DOI : https://doi.org/10.18517/ijaseit.10.4.12762

A Development of Embedded Anomaly Behavior Packet Detection System for IoT Environment using Machine Learning Techniques

Youngchan Lim (1), Gicheol Choi (2), Kwangjae Lee (3)
(1) Dept. of Information Security Engineering, Sangmyung University, Dongnam-gu, Cheonan, 31066, Korea
(2) Dept. of Information Security Engineering, Sangmyung University, Dongnam-gu, Cheonan, 31066, Korea
(3) Dept. of Information Security Engineering, Sangmyung University, Dongnam-gu, Cheonan, 31066, Korea
Fulltext View | Download
How to cite (IJASEIT) :
Lim, Youngchan, et al. “A Development of Embedded Anomaly Behavior Packet Detection System for IoT Environment Using Machine Learning Techniques”. International Journal on Advanced Science, Engineering and Information Technology, vol. 10, no. 4, Aug. 2020, pp. 1340-5, doi:10.18517/ijaseit.10.4.12762.
Citation Format :
Despite the growth of IoT technology and related markets, aspect of the IoT security in the IoT field is not handled correctly due to several factors such as indiscreet participation in the market, poor optimization for the various specifications. In this paper, an embedded anomaly packet detection system using machine learning technology for an IoT environment is proposed and evaluated. The suggesting system is composed of two main devices—the packet collection device and the packet analysis device. The packet collection device collects network packets from the IoT devices that are connected to the system. The packet analysis device detects anomalies from the packet data by using the machine learning model. Detected anomalies, which are mostly considered as intrusions such as new or bypassing HTTP attacks as well as existing attacks, are responded in real-time. For conformity assessment in a real-time environment, TPR, FPR, accuracy, and detection speed was measured, and the measured values of the target embedded board are 100%, 0.56%, 99.5, and 2.4 to 13.4 seconds, respectively. The results of TPR, FPR, and accuracy indicate the model itself has an excellent ability to discriminate between anomalies, but it is challenging to apply it to an embedded system in terms of detection speed. Future studies need to apply anomaly detection models that are more suitable for embedded devices and unique hardware accelerators for computing artificial neural networks.

Columbus, Louis. (2018) IoT market predicted to double by 2021, reaching $520b. [Online]. Available: https://www.forbes.com/sites/ louiscolumbus/2018/08/16/iot-market-predicted-to-double-by-2021-reaching-520b

Khan, M. A. and Salah, K., “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Comput. Syst., vol. 82, 2018, pp. 395-411.

Sharma, Pradip Kumar, and Jong Hyuk Park, “Blockchain based hybrid network architecture for the smart city,” Future Generation Comput. Syst., vol. 86, pp. 650-655, 2018.

Hadar, N., Siboni, S., and Elovici, Y, “A Lightweight Vulnerability Mitigation Framework for IoT Devices,” in Proc. 2017 Workshop on Internet of Things Secur. Privacy, 2017, pp. 71-75.

Ammar, Mahmoud, Giovanni Russello, and Bruno Crispo, “Internet of Things: A survey on the security of IoT frameworks,” J. Inf. Secur. Appl., vol. 38, pp. 8-27, 2018.

T. W. Tseng, C. T. Wu, and F. Lai, “Threat Analysis for Wearable Health Devices and Environment Monitoring Internet of Things Integration System,” IEEE Access, vol. 7, pp. 144983-144994, 2019.

T. A. Ahanger and A. Aljumah, “Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms,” IEEE Access, vol. 7, pp. 11020-11028, 2019.

Miloslavskaya, N. and Tolstoy, A., “Internet of Things: information security challenges and solutions,” Cluster Comput., vol. 22, no. 1, pp. 103-119, 2019.

M. Frustaci, P. Pace, G. Aloi, and G. Fortino, “Evaluating Critical Security Issues of the IoT World: Present and Future Challenges,” IEEE Internet of Things J., vol. 5, no. 4, pp. 2483-2495, Aug. 2018.

Poonia A.S., Banerjee C., Banerjee A., and Sharma S.K, “Security Issues in Internet of Things (IoT)-Enabled Systems: Problem and Prospects,” Soft Comput.: Theories Appl., vol. 1053, pp.1419-1423, 2020.

Raza, Shahid, Linus Wallgren, and Thiemo Voigt, “SVELTE: Real-time intrusion detection in the Internet of Things,” Ad hoc netw., vol. 11, no. 8, pp. 2661-2674, 2013.

Adat, Vipindev, and B. B. Gupta, “Security in Internet of Things: issues, challenges, taxonomy, and architecture,” Telecommun. Syst., vol. 67, no.3, pp. 423-441, 2018.

Amouri, A., Alaparthy, V. T., and Morgera, S. D., “Cross layer-based intrusion detection based on network behavior for IoT,” in WAMICON’18, 2018, pp. 1-4.

Amouri, Amar, Vishwa T. Alaparthy, and Salvatore D. Morgera. “A Machine Learning Based Intrusion Detection System for Mobile Internet of Things,” Sensors, vol. 20, no.2, pp. 1-15, 2020.

M. Ramadan, Y. Liao, F. Li, and S. Zhou, “Identity-Based Signature With Server-Aided Verification Scheme for 5G Mobile Systems,” IEEE Access, vol. 8, pp. 51810-51820, 2020.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network Anomaly Detection: Methods, Systems and Tools,” IEEE Commun. Surveys Tut., vol. 16, no. 1, pp. 303-336, 2013.

Hamamoto, Anderson Hiroshi, et al., “Network anomaly detection system using genetic algorithm and fuzzy logic,” Expert Syst. Appl., vol. 92, pp. 390-402, 2018.

Zhang, Daokun, et al., “Network representation learning: A survey,” IEEE Trans. Big Data, vol. 6, no. 1, pp. 3-28, 2020.

J. R. Binkley and B. Massey, “Ourmon and Network Monitoring Performance,” in USENIX’05 Ann. Technical Conf., 2005, pp. 95-108.

R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, “McPAD: A multiple classifier system for accurate payload-based anomaly detection,” J. Comput. Netw., vol. 53, no. 6, pp. 864-881, 2009.

Meidan, Y., Bohadana, M., Shabtai, A., Ochoa, M., Tippenhauer, N. O., Guarnizo, J. D., and Elovici, Y., “Detection of Unauthorized IoT Devices Using Machine Learning Techniques,” arXiv:1709.04647 [cs.CR], Sep. 2017.

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT,” in ICDCS’17, 2017, pp. 2177-2184.

T. D. Nguyen, S. Marchal, M. Miettinen, N. Asokan, and A.-R. Sadeghi, “DíoT: A Federated Self-learning Anomaly Detection System for IoT,” in ICDCS’19, 2019, pp. 756-767.

Doshi, R., Apthorpe, N., and Feamster, N., “Machine Learning DDoS Detection for Consumer Internet of Things Devices,” in SPW’18, 2018, pp. 29-35.

Microsoft. (2012) SQL Injection. [Online]. Available: https:// docs.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ ms161953(v=sql.105)

Symantec, “Symantec Internet Security Threat Report: Trends for July-December 2007 (Executive Summary),” Symantec Corp., vol. 13, Apr. 2008.

G. Choi, Y. Lim, and K. Lee, “A Development of Anomaly Behavior Detection System for IoT Environment using Machine Learning,” in ICICPE’19, Dec. 2019, pp. 63-65.

Chawla, A., Jacob, P., Lee, B., and Fallon, S., “Bidirectional LSTM Autoencoder for Sequence based Anomaly Detection in Cyber Security,” Int. J. Simul. Syst., Sci. & Technol., vol. 20, no. 5, pp. 7.1-7.6, 2019.

Alexandra Murzina, Irina Stepanyuk, Fedor Sakharov, and Arseny Reutov. (2019) Detecting web attacks with a Seq2Seq autoencoder. [Online]. Available: http://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).