IDERES: Intrusion detection and response system using machine learning and attack graphs

Joseph R. Rose, Matthew Swann, Konstantinos P. Grammatikakis, Ioannis Koufos, Gueltoum Bendiab*, Stavros Shiaeles, Nicholas Kolokotronis

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

4 Downloads (Pure)


The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. This paper explores the potential of using network profiling, machine learning, and game theory, to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for identification of potential attacks. To complement this solution, an intrusion response system is used to act upon the generated alerts and compute the mitigation actions at real-time. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms, resulting in the mitigation of the majority of the executed attacks.

Original languageEnglish
Article number102722
Number of pages12
JournalJournal of Systems Architecture
Early online date13 Sept 2022
Publication statusPublished - 1 Oct 2022


  • Internet of Things
  • intrusion detection
  • intrusion response
  • machine learning
  • security


Dive into the research topics of 'IDERES: Intrusion detection and response system using machine learning and attack graphs'. Together they form a unique fingerprint.

Cite this