A behavioural network traffic novelty detection for the internet of things infrastructures

Salma Abdalla Hamad; Quan Z. Sheng; Dai Hoang Tran; Wei Emma Zhang; Surya Nepal

doi:10.1007/978-981-16-0010-4_16

A behavioural network traffic novelty detection for the internet of things infrastructures

Salma Abdalla Hamad^*, Quan Z. Sheng, Dai Hoang Tran, Wei Emma Zhang, Surya Nepal

^*Corresponding author for this work

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

Abstract

The Internet of Things (IoT) applied solutions are changing the way the world perceives technology. IoT devices are now being used in a wide range of applications to transfer or share relevant information, hence reducing human interventions. With such widespread IoT solutions, security becomes a significant concern. Many of the IoT devices are vulnerable due to several reasons, including in-secure implementations, poor life cycle management, and inappropriate configurations, leading to an increase in the risk of these devices getting exposed and attacked. However, the current security approaches for detecting compromised IoT devices are inefficient, especially for zero-day attacks. Since no one knows how a new attack would look like, it will be useful to monitor and detect anomalies using accurate detection techniques. This work probes the possibility of detecting IoT network traffic anomalies using novelty detection techniques; thus, it can detect compromised IoT devices. One of this work’s main contributions is developing an IoT anomaly detection system named Behavioural Novelty Detection for IoT Infrastructure (BND-IoT). BND-IoT trains a neural network with novel selected behavioural features extracted from benign traffic only and then uses the novelty techniques to detect any unusual traffic patterns. We show that the presented approach effectively detects anomalies within IoT devices’ network traffic with a robust average F1-score of 96.7% and a low false rejection rate of 7%.

Original language	English
Title of host publication	Parallel Architectures, Algorithms and Programming
Subtitle of host publication	11th International Symposium, PAAP 2020 Shenzhen, China, December 28–30, 2020 Proceedings
Editors	Li Ning, Vincent Chau, Francis Lau
Place of Publication	Singapore, Singapore
Publisher	Springer, Springer Nature
Pages	174-186
Number of pages	13
ISBN (Electronic)	9789811600104
ISBN (Print)	9789811600098
DOIs	https://doi.org/10.1007/978-981-16-0010-4_16
Publication status	Published - 2021
Event	11th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2020 - Shenzhen, China Duration: 28 Dec 2020 → 30 Dec 2020

Publication series

Name	Communications in Computer and Information Science
Volume	1362
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	11th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2020
Country	China
City	Shenzhen
Period	28/12/20 → 30/12/20

Keywords

IoT security
Machine learning
IoT anomaly detection
Fingerprinting
Novelty detection
Outlier detection

Access to Document

10.1007/978-981-16-0010-4_16

Link to publication in Scopus

Fingerprint Dive into the research topics of 'A behavioural network traffic novelty detection for the internet of things infrastructures'. Together they form a unique fingerprint.

Cite this

Hamad, S. A., Sheng, Q. Z., Tran, D. H., Zhang, W. E., & Nepal, S. (2021). A behavioural network traffic novelty detection for the internet of things infrastructures. In L. Ning, V. Chau, & F. Lau (Eds.), Parallel Architectures, Algorithms and Programming: 11th International Symposium, PAAP 2020 Shenzhen, China, December 28–30, 2020 Proceedings (pp. 174-186). (Communications in Computer and Information Science; Vol. 1362). Springer, Springer Nature. https://doi.org/10.1007/978-981-16-0010-4_16

Hamad, Salma Abdalla ; Sheng, Quan Z. ; Tran, Dai Hoang ; Zhang, Wei Emma ; Nepal, Surya. / A behavioural network traffic novelty detection for the internet of things infrastructures. Parallel Architectures, Algorithms and Programming: 11th International Symposium, PAAP 2020 Shenzhen, China, December 28–30, 2020 Proceedings. editor / Li Ning ; Vincent Chau ; Francis Lau. Singapore, Singapore : Springer, Springer Nature, 2021. pp. 174-186 (Communications in Computer and Information Science).

@inproceedings{7329fbe653a44783a44b3540ab2aab29,

title = "A behavioural network traffic novelty detection for the internet of things infrastructures",

abstract = "The Internet of Things (IoT) applied solutions are changing the way the world perceives technology. IoT devices are now being used in a wide range of applications to transfer or share relevant information, hence reducing human interventions. With such widespread IoT solutions, security becomes a significant concern. Many of the IoT devices are vulnerable due to several reasons, including in-secure implementations, poor life cycle management, and inappropriate configurations, leading to an increase in the risk of these devices getting exposed and attacked. However, the current security approaches for detecting compromised IoT devices are inefficient, especially for zero-day attacks. Since no one knows how a new attack would look like, it will be useful to monitor and detect anomalies using accurate detection techniques. This work probes the possibility of detecting IoT network traffic anomalies using novelty detection techniques; thus, it can detect compromised IoT devices. One of this work{\textquoteright}s main contributions is developing an IoT anomaly detection system named Behavioural Novelty Detection for IoT Infrastructure (BND-IoT). BND-IoT trains a neural network with novel selected behavioural features extracted from benign traffic only and then uses the novelty techniques to detect any unusual traffic patterns. We show that the presented approach effectively detects anomalies within IoT devices{\textquoteright} network traffic with a robust average F1-score of 96.7% and a low false rejection rate of 7%.",

keywords = "IoT security, Machine learning, IoT anomaly detection, Fingerprinting, Novelty detection, Outlier detection",

author = "Hamad, {Salma Abdalla} and Sheng, {Quan Z.} and Tran, {Dai Hoang} and Zhang, {Wei Emma} and Surya Nepal",

year = "2021",

doi = "10.1007/978-981-16-0010-4_16",

language = "English",

isbn = "9789811600098",

series = "Communications in Computer and Information Science",

publisher = "Springer, Springer Nature",

pages = "174--186",

editor = "Li Ning and Vincent Chau and Francis Lau",

booktitle = "Parallel Architectures, Algorithms and Programming",

address = "United States",

note = "11th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2020 ; Conference date: 28-12-2020 Through 30-12-2020",

}

Hamad, SA , Sheng, QZ , Tran, DH , Zhang, WE & Nepal, S 2021, A behavioural network traffic novelty detection for the internet of things infrastructures. in L Ning, V Chau & F Lau (eds), Parallel Architectures, Algorithms and Programming: 11th International Symposium, PAAP 2020 Shenzhen, China, December 28–30, 2020 Proceedings. Communications in Computer and Information Science, vol. 1362, Springer, Springer Nature, Singapore, Singapore, pp. 174-186, 11th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2020, Shenzhen, China, 28/12/20. https://doi.org/10.1007/978-981-16-0010-4_16

A behavioural network traffic novelty detection for the internet of things infrastructures. / Hamad, Salma Abdalla ; Sheng, Quan Z.; Tran, Dai Hoang ; Zhang, Wei Emma; Nepal, Surya.

Parallel Architectures, Algorithms and Programming: 11th International Symposium, PAAP 2020 Shenzhen, China, December 28–30, 2020 Proceedings. ed. / Li Ning; Vincent Chau; Francis Lau. Singapore, Singapore : Springer, Springer Nature, 2021. p. 174-186 (Communications in Computer and Information Science; Vol. 1362).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - A behavioural network traffic novelty detection for the internet of things infrastructures

AU - Hamad, Salma Abdalla

AU - Sheng, Quan Z.

AU - Tran, Dai Hoang

AU - Zhang, Wei Emma

AU - Nepal, Surya

PY - 2021

Y1 - 2021

N2 - The Internet of Things (IoT) applied solutions are changing the way the world perceives technology. IoT devices are now being used in a wide range of applications to transfer or share relevant information, hence reducing human interventions. With such widespread IoT solutions, security becomes a significant concern. Many of the IoT devices are vulnerable due to several reasons, including in-secure implementations, poor life cycle management, and inappropriate configurations, leading to an increase in the risk of these devices getting exposed and attacked. However, the current security approaches for detecting compromised IoT devices are inefficient, especially for zero-day attacks. Since no one knows how a new attack would look like, it will be useful to monitor and detect anomalies using accurate detection techniques. This work probes the possibility of detecting IoT network traffic anomalies using novelty detection techniques; thus, it can detect compromised IoT devices. One of this work’s main contributions is developing an IoT anomaly detection system named Behavioural Novelty Detection for IoT Infrastructure (BND-IoT). BND-IoT trains a neural network with novel selected behavioural features extracted from benign traffic only and then uses the novelty techniques to detect any unusual traffic patterns. We show that the presented approach effectively detects anomalies within IoT devices’ network traffic with a robust average F1-score of 96.7% and a low false rejection rate of 7%.

AB - The Internet of Things (IoT) applied solutions are changing the way the world perceives technology. IoT devices are now being used in a wide range of applications to transfer or share relevant information, hence reducing human interventions. With such widespread IoT solutions, security becomes a significant concern. Many of the IoT devices are vulnerable due to several reasons, including in-secure implementations, poor life cycle management, and inappropriate configurations, leading to an increase in the risk of these devices getting exposed and attacked. However, the current security approaches for detecting compromised IoT devices are inefficient, especially for zero-day attacks. Since no one knows how a new attack would look like, it will be useful to monitor and detect anomalies using accurate detection techniques. This work probes the possibility of detecting IoT network traffic anomalies using novelty detection techniques; thus, it can detect compromised IoT devices. One of this work’s main contributions is developing an IoT anomaly detection system named Behavioural Novelty Detection for IoT Infrastructure (BND-IoT). BND-IoT trains a neural network with novel selected behavioural features extracted from benign traffic only and then uses the novelty techniques to detect any unusual traffic patterns. We show that the presented approach effectively detects anomalies within IoT devices’ network traffic with a robust average F1-score of 96.7% and a low false rejection rate of 7%.

KW - IoT security

KW - Machine learning

KW - IoT anomaly detection

KW - Fingerprinting

KW - Novelty detection

KW - Outlier detection

UR - http://www.scopus.com/inward/record.url?scp=85102526972&partnerID=8YFLogxK

U2 - 10.1007/978-981-16-0010-4_16

DO - 10.1007/978-981-16-0010-4_16

M3 - Conference proceeding contribution

AN - SCOPUS:85102526972

SN - 9789811600098

T3 - Communications in Computer and Information Science

SP - 174

EP - 186

BT - Parallel Architectures, Algorithms and Programming

A2 - Ning, Li

A2 - Chau, Vincent

A2 - Lau, Francis

PB - Springer, Springer Nature

CY - Singapore, Singapore

T2 - 11th International Symposium on Parallel Architectures, Algorithms and Programming, PAAP 2020

Y2 - 28 December 2020 through 30 December 2020

ER -

Hamad SA , Sheng QZ , Tran DH , Zhang WE, Nepal S. A behavioural network traffic novelty detection for the internet of things infrastructures. In Ning L, Chau V, Lau F, editors, Parallel Architectures, Algorithms and Programming: 11th International Symposium, PAAP 2020 Shenzhen, China, December 28–30, 2020 Proceedings. Singapore, Singapore: Springer, Springer Nature. 2021. p. 174-186. (Communications in Computer and Information Science). https://doi.org/10.1007/978-981-16-0010-4_16