An enhanced Deep-Learning empowered Threat-Hunting Framework for software-defined Internet of Things

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-09-13 DOI:10.1016/j.cose.2024.104109

Prabhat Kumar , Alireza Jolfaei , A.K.M Najmul Islam

{"title":"An enhanced Deep-Learning empowered Threat-Hunting Framework for software-defined Internet of Things","authors":"Prabhat Kumar , Alireza Jolfaei , A.K.M Najmul Islam","doi":"10.1016/j.cose.2024.104109","DOIUrl":null,"url":null,"abstract":"<div><p>The Software-Defined Networking (SDN) powered Internet of Things (IoT) offers a global perspective of the network and facilitates control and access of IoT devices using a centralized high-level network approach called Software Defined-IoT (SD-IoT). However, this integration and high flow of data generated by IoT devices raises serious security issues in the centralized control intelligence of SD-IoT. Motivated by the aforementioned challenges, we present a new Deep-Learning empowered Threat Hunting Framework named DLTHF to protect SD-IoT data and detect (binary and multi-vector) attack vectors. First, an automated unsupervised feature extraction module is designed that combines data perturbation-driven encoding and normalization-driven scaling with the proposed Long Short-Term Memory Contractive Sparse AutoEncoder (LSTMCSAE) method to filter and transform dataset values into the protected format. Second, using the encoded data, a novel Threat Detection System (TDS) using Multi-head Self-attention-based Bidirectional Recurrent Neural Networks (MhSaBiGRNN) is designed to detect cyber threats and their types. In particular, a unique TDS strategy is developed in which each time instances is analyzed and allocated a self-learned weight based on the degree of relevance. Further, we also design a deployment architecture for DLTHF in the SD-IoT network. The framework is rigorously evaluated on two new SD-IoT data sources to show its effectiveness.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104109"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824004140/pdfft?md5=de59ccc5221434c221b31d43e2a10a0f&pid=1-s2.0-S0167404824004140-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004140","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Software-Defined Networking (SDN) powered Internet of Things (IoT) offers a global perspective of the network and facilitates control and access of IoT devices using a centralized high-level network approach called Software Defined-IoT (SD-IoT). However, this integration and high flow of data generated by IoT devices raises serious security issues in the centralized control intelligence of SD-IoT. Motivated by the aforementioned challenges, we present a new Deep-Learning empowered Threat Hunting Framework named DLTHF to protect SD-IoT data and detect (binary and multi-vector) attack vectors. First, an automated unsupervised feature extraction module is designed that combines data perturbation-driven encoding and normalization-driven scaling with the proposed Long Short-Term Memory Contractive Sparse AutoEncoder (LSTMCSAE) method to filter and transform dataset values into the protected format. Second, using the encoded data, a novel Threat Detection System (TDS) using Multi-head Self-attention-based Bidirectional Recurrent Neural Networks (MhSaBiGRNN) is designed to detect cyber threats and their types. In particular, a unique TDS strategy is developed in which each time instances is analyzed and allocated a self-learned weight based on the degree of relevance. Further, we also design a deployment architecture for DLTHF in the SD-IoT network. The framework is rigorously evaluated on two new SD-IoT data sources to show its effectiveness.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

针对软件定义物联网的增强型深度学习威胁猎捕框架

由软件定义网络（SDN）驱动的物联网（IoT）提供了网络的全局视角，并通过一种称为软件定义物联网（SD-IoT）的集中式高级网络方法促进了对物联网设备的控制和访问。然而，物联网设备产生的这种集成和大量数据流在 SD-IoT 的集中控制智能中引发了严重的安全问题。基于上述挑战，我们提出了一种名为 DLTHF 的新型深度学习威胁狩猎框架，以保护 SD-IoT 数据并检测（二进制和多载体）攻击载体。首先，设计了一个自动无监督特征提取模块，该模块将数据扰动驱动编码和归一化驱动缩放与所提出的长短期记忆收缩稀疏自动编码器（LSTMCSAE）方法相结合，将数据集值过滤并转换为受保护的格式。其次，利用编码后的数据，使用多头自注意双向循环神经网络（MhSaBiGRNN）设计了一种新型威胁检测系统（TDS），以检测网络威胁及其类型。特别是，我们开发了一种独特的 TDS 策略，对每个时间实例进行分析，并根据相关程度分配自学习权重。此外，我们还设计了在 SD-IoT 网络中部署 DLTHF 的架构。我们在两个新的 SD-IoT 数据源上对该框架进行了严格评估，以显示其有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.