Intrusion detection using network traffic profiling and machine learning for IoT

Joseph Rose; Matthew Swann; Gueltoum Bendiab; Stavros Shiaeles; Nicholas Kolokotronis

doi:10.1109/NetSoft51509.2021.9492685

Intrusion detection using network traffic profiling and machine learning for IoT

Joseph Rose, Matthew Swann, Gueltoum Bendiab, Stavros Shiaeles, Nicholas Kolokotronis

School of Computing

University of Peloponnese

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

186 Downloads (Pure)

Abstract

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarm

Original language	English
Title of host publication	2021 IEEE 7th International Conference on Network Softwarization (NetSoft)
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	409-415
ISBN (Electronic)	9781665405225
ISBN (Print)	9781665446358
DOIs	https://doi.org/10.1109/NetSoft51509.2021.9492685
Publication status	Published - 26 Jul 2021
Event	IEEE 7th International Conference on Network Softwarization: NetSoft 2021 - Virtual, Tokyo, Japan Duration: 28 Jun 2021 → 2 Jul 2021

Publication series

Name	IEEE NetSoft Proceedings Series
Publisher	IEEE
ISSN (Print)	2693-9770
ISSN (Electronic)	2693-9789

Conference

Conference	IEEE 7th International Conference on Network Softwarization
Country/Territory	Japan
City	Tokyo
Period	28/06/21 → 2/07/21

Keywords

Machine Learning
Intrusion Detection System
Security
Internet of Things
network profiling

Access to Document

10.1109/NetSoft51509.2021.9492685

Intrusion Detection using Network Traffic Profiling and Machine Learning for IoT
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript (Post-print), 635 KB

Cite this

Rose, J., Swann, M., Bendiab, G., Shiaeles, S., & Kolokotronis, N. (2021). Intrusion detection using network traffic profiling and machine learning for IoT. In 2021 IEEE 7th International Conference on Network Softwarization (NetSoft) (pp. 409-415). (IEEE NetSoft Proceedings Series). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/NetSoft51509.2021.9492685

@inproceedings{27aebeac72884e5c987366ef973e145a,

title = "Intrusion detection using network traffic profiling and machine learning for IoT",

abstract = "The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarm",

keywords = "Machine Learning, Intrusion Detection System, Security, Internet of Things, network profiling",

author = "Joseph Rose and Matthew Swann and Gueltoum Bendiab and Stavros Shiaeles and Nicholas Kolokotronis",

year = "2021",

month = jul,

day = "26",

doi = "10.1109/NetSoft51509.2021.9492685",

language = "English",

isbn = "9781665446358",

series = "IEEE NetSoft Proceedings Series",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "409--415",

booktitle = "2021 IEEE 7th International Conference on Network Softwarization (NetSoft)",

address = "United States",

note = "IEEE 7th International Conference on Network Softwarization : NetSoft 2021 ; Conference date: 28-06-2021 Through 02-07-2021",

}

Rose, J, Swann, M, Bendiab, G, Shiaeles, S & Kolokotronis, N 2021, Intrusion detection using network traffic profiling and machine learning for IoT. in 2021 IEEE 7th International Conference on Network Softwarization (NetSoft). IEEE NetSoft Proceedings Series, Institute of Electrical and Electronics Engineers Inc., pp. 409-415, IEEE 7th International Conference on Network Softwarization, Tokyo, Japan, 28/06/21. https://doi.org/10.1109/NetSoft51509.2021.9492685

Intrusion detection using network traffic profiling and machine learning for IoT. / Rose, Joseph; Swann, Matthew; Bendiab, Gueltoum et al.

2021 IEEE 7th International Conference on Network Softwarization (NetSoft). Institute of Electrical and Electronics Engineers Inc., 2021. p. 409-415 (IEEE NetSoft Proceedings Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Intrusion detection using network traffic profiling and machine learning for IoT

AU - Rose, Joseph

AU - Swann, Matthew

AU - Bendiab, Gueltoum

AU - Shiaeles, Stavros

AU - Kolokotronis, Nicholas

PY - 2021/7/26

Y1 - 2021/7/26

N2 - The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarm

AB - The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarm

KW - Machine Learning

KW - Intrusion Detection System

KW - Security

KW - Internet of Things

KW - network profiling

UR - https://netsoft2021.ieee-netsoft.org/wp-content/uploads/sites/274/2021/01/cfp_netsoft2021_flyer_r3.pdf

UR - https://netsoft2021.ieee-netsoft.org/

U2 - 10.1109/NetSoft51509.2021.9492685

DO - 10.1109/NetSoft51509.2021.9492685

M3 - Conference contribution

SN - 9781665446358

T3 - IEEE NetSoft Proceedings Series

SP - 409

EP - 415

BT - 2021 IEEE 7th International Conference on Network Softwarization (NetSoft)

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - IEEE 7th International Conference on Network Softwarization

Y2 - 28 June 2021 through 2 July 2021

ER -

Intrusion detection using network traffic profiling and machine learning for IoT

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this