A critical review of intrusion detection systems in the internet of things : techniques, deployment strategy, validation strategy, attacks, public datasets and challenges
- Authors: Khraisat, Ansam , Alazab, Ammar
- Date: 2021
- Type: Text , Journal article
- Relation: Cybersecurity Vol. 4, no. 1 (2021), p.
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack on the end nodes. To this end, Numerous IoT intrusion detection Systems (IDS) have been proposed in the literature to tackle attacks on the IoT ecosystem, which can be broadly classified based on detection technique, validation strategy, and deployment strategy. This survey paper presents a comprehensive review of contemporary IoT IDS and an overview of techniques, deployment Strategy, validation strategy and datasets that are commonly applied for building IDS. We also review how existing IoT IDS detect intrusive attacks and secure communications on the IoT. It also presents the classification of IoT attacks and discusses future research challenges to counter such IoT attacks to make IoT more secure. These purposes help IoT security researchers by uniting, contrasting, and compiling scattered research efforts. Consequently, we provide a unique IoT IDS taxonomy, which sheds light on IoT IDS techniques, their advantages and disadvantages, IoT attacks that exploit IoT communication systems, corresponding advanced IDS and detection capabilities to detect IoT attacks. © 2021, The Author(s).
A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks
- Authors: Khraisat, Ansam , Gondal, Iqbal , Vamplew, Peter , Kamruzzaman, Joarder , Alazab, Ammar
- Date: 2019
- Type: Text , Journal article
- Relation: Electronics (Switzerland) Vol. 8, no. 11 (2019), p.
- Full Text:
- Reviewed:
- Description: The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques. © 2019 by the authors. Licensee MDPI, Basel, Switzerland.
An anomaly intrusion detection system using C5 decision tree classifier
- Authors: Khraisat, Ansam , Gondal, Iqbal , Vamplew, Peter
- Date: 2018
- Type: Text , Conference proceedings , Conference paper
- Relation: 22nd Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2018; Melbourne, Australia; 3rd June 2018; published in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) Vol. 11154 LNAI, p. 149-155
- Full Text: false
- Reviewed:
- Description: Due to increase in intrusion activities over internet, many intrusion detection systems are proposed to detect abnormal activities, but most of these detection systems suffer a common problem which is producing a high number of alerts and a huge number of false positives. As a result, normal activities could be classified as intrusion activities. This paper examines different data mining techniques that could minimize both the number of false negatives and false positives. C5 classifier’s effectiveness is examined and compared with other classifiers. Results should that false negatives are reduced and intrusion detection has been improved significantly. A consequence of minimizing the false positives has resulted in reduction in the amount of the false alerts as well. In this study, multiple classifiers have been compared with C5 decision tree classifier using NSL_KDD dataset and results have shown that C5 has achieved high accuracy and low false alarms as an intrusion detection system.
- Description: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Crime toolkits: The productisation of cybercrime
- Authors: Alazab, Ammar , Abawajy, Jemal , Hobbs, Michael , Layton, Robert , Khraisat, Ansam
- Date: 2013
- Type: Text , Conference paper
- Relation: Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013 p. 1626-1632
- Full Text: false
- Reviewed:
Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine
- Authors: Khraisat, Ansam , Gondal, Iqbal , Vamplew, Peter , Kamruzzaman, Joarder , Alazab, Ammar
- Date: 2020
- Type: Text , Journal article
- Relation: Electronics (Switzerland) Vol. 9, no. 1 (2020), p.
- Full Text:
- Reviewed:
- Description: Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.
Intelligent zero-day intrusion detection framework for internet of things
- Authors: Khraisat, Ansam
- Date: 2020
- Type: Text , Thesis , PhD
- Full Text:
- Description: Zero-day intrusion detection system faces serious challenges as hundreds of thousands of new instances of malware are being created every day to cause harm or damage to the computer system. Cyber-attacks are becoming more sophisticated, leading to challenges in intrusion detection. There are many Intrusion Detection Systems (IDSs), which are proposed to identify abnormal activities, but most of these IDSs produce a large number of false positives and low detection accuracy. Hence, a significant quantity of false positives could generate a high-level of alerts in a short period of time as the normal activities are classified as intrusion activities. This thesis proposes a novel framework of hybrid intrusion detection system that integrates the Signature Intrusion Detection System (SIDS) with the Anomaly Intrusion Detection System (AIDS) to detect zero-day attacks with high accuracy. SIDS has been used to identify previously known intrusions, and AIDS has been applied to detect unknown zero-day intrusions. The goal of this research is to combine the strengths of each technique toward the development of a hybrid framework for the efficient intrusion detection system. A number of performance measures including accuracy, F-measure and area under ROC curve have been used to evaluate the efficacy of our proposed models and to compare and contrast with existing approaches. Extensive simulation results conducted in this thesis show that the proposed framework is capable of yielding excellent detection performance when tested with a number of widely used benchmark datasets in the intrusion detection system domain. Experiments show that the proposed hybrid IDS provides higher detection rate and lower false-positive rate in detecting intrusions as compared to the SIDS and AIDS techniques individually.
- Description: Doctor of Philosophy
Malware detection and prevention system based on multi-stage rules
- Authors: Alazab, Ammar , Hobbs, Michael , Abawajy, Jemal , Khraisat, Ansam
- Date: 2013
- Type: Text , Journal article
- Relation: International Journal of Information Security and Privacy Vol. 7, no. 2 (2013), p. 29-43
- Full Text: false
- Reviewed:
- Description: The continuously rising Internet attacks pose severe challenges to develop an effective Intrusion Detection System (IDS) to detect known and unknown malicious attack. In order to address the problem of detecting known, unknown attacks and identify an attack grouped, the authors provide a new multi stage rules for detecting anomalies in multi-stage rules. The authors used the RIPPER for rule generation, which is capable to create rule sets more quickly and can determine the attack types with smaller numbers of rules. These rules would be efficient to apply for Signature Intrusion Detection System (SIDS) and Anomaly Intrusion Detection System (AIDS). Copyright © 2013, IGI Global.
Maximising competitive advantage on e-Business websites : A data mining approach
- Authors: Alazab, Ammar , Bevinakoppa, Savitri , Khraisat, Ansam
- Date: 2018
- Type: Text , Conference proceedings , Conference paper
- Relation: 2018 IEEE Conference on Big Data and Analytics, ICBDA 2018; Langkawi, Malaysia; 21st-22nd November 2018 p. 111-116
- Full Text: false
- Reviewed:
- Description: Many organizations are interested in analyzing and evaluating the web data for their websites because websites are a very important platform to carry out their business. However, website evaluations face many challenges in using analytics, especially with the huge amount of data that the websites are collecting from various sources. This explosive growth in data requires a complex tool for analyzing and automatically convert the data into valuable information. However, without using a proper analysis tool, it is very difficult to understand the user's behaviour, user's interaction patterns on the website and how users involve in the site. This paper explains methods to examine, understand and visualize the huge amounts of stored data collected from the websites. In this paper, a framework is developed for identifying user's behaviours on websites. Firstly, the attributes are extracted from different websites using Google Analytics and other API tools. Secondly, data mining techniques such as clustering, classification and information gain are applied to build this framework. The findings of these study can be used to evaluate the website and provide some guidelines for the web team to increase user engagement on the website and understand the influence of user behaviour. In addition, this framework is able to identify which behaviour features influence user decisions. Our proposed framework for identifying user's behaviours on websites is tested on a large dataset that contains a variety of individual users from different websites. © 2018 IEEE.
Survey of intrusion detection systems : techniques, datasets and challenges
- Authors: Khraisat, Ansam , Iqbal, Gondal , Vamplew, Peter , Kamruzzaman, Joarder
- Date: 2019
- Type: Text , Journal article
- Relation: Cybersecurity Vol. 2 , no. 1 (2019), p. 1-22
- Full Text:
- Reviewed:
Trends in Crime Toolkit Development
- Authors: Khraisat, Ansam , Alazab, Ammar , Hobbs, Michael , Abawajy, Jemal , Azab, Ahmad
- Date: 2014
- Type: Text , Book chapter
- Relation: Network Security Technologies : Design and Applications p. 1-330
- Full Text: false
- Reviewed:
- Description: Cybercriminals continue to target online users of banks. They are improving their techniques and using high levels of skill in their attacks. Their continued search for different methods to commit crime makes the existing protection system less effective. They have developed crime toolkits which have become more accessible and simpler to use, and this has attracted more cybercriminals to cybercrime. In this chapter, the authors study the methods that are used in crime toolkits. They present the development and current trend of crime toolkits and reveal the methods that have been used to commit cybercrime successfully.