Loading…

An Efficient Two-Stage Network Intrusion Detection System in the Internet of Things

Internet of Things (IoT) devices and services provide convenience but face serious security threats. The network intrusion detection system is vital in ensuring the security of the IoT environment. In the IoT environment, we propose a novel two-stage intrusion detection model that combines machine l...

Full description

Saved in:

Bibliographic Details
Published in:	Information (Basel) 2023-01, Vol.14 (2), p.77
Main Authors:	Zhang, Hongpo, Zhang, Bo, Huang, Lulu, Zhang, Zhaozhe, Huang, Haizhaoyang
Format:	Article
Language:	English
Subjects:	Accuracy Algorithms Alliances Artificial neural networks class imbalance Classification Communications traffic convolutional neural network Cybersecurity Datasets Decision trees Deep learning Detectors Feature selection Genetic algorithms Internet of Things Intrusion detection systems LightGBM Machine learning network intrusion detection Neural networks Optimization Safety and security measures Sampling methods Support vector machines
Citations:	Items that this one cites Items that cite this one
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by	cdi_FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3
cites	cdi_FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3
container_end_page
container_issue	2
container_start_page	77
container_title	Information (Basel)
container_volume	14
creator	Zhang, Hongpo Zhang, Bo Huang, Lulu Zhang, Zhaozhe Huang, Haizhaoyang
description	Internet of Things (IoT) devices and services provide convenience but face serious security threats. The network intrusion detection system is vital in ensuring the security of the IoT environment. In the IoT environment, we propose a novel two-stage intrusion detection model that combines machine learning and deep learning to deal with the class imbalance of network traffic data and achieve fine-grained intrusion detection on large-scale flow data. The superiority of the model is verified on the newer and larger CSE-CIC-IDS2018 dataset. In Stage-1, the LightGBM algorithm recognizes normal and abnormal network traffic data and compares six classic machine learning techniques. In Stage-2, the Convolutional Neural Network (CNN) performs fine-grained attack class detection on the samples predicted to be abnormal in Stage-1. The Stage-2 multiclass classification achieves a detection rate of 99.896%, F1score of 99.862%, and an MCC of 95.922%. The total training time of the two-stage model is 74.876 s. The detection time of a sample is 0.0172 milliseconds. Moreover, we set up an optional Synthetic Minority Over-sampling Technique based on the imbalance ratio (IR-SMOTE) of the dataset in Stage-2. Experimental results show that, compared with SMOTE technology, the two-stage intrusion detection model can adapt to imbalanced datasets well and reveal higher efficiency and better performance when processing large-scale flow data, outperforming state-of-the-art intrusion detection systems.
doi_str_mv	10.3390/info14020077
format	article
fullrecord	<record><control><sourceid>gale_doaj_</sourceid><recordid>TN_cdi_doaj_primary_oai_doaj_org_article_a21d9b0c904b4df3b054c2506296d3d0</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A752262293</galeid><doaj_id>oai_doaj_org_article_a21d9b0c904b4df3b054c2506296d3d0</doaj_id><sourcerecordid>A752262293</sourcerecordid><originalsourceid>FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3</originalsourceid><addsrcrecordid>eNpNUU1PGzEQXSGQioBbf4Alrl3w-mNtHyMKbSTUHhLOltceB6fEprYjxL_HSxBCc5jRmzdvnma67vuAryhV-DpEnwaGCcZCHHWnBAvZEybV8Zf6W3dRyhbjmSOZHE671SKiW--DDRArWr-kflXNBtAfqC8p_0PLWPO-hBTRT6hg61ytXkuFHQoR1UeYGZAjVJQ8Wj-GuCnn3Yk3TwUuPvJZ93B3u7753d___bW8Wdz3ltKx9lIBZkx6b4VwjnmwXo6EG2cGS713coLmuXUo8YQzAmxSVnBOMeYDlxM965YHXZfMVj_nsDP5VScT9DuQ8kabXIN9Am3I4NSErcJsYs7TCXNmCccjUaOjDjety4PWc07_91Cq3qZ9js2-JkIo3laqsbGuDqyNaaLzxWs2toWDXbApgg8NXwhOyEiIom3gx2HA5lRKBv9pc8B6fpv--jb6Bs3eiVo</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2779505196</pqid></control><display><type>article</type><title>An Efficient Two-Stage Network Intrusion Detection System in the Internet of Things</title><source>Publicly Available Content Database</source><creator>Zhang, Hongpo ; Zhang, Bo ; Huang, Lulu ; Zhang, Zhaozhe ; Huang, Haizhaoyang</creator><creatorcontrib>Zhang, Hongpo ; Zhang, Bo ; Huang, Lulu ; Zhang, Zhaozhe ; Huang, Haizhaoyang</creatorcontrib><description>Internet of Things (IoT) devices and services provide convenience but face serious security threats. The network intrusion detection system is vital in ensuring the security of the IoT environment. In the IoT environment, we propose a novel two-stage intrusion detection model that combines machine learning and deep learning to deal with the class imbalance of network traffic data and achieve fine-grained intrusion detection on large-scale flow data. The superiority of the model is verified on the newer and larger CSE-CIC-IDS2018 dataset. In Stage-1, the LightGBM algorithm recognizes normal and abnormal network traffic data and compares six classic machine learning techniques. In Stage-2, the Convolutional Neural Network (CNN) performs fine-grained attack class detection on the samples predicted to be abnormal in Stage-1. The Stage-2 multiclass classification achieves a detection rate of 99.896%, F1score of 99.862%, and an MCC of 95.922%. The total training time of the two-stage model is 74.876 s. The detection time of a sample is 0.0172 milliseconds. Moreover, we set up an optional Synthetic Minority Over-sampling Technique based on the imbalance ratio (IR-SMOTE) of the dataset in Stage-2. Experimental results show that, compared with SMOTE technology, the two-stage intrusion detection model can adapt to imbalanced datasets well and reveal higher efficiency and better performance when processing large-scale flow data, outperforming state-of-the-art intrusion detection systems.</description><identifier>ISSN: 2078-2489</identifier><identifier>EISSN: 2078-2489</identifier><identifier>DOI: 10.3390/info14020077</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Accuracy ; Algorithms ; Alliances ; Artificial neural networks ; class imbalance ; Classification ; Communications traffic ; convolutional neural network ; Cybersecurity ; Datasets ; Decision trees ; Deep learning ; Detectors ; Feature selection ; Genetic algorithms ; Internet of Things ; Intrusion detection systems ; LightGBM ; Machine learning ; network intrusion detection ; Neural networks ; Optimization ; Safety and security measures ; Sampling methods ; Support vector machines</subject><ispartof>Information (Basel), 2023-01, Vol.14 (2), p.77</ispartof><rights>COPYRIGHT 2023 MDPI AG</rights><rights>2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3</citedby><cites>FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3</cites><orcidid>0000-0001-5658-9262 ; 0000-0002-2417-6348 ; 0000-0003-3485-8470 ; 0000-0002-0133-2627 ; 0000-0002-2338-2430</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://www.proquest.com/docview/2779505196/fulltextPDF?pq-origsite=primo$$EPDF$$P50$$Gproquest$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/2779505196?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,25753,27924,27925,37012,44590,75126</link.rule.ids></links><search><creatorcontrib>Zhang, Hongpo</creatorcontrib><creatorcontrib>Zhang, Bo</creatorcontrib><creatorcontrib>Huang, Lulu</creatorcontrib><creatorcontrib>Zhang, Zhaozhe</creatorcontrib><creatorcontrib>Huang, Haizhaoyang</creatorcontrib><title>An Efficient Two-Stage Network Intrusion Detection System in the Internet of Things</title><title>Information (Basel)</title><description>Internet of Things (IoT) devices and services provide convenience but face serious security threats. The network intrusion detection system is vital in ensuring the security of the IoT environment. In the IoT environment, we propose a novel two-stage intrusion detection model that combines machine learning and deep learning to deal with the class imbalance of network traffic data and achieve fine-grained intrusion detection on large-scale flow data. The superiority of the model is verified on the newer and larger CSE-CIC-IDS2018 dataset. In Stage-1, the LightGBM algorithm recognizes normal and abnormal network traffic data and compares six classic machine learning techniques. In Stage-2, the Convolutional Neural Network (CNN) performs fine-grained attack class detection on the samples predicted to be abnormal in Stage-1. The Stage-2 multiclass classification achieves a detection rate of 99.896%, F1score of 99.862%, and an MCC of 95.922%. The total training time of the two-stage model is 74.876 s. The detection time of a sample is 0.0172 milliseconds. Moreover, we set up an optional Synthetic Minority Over-sampling Technique based on the imbalance ratio (IR-SMOTE) of the dataset in Stage-2. Experimental results show that, compared with SMOTE technology, the two-stage intrusion detection model can adapt to imbalanced datasets well and reveal higher efficiency and better performance when processing large-scale flow data, outperforming state-of-the-art intrusion detection systems.</description><subject>Accuracy</subject><subject>Algorithms</subject><subject>Alliances</subject><subject>Artificial neural networks</subject><subject>class imbalance</subject><subject>Classification</subject><subject>Communications traffic</subject><subject>convolutional neural network</subject><subject>Cybersecurity</subject><subject>Datasets</subject><subject>Decision trees</subject><subject>Deep learning</subject><subject>Detectors</subject><subject>Feature selection</subject><subject>Genetic algorithms</subject><subject>Internet of Things</subject><subject>Intrusion detection systems</subject><subject>LightGBM</subject><subject>Machine learning</subject><subject>network intrusion detection</subject><subject>Neural networks</subject><subject>Optimization</subject><subject>Safety and security measures</subject><subject>Sampling methods</subject><subject>Support vector machines</subject><issn>2078-2489</issn><issn>2078-2489</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1PGzEQXSGQioBbf4Alrl3w-mNtHyMKbSTUHhLOltceB6fEprYjxL_HSxBCc5jRmzdvnma67vuAryhV-DpEnwaGCcZCHHWnBAvZEybV8Zf6W3dRyhbjmSOZHE671SKiW--DDRArWr-kflXNBtAfqC8p_0PLWPO-hBTRT6hg61ytXkuFHQoR1UeYGZAjVJQ8Wj-GuCnn3Yk3TwUuPvJZ93B3u7753d___bW8Wdz3ltKx9lIBZkx6b4VwjnmwXo6EG2cGS713coLmuXUo8YQzAmxSVnBOMeYDlxM965YHXZfMVj_nsDP5VScT9DuQ8kabXIN9Am3I4NSErcJsYs7TCXNmCccjUaOjDjety4PWc07_91Cq3qZ9js2-JkIo3laqsbGuDqyNaaLzxWs2toWDXbApgg8NXwhOyEiIom3gx2HA5lRKBv9pc8B6fpv--jb6Bs3eiVo</recordid><startdate>20230101</startdate><enddate>20230101</enddate><creator>Zhang, Hongpo</creator><creator>Zhang, Bo</creator><creator>Huang, Lulu</creator><creator>Zhang, Zhaozhe</creator><creator>Huang, Haizhaoyang</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7XB</scope><scope>8AL</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0N</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0001-5658-9262</orcidid><orcidid>https://orcid.org/0000-0002-2417-6348</orcidid><orcidid>https://orcid.org/0000-0003-3485-8470</orcidid><orcidid>https://orcid.org/0000-0002-0133-2627</orcidid><orcidid>https://orcid.org/0000-0002-2338-2430</orcidid></search><sort><creationdate>20230101</creationdate><title>An Efficient Two-Stage Network Intrusion Detection System in the Internet of Things</title><author>Zhang, Hongpo ; Zhang, Bo ; Huang, Lulu ; Zhang, Zhaozhe ; Huang, Haizhaoyang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Accuracy</topic><topic>Algorithms</topic><topic>Alliances</topic><topic>Artificial neural networks</topic><topic>class imbalance</topic><topic>Classification</topic><topic>Communications traffic</topic><topic>convolutional neural network</topic><topic>Cybersecurity</topic><topic>Datasets</topic><topic>Decision trees</topic><topic>Deep learning</topic><topic>Detectors</topic><topic>Feature selection</topic><topic>Genetic algorithms</topic><topic>Internet of Things</topic><topic>Intrusion detection systems</topic><topic>LightGBM</topic><topic>Machine learning</topic><topic>network intrusion detection</topic><topic>Neural networks</topic><topic>Optimization</topic><topic>Safety and security measures</topic><topic>Sampling methods</topic><topic>Support vector machines</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zhang, Hongpo</creatorcontrib><creatorcontrib>Zhang, Bo</creatorcontrib><creatorcontrib>Huang, Lulu</creatorcontrib><creatorcontrib>Zhang, Zhaozhe</creatorcontrib><creatorcontrib>Huang, Haizhaoyang</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Computing Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>Information (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhang, Hongpo</au><au>Zhang, Bo</au><au>Huang, Lulu</au><au>Zhang, Zhaozhe</au><au>Huang, Haizhaoyang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Efficient Two-Stage Network Intrusion Detection System in the Internet of Things</atitle><jtitle>Information (Basel)</jtitle><date>2023-01-01</date><risdate>2023</risdate><volume>14</volume><issue>2</issue><spage>77</spage><pages>77-</pages><issn>2078-2489</issn><eissn>2078-2489</eissn><abstract>Internet of Things (IoT) devices and services provide convenience but face serious security threats. The network intrusion detection system is vital in ensuring the security of the IoT environment. In the IoT environment, we propose a novel two-stage intrusion detection model that combines machine learning and deep learning to deal with the class imbalance of network traffic data and achieve fine-grained intrusion detection on large-scale flow data. The superiority of the model is verified on the newer and larger CSE-CIC-IDS2018 dataset. In Stage-1, the LightGBM algorithm recognizes normal and abnormal network traffic data and compares six classic machine learning techniques. In Stage-2, the Convolutional Neural Network (CNN) performs fine-grained attack class detection on the samples predicted to be abnormal in Stage-1. The Stage-2 multiclass classification achieves a detection rate of 99.896%, F1score of 99.862%, and an MCC of 95.922%. The total training time of the two-stage model is 74.876 s. The detection time of a sample is 0.0172 milliseconds. Moreover, we set up an optional Synthetic Minority Over-sampling Technique based on the imbalance ratio (IR-SMOTE) of the dataset in Stage-2. Experimental results show that, compared with SMOTE technology, the two-stage intrusion detection model can adapt to imbalanced datasets well and reveal higher efficiency and better performance when processing large-scale flow data, outperforming state-of-the-art intrusion detection systems.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/info14020077</doi><orcidid>https://orcid.org/0000-0001-5658-9262</orcidid><orcidid>https://orcid.org/0000-0002-2417-6348</orcidid><orcidid>https://orcid.org/0000-0003-3485-8470</orcidid><orcidid>https://orcid.org/0000-0002-0133-2627</orcidid><orcidid>https://orcid.org/0000-0002-2338-2430</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2078-2489
ispartof	Information (Basel), 2023-01, Vol.14 (2), p.77
issn	2078-2489 2078-2489
language	eng
recordid	cdi_doaj_primary_oai_doaj_org_article_a21d9b0c904b4df3b054c2506296d3d0
source	Publicly Available Content Database
subjects	Accuracy Algorithms Alliances Artificial neural networks class imbalance Classification Communications traffic convolutional neural network Cybersecurity Datasets Decision trees Deep learning Detectors Feature selection Genetic algorithms Internet of Things Intrusion detection systems LightGBM Machine learning network intrusion detection Neural networks Optimization Safety and security measures Sampling methods Support vector machines
title	An Efficient Two-Stage Network Intrusion Detection System in the Internet of Things
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T23%3A08%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Efficient%20Two-Stage%20Network%20Intrusion%20Detection%20System%20in%20the%20Internet%20of%20Things&rft.jtitle=Information%20(Basel)&rft.au=Zhang,%20Hongpo&rft.date=2023-01-01&rft.volume=14&rft.issue=2&rft.spage=77&rft.pages=77-&rft.issn=2078-2489&rft.eissn=2078-2489&rft_id=info:doi/10.3390/info14020077&rft_dat=%3Cgale_doaj_%3EA752262293%3C/gale_doaj_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c336t-89e0448ffc77dd4fecf8625ada1c3ffd8be248dd432f2542e4b9c7553005158b3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2779505196&rft_id=info:pmid/&rft_galeid=A752262293&rfr_iscdi=true