify malicious traffic.
  • Dataset: CIC-IDS2017, IoT-23, Bot-IoT, and UNSW-NB15 (why paper named dataset-independent...)
  • Classifier: CNN and BLSTM
  • Methodology: SMOTE, undersampling for class imbalance.
  • image
  • Validation: Prec Recall F1 Minority, minority attack classes were specified in test result.
  • Results: For CIC-IDS2017 and IoT-23 datasets, BLoCNet had an accuracy of 98% and 99%, which is similar performance as related studies, albeit not an exact comparison due to different sampling approaches. For the original UNSW-NB15 dataset, BLoCNet had an accuracy of 76.34% vs. 75.56% of related work. These results demonstrate that BLoCNet performed well across various datasets and confirms that its hybrid model provides good detection results. albeit not an exact comparison due to different sampling approaches.
  • Future directions: we will further explore the performance of BLoCNet and the DNN model. This can help reduce the training time of the BLoCNet model and understand how to improve the detection rate for underrepresented attacks. The latter can be achieved by using different sampling techniques. BLoCNet can also be trained on newer IoT datasets, as it is dataset agnostic.
  • My comments: Hybrid model across multiple datasets, or named dataset agnositic model, especially for the minority attacks (by using sampling techniques). Implications for practitioners section contains the brief experience on data pre-processing and model validation.

2023-03-08

Review: Machine Learning Techniques to Detect a DDoS Attack in SDN: A Systematic Review by by Tariq Emad Ali Appl. Sci. 2023, 13(5), 3183; https://doi.org/10.3390/app13053183

  • Idea: The objective of this systematic review is to identify, evaluate, and discuss new efforts on ML/DL-based DDoS attack detection strategies in SDN networks.
  • Methodology: To reach our objective, we conducted a systematic review in which we looked for publications that used ML/DL approaches to identify DDoS attacks in SDN networks between 2018 and the beginning of November 2022. To search the contemporary literature, we have extensively utilized a number of digital libraries (including IEEE, ACM, Springer, and other digital libraries) and one academic search engine (Google Scholar).
  • Results: We have analyzed the relevant studies and categorized the results of the SLR into five areas: (i) The different types of DDoS attack detection in ML/DL approaches; (ii) the methodologies, strengths, and weaknesses of existing ML/DL approaches for DDoS attacks detection; (iii) benchmarked datasets and classes of attacks in datasets used in the existing literature; (iv) the preprocessing strategies, hyperparameter values, experimental setups, and performance metrics used in the existing literature; and (v) current research gaps and promising future directions.
  • Idea: The objective of this systematic review is to identify, evaluate, and discuss new efforts on ML/DL-based DDoS attack detection strategies in SDN networks.
  • My comments: Review of IDS in SDN networks.

2023-03-09

A Fast and Effective Method for Intrusion Detection using Multi-Layered Deep Learning Networks

  • Problem: Detecting intrusions is a challenging aspect especially in networked environments, as the system designed for such a scenario should be able to handle the huge volume and velocity associated with the domain.
  • Idea: This research presents three models, APID (Adaptive Parallelized Intrusion Detection), HBM (Heterogeneous Bagging Model) and MLDN (Multi Layered Deep learning Network) that can be used for fast and efficient detection of intrusions in networked environments.
  • Methodology: The deep learning model has been constructed using the Keras library. The training data is preprocessed and segregated to fit the processing architecture of neural networks. The network is constructed with multiple layers and the other required parameters for the network are set in accordance with the input data. The trained model is validated using the validation data that has been specifically segregated for this purpose.
  • Results:
  • My comments:

A Novel Deep Learning-Based Intrusion Detection System for IoT Networks by Albara Awajan Computers 2023,12,34. https://doi.org/ 10.3390/computers12020034

  • Problem: Detecting intrusion on IoT devices in real-time is essential to make IoT-enabled services reliable, secure, and profitable.
  • Idea: Self generated data with feature engineering using DNN on simulated IoT devcies.
  • Methodology: This intelligent system uses a four-layer deep Fully Connected (FC) network architecture to detect malicious traffic that may initiate attacks on connected IoT devices. The proposed IDS is dynamic and regularly updated based on newly discovered features through the classifier Updated module.
  • image
  • image
  • Results: The proposed system demonstrates reliable performance for simulated and real intrusions during the experimental performance analysis. It detects the Blackhole, Distributed Denial of Service, Opportunistic Service, Sinkhole, and Workhole attacks with an average accuracy of 93.74%. The proposed intrusion detection system’s precision, recall, and F1-score are 93.71%, 93.82%, and 93.47%, respectively, on average. This innovative deep learning-based IDS maintains a 93.21% average detection rate which is satisfactory for improving the security of IoT networks.
  • Future directions: The scope of developing a platform-independent framework from the deep learning-based intrusion detection system for IoT networks will be explored. It is expected that a lightweight version of the proposed framework will be more efficient and effective in intrusion detection.
  • My comments: end-to-end IDS with classifer update.

Review: A review of hacking techniques in IoT systems and future trends of hacking on IoT environment by Nur A'fyfah Zaimy World Journal of Advanced Research and Reviews, 2023, 17(02), 723–731

  • Problem: This paper reviews Internet of Things (IoT) security and the rise in security issues due to hardware and software security flaws being exploited.
  • Idea: this paper aims to provide insights into the future of IoT security and inform the development of effective prevention measures by analyzing hacking techniques and tools.
  • My comments: general review on hacking methods and corresponding mitigation methods.

😄Explaining AI-informed Network Intrusion Detection with Counterfactuals by Gang Liu and Meng Jiang

  • Problem: the developers and users of the NID systems could not understand the systems’ correct or incorrect decisions due to the complexity and black-box nature of the AI methods.
  • Idea: Visual way on AI explanability.
  • Methodology: This is a two-page poster paper that presents a new demo system that offers a number of counterfactual explanations visually for any data example. The visualization results were automatically generated: users just need to provide the index of a data example and do not edit anything on the graph. The visual feature space was built by the t-SNE dimension reduction technique.
  • image
  • Future direction: In the future, we will extend the detection task from binary classification to multi-class classification.
  • My comments: an interesting paper on AI explanability in visualized way.

2023-03-10

😄 Review: Advances in IoT Security: Vulnerabilities, Enabled Criminal Services, Attacks and Countermeasures

  • Problem: IoT devices remain at higher risk of attack due to their intrinsic properties which include but are not limited to extreme heterogeneity, mostly plug-and-play nature, computational limitations, improper patch management, unnecessary open ports, default or no security credentials, and extensive use of reusable open-source software.
  • Motivation: To address these security concerns we need to thoroughly understand IoT devices’ vulnerabilities, associated attacks, and how criminal services can abuse these devices.
  • Idea: we present recent advances in IoT security vulnerabilities, criminal services by empirically identifying major vulnerable IoT devices and cyber attacks exploiting them by cyber criminals. Additionally, we present mapping of vulnerabilities, criminal services, attacks, and potential solutions against such vulnerabilities and attacks. We have also presented different approaches in a tabular form for side by side comparison.
  • Methodology
  • image
  • Idea: we present recent advances in IoT security vulnerabilities, criminal services by empirically identifying major vulnerable IoT devices and cyber attacks exploiting them by cyber criminals. Additionally, we present mapping of vulnerabilities, criminal services, attacks, and potential solutions against such vulnerabilities and attacks. We have also presented different approaches in a tabular form for side by side comparison.
  • My comments: valueable reference on various perspectives of the IoT security. some of the interesting tools as following: CVE (Common Vulnerability and Exposure): As the name suggests, it’s a list of publicly disclosed databases related to vulnerabilities and exposures. CVE database is maintained by MITRE1 and fully synchronized CVE database is also maintained by NIST as NVD database [28] Shodan:2 It is a search engine for the Internet of everything that is used to explore exposed internet-connected products. This is a tool popular these days for vulnerability assessment and security research.

2023-03-11

😄 Energy consumption of on-device machine learning models for IoT intrusion detection

  • Problem: No study has been conducted to analyze the energy consumption of ML-based IDS.
  • Idea: we perform a comparative analysis of on-device ML algorithms in terms of energy consumption for IoT intrusion detection applications.
  • Dataset: DS2OS
  • Methodology: For a thorough analysis, we study the training and inference phases separately. For training, we compare the cloud computing-based ML, edge computing-based ML, and IoT device-based ML approaches. For the inference, we evaluate the TinyML approach to run the ML algorithms on tiny IoT devices such as Micro Controller Units (MCUs).
  • image
  • Environment: As a cloud service, we leveraged the Azure cloud computing instance that had Intel 16 cores CPU with 32 GB RAM. Additionally, we defined the edge device as a device with limited memory and computation power whereas IoT device as a device with very low memory and computation capacity. Accordingly, we used Dell computer that had Intel(R) Core(TM) i7-9750H CPU processor with 16 GB RAM as an edge, and Raspberry Pi 4 Model B with 8 GB RAM as an IoT device. Finally, we used ESP32 Azure IoT Kit as an end device to evaluate inference time thus energy consumption on this device.
  • Results: Comparative performance evaluations show that deploying the Decision Tree (DT) algorithm on-device gives better results in terms of training time, inference time, and power consumption.
  • My comments: A good paper on energy consumption empirical analysis among various layers of IoT infrastructure.

2023-03-16

A Multi-level Random Forest Model-Based Intrusion Detection Using Fuzzy Inference System for Internet of Things Networks

Scalable anomaly-based intrusion detection for secure Internet of Things using generative adversarial networks in fog environment

Routing Attacks Detection in 6LoWPAN-Based Internet of Things

HOTD: A Holistic Cross-Layer Time-Delay Attack Detection Framework for Unmanned Aerial Vehicle Networks

An Optimal Reinforced Deep Belief Network for Detection of Malicious Network Traffic

Review on the Feasibility of Adversarial Evasion Attacks and Defenses for Network Intrusion Detection Systems