物联网场景下基于蜜场的分布式网络入侵检测系统研究

doi:10.11959/j.issn.1000-436x.2024020

Abstract

Abstract:

To solve the problems that the network intrusion detection system in the Internet of things couldn’t identify new attacks and has limited flexibility, a network intrusion detection system based on honeyfarm was proposed, which could effectively identify abnormal traffic and have continuous learning ability.Firstly, considering the characteristics of the convolutional block attention module, an abnormal traffic detection model was developed, focusing on both channel and spatial dimensions, to enhance the model’s recognition abilities.Secondly, a model training scheme utilizing federated learning was employed to enhance the model’s generalization capabilities.Finally, the abnormal traffic detection model at the edge nodes was continuously updated and iterated based on the honeyfarm, so as to improve the system’s accuracy in recognizing new attack traffic.The experimental results demonstrate that the proposed system not only effectively detects abnormal behavior in network traffic, but also continually enhances performance in detecting abnormal traffic.

Key words: NIDS, federated learning, honeyfarm, convolutional block attention module, IoT

CLC Number:

TN929.5

Hao WU, Jiajia HAO, Yunlong LU. Research on distributed network intrusion detection system for IoT based on honeyfarm[J]. Journal on Communications, 2024, 45(1): 106-118.

Figures/Tables 18

References 28

[1]	SISINNI E , SAIFULLAH A , HAN S ,et al. Industrial Internet of things:challenges,opportunities,and directions[J]. IEEE Transactions on Industrial Informatics, 2018,14(11): 4724-4734.
[2]	GATOUILLAT A , BADR Y , MASSOT B ,et al. Internet of medical things:a review of recent contributions dealing with cyber-physical systems in medicine[J]. IEEE Internet of Things Journal, 2018,5(5): 3810-3822.
[3]	ARASTEH H , HOSSEINNEZHAD V , LOIA V ,et al. IoT-based smart cities:a survey[C]// Proceedings of 2016 IEEE 16th International Conference on Environment and Electrical Engineering (EEEIC). Piscataway:IEEE Press, 2016: 1-6.
[4]	ALAA M , ZAIDAN A A , ZAIDAN B B ,et al. A review of smart home applications based on Internet of things[J]. Journal of Network and Computer Applications, 2017,97: 48-65.
[5]	SCHILLER E , AIDOO A , FUHRER J ,et al. Landscape of IoT security[J]. Computer Science Review, 2022,44:100467.
[6]	NGUYEN X H , NGUYEN X D , HUYNH H H ,et al. Realguard:a lightweight network intrusion detection system for IoT gateways[J]. Sensors, 2022,22(2): 432.
[7]	CAO B , LI C , SONG Y ,et al. Network intrusion detection model based on CNN and GRU[J]. Applied Sciences, 2022,12(9): 4184.
[8]	MUHAMMAD G , HOSSAIN M S , GARG S . Stacked autoencoder-based intrusion detection system to combat financial fraudulent[J]. IEEE Internet of Things Journal, 2023,10(3): 2071-2078.
[9]	SABIR M , AHMAD J , ALGHAZZAWI D . A lightweight deep autoencoder scheme for cyberattack detection in the Internet of things[J]. Computer Systems Science and Engineering, 2023,46(1): 57-72.
[10]	YAO W , HU L , HOU Y ,et al. A lightweight intelligent network intrusion detection system using one-class autoencoder and ensemble learning for IoT[J]. Sensors, 2023,23(8): 4141.
[11]	KHAN F A , GUMAEI A , DERHAB A ,et al. A novel two-stage deep learning model for efficient network intrusion detection[J]. IEEE Access, 2019,7: 30373-30385.
[12]	BASATI A , FAGHIH M M . PDAE:efficient network intrusion detection in IoT using parallel deep auto-encoders[J]. Information Sciences, 2022,598: 57-74.
[13]	SHONE N , NGOC T N , PHAI V D ,et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018,2(1): 41-50.
[14]	MOTHUKURI V , PARIZI R M , POURIYEH S ,et al. A survey on security and privacy of federated learning[J]. Future Generation Computer Systems, 2021,115: 619-640.
[15]	HUONG T T , BAC T P , LONG D M ,et al. Detecting cyberattacks using anomaly detection in industrial control systems:a federated learning approach[J]. Computers in Industry, 2021,132:103509.
[16]	QIN Y , KONDO M . Federated learning-based network intrusion detection with a feature selection approach[C]// Proceedings of 2021 International Conference on Electrical,Communication,and Computer Engineering (ICECCE). Piscataway:IEEE Press, 2021: 1-6.
[17]	CETIN B , LAZAR A , KIM J ,et al. Federated wireless network intrusion detection[C]// Proceedings of 2019 IEEE International Conference on Big Data (Big Data). Piscataway:IEEE Press, 2019: 6004-6006.
[18]	MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[J]. arXiv Preprint,arXiv:1602.05629, 2016.
[19]	CHOLAKOSKA A , PFITZNER B , GJORESKI H ,et al. Differentially private federated learning for anomaly detection in e-health networks[C]// Proceedings of the 2021 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2021 ACM International Symposium on Wearable Computers. New York:ACM Press, 2021: 514-518.
[20]	AMAL M R , VENKADESH P . H-doctor:honeypot based firewall tuning for attack prevention[J]. Measurement:Sensors, 2023,25:100664.
[21]	PASHAEI A , AKBARI M E , ZOLFY L M ,et al. Early intrusion detection system using honeypot for industrial control networks[J]. Results in Engineering, 2022,16:100576.
[22]	ELLOUH M , GHALEB M , FELEMBAN M . IoTZeroJar:towards a honeypot architecture for detection of zero-day attacks in IoT[C]// Proceedings of 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN). Piscataway:IEEE Press, 2022: 765-771.
[23]	ALMOHANNADI H , AWAN I , AL HAMAR J ,et al. Cyber threat intelligence from honeypot data using elasticsearch[C]// Proceedings of 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). Piscataway:IEEE Press, 2018: 900-906.
[24]	ALBASEER A , ABDALLAH M . Fine-tuned LSTM-based model for efficient honeypot-based network intrusion detection system in smart grid networks[C]// Proceedings of 2022 5th International Conference on Communications,Signal Processing,and their Applications (ICCSPA). Piscataway:IEEE Press, 2022: 1-6.
[25]	WOO S , PARK J , LEE J-Y ,et al. CBAM:convolutional block attention module[J]. arXiv Preprint,arXiv:1807.06521, 2018.
[26]	MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of 2015 Military Communications and Information Systems Conference (MilCIS). Piscataway:IEEE Press, 2015: 1-6.
[27]	MOUSTAFA N , SLAY J . The evaluation of network anomaly detection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal:A Global Perspective, 2016,25(1-3): 18-31.
[28]	WANG Z , WANG P , SUN Z . SDN traffic anomaly detection method based on convolutional autoencoder and federated learning[C]// Proceedings of 2022 IEEE Global Communications Conference. Piscataway:IEEE Press, 2022: 4154-4160.

Metrics

Recommended 0

No Suggested Reading articles found!

数据集	标签类别		总和
数据集	异常流量	正常流量	总和
训练集	19 488	61 685	81 173
测试集	9 625	25 554	35 179
总和	29 113	87 239	116 352

模型参数	参数设置
批次大小	64
损失函数	二分类交叉熵
优化器	随机梯度下降
学习速率	0.005
联邦学习全局训练轮次	100
联邦学习本地训练轮次	1
节点数目	10
本地独立训练轮次	100

NIDS模型	Accuracy		异常流量样本			正常流量样本
NIDS模型	Accuracy	Precision	Recall	F1-score	Precision	Recall	F1-score
LocalCBAM	88.88%	99.93%	59.39%	74.50%	86.73%	99.98%	92.89%
FedAE	91.98%	99.98%	70.70%	82.83%	90.06%	99.99%	94.77%
FedCAE	93.19%	99.82%	75.26%	85.81%	91.47%	99.94%	95.52%
FedCBAM	94.47%	98.76%	80.81%	88.89%	93.24%	99.62%	96.32%

模型	每轮平均训练时间/s	训练总时间/s
FedAE模型	56.97	579
FedCAE模型	61.58	451
FedCBAM模型	67.65	290

NIDS模型	Accuracy		攻击样本			正常样本
NIDS模型	Accuracy	Precision	Recall	F1-score	Precision	Recall	F1-score
FedCBAM-o模型	92.19%	99.79%	71.59%	83.37%	90.33%	99.94%	94.89%
FedCBAM-n模型	94.47%	98.76%	80.81%	88.89%	93.24%	99.62%	96.32%

Research on distributed network intrusion detection system for IoT based on honeyfarm

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 18

References 28

Related Articles 15

Metrics

Recommended 0

[1]	Zhuo MA, Jiayu JIN, Yilong YANG, Yang LIU, Zuobin YING, Teng LI, Junwei ZHANG. Adaptive federated learning secure aggregation scheme based on threshold homomorphic encryption [J]. Journal on Communications, 2023, 44(7): 76-85.
[2]	Shibo ZHANG, Hongyuan GAO, Yumeng SU, Jianhua CHENG, Lishuai ZHAO. Joint resource configuration method for secure fog computing Internet of things [J]. Journal on Communications, 2023, 44(7): 26-37.
[3]	Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153.
[4]	Jiale ZHANG, Chengcheng ZHU, Xiaobing SUN, Bing CHEN. Membership inference attack and defense method in federated learning based on GAN [J]. Journal on Communications, 2023, 44(5): 193-205.
[5]	Youliang TIAN, Shihong WU, Ta LI, Lindong WANG, Hua ZHOU. Federated learning optimization algorithm based on incentive mechanism [J]. Journal on Communications, 2023, 44(5): 169-180.
[6]	Hui JIANG, Tianliu HE, Min LIU, Sheng SUN, Yuwei WANG. High-performance federated continual learning algorithm for heterogeneous streaming data [J]. Journal on Communications, 2023, 44(5): 123-136.
[7]	Shengxing YU, Zekai CHEN, Zhong CHEN, Ximeng LIU. DAGUARD: distributed backdoor attack defense scheme under federated learning [J]. Journal on Communications, 2023, 44(5): 110-122.
[8]	Kaiju LI, Qiang XU, Hao WANG. Communication-efficient federated learning method via redundant data elimination [J]. Journal on Communications, 2023, 44(5): 79-93.
[9]	Jian SHU, Jiawei SHI, Linlan LIU, Al-Kali Manar. Topology prediction for opportunistic network based on spatiotemporal convolution [J]. Journal on Communications, 2023, 44(3): 145-156.
[10]	Yangyang NIU, Zhiqing WEI, Zhiyong FENG. Space-time spectrum sharing based on game theory:dynamic access and penalty strategy [J]. Journal on Communications, 2023, 44(12): 28-38.
[11]	Dong WANG, Qianqian QIN, Kaitian GUO, Rongke LIU, Weipeng YAN, Yizhi REN, Qingcai LUO, Yanzhao SHEN. Survey on model inversion attack and defense in federated learning [J]. Journal on Communications, 2023, 44(11): 94-109.
[12]	Qianpiao MA, Qingmin JIA, Jianchun LIU, Hongli XU, Renchao XIE, Tao HUANG. Client grouping and time-sharing scheduling for asynchronous federated learning in heterogeneous edge computing environment [J]. Journal on Communications, 2023, 44(11): 79-93.
[13]	Lingtao TANG, Di WANG, Shengyun LIU. Data augmentation scheme for federated learning with non-IID data [J]. Journal on Communications, 2023, 44(1): 164-176.
[14]	Shengxing YU, Zhong CHEN. Efficient secure federated learning aggregation framework based on homomorphic encryption [J]. Journal on Communications, 2023, 44(1): 14-28.
[15]	Shaoshuai FAN, Jianbo WU, Hui TIAN. Federated learning resource management for energy-constrained industrial IoT devices [J]. Journal on Communications, 2022, 43(8): 65-77.