ArticlePDF Available

Abstract

Currently, the Internet of Things is spreading in all areas that apply computing resources. An important ally of the IoT is fog computing. It extends cloud computing and services to the edge of the network. Smart environments are becoming real and possible through IoT and fog computing. However, they are not free from security threats and vulnerabilities. This makes special security techniques indispensable. Security is one of the biggest challenges to ensuring an optimal IoT and Fog environment. Combined with the significant damage generated by application attacks, this fact creates the need to focus efforts in this area. This need can be proven through existing reviews of the state-of-the-art that pointed out several open aspects that need greater research effort. In this way, this article presents a Systematic Literature Review (SLR) considering the context of intrusion detection and prevention in environments based on fog computing and IoT. This review addresses more than 100 studies that were included after going through an extensive inclusion/exclusion process, with well-defined criteria. From these studies, information was extracted to build a view of the current state-of-the-art and answer the research questions of this study. In this way, we identify the state-of-the-art, open questions and possibilities for future research.
Get rights and content
1.
2.
3.
4.
5.
Computer Networks
Available online 8 July 2022, 109154
In Press, Journal Pre-proof
Review article
Intrusion detection and prevention in fog based
IoT environments: A systematic literature
review
Cristiano Antonio de Souza , Carlos Becker Westphall , Renato Bobsin Machado , Leandro Lo ,
Carla Merkle Westphall , Guilherme Arthur Geronimo
Show more
https://doi.org/10.1016/j.comnet.2022.109154
Abstract
Currently, the Internet of Things is spreading in all areas that apply computing
resources. An important ally of the IoT is fog computing. It extends cloud
computing and services to the edge of the network. Smart environments are
becoming real and possible through IoT and fog computing. However, they are not
free from security threats and vulnerabilities. This makes special security
techniques indispensable. Security is one of the biggest challenges to ensuring an
optimal IoT and Fog environment. Combined with the significant damage
generated by application attacks, this fact creates the need to focus eorts in this
area. This need can be proven through existing reviews of the state-of-the-art that
pointed out several open aspects that need greater research eort. In this way, this
article presents a Systematic Literature Review (SLR) considering the context of
intrusion detection and prevention in environments based on fog computing and
IoT. This review addresses more than 100 studies that were included after going
through an extensive inclusion/exclusion process, with well-defined criteria. From
these studies, information was extracted to build a view of the current state-of-the-
art and answer the research questions of this study. In this way, we identify the
state-of-the-art, open questions and possibilities for future research.
Introduction
The Internet of Things (IoT) is spreading in all areas. The number of devices
connected to the Internet continues to grow. Cisco predicts that the number of
interconnected devices on the planet could reach 500 billion by 2025#[1]. Its small
and inexpensive devices make it possible for objects used in daily life to be
connected to the Internet. The idea is to unite the physical and digital worlds by
communicating objects with other devices, data centers, and clouds.
IoT devices have limited resources. Thus, there is a need to transfer, through the
Internet, the data generated by these devices, to process and store them in a
computational center of greater capacity. Cloud Computing#[2] has the latency
problem caused by the distance between IoT devices and data centers#[3]. Fog
Computing, however, provides services closer to the end devices#[4]. This way, it
stores and processes information close to IoT devices, reducing the trac sent to
the cloud#[5]. Also, it allows applications that require real-time processing to obtain
a faster response.
Motivations. Smart environments are becoming real through IoT and fog
computing, but they are not free from security threats and vulnerabilities.
Techniques for exploiting computer infrastructure vulnerabilities are continually
being improved. Among the main objectives is the acquisition of access to the
systems, the obtaining and improper use of confidential information, and causing
unavailability of resources. For example, a recent incident involving IoT devices in
October 2016, where a botnet Mirai attack on service provider Dyn brought down
hundreds of sites, including Twitter, Netflix, Reddit and GitHub, for several
hours#[6], [7]. Security in these environments is critical as IoT devices are often
embedded in people’s daily lives and deal with sensitive information. In addition,
some systems perform monitoring and perform critical actions, which need to have
uninterrupted operation. IoT and fog computing solutions are made up of various
technologies, services, and standards, each with its own security and privacy
requirements#[8]. The IoT paradigm presents several security vulnerabilities that
communication networks, cloud services, and the Internet have#[8]. However,
traditional security tools have diculties being applied directly in this context due
to three fundamental aspects: the limited computing power of the IoT components,
the high number of interconnected devices, and the sharing of data between objects
and users#[9]. Furthermore, the rapid expansion of IoT solutions has left these
networks vulnerable to security and privacy risks. The authors Kolias et#al.#[10]
discovered several security vulnerabilities by creating IoT use cases using popular
commercial products and services. Among the main attacks present in IoT is Denial
of Service (DoS), Distributed DoS (DDoS), Man-In-The-Middle (MITM), routing
attacks, and conventional attacks#[10]. Security threats related to conventional
technologies that are part of the IoT environment can also apply to IoT systems, for
example, unsecured connections, malicious code injection, probing, intercepting,
fabrication, and modification of messages#[11].
The significant damage generated by attacks in this environment creates the need to
concentrate eorts in this area#[12]. Special security techniques are indispensable in
modern computer systems. Intrusion detection is one of the critical points of
security, aiming to identify occurrences of attacks. Fog computing consists of a layer
that has a greater computational capacity compared to IoT devices and therefore
can work with more complex detection models, such as Machine Learning, Deep
Learning and Ensemble Learning. However, this environment also has
particularities and restrictions. In addition, training complex detection approaches
is costly and can overwhelm the fog. Furthermore, due to the distributed nature of
fog computing it becomes an ideal environment for employing distributed and
collaborative approaches. Finally, fog computing is situated in a strategic position
for both detection and execution of post detection actions to protect the IoT
environment. Thus, we carried out this review work to obtain an overview of the
current state-of-the-art and provide research directions for detecting and
preventing intrusions in fog computing and IoT. This study is a Systematic
Literature Review (SLR), which has a well-defined research strategy that allows the
reproduction or replication of the work and assessment of the integrity of the
same#[13]. Hajiheidari et#al.#[14] and Kaur et#al.#[15] presented SLRs, in dierent
contexts, very well documented, which inspired several methodological decisions
regarding the SLR of our work. However, despite the great reviews that exist, there
are still important points that need to be addressed. The existing revisions in the
state-of-the-art left several general aspects open, as discussed in Section#2. These
aspects need to be deeply studied through further reviews to understand the state-
of-the-art, the problems and present future research directions. As presented in
Section#2, there is no SLR considering the topics covered in this work in the context
of fog computing and IoT.
This article presents a survey conducted in the form of a systematic review of the
literature on research eorts to detect and prevent intrusions in fog computing and
IoT. This review has more than 100 studies, which were included in this review after
going through an extensive inclusion/exclusion process, with well-defined criteria,
applied to more than ten thousand articles searched in seven reputable databases of
scientific articles. Further details of the search and selection process performed are
presented in Section#3. From the articles included, a lot of information was
extracted to answer the research questions in this study.
With the discussion and analysis performed, we build a vision of state-of-the-art in
detection and prevention of intrusion in fog computing and IoT. In addition, we
identified the main problems encountered, open questions, challenges, and
possibilities for future research.
Contributions. The contributions obtained in this work are presented below:
we describe the main machine learning techniques applied in fog computing
intrusion detection;
we clearly describe the dierent collaboration strategies employed in distributed
intrusion detection approaches;
we describe existing strategies to mitigate attacks in fog computing and IoT
environments;
we present an updated set of datasets that, together with the information
extracted, can be an important contribution to future researchers in the
decision-making process of their projects.
analysis of the weaknesses and diculties found in state-of-the-art and survey
the main open questions and directions for future research.
The rest of this article is organized as follows. Section#2 presents the review works
present in the research area. Section#3 presents the systematic mapping protocol,
information about planning and execution. In Section#4, the current state-of-the-art
in intrusion detection and prevention in fog computing and IoT environments is
discussed. In addition, research questions are answered. In Section#5, we discuss the
problems found in state-of-the-art, open questions, and possibilities for future
research. Finally, Section#6 concludes the article.
Section snippets
Related works
In this section, we summarize the existing SLR and research on the topic studied
and highlight their contributions, diculties and dierences in relation to our SLR.
Before carrying out a systematic review procedure, it is necessary to ensure that it is
necessary, that is, to verify that there is no similar and high-quality study in the
literature. However, in Kitchenham et#al.#[16], there is no defined procedure for
implementing the survey to identify the need to conduct a systematic review
Methodology of the systematic literature review
As can be seen in Section#2, there is a need for a systematic review procedure on fog
and IoT based intrusion detection and prevention approaches. The process of
conducting systematic mapping is divided into three stages: planning and
construction of the protocol, execution, and summary of the review results. These
steps were carried out using the techniques demonstrated in#[13], [14], [15], [31], [32],
[33]. The Section#3.1 presents the protocol of the search and selection process of
articles.
Intrusion detection and prevention in fog computing and IoT
The basic feature of IoT is the pervasive presence of a wide variety of intelligent
objects in people’s daily lives, such as sensors, actuators, mobile phones, among
others#[35], [36]. The significant heterogeneity, the high number of devices, and the
rapid production of the technologies involved in IoT networks can leave them
vulnerable to security and privacy risks. These vulnerabilities are used by malicious
entities to cause damage#[10].
Intrusion Detection Systems (IDS) are an essential
Issues, challenges and future research directions
This section presents a full discussion of the current state of the art in intrusion
detection and prevention in fog computing and IoT, the open questions, and the
possibilities for future research.
Table#20 presents a comparison between the various works included in the
mapping, considering several characteristics. Regarding the column Detection
Method Category (DMC), the works can be classified into anomaly, specification and
signature. Detection Type (DT) indicates whether the job performs M
Conclusions
IoT is spreading in all areas due to its ability to make objects smart. In this way, they
can monitor and act on the environment in which they operate. IoT devices have
limited resources and need to send information to places with more computing
resources. Fog computing then emerged as an excellent processing solution close to
devices. IoT and fog are not free from security threats and vulnerabilities. Adding to
the significant damage generated by attacks in this environment, this fact creates
CRediT authorship contribution statement
Cristiano Antonio de Souza: Conceptualization, Methodology, Writing – original
draft. Leandro Lo: Data curation, Writing – original draft.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or
personal relationships that could have appeared to influence the work reported in
this paper.
Acknowledgment
The authors sincerely thank the Federal University of Santa Catarina (UFSC). Also,
this study was partially funded by the Fundação de Amparo à Pesquisa e Inovação do
Estado de Santa Catarina (FAPESC) and by the Coordenação de Aperfeiçoamento de
Pessoal de Nível Superior - Brasil (CAPES) - Financial Code 001.
Cristiano Antonio de Souza is a PhD student in Computer Science at the Federal
University of Santa Catarina (UFSC). He holds a degree in Computer Science from
the State University of Western Paraná (2015). Master in Electrical Engineering and
Computer Science from the State University of Western Paraná (2018). Participates
in research groups: Research Group on Information Security, Networks and Systems
(CNPq-UFSC); and Computational Security Research Group (CNPq-UNIOESTE).
His research
References (239)
ReyV. et al.
Federated learning for malware detection in IoT devices
Comput. Netw. (2022)
RazaqueA. et al.
Energy-ecient and secure mobile fog-based cloud for the Internet of Things
Future Gener. Comput. Syst. (2022)
RahmanM.A. et al.
Scalable machine learning-based intrusion detection system for IoT-enabled smart
cities
Sustainable Cities Soc. (2020)
KavianiS. et al.
Application of complex systems topologies in artificial neural networks optimization:
An overview
Expert Syst. Appl. (2021)
DevV.A. et al.
Gradient boosted decision trees for lithology classification
KumarP. et al.
An ensemble learning and fog-cloud architecture-driven cyber-attack detection
framework for IoMT networks
Comput. Commun. (2021)
RokachL.
Decision forest: Twenty years of research
Inf. Fusion (2016)
de#SouzaC.A. et al.
Hybrid approach to intrusion detection in fog-based IoT environments
Comput. Netw. (2020)
AlmianiM. et al.
Deep recurrent neural network for IoT intrusion detection system
Simul. Model. Pract. Theory (2020)
de SouzaC.A. et al.
Two-step ensemble approach for intrusion detection and identification in IoT and fog
computing environments
Comput. Electr. Eng. (2022)
View more references
Cited by (0)
Recommended articles (6)
Research article
PDAE: Ecient network intrusion detection in IoT using parallel deep auto-
encoders
Information Sciences, Volume 598, 2022, pp. 57-74
Show abstract
Research article
Graph based ensemble classification for crime report prediction
Applied Soft Computing, Volume 125, 2022, Article 109215
Show abstract
Research article
Hybrid approach to intrusion detection in fog-based IoT environments
Computer Networks, Volume 180, 2020, Article 107417
Show abstract
Research article
Interest Broadcasting and Timing Attack in IoV (IBTA-IoV): A novel architecture
using Named Software Defined Network
Computer Networks, Volume 213, 2022, Article 109121
Show abstract
Research article
Adversarial machine learning for network intrusion detection: A comparative study
Computer Networks, Volume 214, 2022, Article 109073
Show abstract
Research article
Comparative eectiveness and acceptability of dierent ACT delivery formats to
treat depression: A systematic review and network meta-analysis of randomized
controlled trials
Journal of Aective Disorders, Volume 313, 2022, pp. 196-203
Show abstract
Cristiano Antonio de Souza is a PhD student in Computer Science at the Federal University of Santa Catarina
(UFSC). He holds a degree in Computer Science from the State University of Western Paraná (2015). Master in
Electrical Engineering and Computer Science from the State University of Western Paraná (2018). Participates in
research groups: Research Group on Information Security, Networks and Systems (CNPq-UFSC); and
Computational Security Research Group (CNPq-UNIOESTE). His research interests focus on network security,
intrusion detection and artificial intelligence.
Carlos Becker Westphall is Full Professor (since 1993) at the Federal University of Santa Catarina - Brazil, where he
acts as the leader of the Network and Management Laboratory and also coordinates some projects funded by the
Brazilian National Research Council (CNPq). Obtained a degree in Electrical Engineering in 1985 and a M.Sc.
degree in Computer Science in 1988, both at the Federal University of Rio Grande do Sul, Brazil. Obtained a D.Sc.
degree in Computer Science (Network Management) at the University of Toulouse (Université Toulouse III - Paul
Sabatier), France, in 1991. Editorial board member of periodicals and technical program and/or organizing
committee member of conferences. He was the founder of LANOMS. He has contributed to Elsevier as editorial
board member of the Computer Networks Journal; to Springer as board of editors and senior technical editor of
the Journal of Network and Systems Management. He acted as a local group coordinator in the European
MAX/ESPRIT II project which involved the Alcatel- TITN, British Telecom, HP, CSELT, SIRTI and NKT Companies.
Best paper of CLEI 2011. Awarded International Academy, Research, and Industry Association Fellow (award
plaque), in 2011. Paper at IEEE ComSoc Technology News, in 2012. Achievement award - tutorial at WorldComp
2013. Awarded - best paper of ICN 2013. IEEE Communications Society 20 years member (Certificate of
Appreciation), in 2014.
Renato Bobsin Machado graduated in Computer Science from the State University of Western Paraná (1998),
master’s degree in Computer Science from the Federal University of Santa Catarina (2005) and a PhD in Sciences
from the State University of Campinas (2013). He is currently a professor and researcher at the State University of
Western Paraná, working in the Graduate Program in Electrical and Computer Engineering (PGEEC). Conducts
research in the areas of computer security, intrusion detection, cryptographic methods, distributed systems and
data communication. He coordinates the Laboratory for Research in Computational Security (LaPSeC) and
participates in research groups: Research Group on Information Security, Networks and Systems (CNPq-UFSC);
and Computational Security Research Group (CNPq-UNIOESTE).
Leandro Lo is a PhD student in Computer Science at the Federal University of Santa Catarina (UFSC), Trindade
campus. He received the B.Sc. degree in Computer Science from the Federal Institute Catarinense (IFC) Rio do Sul
campus in 2017 and the M.Sc. degree in Computer Science from the Federal University of Santa Catarina (UFSC)
Trindade campus in 2019, and also a postgraduate degree in Computer Forensics by IPOG - Florianópolis in 2020.
He is currently student of the Post-Graduate Program in Computer Science at the PhD level, and an active
researcher at the Network and Management Laboratory.
Carla Merkle Westphall is Associate Professor (since 2007) in the Department of Informatics and Statistics at the
Federal University of Santa Catarina, Brazil. She acts as a security researcher of the Network and Management
Laboratory. She is advisor of Ph.D. and Master students in the Graduate Program in Computer Science at Federal
University of Santa Catarina. Carla received a Doctor degree in the subject of Information Security in 2000. She
obtained a bachelor’s degree in 1994 and a M.Sc. degree in 1996, both in Computer Science at the Federal
University of Santa Catarina. She is a committee member of security conferences and journals. Her research
interests include distributed systems security, computer networks, internet of things, identity management,
blockchain and new generation networks.
Guilherme Arthur Geronimo graduated in 2006, Master in 2012 and Doctor in 2016 in Computer Science from
the Federal University of Santa Catarina. He is currently a Federal Public Employee, in the position of IT Analyst,
under the role of Datacenter Coordinator, located at the Superintendence of Electronic Governance and
Information and Communication Technology (SeTIC) of the Federal University of Santa Catarina (UFSC) and in
parallel researcher-collaborator in the Network and Management Laboratory (LRG), in the Informatics and
Statistics Department (INE).
This document is the results of the research project funded by the Fundação de Amparo à Pesquisa e Inovação do
Estado de Santa Catarina (FAPESC) and by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior -
Brasil (CAPES).
View full text
© 2022 Elsevier B.V. All rights reserved.
About ScienceDirect Remote access Shopping cart Advertise Contact and support Terms and conditions Privacy policy
We use cookies to help provide and enhance our service and tailor content and ads. By continuing you agree to the use of cookies.
Copyright © 2022 Elsevier B.V. or its licensors or contributors. ScienceDirect® is a registered trademark of Elsevier B.V.
Journals & Books
Corporate sign in
Article preview
Abstract
Introduction
Section snippets
References (239)
Recommended articles (6)
a a b a
a a
Share
Cite
View$PDF
Purchase PDF
Search ScienceDirect
Access through$Federal University of San…
... According to [36], CISCO predicts that the number of interconnected objects could reach 500 billion by 2025. ...
... The effectiveness of these systems is measured by the speed with which threats are detected and the speed with which they are isolated [36]. An other important parameter is the false positive. ...
Preprint
Full-text available
Nowadays, network security has become a very important aspect due to the increasing number of connected things and the multiple threats that become more and more intelligent. Mobile Ad hoc networks (MANET), known to be non-infrastructure and self-configured peer networks, are subject to multiple types of attacks. For this reason, it is essential to implement an Intrusion Detection System that realizes fast attack detection to alert users by any malicious activity taking place on the network. Black hole is one of the most serious threats in MANETs, witch is the origin of Denial of service attack. This type of threats has been widely studied and many solutions were proposed. Unfortunately these solutions has become inefficient against the new generation of black holes, known also as smart black holes, witch can deceive most of these solutions. To overcome smart black holes, we proposed an Intrusion Detection System based on the early detecting and isolating malicious nodes by exploiting local information shared by neighbors and using universal sink detection method in graph theory. We proved that smart black holes can defeat the sequence number threshold-based detection strategy by using leastsquare method. Simulations in NS2, showed the efficiency of the proposed approach, which can quickly detect and isolate smart black holes, improve the Packet delivery ratio (PDR) and throughput by an average of 97% and 90%, respectively, thus preserving the network performances.
... 10. NF-UQ-NIDS dataset with feature selection technique followed by 2D-ACNNTable:11. ...
Preprint
Full-text available
In current era, a tremendous volume of data has been generated by the use of web technologies. The association between different devices and services have also been explored to wisely and widely use recent technologies. Due to the restriction in the available resources, the chance of security violation is increasing highly on the constrained devices. IoT backend with the multi-cloud infrastructure to extend the public services in terms of better scalability and reliability. Several users might access the multi-cloud resources that lead to data threats while handling user requests for IoT services. It poses a new challenge in proposing new functional elements and security schemes. In this paper, an intelligent Intrusion Detection Framework (IDF) is introduced to detect network and application-based attacks. The proposed framework has three phases: data pre-processing, feature selection and classification. Initially, the collected datasets are pre-processed using Integer- Grading Normalization (I-GN) technique that ensures a fair-scaled data transformation process. Secondly, Opposition-based Learning- Rat Inspired Optimizer (OBL-RIO) is designed for the feature selection phase. The progressive nature of rats chooses the significant features. The fittest value ensures the stability of the features from OBL-RIO. Finally, a 2D-Array-based Convolutional Neural Network (2D-ACNN) is proposed as the binary class classifier. The input features are preserved in a 2D-array model to perform on the convoluted set of layers. It detects the normal (or) abnormal traffic. The proposed framework is trained and tested on the Netflow-based datasets. The proposed framework yields 95.20% accuracy, 2.5% false positive rate and 97.24% detection rate.
... The limitation of this approach is the use of NSL-KDD which is not an IoT dataset. According to [13], many research studies are interested in intrusion detection systems for Fog-based IoT applications, however, these approaches detect only intrusions in Fog nodes. In [14], the authors proposed an IDS based on Ensemble learning for Fogto-things environments. ...
... The large spectrum of machine learning and deep learning methods used in EC application cases is also covered in the second section. Similarly, in article [9], a study of research attempts to identify and prevent intrusions in fog computing and IoT is presented as a systematic assessment of the literature. ...
Article
The number of people using the Internet of Things (IoT) devices has exploded in recent years. The instantaneous development in deploying constrained devices in numerous areas makes them vulnerable to assaults due to limited resources. Advanced cryptography cannot be constructed in these modest battery-powered devices. However, due to the unique properties of the constrained devices, current solutions are insufficient to protect the complete safety scope of IoT networks. An anomaly-based Intrusion Detection System (IDS) is used to identify and categorize assaults. Machine Learning (ML) and Deep Learning (DL) techniques, skilled in embedding intellect in IoT devices and networks, can address various security issues. In this article, we have proposed a deep neural network-based intrusion detection system to identify malicious packets in real-time. We have used newly developed benchmark Netflow-based datasets to train the model. We have proposed a packet capturing and detecting algorithm for real-time attack detection. We also demonstrate the accuracy of our suggested model.
Article
Full-text available
With the deployment of billions of Internet of Things (IoT) devices, more and more cyber attacks involving or even targeting such devices are rife. Cyberattack vectors are in constant evolvement in terms of diversity and complexity. Thus, to detect novel cyberattacks, we use anomaly-based techniques which model the expected behavior of the IoT device to identify occurrences of attacks. In this paper, we propose a new distributed and lightweight intrusion detection system (IDS). To provide efficient and accurate intrusion detection, the proposed IDS combines variational AutoEncoder and multilayer perceptron. The IDS operates within a two-layered fog architecture, an anomaly detector within fog node, and attack identification module within the cloud. The proposed approach is evaluated on two recent cyber attack datasets. The experimental results showed that the proposed system is able to characterize accurately the normal behavior within fog nodes, and detect different attack types such as DDoS attacks with high detection rate (99.98%) and low false alarms rate (less than 0.01%). The proposed system outperforms other existing techniques in terms of detection and false positive rates.
Article
Full-text available
By expanding the Internet in human society, data protection is more needed, because data are vital for some individuals, companies or governments. New technologies, such as big data, the internet of things (IoT), and the 5G technology, not only increase the importance of data but also show how important it is to protect them. Therefore, network intrusion detection systems are acceptable performance in this volume of data. In this paper, a hybrid model of deep learning and shallow learning is introduced to detect the intrusions in the IoT devices. The proposed model, first using spider monkey optimization feature selection algorithm seeks to select most important features, then a Siamese neural network-based model is proposed to make data more classifiable. To evaluate the performance of the proposed model, the model is tested on NSL-KDD dataset. The accuracy of the proposed model is obtained 94.69% using random forest classifier. In addition, considering low computational burden of the proposed model makes it a proper choice for IoT devices which have low processing capability.
Article
Full-text available
Due to Internet of Things devices resource limitations, security often does not receive enough attention. Intrusion detection approaches are important for identifying attacks and taking appropriate countermeasures for each specific threat. This work presents a two-step approach for intrusion detection and identification. The first step performs a traffic analysis with an Extra Tree binary classifier. Events detected as intrusive are analyzed in the second stage by an ensemble approach consisting of Extra Tree, Random Forest, and Deep Neural Network. An extensive evaluation was performed with the Bot-IoT, IoTID20, NSL-KDD, and CICIDS2018 intrusion datasets. The experiments demonstrated that the proposed approach could achieve similar or superior performance to other machine learning techniques and state-of-the-art approaches in all databases, demonstrating the robustness of the proposed approach.
Article
Full-text available
Inspired by the massive surge of interest in the Internet of Things (IoT), this work focuses on the kinetics of its security. By automating everything, starting from baby monitors to life-saving medical devices, IoT brought convenience to people’s lives and rapidly became a trillion-dollar industry. However, the future of IoT will be decided on how its security and privacy concerns are dealt with. It is a fact that at present, the security of IoT is lacking in coherent and logical perspectives. For example, the researchers do not adequately accommodate the uncertainty and insider attacks while developing the IoT security procedures, even though most security concerns related to IoT arise from an insider and uncertain habitat. This paper provides a critical analysis of the most recent and relevant state-of-art methods of IoT security and identifies the parameters that are crucial for any security posture in IoT. Considering all the intricate details of IoT environments, this work proposes a Generic and Lightweight Security mechanism for detecting malicious behavior in the uncertain IoT using a Fuzzy Logic- and Fog-based approach (GLSF²IoT). It is developed on the principle of “zero trust,” i.e., trust nothing and treat everything as hostile. While Fuzzy Logic has been used to remove uncertainties, the Fog-IoT architecture makes GLSF²IoT inherently better than the cloud-IoT. Once the malicious activity is detected, GLSF²IoT automatically limits the network access against the IoT device that initiated this activity, preventing it from targeting other devices. We evaluated GLSF²IoT for blackhole, selective forward, collusion and DDoS attacks, i.e., attacks which can invalidate any IoT architecture. Besides yielding better accuracy results than the existing benchmarks, we found that GLSF²IoT puts extremely low pressure on the constrained nodes, is scalable, supports heterogeneity, and uncertainty of the IoT environments.
Article
Full-text available
Billions of IoT devices lacking proper security mechanisms have been manufactured and deployed for the last years, and more will come with the development of Beyond 5G technologies. Their vulnerability to malware has motivated the need for efficient techniques to detect infected IoT devices inside networks. With data privacy and integrity becoming a major concern in recent years, increasing with the arrival of 5G and Beyond networks, new technologies such as federated learning and blockchain emerged. They allow training machine learning models with decentralized data while preserving its privacy by design. This work investigates the possibilities enabled by federated learning concerning IoT malware detection and studies security issues inherent to this new learning paradigm. In this context, a framework that uses federated learning to detect malware affecting IoT devices is presented. N-BaIoT, a dataset modeling network traffic of several real IoT devices while affected by malware, has been used to evaluate the proposed framework. Both supervised and unsupervised federated models (multi-layer perceptron and autoencoder) able to detect malware affecting seen and unseen IoT devices of N-BaIoT have been trained and evaluated. Furthermore, their performance has been compared to two traditional approaches. The first one lets each participant locally train a model using only its own data, while the second consists of making the participants share their data with a central entity in charge of training a global model. This comparison has shown that the use of more diverse and large data, as done in the federated and centralized methods, has a considerable positive impact on the model performance. Besides, the federated models, while preserving the participant’s privacy, show similar results as the centralized ones. As an additional contribution and to measure the robustness of the federated approach, an adversarial setup with several malicious participants poisoning the federated model has been considered. The baseline model aggregation averaging step used in most federated learning algorithms appears highly vulnerable to different attacks, even with a single adversary. The performance of other model aggregation functions acting as countermeasures is thus evaluated under the same attack scenarios. These functions provide a significant improvement against malicious participants, but more efforts are still needed to make federated approaches robust.
Article
Full-text available
Identification of anomaly and malicious traffic in the Internet of things (IoT) network is essential for IoT security. Tracking and blocking unwanted traffic flows in the IoT network is required to design a framework for the identification of attacks more accurately, quickly, and with less complexity. Many machine learning (ML) algorithms proved their efficiency to detect intrusion in IoT networks. But this ML algorithm suffers many misclassification problems due to inappropriate and irrelevant feature size. In this paper, an in-depth study is presented to address such issues. We have presented lightweight low-cost feature selection IoT intrusion detection techniques with low complexity and high accuracy due to their low computational time. A novel feature selection technique was proposed with the integration of rank-based chi-square, Pearson correlation, and score correlation to extract relevant features out of all available features from the dataset. Then, feature entropy estimation was applied to validate the relationship among all extracted features to identify malicious traffic in IoT networks. Finally, an extreme gradient ensemble boosting approach was used to classify the features in relevant attack types. The simulation is performed on three datasets, i.e., NSL-KDD, USNW-NB15, and CCIDS2017, and results are presented on different test sets. It was observed that on the NSL-KDD dataset, accuracy was approx. 97.48%. Similarly, the accuracy of USNW-NB15 and CCIDS2017 was approx. 99.96% and 99.93%, respectively. Along with that, state-of-the-art comparison is also presented with existing techniques.
Article
The Internet of Things (IoT) is emerging as a new technology for the development of various critical applications. However, these applications are still working on centralized storage architecture and have various key challenges like privacy, security, and single point of failure. Recently, the blockchain technology has emerged as a backbone for the IoT-based application development. The blockchain can be leveraged to solve privacy, security, and single point of failure (third-part dependency) issues of IoT applications. The integration of blockchain with IoT can benefit both individual and society. However, 2017 Distributed Denial of Service (DDoS) attack on mining pool exposed the critical fault-lines among blockchain-enabled IoT network. Moreover, this application generates huge amount of data. Machine Learning (ML) gives complete autonomy in big data analysis, capabilities of decision making and therefore is used as an analytical tool. Thus, in order to address above challenges, this paper proposes a novel distributed Intrusion Detection System (IDS) using fog computing to detect DDoS attacks against mining pool in blockchain-enabled IoT Network. The performance is evaluated by training Random Forest (RF) and an optimized gradient tree boosting system (XGBoost) on distributed fog nodes. The proposed model effectiveness is assessed using an actual IoT-based dataset i.e., BoT-IoT, which includes most recent attacks found in blockchain-enabled IoT network. The results indicate, for binary attack-detection XGBoost outperforms whereas for multi-attack detection Random Forest outperforms. Overall on distributed fog nodes RF takes less time for training and testing compared to XGBoost.