Automated Machine Learning Enabled Cybersecurity Threat Detection in Internet of Things Environment

Recently, Internet of Things (IoT) devices produces massive quantity of data from distinct sources that get transmitted over public networks. Cybersecurity becomes a challenging issue in the IoT environment where the existence of cyber threats needs to be resolved. The development of automated tools for cyber threat detection and classification using machine learning (ML) and artificial intelligence (AI) tools become essential to accomplish security in the IoT environment. It is needed to minimize security issues related to IoT gadgets effectively. Therefore, this article introduces a new Mayfly optimization (MFO) with regularized extreme learning machine (RELM) model, named MFO-RELM for Cybersecurity Threat Detection and classification in IoT environment. The presented MFO-RELM technique accomplishes the effectual identification of cybersecurity threats that exist in the IoT environment. For accomplishing this, the MFO-RELM model pre-processes the actual IoT data into a meaningful format. In addition, the RELM model receives the pre-processed data and carries out the classification process. In order to boost the performance of the RELM model, the MFO algorithm has been employed to it. The performance validation of the MFO-RELM model is tested using standard datasets and the results highlighted the better outcomes of the MFO-RELM model under distinct aspects.     

基于DHT的物联网分布式发现系统

物联网中海量设备的频繁接入、退出以及动态的网络变化为节点管理带来了压力,结构化的P2P网络可以有效缓解这种压力,但是大多数物联网P2P网络只能利用节点ID进行简单搜索。本文对分布式哈希表（DHT）进行改进,实现利用节点的多个属性和属性的范围进行搜索和管理。基于改进后的DHT,实现了一种新的物联网资源发现系统,它可以将物联网内的各类资源组织在一起,形成一个分布式、松耦合的物联网架构。实验结果表明该搜索系统可以在物联网中实现高效的资源发现。     

IoT Wireless Intrusion Detection and Network Traffic Analysis

Enhancement in wireless networks had given users the ability to use the Internet without a physical connection to the router. Almost every Internet of Things (IoT) devices such as smartphones, drones, and cameras use wireless technology (Infrared, Bluetooth, IrDA, IEEE 802.11, etc.) to establish multiple inter-device connections simultaneously. With the flexibility of the wireless network, one can set up numerous ad-hoc networks on-demand, connecting hundreds to thousands of users, increasing productivity and profitability significantly. However, the number of network attacks in wireless networks that exploit such flexibilities in setting and tearing down networks has become very alarming. Perpetrators can launch attacks since there is no first line of defense in an ad hoc network setup besides the standard IEEE802.11 WPA2 authentication. One feasible countermeasure is to deploy intrusion detection systems at the edge of these ad hoc networks (Network-based IDS) or at the node level (Host-based IDS). The challenge here is that there is no readily available benchmark data available for IoT network traffic. Creating this benchmark data is very tedious as IoT can work on multiple platforms and networks, and crafting and labelling such dataset is very labor-intensive. This research aims to study the characteristics of existing datasets available such as KDD-Cup and NSL-KDD, and their suitability for wireless IDS implementation. We hypothesize that network features are parametrically different depending on the types of network and assigning weight dynamically to these features can potentially improve the subsequent threat classifications. This paper analyses packet and flow features for the data packet captured on a wireless network rather than a wired network. Combining domain heuristcs and early classification results, the paper had identified 19 header fields exclusive to wireless network that contain high information gain to be used as ML features in Wireless IDS.     

物联网语义关联和决策方法的研究

物联网系统包含大量的感知设备,产生大量孤立和异构的感知数据,形成数据孤岛.如何将不同感知设备产生的数据进行有效的语义关联、构建跨域的数据关联模型、屏蔽数据异构性、实现综合智能决策是物联网研究的关键问题.本文以物联网系统为研究对象,从语义入手,构建以环境—资源—行为为核心的物联网本体模型;基于关联数据方法构建以行为关联模型和资源关联模型为核心的物联网语义关联网络;提出一种基于事件的推理算法实现语义推理,从而更好地实现对物联网系统的智能决策;最后,通过两个智能家居系统的实例验证了本文方法的可行性,通过构建不同方法的查询实例验证了本文方法的优越性.     

LASSI: a lightweight authenticated key agreement protocol for fog-enabled IoT deployment

International Journal of Information Security - Due to the massive increase in the Internet of Things (IoT) devices in various applications requiring an IoT–cloud environment, the network...     

Hierarchical Data Aggregation with Data Offloading Scheme for Fog Enabled IoT Environment

Fog computing is a promising technology that has been emerged to handle the growth of smart devices as well as the popularity of latency-sensitive and location-awareness Internet of Things (IoT) services. After the emergence of IoT-based services, the industry of internet-based devices has grown. The number of these devices has raised from millions to billions, and it is expected to increase further in the near future. Thus, additional challenges will be added to the traditional centralized cloud-based architecture as it will not be able to handle that growth and to support all connected devices in real-time without affecting the user experience. Conventional data aggregation models for Fog enabled IoT environments possess high computational complexity and communication cost. Therefore, in order to resolve the issues and improve the lifetime of the network, this study develops an effective hierarchical data aggregation with chaotic barnacles mating optimizer (HDAG-CBMO) technique. The HDAG-CBMO technique derives a fitness function from many relational matrices, like residual energy, average distance to neighbors, and centroid degree of target area. Besides, a chaotic theory based population initialization technique is derived for the optimal initial position of barnacles. Moreover, a learning based data offloading method has been developed for reducing the response time to IoT user requests. A wide range of simulation analyses demonstrated that the HDAG-CBMO technique has resulted in balanced energy utilization and prolonged lifetime of the Fog assisted IoT networks.     

Deep learning models for cloud,edge, fog,and IoT computing paradigms: Survey,recent advances,and future directions

In recent times, the machine learning (ML) community has recognized the deep learning (DL) computing model as the Gold Standard. DL has gradually become the most widely used computational approach in the field of machine learning, achieving remarkable results in various complex cognitive tasks that are comparable to, or even surpassing human performance. One of the key benefits of DL is its ability to learn from vast amounts of data. In recent years, the DL field has witnessed rapid expansion and has found successful applications in various conventional areas. Significantly, DL has outperformed established ML techniques in multiple domains, such as cloud computing, robotics, cybersecurity, and several others. Nowadays, cloud computing has become crucial owing to the constant growth of the IoT network. It remains the finest approach for putting sophisticated computational applications into use, stressing the huge data processing. Nevertheless, the cloud falls short because of the crucial limitations of cutting-edge IoT applications that produce enormous amounts of data and necessitate a quick reaction time with increased privacy. The latest trend is to adopt a decentralized distributed architecture and transfer processing and storage resources to the network edge. This eliminates the bottleneck of cloud computing as it places data processing and analytics closer to the consumer. Machine learning (ML) is being increasingly utilized at the network edge to strengthen computer programs, specifically by reducing latency and energy consumption while enhancing resource management and security. To achieve optimal outcomes in terms of efficiency, space, reliability, and safety with minimal power usage, intensive research is needed to develop and apply machine learning algorithms. This comprehensive examination of prevalent computing paradigms underscores recent advancements resulting from the integration of machine learning and emerging computing models, while also addressing the underlying open research issues along with potential future directions. Because it is thought to open up new opportunities for both interdisciplinary research and commercial applications, we present a thorough assessment of the most recent works involving the convergence of deep learning with various computing paradigms, including cloud, fog, edge, and IoT, in this contribution. We also draw attention to the main issues and possible future lines of research. We hope this survey will spur additional study and contributions in this exciting area.     

Phishing Websites Detection by Using Optimized Stacking Ensemble Model

Phishing attacks are security attacks that do not affect only individuals’ or organizations’ websites but may affect Internet of Things (IoT) devices and networks. IoT environment is an exposed environment for such attacks. Attackers may use thingbots software for the dispersal of hidden junk emails that are not noticed by users. Machine and deep learning and other methods were used to design detection methods for these attacks. However, there is still a need to enhance detection accuracy. Optimization of an ensemble classification method for phishing website (PW) detection is proposed in this study. A Genetic Algorithm (GA) was used for the proposed method optimization by tuning several ensemble Machine Learning (ML) methods parameters, including Random Forest (RF), AdaBoost (AB), XGBoost (XGB), Bagging (BA), GradientBoost (GB), and LightGBM (LGBM). These were accomplished by ranking the optimized classifiers to pick out the best classifiers as a base for the proposed method. A PW dataset that is made up of 4898 PWs and 6157 legitimate websites (LWs) was used for this study's experiments. As a result, detection accuracy was enhanced and reached 97.16 percent.     

物联网服务发现初探:传统SOA的可行性和局限性

基于SOA(service-oriented architecture)的物联网(Internet of things,IoT)把设备的功能服务化,以一种统一和通用的接口向外界提供服务。由于物联网中设备的海量性、移动性和资源高度受限性,以及无线网络自身的不可靠性,设备服务与传统的Web服务相比具有不同的特点,现有的Web服务发现方法不能有效地满足物联网中服务发现的需求。从Web服务发现体系结构和匹配策略两个方面对典型的Web服务发现方法进行了分析;结合物联网中服务提供的特点,从可扩展性、资源有限性、异构性和环境的动态变化性四个方面,分析了将Web服务发现方法应用于物联网服务提供中所面临的问题,并讨论了可能的解决思路;探讨了物联网中服务发现需要解决的问题。     

Highly efficient key agreement for remote patient monitoring in MEC-enabled 5G networks

Remote patient monitoring is one of the cornerstones to enable Ambient Assisted Living. Here, a set of devices provide their corresponding input, which should be carefully aggregated and analysed to derive health-related conclusions. In the new Fifth-Generation (5G) networks, Internet of Things (IoT) devices communicate directly to the mobile network without any need of proxy devices. Moreover, 5G networks consist of Multi-access Edge Computing (MEC) nodes, which are taking the role of a mini-cloud, able to provide sufficient computation and storage capacity at the edge of the network. MEC IoT integration in 5G offers a lot of benefits such as high availability, high scalability, low backhaul bandwidth costs, low latency, local awareness and additional security and privacy. In this paper, we first detail the procedure on how to establish such remote monitoring in 5G networks. Next, we focus on the key agreement between IoT, MEC and registration center in order to guarantee mutual authentication, anonymity, and unlinkability properties. Taking into account the high heterogeneity of IoT devices that can contribute to an accurate image of the health status of a patient, it is of utmost importance to design a very lightweight scheme that allows even the smallest devices to participate. The proposed protocol is symmetric key based and thus highly efficient. Moreover, it is shown that the required security features are established and protection against the most of the well-known attacks is guaranteed.

     

物联网设备识别及异常检测研究综述

随着物联网技术的发展,物联网设备广泛应用于生产和生活的各个领域,但也为设备资产管理和安全管理带来了严峻的挑战.首先,由于物联网设备类型和接入方式的多样性,网络管理员通常难以得知网络中的物联网设备类型及运行状态.其次,物联网设备由于其计算、存储资源有限,难以部署传统防御措施,正逐渐成为网络攻击的焦点.因此,通过设备识别了解网络中的物联网设备并基于设备识别结果进行异常检测,以保证其正常运行尤为重要.近几年来,学术界围绕上述问题开展了大量的研究.系统地梳理物联网设备识别和异常检测方面的相关工作.在设备识别方面,根据是否向网络中发送数据包,现有研究可分为被动识别方法和主动识别方法.针对被动识别方法按照识别方法、识别粒度和应用场景进行进一步的调研,针对主动识别方法按照识别方法、识别粒度和探测粒度进行进一步的调研.在异常检测方面,按照基于机器学习算法的检测方法和基于行为规范的规则匹配方法进行梳理.在此基础上,总结物联网设备识别和异常检测领域的研究挑战并展望其未来发展方向.     

基于区块链的物联网可伸缩管理机制

为了解决大规模物联网（IoT）设备集中式管理的安全性和可伸缩性问题,提出一种基于区块链技术的轻量级物联网设备可伸缩管理框架。该框架采用区块链网络,在网络中部署智能合约为设备管理提供操作接口,利用设备管理器将轻量级物联网设备独立于区块链网络之外,并改进了区块链中拜占庭容错算法（PBFT）的一致性协议,增加了动态选举机制。仿真实验分别对改进共识算法的性能和机制的可伸缩性进行验证,结果表明,该机制具有良好的伸缩性,设备管理器每秒能响应约1 000次的请求。与传统PBFT算法相比,改进算法提高了交易吞吐量,缩短了交易延时,并减少了通信开销。     

Enhanced Gorilla Troops Optimizer with Deep Learning Enabled Cybersecurity Threat Detection

Recent developments in computer networks and Internet of Things (IoT) have enabled easy access to data. But the government and business sectors face several difficulties in resolving cybersecurity network issues, like novel attacks, hackers, internet criminals, and so on. Presently, malware attacks and software piracy pose serious risks in compromising the security of IoT. They can steal confidential data which results in financial and reputational losses. The advent of machine learning (ML) and deep learning (DL) models has been employed to accomplish security in the IoT cloud environment. This article presents an Enhanced Artificial Gorilla Troops Optimizer with Deep Learning Enabled Cybersecurity Threat Detection (EAGTODL-CTD) in IoT Cloud Networks. The presented EAGTODL-CTD model encompasses the identification of the threats in the IoT cloud environment. The proposed EAGTODL-CTD model mainly focuses on the conversion of input binary files to color images, where the malware can be detected using an image classification problem. The EAGTODL-CTD model pre-processes the input data to transform to a compatible format. For threat detection and classification, cascaded gated recurrent unit (CGRU) model is exploited to determine class labels. Finally, EAGTO approach is employed as a hyperparameter optimizer to tune the CGRU parameters, showing the novelty of our work. The performance evaluation of the EAGTODL-CTD model is assessed on a dataset comprising two class labels namely malignant and benign. The experimental values reported the supremacy of the EAGTODL-CTD model with increased accuracy of 99.47%.     

A secure authentication scheme for Internet of Things

Security is one of the major issues in Internet of Things (IoT) research. The rapid growth in the number of IoT devices, the heterogeneity and complexity of these objects and their networks have made authentication a challenging task. Other constraints such as limited computational ability and power, and small storage of some embedded devices make implementation of complex cryptographic algorithms difficult. So far there has been no established industrial standard to address this problem.Recently, Kalra and Sood, and subsequently Chang et al. attempted to solve the authentication problem by proposing key agreement schemes for IoT devices. However, the security of their schemes were unproven. In this paper we demonstrate that these schemes are insecure. We extend upon their work to present a scheme that enables embedded devices to communicate securely with a server on an IoT network. We prove the security of this scheme using formal methods and demonstrate this under the intractability of some well-defined hard problems. We also discuss some practical aspects related to the implementation of the scheme.     

基于序列模型的无线传感网入侵检测系统

随着物联网(IoT)的快速发展，越来越多的IoT节点设备被部署，但伴随而来的安全问题也不可忽视。IoT的网络层节点设备主要通过无线传感网进行通信，其相较于互联网更开放也更容易受到拒绝服务等网络攻击。针对无线传感网面临的网络层安全问题，提出了一种基于序列模型的网络入侵检测系统，对网络层入侵进行检测和报警，具有较高的识别率以及较低的误报率。另外，针对无线传感网节点设备面临的节点主机设备的安全问题，在考虑节点开销的基础上，提出了一种基于简单序列模型的主机入侵检测系统。实验结果表明，针对无线传感网的网络层以及主机层的两个入侵检测系统的准确率都达到了99%以上，误报率在1%左右，达到了工业需求，这两个系统可以全面有效地保护无线传感网安全。     

Mobile Network Operator and Mobile User Cooperation for Customized D2D Data Services

The explosive growth of smart devices has led to the evolution of multimedia data (mainly video) services in mobile networks. It attracted many mobile network operators (MNO) to deploy novel network architectures and develop effective economic policies. Mobile data offloading through smart devices (SDs) by exploring device-to-device (D2D) communications can significantly reduce network congestion and enhance quality of service at a lower cost, which is the key requirement of upcoming 5G networks. This reasonable cost solution is useful for attracting mobile users to participate in the offloading process by paying them proper incentives. It is beneficial for MNOs as well as mobile users. Moreover, D2D communications promise to be one of the prominent services for 5G networks. In this paper, we present a combinatorial optimal reverse auction (CORA) mechanism, which efficiently selects and utilizes available high-end SDs on the basis of available resources for offloading purposes. It also decides the optimal pricing policy for the selected SDs. The efficiency of CORA has been realized in terms of bandwidth and storage demand. Subsequently, we implement caching in SDs, eNodeB (eNB), and evolved packet core (EPC) with the help of our novel video dissemination cache update algorithm to solve the latency or delay issues in the offloading process. Due to high popularity, we specifically focus on video data. Simulation results show that the proposed SD caching scenario curtails the delay up to 75% and the combined cache (CC) scenario slashes the delay varying from 15 to 57%. We also scruitinize the video downloading time performance of various cache scenarios (i.e., CC, EPC cache, eNB cache, and SD cache scenarios).     

A Lightweight Deep Autoencoder Scheme for Cyberattack Detection in the Internet of Things

The Internet of things (IoT) is an emerging paradigm that integrates devices and services to collect real-time data from surroundings and process the information at a very high speed to make a decision. Despite several advantages, the resource-constrained and heterogeneous nature of IoT networks makes them a favorite target for cybercriminals. A single successful attempt of network intrusion can compromise the complete IoT network which can lead to unauthorized access to the valuable information of consumers and industries. To overcome the security challenges of IoT networks, this article proposes a lightweight deep autoencoder (DAE) based cyberattack detection framework. The proposed approach learns the normal and anomalous data patterns to identify the various types of network intrusions. The most significant feature of the proposed technique is its lower complexity which is attained by reducing the number of operations. To optimally train the proposed DAE, a range of hyperparameters was determined through extensive experiments that ensure higher attack detection accuracy. The efficacy of the suggested framework is evaluated via two standard and open-source datasets. The proposed DAE achieved the accuracies of 98.86%, and 98.26% for NSL-KDD, 99.32%, and 98.79% for the UNSW-NB15 dataset in binary class and multi-class scenarios. The performance of the suggested attack detection framework is also compared with several state-of-the-art intrusion detection schemes. Experimental outcomes proved the promising performance of the proposed scheme for cyberattack detection in IoT networks.     

Reinforcement Learning in Continuous Time and Space: Interference and Not Ill Conditioning Is the Main Problem When Using Distributed Function Approximators

Many interesting problems in reinforcement learning (RL) are continuous and/or high dimensional, and in this instance, RL techniques require the use of function approximators for learning value functions and policies. Often, local linear models have been preferred over distributed nonlinear models for function approximation in RL. We suggest that one reason for the difficulties encountered when using distributed architectures in RL is the problem of negative interference, whereby learning of new data disrupts previously learned mappings. The continuous temporal difference (TD) learning algorithm TD(lambda) was used to learn a value function in a limited-torque pendulum swing-up task using a multilayer perceptron (MLP) network. Three different approaches were examined for learning in the MLP networks; 1) simple gradient descent; 2) vario-eta; and 3) a pseudopattern rehearsal strategy that attempts to reduce the effects of interference. Our results show that MLP networks can be used for value function approximation in this task but require long training times. We also found that vario-eta destabilized learning and resulted in a failure of the learning process to converge. Finally, we showed that the pseudopattern rehearsal strategy drastically improved the speed of learning. The results indicate that interference is a greater problem than ill conditioning for this task.     

Reinforcement learning in robotic applications: a comprehensive survey

In recent trends, artificial intelligence (AI) is used for the creation of complex automated control systems. Still, researchers are trying to make a completely autonomous system that resembles human beings. Researchers working in AI think that there is a strong connection present between the learning pattern of human and AI. They have analyzed that machine learning (ML) algorithms can effectively make self-learning systems. ML algorithms are a sub-field of AI in which reinforcement learning (RL) is the only available methodology that resembles the learning mechanism of the human brain. Therefore, RL must take a key role in the creation of autonomous robotic systems. In recent years, RL has been applied on many platforms of the robotic systems like an air-based, under-water, land-based, etc., and got a lot of success in solving complex tasks. In this paper, a brief overview of the application of reinforcement algorithms in robotic science is presented. This survey offered a comprehensive review based on segments as (1) development of RL (2) types of RL algorithm like; Actor-Critic, DeepRL, multi-agent RL and Human-centered algorithm (3) various applications of RL in robotics based on their usage platforms such as land-based, water-based and air-based, (4) RL algorithms/mechanism used in robotic applications. Finally, an open discussion is provided that potentially raises a range of future research directions in robotics. The objective of this survey is to present a guidance point for future research in a more meaningful direction.

     

Detecting stealth DHCP starvation attack using machine learning approach

Dynamic Host Configuration Protocol (DHCP) is used to automatically configure clients with IP address and other network configuration parameters. Due to absence of any in-built authentication, the protocol is vulnerable to a class of Denial-of-Service (DoS) attacks, popularly known as DHCP starvation attacks. However, known DHCP starvation attacks are either ineffective in wireless networks or not stealthy in some of the network topologies. In this paper, we first propose a stealth DHCP starvation attack which is effective in both wired and wireless networks and can not be detected by known detection mechanisms. We test the effectiveness of proposed attack in both IPv4 and IPv6 networks and show that it can successfully prevent other clients from obtaining IP address, thereby, causing DoS scenario. In order to detect the proposed attack, we also propose a Machine Learning (ML) based anomaly detection framework. In particular, we use some popular one-class classifiers for the detection purpose. We capture IPv4 and IPv6 traffic from a real network with thousands of devices and evaluate the detection capability of different machine learning algorithms. Our experiments show that the machine learning algorithms can detect the attack with high accuracy in both IPv4 and IPv6 networks.