ArticlePDF Available

Abstract

Currently, the Internet of Things is spreading in all areas that apply computing resources. An important ally of the IoT is fog computing. It extends cloud computing and services to the edge of the network. Smart environments are becoming real and possible through IoT and fog computing. However, they are not free from security threats and vulnerabilities. This makes special security techniques indispensable. Security is one of the biggest challenges to ensuring an optimal IoT and Fog environment. Combined with the significant damage generated by application attacks, this fact creates the need to focus efforts in this area. This need can be proven through existing reviews of the state-of-the-art that pointed out several open aspects that need greater research effort. In this way, this article presents a Systematic Literature Review (SLR) considering the context of intrusion detection and prevention in environments based on fog computing and IoT. This review addresses more than 100 studies that were included after going through an extensive inclusion/exclusion process, with well-defined criteria. From these studies, information was extracted to build a view of the current state-of-the-art and answer the research questions of this study. In this way, we identify the state-of-the-art, open questions and possibilities for future research.
Get rights and content
1.
2.
3.
4.
5.
Computer Networks
Available online 8 July 2022, 109154
In Press, Journal Pre-proof
Review article
Intrusion detection and prevention in fog based
IoT environments: A systematic literature
review
Cristiano Antonio de Souza , Carlos Becker Westphall , Renato Bobsin Machado , Leandro Lo ,
Carla Merkle Westphall , Guilherme Arthur Geronimo
Show more
https://doi.org/10.1016/j.comnet.2022.109154
Abstract
Currently, the Internet of Things is spreading in all areas that apply computing
resources. An important ally of the IoT is fog computing. It extends cloud
computing and services to the edge of the network. Smart environments are
becoming real and possible through IoT and fog computing. However, they are not
free from security threats and vulnerabilities. This makes special security
techniques indispensable. Security is one of the biggest challenges to ensuring an
optimal IoT and Fog environment. Combined with the significant damage
generated by application attacks, this fact creates the need to focus eorts in this
area. This need can be proven through existing reviews of the state-of-the-art that
pointed out several open aspects that need greater research eort. In this way, this
article presents a Systematic Literature Review (SLR) considering the context of
intrusion detection and prevention in environments based on fog computing and
IoT. This review addresses more than 100 studies that were included after going
through an extensive inclusion/exclusion process, with well-defined criteria. From
these studies, information was extracted to build a view of the current state-of-the-
art and answer the research questions of this study. In this way, we identify the
state-of-the-art, open questions and possibilities for future research.
Introduction
The Internet of Things (IoT) is spreading in all areas. The number of devices
connected to the Internet continues to grow. Cisco predicts that the number of
interconnected devices on the planet could reach 500 billion by 2025#[1]. Its small
and inexpensive devices make it possible for objects used in daily life to be
connected to the Internet. The idea is to unite the physical and digital worlds by
communicating objects with other devices, data centers, and clouds.
IoT devices have limited resources. Thus, there is a need to transfer, through the
Internet, the data generated by these devices, to process and store them in a
computational center of greater capacity. Cloud Computing#[2] has the latency
problem caused by the distance between IoT devices and data centers#[3]. Fog
Computing, however, provides services closer to the end devices#[4]. This way, it
stores and processes information close to IoT devices, reducing the trac sent to
the cloud#[5]. Also, it allows applications that require real-time processing to obtain
a faster response.
Motivations. Smart environments are becoming real through IoT and fog
computing, but they are not free from security threats and vulnerabilities.
Techniques for exploiting computer infrastructure vulnerabilities are continually
being improved. Among the main objectives is the acquisition of access to the
systems, the obtaining and improper use of confidential information, and causing
unavailability of resources. For example, a recent incident involving IoT devices in
October 2016, where a botnet Mirai attack on service provider Dyn brought down
hundreds of sites, including Twitter, Netflix, Reddit and GitHub, for several
hours#[6], [7]. Security in these environments is critical as IoT devices are often
embedded in people’s daily lives and deal with sensitive information. In addition,
some systems perform monitoring and perform critical actions, which need to have
uninterrupted operation. IoT and fog computing solutions are made up of various
technologies, services, and standards, each with its own security and privacy
requirements#[8]. The IoT paradigm presents several security vulnerabilities that
communication networks, cloud services, and the Internet have#[8]. However,
traditional security tools have diculties being applied directly in this context due
to three fundamental aspects: the limited computing power of the IoT components,
the high number of interconnected devices, and the sharing of data between objects
and users#[9]. Furthermore, the rapid expansion of IoT solutions has left these
networks vulnerable to security and privacy risks. The authors Kolias et#al.#[10]
discovered several security vulnerabilities by creating IoT use cases using popular
commercial products and services. Among the main attacks present in IoT is Denial
of Service (DoS), Distributed DoS (DDoS), Man-In-The-Middle (MITM), routing
attacks, and conventional attacks#[10]. Security threats related to conventional
technologies that are part of the IoT environment can also apply to IoT systems, for
example, unsecured connections, malicious code injection, probing, intercepting,
fabrication, and modification of messages#[11].
The significant damage generated by attacks in this environment creates the need to
concentrate eorts in this area#[12]. Special security techniques are indispensable in
modern computer systems. Intrusion detection is one of the critical points of
security, aiming to identify occurrences of attacks. Fog computing consists of a layer
that has a greater computational capacity compared to IoT devices and therefore
can work with more complex detection models, such as Machine Learning, Deep
Learning and Ensemble Learning. However, this environment also has
particularities and restrictions. In addition, training complex detection approaches
is costly and can overwhelm the fog. Furthermore, due to the distributed nature of
fog computing it becomes an ideal environment for employing distributed and
collaborative approaches. Finally, fog computing is situated in a strategic position
for both detection and execution of post detection actions to protect the IoT
environment. Thus, we carried out this review work to obtain an overview of the
current state-of-the-art and provide research directions for detecting and
preventing intrusions in fog computing and IoT. This study is a Systematic
Literature Review (SLR), which has a well-defined research strategy that allows the
reproduction or replication of the work and assessment of the integrity of the
same#[13]. Hajiheidari et#al.#[14] and Kaur et#al.#[15] presented SLRs, in dierent
contexts, very well documented, which inspired several methodological decisions
regarding the SLR of our work. However, despite the great reviews that exist, there
are still important points that need to be addressed. The existing revisions in the
state-of-the-art left several general aspects open, as discussed in Section#2. These
aspects need to be deeply studied through further reviews to understand the state-
of-the-art, the problems and present future research directions. As presented in
Section#2, there is no SLR considering the topics covered in this work in the context
of fog computing and IoT.
This article presents a survey conducted in the form of a systematic review of the
literature on research eorts to detect and prevent intrusions in fog computing and
IoT. This review has more than 100 studies, which were included in this review after
going through an extensive inclusion/exclusion process, with well-defined criteria,
applied to more than ten thousand articles searched in seven reputable databases of
scientific articles. Further details of the search and selection process performed are
presented in Section#3. From the articles included, a lot of information was
extracted to answer the research questions in this study.
With the discussion and analysis performed, we build a vision of state-of-the-art in
detection and prevention of intrusion in fog computing and IoT. In addition, we
identified the main problems encountered, open questions, challenges, and
possibilities for future research.
Contributions. The contributions obtained in this work are presented below:
we describe the main machine learning techniques applied in fog computing
intrusion detection;
we clearly describe the dierent collaboration strategies employed in distributed
intrusion detection approaches;
we describe existing strategies to mitigate attacks in fog computing and IoT
environments;
we present an updated set of datasets that, together with the information
extracted, can be an important contribution to future researchers in the
decision-making process of their projects.
analysis of the weaknesses and diculties found in state-of-the-art and survey
the main open questions and directions for future research.
The rest of this article is organized as follows. Section#2 presents the review works
present in the research area. Section#3 presents the systematic mapping protocol,
information about planning and execution. In Section#4, the current state-of-the-art
in intrusion detection and prevention in fog computing and IoT environments is
discussed. In addition, research questions are answered. In Section#5, we discuss the
problems found in state-of-the-art, open questions, and possibilities for future
research. Finally, Section#6 concludes the article.
Section snippets
Related works
In this section, we summarize the existing SLR and research on the topic studied
and highlight their contributions, diculties and dierences in relation to our SLR.
Before carrying out a systematic review procedure, it is necessary to ensure that it is
necessary, that is, to verify that there is no similar and high-quality study in the
literature. However, in Kitchenham et#al.#[16], there is no defined procedure for
implementing the survey to identify the need to conduct a systematic review
Methodology of the systematic literature review
As can be seen in Section#2, there is a need for a systematic review procedure on fog
and IoT based intrusion detection and prevention approaches. The process of
conducting systematic mapping is divided into three stages: planning and
construction of the protocol, execution, and summary of the review results. These
steps were carried out using the techniques demonstrated in#[13], [14], [15], [31], [32],
[33]. The Section#3.1 presents the protocol of the search and selection process of
articles.
Intrusion detection and prevention in fog computing and IoT
The basic feature of IoT is the pervasive presence of a wide variety of intelligent
objects in people’s daily lives, such as sensors, actuators, mobile phones, among
others#[35], [36]. The significant heterogeneity, the high number of devices, and the
rapid production of the technologies involved in IoT networks can leave them
vulnerable to security and privacy risks. These vulnerabilities are used by malicious
entities to cause damage#[10].
Intrusion Detection Systems (IDS) are an essential
Issues, challenges and future research directions
This section presents a full discussion of the current state of the art in intrusion
detection and prevention in fog computing and IoT, the open questions, and the
possibilities for future research.
Table#20 presents a comparison between the various works included in the
mapping, considering several characteristics. Regarding the column Detection
Method Category (DMC), the works can be classified into anomaly, specification and
signature. Detection Type (DT) indicates whether the job performs M
Conclusions
IoT is spreading in all areas due to its ability to make objects smart. In this way, they
can monitor and act on the environment in which they operate. IoT devices have
limited resources and need to send information to places with more computing
resources. Fog computing then emerged as an excellent processing solution close to
devices. IoT and fog are not free from security threats and vulnerabilities. Adding to
the significant damage generated by attacks in this environment, this fact creates
CRediT authorship contribution statement
Cristiano Antonio de Souza: Conceptualization, Methodology, Writing – original
draft. Leandro Lo: Data curation, Writing – original draft.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or
personal relationships that could have appeared to influence the work reported in
this paper.
Acknowledgment
The authors sincerely thank the Federal University of Santa Catarina (UFSC). Also,
this study was partially funded by the Fundação de Amparo à Pesquisa e Inovação do
Estado de Santa Catarina (FAPESC) and by the Coordenação de Aperfeiçoamento de
Pessoal de Nível Superior - Brasil (CAPES) - Financial Code 001.
Cristiano Antonio de Souza is a PhD student in Computer Science at the Federal
University of Santa Catarina (UFSC). He holds a degree in Computer Science from
the State University of Western Paraná (2015). Master in Electrical Engineering and
Computer Science from the State University of Western Paraná (2018). Participates
in research groups: Research Group on Information Security, Networks and Systems
(CNPq-UFSC); and Computational Security Research Group (CNPq-UNIOESTE).
His research
References (239)
ReyV. et al.
Federated learning for malware detection in IoT devices
Comput. Netw. (2022)
RazaqueA. et al.
Energy-ecient and secure mobile fog-based cloud for the Internet of Things
Future Gener. Comput. Syst. (2022)
RahmanM.A. et al.
Scalable machine learning-based intrusion detection system for IoT-enabled smart
cities
Sustainable Cities Soc. (2020)
KavianiS. et al.
Application of complex systems topologies in artificial neural networks optimization:
An overview
Expert Syst. Appl. (2021)
DevV.A. et al.
Gradient boosted decision trees for lithology classification
KumarP. et al.
An ensemble learning and fog-cloud architecture-driven cyber-attack detection
framework for IoMT networks
Comput. Commun. (2021)
RokachL.
Decision forest: Twenty years of research
Inf. Fusion (2016)
de#SouzaC.A. et al.
Hybrid approach to intrusion detection in fog-based IoT environments
Comput. Netw. (2020)
AlmianiM. et al.
Deep recurrent neural network for IoT intrusion detection system
Simul. Model. Pract. Theory (2020)
de SouzaC.A. et al.
Two-step ensemble approach for intrusion detection and identification in IoT and fog
computing environments
Comput. Electr. Eng. (2022)
View more references
Cited by (0)
Recommended articles (6)
Research article
PDAE: Ecient network intrusion detection in IoT using parallel deep auto-
encoders
Information Sciences, Volume 598, 2022, pp. 57-74
Show abstract
Research article
Graph based ensemble classification for crime report prediction
Applied Soft Computing, Volume 125, 2022, Article 109215
Show abstract
Research article
Hybrid approach to intrusion detection in fog-based IoT environments
Computer Networks, Volume 180, 2020, Article 107417
Show abstract
Research article
Interest Broadcasting and Timing Attack in IoV (IBTA-IoV): A novel architecture
using Named Software Defined Network
Computer Networks, Volume 213, 2022, Article 109121
Show abstract
Research article
Adversarial machine learning for network intrusion detection: A comparative study
Computer Networks, Volume 214, 2022, Article 109073
Show abstract
Research article
Comparative eectiveness and acceptability of dierent ACT delivery formats to
treat depression: A systematic review and network meta-analysis of randomized
controlled trials
Journal of Aective Disorders, Volume 313, 2022, pp. 196-203
Show abstract
Cristiano Antonio de Souza is a PhD student in Computer Science at the Federal University of Santa Catarina
(UFSC). He holds a degree in Computer Science from the State University of Western Paraná (2015). Master in
Electrical Engineering and Computer Science from the State University of Western Paraná (2018). Participates in
research groups: Research Group on Information Security, Networks and Systems (CNPq-UFSC); and
Computational Security Research Group (CNPq-UNIOESTE). His research interests focus on network security,
intrusion detection and artificial intelligence.
Carlos Becker Westphall is Full Professor (since 1993) at the Federal University of Santa Catarina - Brazil, where he
acts as the leader of the Network and Management Laboratory and also coordinates some projects funded by the
Brazilian National Research Council (CNPq). Obtained a degree in Electrical Engineering in 1985 and a M.Sc.
degree in Computer Science in 1988, both at the Federal University of Rio Grande do Sul, Brazil. Obtained a D.Sc.
degree in Computer Science (Network Management) at the University of Toulouse (Université Toulouse III - Paul
Sabatier), France, in 1991. Editorial board member of periodicals and technical program and/or organizing
committee member of conferences. He was the founder of LANOMS. He has contributed to Elsevier as editorial
board member of the Computer Networks Journal; to Springer as board of editors and senior technical editor of
the Journal of Network and Systems Management. He acted as a local group coordinator in the European
MAX/ESPRIT II project which involved the Alcatel- TITN, British Telecom, HP, CSELT, SIRTI and NKT Companies.
Best paper of CLEI 2011. Awarded International Academy, Research, and Industry Association Fellow (award
plaque), in 2011. Paper at IEEE ComSoc Technology News, in 2012. Achievement award - tutorial at WorldComp
2013. Awarded - best paper of ICN 2013. IEEE Communications Society 20 years member (Certificate of
Appreciation), in 2014.
Renato Bobsin Machado graduated in Computer Science from the State University of Western Paraná (1998),
master’s degree in Computer Science from the Federal University of Santa Catarina (2005) and a PhD in Sciences
from the State University of Campinas (2013). He is currently a professor and researcher at the State University of
Western Paraná, working in the Graduate Program in Electrical and Computer Engineering (PGEEC). Conducts
research in the areas of computer security, intrusion detection, cryptographic methods, distributed systems and
data communication. He coordinates the Laboratory for Research in Computational Security (LaPSeC) and
participates in research groups: Research Group on Information Security, Networks and Systems (CNPq-UFSC);
and Computational Security Research Group (CNPq-UNIOESTE).
Leandro Lo is a PhD student in Computer Science at the Federal University of Santa Catarina (UFSC), Trindade
campus. He received the B.Sc. degree in Computer Science from the Federal Institute Catarinense (IFC) Rio do Sul
campus in 2017 and the M.Sc. degree in Computer Science from the Federal University of Santa Catarina (UFSC)
Trindade campus in 2019, and also a postgraduate degree in Computer Forensics by IPOG - Florianópolis in 2020.
He is currently student of the Post-Graduate Program in Computer Science at the PhD level, and an active
researcher at the Network and Management Laboratory.
Carla Merkle Westphall is Associate Professor (since 2007) in the Department of Informatics and Statistics at the
Federal University of Santa Catarina, Brazil. She acts as a security researcher of the Network and Management
Laboratory. She is advisor of Ph.D. and Master students in the Graduate Program in Computer Science at Federal
University of Santa Catarina. Carla received a Doctor degree in the subject of Information Security in 2000. She
obtained a bachelor’s degree in 1994 and a M.Sc. degree in 1996, both in Computer Science at the Federal
University of Santa Catarina. She is a committee member of security conferences and journals. Her research
interests include distributed systems security, computer networks, internet of things, identity management,
blockchain and new generation networks.
Guilherme Arthur Geronimo graduated in 2006, Master in 2012 and Doctor in 2016 in Computer Science from
the Federal University of Santa Catarina. He is currently a Federal Public Employee, in the position of IT Analyst,
under the role of Datacenter Coordinator, located at the Superintendence of Electronic Governance and
Information and Communication Technology (SeTIC) of the Federal University of Santa Catarina (UFSC) and in
parallel researcher-collaborator in the Network and Management Laboratory (LRG), in the Informatics and
Statistics Department (INE).
This document is the results of the research project funded by the Fundação de Amparo à Pesquisa e Inovação do
Estado de Santa Catarina (FAPESC) and by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior -
Brasil (CAPES).
View full text
© 2022 Elsevier B.V. All rights reserved.
About ScienceDirect Remote access Shopping cart Advertise Contact and support Terms and conditions Privacy policy
We use cookies to help provide and enhance our service and tailor content and ads. By continuing you agree to the use of cookies.
Copyright © 2022 Elsevier B.V. or its licensors or contributors. ScienceDirect® is a registered trademark of Elsevier B.V.
Journals & Books
Corporate sign in
Article preview
Abstract
Introduction
Section snippets
References (239)
Recommended articles (6)
a a b a
a a
Share
Cite
View$PDF
Purchase PDF
Search ScienceDirect
Access through$Federal University of San…
... Due to the huge popularity of wireless IoT devices, the amount of connections and development of mobile computing is growing rapidly [1]. Therefore, the problems of response time and consumption of energy are said to be very critical [2]. For addressing and suggesting good solutions, a fog-assisted system has been developed in order to achieve difficult delay-sensitive following-generation services like one needed by (resource-limited) wireless mechanisms for example; surveillance video cameras, sensors, and mobile phones for evaluating physical variables such as humidity, temperature, pressure and much more) [3]. ...
... In Eq. (3), the original exploitation stage is represented by , ( + 1) in Eq. (4) and a modified binary location of exploitation stage at ℎ iterations are 2 ( , ( + 1)), a uniformly distributed random number ∈ [1, 0] is , and sigmoid ( ) is evaluated as in Eq. (2). In this study, the solution representation is given in vector with 1D. ...
... It includes 125973 instances and a 2 classes. 3,6,7,9,10,12,14,16,18,19,21,23,27,28,30,31,33 TLBO-FS 0.001108 2,4,5,6,8,9,11,13,14,16,18,19,22,24,25,29 23,29,21,37,2,1,6,7,9,11,15,19,20,22,27,39,40,3,5 Figure 3 represents the classifier analysis of the BAOA-SAE system with test database. Figures. ...
... The rapid expansion of the Internet and the proliferation of connected devices have increased cybersecurity concerns for organizations and individuals alike [1]. Cyber attacks, including data breaches, financial losses, and reputation damage, underscore the critical need for robust cybersecurity measures [2,3]. This challenge is exacerbated by diverse networked systems such as Cyber-Physical Systems, Mobile Ad Hoc Networks, Internet of Things, and Wireless Sensor Networks, each introducing unique vulnerabilities and attack vectors [4,5]. ...
... IoT Security [2] Creates a strong security architecture that integrates fog computing and IoT with healthcare systems (Healthcare 5.0). the performance of three machine learning models: extreme gradient enhancement (XGBoost), recurrent neural network (RNN), and deep neural network (DNN). The paper provides a comprehensive evaluation of the models and identifies the XGBoost model as the most accurate for potential threats. ...
... The paper provides a detailed description of the system architecture, data processing pipeline, and evaluation metrics used in the experiments. De Souza et al. (2020) [2] address the security issues related to the integration of the Internet of Things (IoT) and fog computing in healthcare 5.0 systems. They introduce a secure general healthcare 5.0 framework that enables various security-related processes such as authentication, access control, key management, and intrusion detection. ...
Article
Full-text available
The increasing severity of cyber-attacks against organizations emphasizes the necessity for efficient threatintelligence. This article presents a novel multi-layered architecture for threat intelligence that integratesdiverse data streams, including corporate network logs, open-source intelligence, and dark web monitoring, tooffer a comprehensive overview of the cybersecurity threat landscape. Our approach, distinct from previousstudies, uniquely integrates these varied features into the machine-learning algorithms (XGBoost, GradientBoosting, LightGBM, Extra Trees, Random Forest, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes,Support Vector Machine, Linear Discriminant Analysis, Logistic Regression, ridge Classifier, AdaBoost andQuadratic Discriminant Analysis) using various feature selection algorithms (information gain, correlationcoefficient, chi-square, fisher score, forward wrapper, backward wrapper, Ridge classifier) to enhance real-time threat detection and mitigation. The practical LITNET-2020 dataset was utilized to evaluate the proposedarchitecture. Extensive testing against real-world cyber-attacks, including malware and phishing, demonstratedthe robustness of the architecture, achieving exceptional results. Specifically, XGBoost demonstrated the highestperformance with a detection accuracy of 99.98%, precision of 99.97%, and recall of 99.96%, Significantlysurpassing traditional methods. Gradient Boosting and LightGBM also exhibited excellent performance, withaccuracy, precision, and recall values of 99.97%. Our findings underscore the effectiveness of our architecturein significantly improving an organization’s capability to identify and counteract online threats in real-time.By developing a comprehensive threat intelligence framework, this study advances the field of cybersecurity,providing a robust tool for enhancing organizational resilience against cyber-attacks.
... Methods such as multi-stage intrusion detection are applied to detect attack packets operating within the data plane, control plane, or both. Despite the capability of several IDS techniques to differentiate diverse attacks, a common issue is the prevalence of false alarms [7,8]. ...
... T(n) = 2T(n/2) + n 2 (8) = n 2 + 2 2T(n/2) + n 2 /4 (9) ...
Article
Full-text available
The advent of 5G heralds unprecedented connectivity with high throughput and low latency for network users. Software-defined networking (SDN) plays a significant role in fulfilling these requirements. However, it poses substantial security challenges due to its inherent centralized management strategy. Moreover, SDN confronts limitations in handling malicious traffic under 5G’s extensive data flow. To deal with these issues, this paper presents a novel intrusion detection system (IDS) designed for 5G SDN networks, leveraging the advanced capabilities of binarized deep spiking capsule fire hawk neural networks (BSHNN) and blockchain technology, which operates across multiple layers. Initially, the lightweight encryption algorithm (LEA) is used at the data acquisition layer to authenticate mobile users via trusted third parties. Followed by optimal switch selection using the mud-ring algorithm in the switch layer, and the data flow rules are secured by employing blockchain technology incorporating searchable encryption algorithms within the blockchain plane. The domain controller layer utilizes binarized deep spiking capsule fire hawk neural network (BSHNN) for real-time data packet classification, while the smart controller layer uses enhanced adapting hidden attribute-weighted naive bayes (EAWNB) to identify suspicious packets during data transmission. The experimental results show that the proposed technique outperforms the state-of-the-art approaches in terms of accuracy (98.02%), precision (96.40%), detection rate (96.41%), authentication time (16.2 s), throughput, delay, and packet loss ratio.
... An intrusion detection system (IDS) for IoMT security is necessary as a secondary defense mechanism against intruders and threats situated behind a firewall, addressing the limitations that are inherent in the protective measures of firewalls [5]. An IDS comprises software and/or hardware designed to monitor and identify suspicious events in network systems, employing signature-or anomaly based detection methodologies; it differs from other network security approaches with respect to its ability to identify both current and historical intrusions [6]. ...
Article
Full-text available
In light of the flourishing proliferation of internet services, the popularity of the Internet of Things (IoT) has swiftly grown in the medical and healthcare fields, and this has been accompanied by a simultaneous escalation in the sophistication of intrusion attacks. Drawing inspiration from the accomplishments of deep learning in cyber threat detection, we propose a multigrained scanning-based deep stacking network (MGDSN) to defend against sophisticated cyberattacks on Internet of Medical Things (IoMT) networks. To address the obscured characteristics of intricate cyberattacks, the MGDSN incorporates four components. First, the feature augmentation process leverages an improved multigrained scanning technique to enhance discriminative information. Second, a deep stacking network (DSN) with a weighting mechanism is employed to generate a set of predictive results for making the final decision. Third, a meta-classifier is introduced to scrutinize the influence of the predictive results when producing the final decision and exploiting a set of meaningfully extracted features. Finally, a loss function is properly designed to take both the predictive losses of the DSN modules and the final predictive loss into account. The outstanding performance achieved by the MGDSN is confirmed through comprehensive evaluations comparing it with the state-of-the-art techniques, encompassing metrics such as the accuracy, precision, recall, F1 score, Cohen’s kappa coefficient, Matthews correlation coefficient, and area under the curve achieved on the IoMT datasets. The MGDSN exhibits a notable improvement ranging from approximately 0.12%-329.21%.
Preprint
Full-text available
As our dependence on the internet and digital platforms grows, the risk of cyber threats rises, making it essential to implement effective Measures to safeguard sensitive information through cybersecurity, ensure system integrity, and prevent unauthorized data access. Fuzz testing, commonly known as fuzzing, is a valuable for software testing as it uncovers vulnerabilities and defects in systems by introducing random data inputs, often leading to system crashes. In the Internet of Things domain, fuzzing is crucial for identifying vulnerabilities in networks, devices, and applications through automated tools that systematically inject malformed inputs into IoT systems. This research aims to comprehensively evaluate current fuzzing practices, emphasizing adaptive techniques tailored to IoT environments. A rigorous analysis of 30 recent academic articles was conducted to identify weaknesses, gaps, and challenges in existing approaches. The investigation revealed the need for novel fuzzing techniques that address firmware, hardware, and software vulnerabilities, as well as Denial of Service attacks in IoT systems. By exploring recent trends and identifying gaps and challenges, this research aims to advance IoT security, highlighting the need for improved fuzzing techniques and presenting future research directions to strengthen IoT cybersecurity.
Article
Full-text available
Attacks are actions that attempt to break one of the following properties of the computer system: confidentiality, integrity, and availability. The immense increment in the amount of internet applications and the appearance of modern networks has created the need for improved security mechanisms. Internet of Things (IoT) is a system that uses the Internet to facilitate communication between sensors and devices. Several approaches have been used to build attacks detection system in the past. This study built two ensemble models for the classification of attacks using Random Forest and Adaboost algorithms respectively. Feature importance was used for selecting promising attributes from the IoT intrusion dataset. Thereafter, the results of the classification models were evaluated and compared. The models were evaluated based on when feature selection technique was applied and without respectively. For Random Forest-based classification model with feature selection, 99.0% ,0.95,0.88,0.82, were obtained for accuracy, recall, f1-score, and precision respectively while without feature selection 69.0%,0.86,0.76,0.64 were obtained respectively. For Adaboost-based classification model with feature selection 99.0%.0.69,0.61,0.66 were obtained for accuracy, recall, f1-score and precision respectively. Without feature selection the Adaboost model recorded 58.0%,0.58,0.48,0.50 respectively. The results showed that both models achieved high rates with feature selection technique used, with Random Forest performing slightly better, both learning models showed promised performances in classifying attacks in IoT environments. This study concluded that the use of the chosen feature selection method helped improve the performances of the two ensembles in the classification of attacks in the IoT dataset.
Article
Full-text available
This research introduces a comprehensive collaborative intrusion detection system (CIDS) framework aimed at bolstering the security of Internet of Things (IoT) environments by synergistically integrating lightweight architecture, trust management, and privacy-preserving mechanisms. The proposed hierarchical architecture spans edge, fog, and cloud layers, ensuring efficient and scalable collaborative intrusion detection. Trustworthiness is established through the incorporation of distributed ledger technology (DLT), leveraging blockchain frameworks to enhance the reliability and transparency of communication among IoT devices. Furthermore, the research adopts federated learning (FL) techniques to address privacy concerns, allowing devices to collaboratively learn from decentralized data sources while preserving individual data privacy. Validation of the proposed approach is conducted using the CICIoT2023 dataset, demonstrating its effectiveness in enhancing the security posture of IoT ecosystems. This research contributes to the advancement of secure and resilient IoT infrastructures, addressing the imperative need for lightweight, trust-managing, and privacy-preserving solutions in the face of evolving cybersecurity challenges. According to our experiments, the proposed model achieved an average accuracy of 97.65%, precision of 97.65%, recall of 100%, and F1-score of 98.81% when detecting various attacks on IoT systems with heterogeneous devices and networks. The system is a lightweight system when compared with traditional intrusion detection that uses centralized learning in terms of network latency and memory consumption. The proposed system shows trust and can keep private data in an IoT environment.
Conference Paper
Full-text available
Gradient Boosting Decision Tree (GBDT) is a popular machine learning algorithm , and has quite a few effective implementations such as XGBoost and pGBRT. Although many engineering optimizations have been adopted in these implementations , the efficiency and scalability are still unsatisfactory when the feature dimension is high and data size is large. A major reason is that for each feature, they need to scan all the data instances to estimate the information gain of all possible split points, which is very time consuming. To tackle this problem, we propose two novel techniques: Gradient-based One-Side Sampling (GOSS) and Exclusive Feature Bundling (EFB). With GOSS, we exclude a significant proportion of data instances with small gradients, and only use the rest to estimate the information gain. We prove that, since the data instances with larger gradients play a more important role in the computation of information gain, GOSS can obtain quite accurate estimation of the information gain with a much smaller data size. With EFB, we bundle mutually exclusive features (i.e., they rarely take nonzero values simultaneously), to reduce the number of features. We prove that finding the optimal bundling of exclusive features is NP-hard, but a greedy algorithm can achieve quite good approximation ratio (and thus can effectively reduce the number of features without hurting the accuracy of split point determination by much). We call our new GBDT implementation with GOSS and EFB LightGBM. Our experiments on multiple public datasets show that, LightGBM speeds up the training process of conventional GBDT by up to over 20 times while achieving almost the same accuracy.
Article
Full-text available
With the deployment of billions of Internet of Things (IoT) devices, more and more cyber attacks involving or even targeting such devices are rife. Cyberattack vectors are in constant evolvement in terms of diversity and complexity. Thus, to detect novel cyberattacks, we use anomaly-based techniques which model the expected behavior of the IoT device to identify occurrences of attacks. In this paper, we propose a new distributed and lightweight intrusion detection system (IDS). To provide efficient and accurate intrusion detection, the proposed IDS combines variational AutoEncoder and multilayer perceptron. The IDS operates within a two-layered fog architecture, an anomaly detector within fog node, and attack identification module within the cloud. The proposed approach is evaluated on two recent cyber attack datasets. The experimental results showed that the proposed system is able to characterize accurately the normal behavior within fog nodes, and detect different attack types such as DDoS attacks with high detection rate (99.98%) and low false alarms rate (less than 0.01%). The proposed system outperforms other existing techniques in terms of detection and false positive rates.
Article
Full-text available
By expanding the Internet in human society, data protection is more needed, because data are vital for some individuals, companies or governments. New technologies, such as big data, the internet of things (IoT), and the 5G technology, not only increase the importance of data but also show how important it is to protect them. Therefore, network intrusion detection systems are acceptable performance in this volume of data. In this paper, a hybrid model of deep learning and shallow learning is introduced to detect the intrusions in the IoT devices. The proposed model, first using spider monkey optimization feature selection algorithm seeks to select most important features, then a Siamese neural network-based model is proposed to make data more classifiable. To evaluate the performance of the proposed model, the model is tested on NSL-KDD dataset. The accuracy of the proposed model is obtained 94.69% using random forest classifier. In addition, considering low computational burden of the proposed model makes it a proper choice for IoT devices which have low processing capability.
Article
Full-text available
Due to Internet of Things devices resource limitations, security often does not receive enough attention. Intrusion detection approaches are important for identifying attacks and taking appropriate countermeasures for each specific threat. This work presents a two-step approach for intrusion detection and identification. The first step performs a traffic analysis with an Extra Tree binary classifier. Events detected as intrusive are analyzed in the second stage by an ensemble approach consisting of Extra Tree, Random Forest, and Deep Neural Network. An extensive evaluation was performed with the Bot-IoT, IoTID20, NSL-KDD, and CICIDS2018 intrusion datasets. The experiments demonstrated that the proposed approach could achieve similar or superior performance to other machine learning techniques and state-of-the-art approaches in all databases, demonstrating the robustness of the proposed approach.
Article
Full-text available
Inspired by the massive surge of interest in the Internet of Things (IoT), this work focuses on the kinetics of its security. By automating everything, starting from baby monitors to life-saving medical devices, IoT brought convenience to people’s lives and rapidly became a trillion-dollar industry. However, the future of IoT will be decided on how its security and privacy concerns are dealt with. It is a fact that at present, the security of IoT is lacking in coherent and logical perspectives. For example, the researchers do not adequately accommodate the uncertainty and insider attacks while developing the IoT security procedures, even though most security concerns related to IoT arise from an insider and uncertain habitat. This paper provides a critical analysis of the most recent and relevant state-of-art methods of IoT security and identifies the parameters that are crucial for any security posture in IoT. Considering all the intricate details of IoT environments, this work proposes a Generic and Lightweight Security mechanism for detecting malicious behavior in the uncertain IoT using a Fuzzy Logic- and Fog-based approach (GLSF²IoT). It is developed on the principle of “zero trust,” i.e., trust nothing and treat everything as hostile. While Fuzzy Logic has been used to remove uncertainties, the Fog-IoT architecture makes GLSF²IoT inherently better than the cloud-IoT. Once the malicious activity is detected, GLSF²IoT automatically limits the network access against the IoT device that initiated this activity, preventing it from targeting other devices. We evaluated GLSF²IoT for blackhole, selective forward, collusion and DDoS attacks, i.e., attacks which can invalidate any IoT architecture. Besides yielding better accuracy results than the existing benchmarks, we found that GLSF²IoT puts extremely low pressure on the constrained nodes, is scalable, supports heterogeneity, and uncertainty of the IoT environments.
Article
Full-text available
Fog computing is a new computing paradigm in the era of the Internet of Things. Aiming at the problem that fog nodes are closer to user equipment, with heterogeneous nodes, limited storage capacity resources, and greater vulnerability to intrusion, a lightweight support vector machine intrusion detection model based on Cloud-Fog Collaboration(CFC-SVM) is proposed. Due to the high dimensionality of network data, first, Principal Component Analysis (PCA) is used to reduce the dimensionality of the data, eliminate the correlation between attributes and reduce the training time. Then, in the cloud server, a support vector machine (SVM) optimized by the particle swarm algorithm is used to complete the training of the dataset, obtain the optimal SVM intrusion-detection classifier, send it to the fog node, and carry out attack detection at the fog node. Experiments with the classic KDD CUP 99 dataset show that the model in this paper is better than other similar algorithms in regard to detection time, detection rate and accuracy, which can effectively solve the problem of intrusion detection in the fog environment.
Article
The Internet of Things (IoT) is emerging as a new technology for the development of various critical applications. However, these applications are still working on centralized storage architecture and have various key challenges like privacy, security, and single point of failure. Recently, the blockchain technology has emerged as a backbone for the IoT-based application development. The blockchain can be leveraged to solve privacy, security, and single point of failure (third-part dependency) issues of IoT applications. The integration of blockchain with IoT can benefit both individual and society. However, 2017 Distributed Denial of Service (DDoS) attack on mining pool exposed the critical fault-lines among blockchain-enabled IoT network. Moreover, this application generates huge amount of data. Machine Learning (ML) gives complete autonomy in big data analysis, capabilities of decision making and therefore is used as an analytical tool. Thus, in order to address above challenges, this paper proposes a novel distributed Intrusion Detection System (IDS) using fog computing to detect DDoS attacks against mining pool in blockchain-enabled IoT Network. The performance is evaluated by training Random Forest (RF) and an optimized gradient tree boosting system (XGBoost) on distributed fog nodes. The proposed model effectiveness is assessed using an actual IoT-based dataset i.e., BoT-IoT, which includes most recent attacks found in blockchain-enabled IoT network. The results indicate, for binary attack-detection XGBoost outperforms whereas for multi-attack detection Random Forest outperforms. Overall on distributed fog nodes RF takes less time for training and testing compared to XGBoost.