Detecting Internet of Things attacks using distributed deep learning

Abstract The reliability of Internet of Things (IoT) connected devices is heavily dependent on the security model employed to protect user data and prevent devices from engaging in malicious activity. Existing approaches for detecting phishing, distributed denial of service (DDoS), and Botnet attacks often focus on either the device or the back-end. In this paper, we propose a cloud-based distributed deep learning framework for phishing and Botnet attack detection and mitigation. The model comprises two key security mechanisms working cooperatively, namely: (1) a Distributed Convolutional Neural Network (DCNN) model embedded as an IoT device micro-security add-on for detecting phishing and application layer DDoS attacks; and (2) a cloud-based temporal Long-Short Term Memory (LSTM) network model hosted on the back-end for detecting Botnet attacks, and ingest CNN embeddings to detect distributed phishing attacks across multiple IoT devices. The distributed CNN model, embedded into a ML engine in the client's IoT device, allows us to detect and defend the IoT device from phishing attacks at the point of origin. We create a dataset consisting of both phishing and non-phishing URLs to train the proposed CNN add-on security model, and select the N_BaIoT dataset for training the back-end LSTM model. The joint training method minimizes communication and resource requirements for attack detection, and maximizes the usefulness of extracted features. In addition, an aggregation of schemes allows the automatic fusion of multiple requests to improve the overall performance of the system. Our experiments show that the IoT micro-security add-on running the proposed CNN model is capable of detecting phishing attacks with an accuracy of 94.3% and a F-1 score of 93.58%. Using the back-end LSTM model, the model detects Botnet attacks with an accuracy of 94.80% using all malicious data points in the used dataset. Thus, the findings demonstrate that the proposed approach is capable of detecting attacks, both at device and at the back-end level, in a distributed fashion.

[1]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[2]  Dawn Xiaodong Song,et al.  Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.

[3]  C. Purdy,et al.  Reducing calculation requirements in FPGA implementation of deep learning algorithms for online anomaly intrusion detection , 2017, 2017 IEEE National Aerospace and Electronics Conference (NAECON).

[4]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[5]  Andrei Petrovski,et al.  Botnet Detection in the Internet of Things using Deep Learning Approaches , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[6]  Kim-Kwang Raymond Choo,et al.  Outlier Dirichlet Mixture Mechanism: Adversarial Statistical Learning for Anomaly Detection in the Fog , 2019, IEEE Transactions on Information Forensics and Security.

[7]  Angelo Spognardi,et al.  DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation , 2018, Secur. Commun. Networks.

[8]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[9]  Wei Ye,et al.  Anomaly-Based Web Attack Detection: A Deep Learning Approach , 2017, ICNCC.

[10]  Ankit Kumar Jain,et al.  A novel approach to protect against phishing attacks at client side using auto-updated white-list , 2016, EURASIP Journal on Information Security.

[11]  Sanmeet Kaur,et al.  Issues and challenges in DNS based botnet detection: A survey , 2019, Comput. Secur..

[12]  Syed Taqi Ali,et al.  ScienceDirect Eleventh International Multi-Conference on Information Processing-2015 ( IMCIP-2015 ) PhishShield : A Desktop Application to Detect Phishing Webpages through Heuristic Approach , 2015 .

[13]  Jason I. Hong,et al.  A hybrid phish detection approach by identity discovery and keywords retrieval , 2009, WWW '09.

[14]  K. V. N. Sunitha,et al.  Effective discriminant function for intrusion detection using SVM , 2016, 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[15]  Witold Pedrycz,et al.  Network traffic fusion and analysis against DDoS flooding attacks with a novel reversible sketch , 2019, Inf. Fusion.

[16]  Mohammad Teshnehlab,et al.  An anomaly detection method to detect web attacks using Stacked Auto-Encoder , 2018, 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS).

[17]  Ítalo S. Cunha,et al.  The Evolution of Bashlite and Mirai IoT Botnets , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[18]  A. Karegowda,et al.  COMPARATIVE STUDY OF ATTRIBUTE SELECTION USING GAIN RATIO AND CORRELATION BASED FEATURE SELECTION , 2010 .

[19]  V. Sheng,et al.  An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment , 2018 .

[20]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[21]  Firdous Kausar,et al.  Hybrid Client Side Phishing Websites Detection Approach , 2014 .

[22]  Radu State,et al.  PhishStorm: Detecting Phishing With Streaming Analytics , 2014, IEEE Transactions on Network and Service Management.

[23]  Pradeep K. Atrey,et al.  A phish detector using lightweight search features , 2016, Comput. Secur..

[24]  Michal Choras,et al.  Modelling HTTP Requests with Regular Expressions for Detection of Cyber Attacks Targeted at Web Applications , 2014, SOCO-CISIS-ICEUTE.

[25]  Ramana Rao Kompella,et al.  PhishNet: Predictive Blacklisting to Detect Phishing Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[26]  Sathish A.P. Kumar,et al.  Phishing – challenges and solutions , 2018 .

[27]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[28]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[29]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[30]  Ilango Krishnamurthi,et al.  An efficacious method for detecting phishing webpages through target domain identification , 2014, Decis. Support Syst..

[31]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[32]  P. Santhi Thilagam,et al.  DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications , 2019, IEEE Communications Surveys & Tutorials.

[33]  Kim-Kwang Raymond Choo,et al.  HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets , 2019, IEEE Transactions on Information Forensics and Security.

[34]  Sudarshan S. Chawathe,et al.  Monitoring IoT Networks for Botnet Activity , 2018, 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA).

[35]  Naveen K. Chilamkurti,et al.  Distributed attack detection scheme using deep learning approach for Internet of Things , 2017, Future Gener. Comput. Syst..

[36]  Samuel Marchal,et al.  Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets , 2015, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[37]  Kim-Kwang Raymond Choo,et al.  Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns , 2019, Digit. Investig..

[38]  Samuel Marchal,et al.  Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application , 2017, IEEE Transactions on Computers.

[39]  Ali Selamat,et al.  Systematic literature review and taxonomy for DDoS attack detection and prediction , 2019, International Journal of Digital Enterprise Technology.

[40]  Scott Dick,et al.  An Anti-Phishing System Employing Diffused Information , 2014, TSEC.

[41]  Michal Choras,et al.  Machine learning techniques applied to detect cyber attacks on web applications , 2015, Log. J. IGPL.

[42]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[43]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[44]  Lawrence K. Saul,et al.  Identifying suspicious URLs: an application of large-scale online learning , 2009, ICML '09.

[45]  Zhenkai Liang,et al.  Phishing-Alarm: Robust and Efficient Phishing Detection via Page Component Similarity , 2017, IEEE Access.

[46]  Bartley D. Richardson,et al.  Sequence Aggregation Rules for Anomaly Detection in Computer Network Traffic , 2018, ArXiv.

[47]  Fadi A. Thabtah,et al.  Phishing detection: A recent intelligent machine learning comparison based on models content and features , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[48]  Xiaotie Deng,et al.  Detecting Phishing Web Pages with Visual Similarity Assessment Based on Earth Mover's Distance (EMD) , 2006, IEEE Transactions on Dependable and Secure Computing.

[49]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[50]  Michal Choras,et al.  Extreme Learning Machines for Web Layer Anomaly Detection , 2016, IP&C.