Hybrid Learning Approach of Combining Cluster-Based Partitioning and Hidden Markov Model for IoT Intrusion Detection

Internet of Things (IoT) is a global network that connects various types of objects "things" via internet. It becomes a core technology for various applications and more and more embedded within our daily lives and businesses. As the technology grows and evolves a number of issues will arise and be focused on in IoT, Security is one of the central issues in IoT in the last decade. However, most of today's IoT intrusion detection systems suffer from high false alarms rate with moderate accuracy and detection rates when it's not able to detect all types of IoT intrusions correctly. To overcome this problem, hybrid techniques are used. In this paper, hybrid learning approach combining partitioning clustering techniques with Hidden Markov Model (HMM) is proposed. Experimental results show that the proposed approach using K-Medoids has improved the detection rate as well as decreased the false positive rate.

[1]  Amutha Prabakar Muniyandi,et al.  Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm , 2012 .

[2]  Sulaiman Alhaidari,et al.  Detecting Distributed Denial of Service Attacks Using Hidden Markov Models , 2018 .

[3]  Bo Hu,et al.  A Vision of IoT: Applications, Challenges, and Opportunities With China Perspective , 2014, IEEE Internet of Things Journal.

[4]  L. Baum,et al.  Statistical Inference for Probabilistic Functions of Finite State Markov Chains , 1966 .

[5]  Zoubin Ghahramani,et al.  An Introduction to Hidden Markov Models and Bayesian Networks , 2001, Int. J. Pattern Recognit. Artif. Intell..

[6]  Tsutomu Matsumoto,et al.  IoTPOT: A Novel Honeypot for Revealing Current IoT Threats , 2016, J. Inf. Process..

[7]  Yang Wang,et al.  Attribute Clustering for Grouping, Selection, and Classification of Gene Expression Data , 2005, IEEE ACM Trans. Comput. Biol. Bioinform..

[8]  Huang Chuanhe,et al.  Anomaly Based Intrusion Detection Using Hybrid Learning Approach of Combining k-Medoids Clustering and Naïve Bayes Classification , 2012, 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing.

[9]  Corrales David Camilo,et al.  Sequential classifiers for network intrusion detection based on data selection process , 2016 .

[10]  A.K.C. Wong,et al.  Attribute clustering for grouping, selection, and classification of gene expression data , 2005, IEEE/ACM Transactions on Computational Biology and Bioinformatics.

[11]  SulaimanAlhaidari SulaimanAlhaidari Feature Pruning Method for Hidden Markov Models-based anomaly detection: A Comparison of Performance , 2018 .

[12]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[13]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[14]  Gary B. Wills,et al.  Unsupervised Clustering Approach for Network Anomaly Detection , 2012, NDT.

[15]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[16]  Tohari Ahmad,et al.  A Study on Intrusion Detection Using Centroid-Based Classification , 2017 .