Journal of Sensor and Actuator Networks (Dec 2022)
A Hierarchical Deep Learning-Based Intrusion Detection Architecture for Clustered Internet of Things
Abstract
The Internet of Things (IoT) system’s ever-expanding attack surface calls for a new intrusion detection system (IDS). These systems may include thousands of wireless devices that need to be protected from cyberattacks. Recent research efforts used machine learning to analyze and identify various attacks and abnormal behavior on IoT systems. Most of these techniques are characterized by low accuracy and they do not scale to today’s IoT-enabled smart cities applications. This article proposes a secure automatic two-levels intrusion detection system (SATIDS) which utilizes the minimum redundancy maximum relevance (MRMR) feature selection technique and an enhanced version of long short-term memory (LSTM) based on an artificial recurrent neural network (RNN) to enhance the IDS performance. SATIDS aims at detecting traffic anomalies with greater accuracy while also reducing the time it takes to perform this task. The proposed algorithm was trained and evaluated using two of the most recent datasets based on realistic data: ToN-IoT and InSDN datasets. The performance analysis of the proposed system proves that it can differentiate between attacks and normal traffic, identify the attack category, and finally define the type of sub-attack with high accuracy. Comparing the performance of the proposed system with the existing IDSs reveals that it outperforms its best rivals from the literature in detecting many types of attacks. It improves accuracy, detection rates, F1-score, and precision. Using 500 hidden and two LSTM layers achieves accuracy of 97.5%, precision of 98.4%, detection rate of 97.9%, and F1-score of 98.05% on ToN-IoT dataset, and precision of 99%, detection rate of 99.6%, and F1-score of 99.3% on InSDN dataset. Finally, SATIDS was applied to an IoT network which utilizes the energy harvesting real-time routing protocol (EHRT). EHRT optimizes the low-energy adaptive clustering hierarchy (LEACH) routing technique using a modified artificial fish swarm algorithm. The integration between the optimized LEACH and the proposed IDS enhances the network lifetime, energy consumption, and security.
Keywords