research-article

DEMISe: Interpretable Deep Extraction and Mutual Information Selection Techniques for IoT Intrusion Detection

Authors:

Luke R. Parker,

Taufiq A. Asyhari,

Lounis Chermak,

Kamal TahaAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 98, Pages 1 - 10

https://doi.org/10.1145/3339252.3340497

Published: 26 August 2019 Publication History

Abstract

Recent studies have proposed that traditional security technology -- involving pattern-matching algorithms that check predefined pattern sets of intrusion signatures -- should be replaced with sophisticated adaptive approaches that combine machine learning and behavioural analytics. However, machine learning is performance driven, and the high computational cost is incompatible with the limited computing power, memory capacity and energy resources of portable IoT-enabled devices. The convoluted nature of deep-structured machine learning means that such models also lack transparency and interpretability. The knowledge obtained by interpretable learners is critical in security software design. We therefore propose two novel models featuring a common Deep Extraction and Mutual Information Selection (DEMISe) element which extracts features using a deep-structured stacked autoencoder, prior to feature selection based on the amount of mutual information (MI) shared between each feature and the class label. An entropy-based tree wrapper is used to optimise the feature subsets identified by the DEMISe element, yielding the DEMISe with Tree Evaluation and Regression Detection (DETEReD) model. This affords 'white box' insight, and achieves a time to build of 603 seconds, a 99.07% detection rate, and 98.04% model accuracy. When tested against AWID, the best-referenced intrusion detection dataset, the new models achieved a test error comparable to or better than state-of-the-art machine-learning models, with a lower computational cost and higher levels of transparency and interpretability.

References

[1]

V Adat and BB Gupta (2018) Security in Internet of Things: issues, challenges, taxonomy, and architecture. Telecommunication Systems, 67(3), 423--441.

[2]

C Kolias, A Stavrou, J Voas, I Bojanova, and R Kuhn (2016b) Learning Internet-of-Things security "hands-on". IEEE Security & Privacy, 14(1), 37--46.

Digital Library

[3]

W Li, W Meng, and HS Horace (2017). Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model. Journal of Network and Computer Applications, 77(1), 135--45.

Digital Library

[4]

AL Buczak and E Guven (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153--76.

Digital Library

[5]

J Cong and B Xiao (2014) Minimizing computation in convolutional neural networks. International conference on artificial neural networks, 15, 281--290.

[6]

T Hamed, R Dara and SC Kremer (2018) Network intrusion detection system based on recursive feature addition and bigram technique. Computers and Security, 73. 137--155.

[7]

E Cho, J Kim and C Hong (2009) Attack model and detection scheme for botnet on 6LoWPAN, 12th Asia-Pacific Network Operations and Management Symposium. Jeju, South Korea, 515--518.

Digital Library

[8]

A Gupta, OJ Pandey, M Shukla, A Dadhich, S Mathur and A Ingle (2013) Computational intelligence based intrusion detection systems for wireless communication and pervasive computing networks, 2013 IEEE International Conference on Computational Intelligence and Computing Research. Tamilnadu, India, 26-28 December, 1--7.

[9]

NK Thanigaivelan, E Nigussie, RK Kanth, S Virtanen and J Isoaho (2016) Distributed internal anomaly detection system for Internet-of-Things, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC). Las Vegas, USA, 9-12 January, 319--320.

Digital Library

[10]

ME Aminanto, R Choi, HC Tanuwidjaja, PD Yoo and K Kim (2018) Deep abstraction and weighted feature selection for Wi-Fi impersonation detection, IEEE Transactions on Information Forensics and Security, 13(3), 621--636.

[11]

ME Aminanto and K Kim (2017) Detecting impersonation attack in WiFi networks using deep learning approach, Information Security Applications 17th International Workshop. Jeju Island, South Korea, 25-27 August 2016, 136--147.

[12]

C Kolias, G Kambourakis, A Stavrou and S Gritzalis (2016a) Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset, IEEE Communication Surveys and Tutorials, 18(1), 184--208.

Digital Library

[13]

A Gharib, I Sharafaldin, AH Lashkari and AA Ghorbani (2017) An evaluation framework for intrusion detection dataset, ICISS 2016, 2016 International Conference on Information Science and Security, Jaipur, India, 16-20 December, 1--5.

[14]

I Witten, E Frank, M Hall and C Pal, 2017 Data mining: practical machine learning tools and techniques (4th ed). Morgan Kaufmann, Cambridge, USA.

Digital Library

[15]

Stanford University (2018) UFLDL tutorial: autoencoders http://ufldl.stanford.edu/tutorial/unsupervised/Autoencoders/

[16]

Z Wang (2015) The applications of deep learning on traffic identification, Black Hat, Las Vegas, USA, 5-6 August.

[17]

G Kesavaraj and S Sukumaran (2013) A study on classification techniques in data mining. 2013 Fourth International Conference on Computing, Communications and Networking Technologies, Tiruchengode, India, 4-6 July, 1--7.

[18]

JR Vergara and PA Estévez (2014) A review of feature selection methods based on mutual information. Neural Computing and Applications, 24(1), 175--186.

[19]

OY Al-Jarrah, O. Y., Alhussein, O., Yoo, P.D., Muhaidat, S., Taha, K. and Kim, K. (2016) Data randomization and cluster-based partitioning for botnet intrusion detection'. IEEE Transactions on Cybernetics, 46(8), pp. 1796--1806.

[20]

A Shabtai, U Kanonov, Y Elovici, C Glezer and Y Weiss (2012) "Andromaly": a behavioral malware detection framework for android devices'. Journal of Intelligent Information Systems, 38(1), 161--190.

Digital Library

[21]

USKPM Thanthrige, J Samarabandu and X Wang (2016) Machine learning techniques for intrusion detection on public dataset. 2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE). Vancouver, Canada, 15-18 May, 1--4.

[22]

CE Shannon (1948) A mathematical theory of communication. The Bell System Technical Journal, 27, 379--426

[23]

TM Cover and JA Thomas (2006) Elements of information theory (2nd ed). John Wiley and Sons: Hoboken, USA.

Digital Library

[24]

S Le Cessie and JC Van Houwelingen (1992) Ridge estimators in logistic regression. Applied Statistics, 41(1), 191--201.

[25]

Intel Corporation (2018) Intel® QuarkTM microcontrollers. https://www.intel.com/content/www/us/en/embedded/products/quark/overview.html

[26]

G Egnal (1999) Image registration using mutual information. Technical Report, University of Pennsylvania.

[27]

L Birge and Y Rozenholc (2002) How many bins should be put in a regular histogram. Technical Report, Universite Paris VI, UMR CNRS 7599, Universite du Maine.

[28]

PL Davies, U Gather, D Nordman and H Weinert (1997) Constructing a regular histogram - a comparison of methods. Technical Report, Technical University Eindhoven.

[29]

PA Legg, PL Rosin, D Marshall and JE Morgan (2013) Improving accuracy and efficiency of mutual information for multi-modal retinal image registration using adaptive probability density estimation. Computerized Medical Imaging and Graphics, 37(7-8), 597--606.

[30]

J Dougherty, R Kohavi and M Sahami (1995) Supervised and unsupervised discretization of continuous features. ICML 1995-12th International Conference on Machine Learning. Tahoe City, California, USA, 9-12 July 1995. Morgan Kaufmann: San Francisco, CA, 194--202.

Digital Library

[31]

I Witten, E Frank, M Hall, and C Pal (2017) Data mining: practical machine learning tools and techniques (4th ed). Morgan Kaufmann: Cambridge, USA.

Digital Library

Cited By

Jain AKumari PGupta R(2024)Intrusion Detection and Analysis in IoT Devices Using Machine Learning ModelsChallenges in Large Language Model Development and AI Ethics10.4018/979-8-3693-3860-5.ch012(384-409)Online publication date: 30-Aug-2024
https://doi.org/10.4018/979-8-3693-3860-5.ch012
Tseng CTsaur WShen Y(2024)Classification Tendency Difference Index Model for Feature Selection and Extraction in Wireless Intrusion DetectionFuture Internet10.3390/fi1601002516:1(25)Online publication date: 12-Jan-2024
https://doi.org/10.3390/fi16010025
MT SAminanto AAminanto M(2024)Empowering Digital Resilience: Machine Learning-Based Policing Models for Cyber-Attack Detection in Wi-Fi NetworksElectronics10.3390/electronics1313258313:13(2583)Online publication date: 30-Jun-2024
https://doi.org/10.3390/electronics13132583
Show More Cited By

Recommendations

Visualization and deep-learning-based malware variant detection using OpCode-level features
Abstract
Malicious software (malware) is a major threat to the systems and networks’ security. Although anti-malware products are used to protect systems and networks against malware attacks, obfuscated malware that is capable of evading ...
Highlights
- Detecting newly obfuscated malware remained a major challenge.
- Semisupervised ...
DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

The vulnerability of Internet of Things (IoT) devices to malware attacks poses huge challenges to current Internet security. The IoT malware attacks are usually composed of three stages: intrusion, infection and monetization. Existing approaches for IoT ...
A survey on run-time packers and mitigation techniques
Abstract
The battle between malware analysts and malware authors is a never-ending challenge with the advent of complex malware such as polymorphic, metamorphic, and packed malware. A malware packer uses various techniques combined with file encryption to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
286
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jain AKumari PGupta R(2024)Intrusion Detection and Analysis in IoT Devices Using Machine Learning ModelsChallenges in Large Language Model Development and AI Ethics10.4018/979-8-3693-3860-5.ch012(384-409)Online publication date: 30-Aug-2024
https://doi.org/10.4018/979-8-3693-3860-5.ch012
Tseng CTsaur WShen Y(2024)Classification Tendency Difference Index Model for Feature Selection and Extraction in Wireless Intrusion DetectionFuture Internet10.3390/fi1601002516:1(25)Online publication date: 12-Jan-2024
https://doi.org/10.3390/fi16010025
MT SAminanto AAminanto M(2024)Empowering Digital Resilience: Machine Learning-Based Policing Models for Cyber-Attack Detection in Wi-Fi NetworksElectronics10.3390/electronics1313258313:13(2583)Online publication date: 30-Jun-2024
https://doi.org/10.3390/electronics13132583
S MM CChannaraju AR NN NC K(2024)Intrusion Detection System to detect impersonation attacks in IoT networks2024 International Conference on Intelligent and Innovative Technologies in Computing, Electrical and Electronics (IITCEE)10.1109/IITCEE59897.2024.10467569(1-6)Online publication date: 24-Jan-2024
https://doi.org/10.1109/IITCEE59897.2024.10467569
Hussain MKhalid NAmjad AShoaib M(2024)Cyber Attack Identification System Using Deep Learning2024 5th International Conference on Advancements in Computational Sciences (ICACS)10.1109/ICACS60934.2024.10473266(1-13)Online publication date: 19-Feb-2024
https://doi.org/10.1109/ICACS60934.2024.10473266
Kök İOkay FMuyanlı ÖÖzdemir S(2023)Explainable Artificial Intelligence (XAI) for Internet of Things: A SurveyIEEE Internet of Things Journal10.1109/JIOT.2023.328767810:16(14764-14779)Online publication date: 15-Aug-2023
https://doi.org/10.1109/JIOT.2023.3287678
Checker SYadav MKatarya R(2023)A Survey on Intrusion Detection System for IoT Networks Based on Artificial Intelligence2023 International Conference on Electrical, Electronics, Communication and Computers (ELEXCOM)10.1109/ELEXCOM58812.2023.10370067(1-6)Online publication date: 26-Aug-2023
https://doi.org/10.1109/ELEXCOM58812.2023.10370067
Tseng CChang Y(2023)EBDM: Ensemble binary detection models for multi-class wireless intrusion detection based on deep neural networkComputers & Security10.1016/j.cose.2023.103419133(103419)Online publication date: Oct-2023
https://doi.org/10.1016/j.cose.2023.103419
Zhu YWang MYin XZhang JMeijering EHu J(2022)Deep Learning in Diverse Intelligent Sensor Based SystemsSensors10.3390/s2301006223:1(62)Online publication date: 21-Dec-2022
https://doi.org/10.3390/s23010062
Asaduzzaman MRahman M(2022)An Adversarial Approach for Intrusion Detection Using Hybrid Deep Learning Model2022 International Conference on Information Technology Research and Innovation (ICITRI)10.1109/ICITRI56423.2022.9970221(18-23)Online publication date: 10-Nov-2022
https://doi.org/10.1109/ICITRI56423.2022.9970221
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents