Empowering Reinforcement Learning on Big Sensed Data for Intrusion Detection

Wireless sensor and actuator networks are widely adopted in various applications such as critical infrastructure monitoring where sensory data in big volumes and velocity are prone to security vulnerabilities for the network and the monitored infrastructure. Despite the vulnerabilities of the big data phenomenon, intelligent data analytics technique can enable the analysis of huge amount of data and identification of intrusive behavior in real time. The main performance targets for any Intrusion Detection System (IDS) involve accuracy, detection, precision, F<sub>1</sub> score and Receiver Operating Characteristics. Pursuant to these, this paper proposes a big data-driven IDS approach in Wireless Sensor Networks by harnessing reinforcement learning techniques on a hybrid IDS framework. We study the performance of RL-IDS and compare it to the previously proposed Adaptive Machine Learning-based IDS (AML-IDS) namely the Adaptively Supervised and Clustered Hybrid IDS (ASCH-IDS). The experimental results show that RL-IDS can achieve  100% success in detection, accuracy and precision-recall rates whereas its predecessor ASCH-IDS performs with an accuracy level that is slightly above 99%.

[1]  Marius Kloft,et al.  Active learning for network intrusion detection , 2009, AISec '09.

[2]  Daniel Kudenko,et al.  Multi-agent Reinforcement Learning for Intrusion Detection , 2007, Adaptive Agents and Multi-Agents Systems.

[3]  Alexander Zelinsky,et al.  Q-Learning in Continuous State and Action Spaces , 1999, Australian Joint Conference on Artificial Intelligence.

[4]  Marius Kloft,et al.  Automatic feature selection for anomaly detection , 2008, AISec '08.

[5]  Jeremy Straub,et al.  Testing automation for an intrusion detection system , 2017, 2017 IEEE AUTOTESTCON.

[6]  Pedro Ferreira,et al.  An MDP Model-Based Reinforcement Learning Approach for Production Station Ramp-Up Optimization: Q-Learning Analysis , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[7]  Sharief M. A. Oteafy A Framework for Heterogeneous Sensing in Big Sensed Data , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[8]  Ali Ridho Barakbah,et al.  Reinforced Intrusion Detection Using Pursuit Reinforcement Competitive Learning , 2014 .

[9]  Vandana Pursnani Janeja,et al.  B-dids: Mining anomalies in a Big-distributed Intrusion Detection System , 2014, 2014 IEEE International Conference on Big Data (Big Data).

[10]  David M. Nicol,et al.  Knowledge Discovery from Big Data for Intrusion Detection Using LDA , 2014, 2014 IEEE International Congress on Big Data.

[11]  Bilal Maqbool Beigh,et al.  Performance evaluation of different intrusion detection system: An empirical approach , 2014, 2014 International Conference on Computer Communication and Informatics.

[12]  Salvatore J. Stolfo,et al.  Adaptive Model Generation: An Architecture for Deployment of Data Mining-Based Intrusion Detection Systems , 2002 .

[13]  Abbas Khosravi,et al.  Q-learning method for controlling traffic signal phase time in a single intersection , 2013, 16th International IEEE Conference on Intelligent Transportation Systems (ITSC 2013).

[14]  Naixue Xiong,et al.  An Efficient Intrusion Detection Approach for Visual Sensor Networks Based on Traffic Pattern Learning , 2017, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[15]  K. Jayshree,et al.  Intrusion Detection Using Data Mining Approach , 2014 .

[16]  Xin Du,et al.  Algorithm Trading using Q-Learning and Recurrent Reinforcement Learning , 2022 .

[17]  Burak Kantarci,et al.  Detection of Known and Unknown Intrusive Sensor Behavior in Critical Applications , 2017, IEEE Sensors Letters.

[18]  Ridha Bouallegue,et al.  An optimized weight-based clustering algorithm in wireless sensor networks , 2016, 2016 International Wireless Communications and Mobile Computing Conference (IWCMC).

[19]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[20]  Ahmad Hatam,et al.  Improving the performance of Q-learning using simultanouse Q-values updating , 2014, 2014 International Congress on Technology, Communication and Knowledge (ICTCK).

[21]  Cannady,et al.  Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks , 2000 .

[22]  Wei Zhang,et al.  A Trust Based Framework for Secure Data Aggregation in Wireless Sensor Networks , 2006, 2006 3rd Annual IEEE Communications Society on Sensor and Ad Hoc Communications and Networks.

[23]  H. T. Mouftah,et al.  Adaptively Supervised and Intrusion-Aware Data Aggregation for Wireless Sensor Clusters in Critical Infrastructures , 2018, 2018 IEEE International Conference on Communications (ICC).

[24]  Hossam S. Hassanein,et al.  Big Sensed Data Challenges in the Internet of Things , 2017, 2017 13th International Conference on Distributed Computing in Sensor Systems (DCOSS).

[25]  Mahesh Chandra Govil,et al.  A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection , 2016, 2016 International Conference on Advances in Computing, Communication, & Automation (ICACCA) (Spring).

[26]  Peter Dayan,et al.  Q-learning , 1992, Machine Learning.

[27]  Chunhua Su,et al.  Enhancing Trust Management for Wireless Intrusion Detection via Traffic Sampling in the Era of Big Data , 2018, IEEE Access.

[28]  Arturo Servin,et al.  Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow , 2007 .

[29]  H. T. Mouftah,et al.  Mitigating False Negative intruder decisions in WSN-based Smart Grid monitoring , 2017, 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC).

[30]  Xin Xu,et al.  A Reinforcement Learning Approach for Host-Based Intrusion Detection Using Sequences of System Calls , 2005, ICIC.

[31]  Hesham N. Elmahdy,et al.  A New Approach for Evaluating Intrusion Detection System , 2010 .