Anomaly Detection Based on CNN and Regularization Techniques Against Zero-Day Attacks in IoT Networks

The fast expansion of the Internet of Things (IoT) in the technology and communication industries necessitates a continuously updated cyber-security mechanism to keep protecting the systems' users from any possible attack that might target their data and privacy. Botnets pose a severe risk to t...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2022, Vol.10, p.98427-98440
Main Authors: Hairab, Belal Ibrahim, Said Elsayed, Mahmoud, Jurcut, Anca D., Azer, Marianne A.
Format: Article
Language:English
Subjects:
Anomalies
Artificial neural networks
Botnet
Classifiers
Communications traffic
Computer crime
Convolutional neural networks
Cybersecurity
Data models
Denial of service attacks
Denial-of-service attack
distributed denial of service
Drainage
IDS
Internet of Things
IoT
Machine learning
Malware
Nodes
Performance evaluation
Regularization
Regularization methods
Shutdowns
zero-day attacks
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The fast expansion of the Internet of Things (IoT) in the technology and communication industries necessitates a continuously updated cyber-security mechanism to keep protecting the systems' users from any possible attack that might target their data and privacy. Botnets pose a severe risk to the IoT, they use malicious nodes in order to compromise other nodes inside the network to launch several types of attacks causing service disruption. Examples of these attacks are Denial of Service (DoS), Distributed Denial of Service (DDoS), Service Scan, and OS Fingerprint. DoS and DDoS attacks are the most severe attacks in IoT launched from Botnets. Where the Botnet commands previously compromised single or multiple nodes in the network to launch network traffic towards a specific node or service. This leads to computational, power, or network bandwidth draining, which causes specific services to shutdown or behave unexpectedly. In this paper, we aim to verify the detection approach reliability when it encounters an attack that it was not trained on before. Therefore, we evaluate the performance of Convolutional Neural Networks (CNN) classifier in order to detect the malicious attack traffic especially the attacks that never reported before in the network i.e. Zero-Day attacks. Different regularization techniques i.e. L1 and L2 have been used to address the problem of overfitting and to control the complexity of the classifier. The experimental results show that using the regularization methods gives a higher performance in all the evaluation metrics compared to the standard CNN model. In addition, the enhanced CNN technique improves the capability of IDSs in detection of unseen intrusion events.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2022.3206367