Internet of Things (IoT) fosters unprecedented network heterogeneity and dynamicity, thus increasing the variety and the amount of related vulnerabilities. Hence, traditional security approaches fall short, also in terms of resulting scalability and privacy. In this paper we propose H2ID, a two-stage hierarchical Network Intrusion Detection approach. H2ID performs (i) anomaly detection via a novel lightweight solution based on a MultiModal Deep AutoEncoder (M2-DAE), and (ii) attack classification, using soft-output classifiers. We validate our proposal using the recently-released Bot-IoT dataset, inferring among four relevant categories of attack (DDoS, DoS, Scan, and Theft) and unknown attacks. Results show gains of the proposed M2-DAE in the case of simple anomaly detection (up to -40% false-positive rate when compared with several baselines at same true positive rate) and for H2ID as a whole when compared to the best-performing misuse detector approach (up to ≈ +5% F1 score). Besides the performance advantages, our system is suitable for distributed and privacy-preserving deployments while limiting re-training necessities, in line with the high efficiency as well as the flexibility required in IoT scenarios.
A hierarchical hybrid intrusion detection approach in IoT scenarios / Bovenzi, G.; Aceto, G.; Ciuonzo, D.; Persico, V.; Pescape, A.. - 2020-:(2020), pp. 1-7. (Intervento presentato al convegno 2020 IEEE Global Communications Conference, GLOBECOM 2020 tenutosi a twn nel 2020) [10.1109/GLOBECOM42002.2020.9348167].
A hierarchical hybrid intrusion detection approach in IoT scenarios
Bovenzi G.;Aceto G.;Ciuonzo D.;Persico V.;Pescape A.
2020
Abstract
Internet of Things (IoT) fosters unprecedented network heterogeneity and dynamicity, thus increasing the variety and the amount of related vulnerabilities. Hence, traditional security approaches fall short, also in terms of resulting scalability and privacy. In this paper we propose H2ID, a two-stage hierarchical Network Intrusion Detection approach. H2ID performs (i) anomaly detection via a novel lightweight solution based on a MultiModal Deep AutoEncoder (M2-DAE), and (ii) attack classification, using soft-output classifiers. We validate our proposal using the recently-released Bot-IoT dataset, inferring among four relevant categories of attack (DDoS, DoS, Scan, and Theft) and unknown attacks. Results show gains of the proposed M2-DAE in the case of simple anomaly detection (up to -40% false-positive rate when compared with several baselines at same true positive rate) and for H2ID as a whole when compared to the best-performing misuse detector approach (up to ≈ +5% F1 score). Besides the performance advantages, our system is suitable for distributed and privacy-preserving deployments while limiting re-training necessities, in line with the high efficiency as well as the flexibility required in IoT scenarios.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.