IoT Güvenliği İçin Kullanılan Makine Öğrenimi ve Derin Öğrenme Modelleri Üzerine Bir Derleme

Nesnelerin internetini (internet of things - IoT) oluşturan cihazlar ve bu cihazları birbirine bağlayan ağlar hızlı bir şekilde yaygınlaşmaktadır ve evrim geçirmektedir. Buna paralel olarak, IoT cihazlarına ve ağlarına yönelik saldırılar da hız kesmeden artmaya devam etmektedir. Bu derleme çalışmasında, genel olarak IoT ağlarındaki anormallik tabanlı saldırıları tespit etmek ve azaltmak için önerilen, makine öğrenimi ve derin öğrenme modellerinden oluşan güncel yaklaşımlar özetlenmiştir. Önerilen yaklaşımlar hakkında kısa bilgiler verilmektedir ve bu yaklaşımların avantajlarından ve dezavantajlarından bahsedilmektedir. Bu çalışmanın ana hedefi olarak, önerilen yaklaşımlarda kullanılan makine öğrenimi ve derin öğrenme modelleri ile ilgili, üç araştırma sorusunun yanıtı aranmaktadır. Bu araştırma sorularından birincisi, “IoT güvenliğinde kullanılan makine öğrenimi ve derin öğrenme modelleri, hangi metriklerle değerlendirilmektedir? “, ikincisi, “IoT güvenliği açısından, makine öğrenimi ve derin öğrenme modellerinde hangi veri kümeleri kullanılmaktadır? “ ve üçüncüsü ise, “IoT güvenliğinde hangi makine öğrenimi ve derin öğrenme modelleri kullanılmaktadır ve bunların uygulama alanları nelerdir? “. Bu çalışmada son olarak, incelenen çalışmalardaki eksiklikler tespit edilmektedir. Böylece, IoT güvenliği ile ilgili gelecekteki çalışmalar için bir bakış açısı sağlanmaktadır

Anahtar Kelimeler:

derin öğrenme, IoT güvenliği, makine öğrenimi

A Review of Machine Learning and Deep Learning Models Used for IoT Security

Internet of things (IoT) devices and networks connecting these devices are rapidly spreading and evolving. In parallel, attacks against IoT devices and networks continue to increase unabated. In this review, current approaches, consisting of machine learning and deep learning models, which are recommended to detect and mitigate anomaly-based attacks in IoT networks in general, are summarized. Brief information about the proposed approaches is given, and the advantages and disadvantages of these approaches are mentioned. As the main objective of this paper, answers to three research questions about machine learning and deep learning models used in the proposed approaches are sought. The first of these research questions is, “With which metrics are machine learning and deep learning models used in IoT security evaluated? “, the second is, “In terms of IoT security, which datasets are used in machine learning and deep learning models? “ and the third is, “Which machine learning and deep learning models are used in IoT security and what are their application areas? “. Finally, deficiencies encountered in the studies are noted. Thus, a perspective is provided for future work on IoT security.

Keywords:

deep learning, IoT security, machine learning,

PDF

___

[1] R. Kandaswamy ve D. Furlonger, Blockchain-based transformation: A gartner trend insight report, Gartner, 2018.
[2] P. Newman, "THE INTERNET OF THINGS 2020: Here’s what over 400 IoT decision-makers say about the future of enterprise connectivity and how IoT companies can use it to grow revenue", Bus. Insid., 1–6, 2020.
[3] M. Almseidin, M. Alzubi, S. Kovacs, ve M. Alkasassbeh, “Evaluation of machine learning algorithms for intrusion detection system”, 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY),Subotica, 277–282, 14-16 September, 2017.
[4] I. Corona, G. Giacinto, ve F. Roli, “Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues”, Inf. Sci. (Ny)., 239, 201–225, 2013.
[5] M. A. Lawal, R. A. Shaikh, ve S. R. Hassan, “Security analysis of network anomalies mitigation schemes in IoT networks”, IEEE Access, 8, 43355–43374, 2020.
[6] J. P. Anderson, “Computer security threat monitoring and surveillance”, Tech. Report, 1980.
[7] P. Shukla, “ML-IDS: A machine learning approach to detect wormhole attacksin Internet of Things”, 2017 Intelligent Systems Conference (IntelliSys), London, 234–240, 7-8 September, 2017.
[8] A. Mehmood, M. Mukherjee, S. H. Ahmed, H. Song, ve K. M. Malik, “NBC-MAIDS: Naive Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks”, J. Supercomput., 74(10), 5156–5170, 2018.
[9] A. Saeed, A. Ahmadinia, A. Javed, ve H. Larijani, “Intelligent intrusion detection in low-power IoTs”, ACM Trans. Internet Technol., 16(4), 1–25, 2016.
[10] T. Luo ve S. G. Nagarajan, “Distributed anomaly detection using autoencoder neural networks in wsn for iot”, 2018 IEEE international conference on communications (icc), Kansas City, 1–6, 20-24 May, 2018.
[11] N. Moustafa, B. Turnbull, ve K.-K. R. Choo, “An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things”, IEEE Internet Things J., 6(3), 4815–4830, 2018.
[12] S. J. Lee vd., “IMPACT: Impersonation attack detection via edge computing using deep autoencoder and feature abstraction”, IEEE Access, 8, 65520–65529, 2020.
[13] K. S. Sahoo, D. Puthal, M. Tiwary, J. J. P. C. Rodrigues, B. Sahoo, ve R. Dash, “An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics”, Futur. Gener. Comput. Syst., 89, 685–697, 2018.
[14] L. Xiao, X. Wan, X. Lu, Y. Zhang, ve D. Wu, “IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?”, IEEE Signal Process. Mag., 35(5), 41–49, 2018.
[15] F. Liang, W. G. Hatcher, W. Liao, W. Gao, ve W. Yu, “Machine learning for security and the internet of things: the good, the bad, and the ugly”, IEEE Access, 7, 158126–158147, 2019.
[16] M. Fahim ve A. Sillitti, “Anomaly detection, analysis and prediction techniques in iot environment: A systematic literature review”, IEEE Access, 7, 81664–81681, 2019.
[17] F. Hussain, R. Hussain, S. A. Hassan, ve E. Hossain, “Machine learning in IoT security: Current solutions and future challenges”, IEEE Commun. Surv. & Tutorials, 22(3), 1686–1721, 2020.
[18] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, ve H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study”, J. Inf. Secur. Appl., 50, 102419, 2020.
[19] M. A. Amanullah vd., “Deep learning and big data technologies for IoT security”, Comput. Commun., 151, 495–517, 2020.
[20] H. Wu, H. Han, X. Wang, ve S. Sun, “Research on Artificial Intelligence Enhancing Internet of Things Security: A Survey”, IEEE Access, 8, 153826–153848, 2020.
[21] S. M. Tahsien, H. Karimipour, ve P. Spachos, “Machine learning based solutions for security of Internet of Things (IoT): A survey”, J. Netw. Comput. Appl., 161, 102630, 2020.
[22] M. A. Al-Garadi, A. Mohamed, A. K. Al-Ali, X. Du, I. Ali, ve M. Guizani, “A survey of machine and deep learning methods for internet of things (IoT) security”, IEEE Commun. Surv. & Tutorials, 22(3), 1646–1685, 2020.
[23] Y. Yue, S. Li, P. Legg, ve F. Li, “Deep Learning-Based Security Behaviour Analysis in IoT Environments: A Survey”, Secur. Commun. Networks, 2021, 2021.
[24] R. Ahmad ve I. Alsmadi, “Machine learning approaches to IoT security: A systematic literature review”, Internet of Things, 100365, 2021.
[25] L. Aversano, M. L. Bernardi, M. Cimitile, ve R. Pecori, “A systematic review on Deep Learning approaches for IoT security”, Comput. Sci. Rev., 40(100389), 2021.
[26] A. Thakkar ve R. Lohiya, “A Review on Machine Learning and Deep Learning Perspectives of IDS for IoT: Recent Updates, Security Issues, and Challenges”, Arch. Comput. Methods Eng., 28(4), 3211–3243, 2021.
[27] F. A. Alaba, M. Othman, I. A. T. Hashem, ve F. Alotaibi, “Internet of Things security: A survey”, J. Netw. Comput. Appl., 88, 10–28, 2017.
[28] M. Ammar, G. Russello, ve B. Crispo, “Internet of Things: A survey on the security of IoT frameworks”, J. Inf. Secur. Appl., 38, 8–27, 2018.
[29] R. Pecori, P. Ducange, ve F. Marcelloni, “Incremental learning of fuzzy decision trees for streaming data classification”, 11th Conference of the European Society for Fuzzy Logic and Technology (EUSFLAT 2019), Ostrava, 748–755, 9-13 September, 2019.
[30] T. Winter vd., “IPv6 routing protocol for low-power and lossy networks”, RFC6550 IETF, 2012.
[31] E. Ahmed vd., “The role of big data analytics in Internet of Things”, Comput. Networks, 129, 459–471, 2017.
[32] M. F. Elrawy, A. I. Awad, ve H. F. A. Hamed, “Intrusion detection systems for IoT-based smart environments: a survey”, J. Cloud Comput., 7(1), 1–20, 2018.
[33] E. Osterweil, A. Stavrou, ve L. Zhang, “20 years of ddos: a call to action”, arXiv Prepr. arXiv1904.02739, 2019.
[34] S. Alzahrani, L. Hong, ve others, “Generation of ddos attack dataset for effective ids development and evaluation”, J. Inf. Secur., 9(04), 225, 2018.
[35] M. Antonakakis vd., “Understanding the mirai botnet”, 26th USENIX security symposium (USENIX Security 17), Vancouver, BC, Canada, 1093–1110, 16-18 August, 2017.
[36] N. Moustafa, J. Hu, ve J. Slay, “A holistic review of network anomaly detection systems: A comprehensive survey”, J. Netw. Comput. Appl., 128, 33–55, 2019.
[37] K. Lakshminarayanan, D. Adkins, A. Perrig, ve I. Stoica, “Taming IP packet flooding attacks”, ACM SIGCOMM Comput. Commun. Rev., 34(1), 45–50, 2004.
[38] M. A. Khan ve K. Salah, “IoT security: Review, blockchain solutions, and open challenges”, Futur. Gener. Comput. Syst., 82, 395–411, 2018.
[39] N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, ve P. Faruki, “Network intrusion detection for IoT security based on learning techniques”, IEEE Commun. Surv. & Tutorials, 21(3), 2671–2701, 2019.
[40] A. K. Das, S. Zeadally, ve D. He, “Taxonomy and analysis of security protocols for Internet of Things”, Futur. Gener. Comput. Syst., 89, 110–125, 2018.
[41] F. Hussain, A. Anpalagan, A. S. Khwaja, ve M. Naeem, “Resource allocation and congestion control in clustered M2M communication using Q-learning”, Trans. Emerg. Telecommun. Technol., 28(4), e3039, 2017.
[42] Y. Zhang, P. Li, ve X. Wang, “Intrusion detection for IoT based on improved genetic algorithm and deep belief network”, IEEE Access, 7, 31711–31722, 2019.
[43] M. Tavallaee, E. Bagheri, W. Lu, ve A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set”, 2009 IEEE symposium on computational intelligence for security and defense applications, Ottawa, Canada, 1–6, 8-10 July, 2009.
[44] F. Li, A. Shinde, Y. Shi, J. Ye, X.-Y. Li, ve W. Song, “System statistics learning-based IoT security: Feasibility and suitability”, IEEE Internet Things J., 6(4), 6396–6403, 2019.
[45] R.-H. Hwang, M.-C. Peng, C.-W. Huang, P.-C. Lin, ve V.-L. Nguyen, “An unsupervised deep learning model for early network traffic anomaly detection”, IEEE Access, 8, 30387–30399, 2020.
[46] W. Wang, M. Zhu, X. Zeng, X. Ye, ve Y. Sheng, “Malware traffic classification using convolutional neural network for representation learning”, 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam, 712–717, 11-13 January, 2017.
[47] C. D. McDermott, F. Majdani, ve A. V Petrovski, “Botnet detection in the internet of things using deep learning approaches”, 2018 international joint conference on neural networks (IJCNN), Rio, Brazil, 1–8, 8-13 July, 2018.
[48] Z. A. Baig, S. Sanguanpong, S. N. Firdous, T. G. Nguyen, C. SoIn, ve others, “Averaged dependence estimators for DoS attack detection in IoT networks”, Futur. Gener. Comput. Syst., 102, 198–209, 2020.
[49] N. Koroniotis, N. Moustafa, E. Sitnikova, ve B. Turnbull, “Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset”, Futur. Gener. Comput. Syst., 100, 779–796, 2019.
[50] M. Saharkhizan, A. Azmoodeh, A. Dehghantanha, K.-K. R. Choo, ve R. M. Parizi, “An ensemble of deep recurrent neural networks for detecting iot cyber attacks using network traffic”, IEEE Internet Things J., 7(9), 8852–8859, 2020.
[51] N. Goldenberg ve A. Wool, “Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems”, Int. J. Crit. Infrastruct. Prot., 6(2), 63–75, 2013.
[52] C. Kolias, G. Kambourakis, A. Stavrou, ve S. Gritzalis, “Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset”, IEEE Commun. Surv. & Tutorials, 18(1), 184–208, 2015.
[53] M. E. Aminanto ve K. Kim, “Detecting impersonation attack in WiFi networks using deep learning approach”, International Workshop on Information Security Applications, 136–147, 2016.
[54] M. E. Aminanto, R. Choi, H. C. Tanuwidjaja, P. D. Yoo, ve K. Kim, “Deep abstraction and weighted feature selection for Wi-Fi impersonation detection”, IEEE Trans. Inf. Forensics Secur., 13(3), 621–636, 2017.
[55] L. R. Parker, P. D. Yoo, T. A. Asyhari, L. Chermak, Y. Jhi, ve K. Taha, “Demise: Interpretable deep extraction and mutual information selection techniques for IoT intrusion detection”, içinde Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019, ss. 1–10.
[56] M. Shafiq, Z. Tian, A. K. Bashir, X. Du, ve M. Guizani, “IoT malicious traffic identification using wrapper-based feature selection mechanisms”, Comput. & Secur., 94, 101863, 2020.
[57] K. Gong, Z. Xiao, ve X. Zhang, “The bijective soft set with its operations”, Comput. & Math. with Appl., 60( 8), 2270–2278, 2010.
[58] W. Li, W. Meng, ve M. H. Au, “Enhancing collaborative intrusion detection via disagreement-based semi-supervised learning in IoT environments”, J. Netw. Comput. Appl., 161, 102631, 2020.
[59] R. P. Lippmann vd., “Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation”, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00, South Carolina, 12–26, 25-27 January, 2000.
[60] C.-H. Mao, H.-M. Lee, D. Parikh, T. Chen, ve S.-Y. Huang, “Semisupervised co-training and active learning based approach for multi-view intrusion detection”, Proceedings of the 2009 ACM symposium on Applied Computing, Honolulu Hawaii, 2042– 2048, 8-12 March, 2009.
[61] M. Roesch vd., “Snort: Lightweight intrusion detection for networks.”, LISA '99: Proceedings of the 13th USENIX conference on System administration, Seattle Washington, 99(1), 229–238, 7-12 November, 1999.
[62] M. Bagaa, T. Taleb, J. B. Bernabe, ve A. Skarmeta, “A machine learning security framework for IoT systems”, IEEE Access, 8, 114066–114077, 2020.
[63] Internet: G. ETSI, Zero-touch network and Service Management (ZSM); Reference Architecture, https://www.etsi.org/technologies/zero-touch-network-servicemanagement, 17.07.2021.
[64] Y. Jia, F. Zhong, A. Alrawais, B. Gong, ve X. Cheng, “Flowguard: an intelligent edge defense mechanism against IoT DDoS attacks”, IEEE Internet Things J., 7(10), 9552–9562, 2020.
[65] I. Sharafaldin, A. H. Lashkari, S. Hakak, ve A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy”, 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 1–8, 1-3 October, 2019.
[66] M. Shafiq, Z. Tian, Y. Sun, X. Du, ve M. Guizani, “Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city”, Futur. Gener. Comput. Syst., 107, 433–442, 2020.
[67] H.-T. Nguyen, D.-H. Nguyen, Q.-D. Ngo, V.-H. Tran, ve V.-H. Le, “Towards a rooted subgraph classifier for IoT botnet detection”, Proceedings of the 2019 7th International Conference on Computer and Communications Management, New York, 247– 251, 27-29 July, 2019.
[68] H.-T. Nguyen, Q.-D. Ngo, D.-H. Nguyen, ve V.-H. Le, “PSI-rooted subgraph: A novel feature for IoT botnet detection using classifier algorithms”, ICT Express, 6(2), 128–138, 2020.
[69] H.-T. Nguyen, Q.-D. Ngo, ve V.-H. Le, “IoT botnet detection approach based on PSI graph and DGCNN classifier”, 2018 IEEE International Conference on Information Communication and Signal Processing (ICICSP), Singapore, 118–122, 28-30 September, 2018.
[70] Y. M. P. Pa, S. Suzuki, K. Yoshioka, T. Matsumoto, T. Kasama, ve C. Rossow, “IoTPOT: A novel honeypot for revealing current IoT threats”, J. Inf. Process., 24(3), 522–533, 2016.
[71] Internet: VirusShare, “Because sharing is caring”, https://virusshare.com/, 17.07.2021.
[72] N. Ravi ve S. M. Shalinie, “Semisupervised-Learning-Based Security to Detect and Mitigate Intrusions in IoT Network”, IEEE Internet Things J., 7(11), 11041–11052, 2020.
[73] N. Ravi ve S. M. Shalinie, “Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture”, IEEE Internet Things J., 7(4), 3559–3570, 2020.
[74] Internet: UNB-ISCX, Canadian Institute for Cybersecurity Datasets, https://www.unb.ca/cic/datasets/index.html, 17.07.2021.
[75] M. Almiani, A. AbuGhazleh, Y. Jararweh, ve A. Razaque, “DDoS detection in 5G-enabled IoT networks using deep Kalman backpropagation neural network”, Int. J. Mach. Learn. Cybern., 1– 13, 2021.
[76] M. A. Ambusaidi, X. He, P. Nanda, ve Z. Tan, “Building an intrusion detection system using a filter-based feature selection algorithm”, IEEE Trans. Comput., 65(10), 2986–2998, 2016.
[77] N. Moustafa, G. Creech, ve J. Slay, “Big data analytics for intrusion detection system Statistical decision-making using finite dirichlet mixture models”, Data analytics and decision support for cybersecurity, Springer, 127–156, 2017.
[78] C.-F. Tsai ve C.-Y. Lin, “A triangle area based nearest neighbors approach to intrusion detection”, Pattern Recognit., 43(1), 222– 229, 2010.
[79] M. Z. Alom, V. Bontupalli, ve T. M. Taha, “Intrusion detection using deep belief networks”, Proc. IEEE Natl. Aerosp. Electron. Conf. NAECON, USA, 339–344, 2016-March,2016.
[80] C. Yin, Y. Zhu, J. Fei, ve X. He, “A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks”, IEEE Access, 5, 21954–21961, 2017.
[81] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, ve M. Ghogho, “Deep learning approach for Network Intrusion Detection in Software Defined Networking”, Proc. - 2016 Int. Conf. Wirel. Networks Mob. Commun. WINCOM 2016 Green Commun. Netw., Morocco, 258–263, 26-29 October, 2016.
[82] M. AL-Hawawreh, N. Moustafa, ve E. Sitnikova, “Identification of malicious activities in industrial internet of things based on deep learning models”, J. Inf. Secur. Appl., 41, 1–11, 2018.
[83] S. A. Ludwig, “Intrusion detection of multiple attack classes using a deep neural net ensemble”, 2017 IEEE Symp. Ser. Comput. Intell. SSCI 2017 -Proc., Honolulu, HI, USA, 1–7, 27 November1 December, 2018.
[84] B. Subba, S. Biswas, ve S. Karmakar, “Enhancing performance of anomaly based intrusion detection systems through dimensionality reduction using principal component analysis”, 2016 IEEE Int. Conf. Adv. Networks Telecommun. Syst. ANTS 2016, Bangalore, India, 1-6, August 2017.
[85] H. HaddadPajouh, A. Dehghantanha, R. Khayami, ve K.-K. R. Choo, “A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting”, Futur. Gener. Comput. Syst., 85, 88–96, 2018.
[86] R. Kozik, M. Choraś, M. Ficco, ve F. Palmieri, “A scalable distributed machine learning approach for attack detection in edge computing environments”, J. Parallel Distrib. Comput., 119, 18– 26, 2018.
[87] S. Prabavathy, K. Sundarakantham, ve S. M. Shalinie, “Design of cognitive fog computing for intrusion detection in Internet of Things”, J. Commun. Networks, 20(3), 291–298, 2018.
[88] S. Rathore ve J. H. Park, “Semi-supervised learning based distributed attack detection framework for IoT”, Appl. Soft Comput., 72, 79–89, 2018.
[89] A. A. Diro ve N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things”, Futur. Gener. Comput. Syst., 82, 761–768, 2018.
[90] H. H. Pajouh, R. Javidan, R. Khayami, A. Dehghantanha, ve K.-K. R. Choo, “A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks”, IEEE Trans. Emerg. Top. Comput., 7(2), 314–323, 2019.
[91] S. U. Jan, S. Ahmed, V. Shakhov, ve I. Koo, “Toward a Lightweight Intrusion Detection System for the Internet of Things”, IEEE Access, 7, 42450–42471, 2019.
[92] J. Li, Z. Zhao, R. Li, ve H. Zhang, “AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks”, IEEE Internet Things J., 6(2), 2093–2102, 2019.
[93] P. K. Sharma, S. Singh, ve J. H. Park, “OpCloudSec: Open cloud software defined wireless network security for the Internet of Things”, Comput. Commun., 122, 1–8, 2018.
[94] A. Mehmood, M. Mukherjee, S. H. Ahmed, H. Song, ve K. M. Malik, “NBC-MAIDS: Naïve Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks”, J. Supercomput., 74(10), 5156–5170, 2018.