An Ensemble of Deep Recurrent Neural Networks for Detecting IoT Cyber Attacks Using Network Traffic

Internet-of-Things (IoT) devices and systems will be increasingly targeted by cybercriminals (including nation state-sponsored or affiliated threat actors) as they become an integral part of our connected society and ecosystem. However, the challenges in securing these devices and systems are compounded by the scale and diversity of deployment, the fast-paced cyber threat landscape, and many other factors. Thus, in this article, we design an approach using advanced deep learning to detect cyber attacks against IoT systems. Specifically, our approach integrates a set of long short-term memory (LSTM) modules into an ensemble of detectors. These modules are then merged using a decision tree to arrive at an aggregated output at the final stage. We evaluate the effectiveness of our approach using a real-world data set of Modbus network traffic and obtain an accuracy rate of over 99% in the detection of cyber attacks against IoT devices.

[1]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[2]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[3]  Li Yang,et al.  Design and Realization of Modbus Protocol Based on Embedded Linux System , 2008, 2008 International Conference on Embedded Software and Systems Symposia.

[4]  Henry Leung,et al.  A Deep and Scalable Unsupervised Machine Learning System for Cyber-Attack Detection in Large-Scale Smart Grids , 2019, IEEE Access.

[5]  Srinivas Sampalli,et al.  A Survey of Security in SCADA Networks: Current Issues and Future Challenges , 2019, IEEE Access.

[6]  Kim-Kwang Raymond Choo,et al.  An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things , 2019, IEEE Internet of Things Journal.

[7]  S. Sitharama Iyengar,et al.  A Survey on Malware Detection Using Data Mining Techniques , 2017, ACM Comput. Surv..

[8]  Pete Burnap,et al.  A Supervised Intrusion Detection System for Smart Home IoT Devices , 2019, IEEE Internet of Things Journal.

[9]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[10]  Ali Dehghantanha,et al.  Fuzzy pattern tree for edge malware detection and categorization in IoT , 2019, J. Syst. Archit..

[11]  Ali Dehghantanha,et al.  A survey on internet of things security: Requirements, challenges, and solutions , 2019, Internet Things.

[12]  R. Kennedy,et al.  Defense Advanced Research Projects Agency (DARPA). Change 1 , 1996 .

[13]  Reza M. Parizi,et al.  AI4SAFE-IoT: an AI-powered secure architecture for edge layer of Internet of things , 2020, Neural Computing and Applications.

[14]  Shadi Aljawarneh,et al.  Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[15]  Kwangjo Kim,et al.  Deep Abstraction and Weighted Feature Selection for Wi-Fi Impersonation Detection , 2018, IEEE Transactions on Information Forensics and Security.

[16]  Paulo Simões,et al.  Denial of Service Attacks: Detecting the Frailties of Machine Learning Algorithms in the Classification Process , 2018, CRITIS.

[17]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[18]  Naveen K. Chilamkurti,et al.  Leveraging LSTM Networks for Attack Detection in Fog-to-Things Communications , 2018, IEEE Communications Magazine.

[19]  Jon Crowcroft,et al.  Privacy-Preserving Machine Learning Based Data Analytics on Edge Devices , 2018, AIES.

[20]  Yoshua Bengio,et al.  Learning long-term dependencies with gradient descent is difficult , 1994, IEEE Trans. Neural Networks.

[21]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[22]  Wiem Tounsi,et al.  A survey on technical threat intelligence in the age of sophisticated cyber attacks , 2018, Comput. Secur..

[23]  Benjamin Schrauwen,et al.  Training and analyzing deep recurrent neural networks , 2013, NIPS 2013.

[24]  Hadis Karimipour,et al.  An improved two-hidden-layer extreme learning machine for malware hunting , 2020, Comput. Secur..

[25]  Ernest Foo,et al.  Framework for SCADA cyber-attack dataset creation , 2017, ACSW.

[26]  Hans D. Schotten,et al.  Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus/TCP Data Set , 2018, ARES.

[27]  Deokho Kim,et al.  A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things , 2014, Sensors.

[28]  João Paulo Papa,et al.  Internet of Things: A survey on machine learning-based intrusion detection approaches , 2019, Comput. Networks.

[29]  Qusay H. Mahmoud,et al.  A hybrid model for anomaly-based intrusion detection in SCADA networks , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[30]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[31]  Alina A. von Davier,et al.  Cross-Validation , 2014 .

[32]  Ali A. Ghorbani,et al.  Application of deep learning to cybersecurity: A survey , 2019, Neurocomputing.

[33]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[34]  Jesus Mena Machine Learning Forensics for Law Enforcement, Security, and Intelligence , 2011 .

[35]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.