Mireya Lucia Hernandez-Jaimes , Alfonso Martinez-Cruz , Kelsey Alejandra Ramírez-Gutiérrez
{"title":"基于位置敏感哈希算法的物联网异常检测机器学习方法","authors":"Mireya Lucia Hernandez-Jaimes , Alfonso Martinez-Cruz , Kelsey Alejandra Ramírez-Gutiérrez","doi":"10.1016/j.vlsi.2024.102159","DOIUrl":null,"url":null,"abstract":"<div><p><span><span><span>The increasing connectivity of devices on the Internet of Things<span> (IoT) has created a favorable field for attacks. Consequently, current anomaly-based intrusion detection systems<span> (AIDS) integrate artificial intelligence algorithms, such as </span></span></span>machine learning<span> (ML) and deep learning<span><span> (DL), to manage high data volumes, recognize complex patterns, and detect unknown anomalies. However, the effectiveness of these methods is contingent upon the quality and meaningfulness of the extracted features from IoT-based communications. Also, with the growth of the IoT, feature extraction and selection are becoming increasingly difficult due to data heterogeneity, the generation of massive amounts of information, and the lack of feature standardization. Moreover, current proposals rely on complex feature extraction and selection techniques. As a result, this study introduces a novel approach for ML modeling, including </span>decision trees and </span></span></span>random forests<span>, to detect anomalies in IoT. This study aims to overcome feature extraction and selection process dependency by integrating </span></span>fingerprinting techniques<span> based on locality-sensitive hashing (LSH) to represent network packet<span> information in a suitable format for ML modeling and detecting harmful sequential network packets. The anomaly detection performance was assessed using two benchmark IoT datasets, ToN-IoT and MQTT-IoT, which contain cyberattacks threatening IoT networks. The proposal outperforms other methods regarding accuracy, precision, and FPR with values of 99.82%, 99.93%, and 0.13%, respectively.</span></span></p></div>","PeriodicalId":54973,"journal":{"name":"Integration-The Vlsi Journal","volume":null,"pages":null},"PeriodicalIF":2.2000,"publicationDate":"2024-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Machine Learning approach for anomaly detection on the Internet of Things based on Locality-Sensitive Hashing\",\"authors\":\"Mireya Lucia Hernandez-Jaimes , Alfonso Martinez-Cruz , Kelsey Alejandra Ramírez-Gutiérrez\",\"doi\":\"10.1016/j.vlsi.2024.102159\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><span><span><span>The increasing connectivity of devices on the Internet of Things<span> (IoT) has created a favorable field for attacks. Consequently, current anomaly-based intrusion detection systems<span> (AIDS) integrate artificial intelligence algorithms, such as </span></span></span>machine learning<span> (ML) and deep learning<span><span> (DL), to manage high data volumes, recognize complex patterns, and detect unknown anomalies. However, the effectiveness of these methods is contingent upon the quality and meaningfulness of the extracted features from IoT-based communications. Also, with the growth of the IoT, feature extraction and selection are becoming increasingly difficult due to data heterogeneity, the generation of massive amounts of information, and the lack of feature standardization. Moreover, current proposals rely on complex feature extraction and selection techniques. As a result, this study introduces a novel approach for ML modeling, including </span>decision trees and </span></span></span>random forests<span>, to detect anomalies in IoT. This study aims to overcome feature extraction and selection process dependency by integrating </span></span>fingerprinting techniques<span> based on locality-sensitive hashing (LSH) to represent network packet<span> information in a suitable format for ML modeling and detecting harmful sequential network packets. The anomaly detection performance was assessed using two benchmark IoT datasets, ToN-IoT and MQTT-IoT, which contain cyberattacks threatening IoT networks. The proposal outperforms other methods regarding accuracy, precision, and FPR with values of 99.82%, 99.93%, and 0.13%, respectively.</span></span></p></div>\",\"PeriodicalId\":54973,\"journal\":{\"name\":\"Integration-The Vlsi Journal\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2024-01-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Integration-The Vlsi Journal\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167926024000221\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Integration-The Vlsi Journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167926024000221","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
摘要
物联网(IoT)设备的连接性不断增强,为攻击创造了有利条件。因此,当前基于异常的入侵检测系统(AIDS)集成了人工智能算法,如机器学习(ML)和深度学习(DL),以管理高数据量、识别复杂模式和检测未知异常。然而,这些方法的有效性取决于从基于物联网的通信中提取的特征的质量和意义。此外,随着物联网的发展,由于数据异构、海量信息的产生以及缺乏特征标准化,特征提取和选择变得越来越困难。此外,当前的建议依赖于复杂的特征提取和选择技术。因此,本研究引入了一种新的 ML 建模方法,包括决策树和随机森林,以检测物联网中的异常。本研究旨在克服特征提取和选择过程的依赖性,方法是整合基于位置敏感哈希(LSH)的指纹技术,以合适的格式表示网络数据包信息,用于 ML 建模和检测有害的连续网络数据包。利用两个基准物联网数据集(ToN-IoT 和 MQTT-IoT)评估了异常检测性能,这两个数据集包含威胁物联网网络的网络攻击。该建议在准确率、精确度和 FPR 方面优于其他方法,准确率、精确度和 FPR 值分别为 99.82%、99.93% 和 0.13%。
A Machine Learning approach for anomaly detection on the Internet of Things based on Locality-Sensitive Hashing
The increasing connectivity of devices on the Internet of Things (IoT) has created a favorable field for attacks. Consequently, current anomaly-based intrusion detection systems (AIDS) integrate artificial intelligence algorithms, such as machine learning (ML) and deep learning (DL), to manage high data volumes, recognize complex patterns, and detect unknown anomalies. However, the effectiveness of these methods is contingent upon the quality and meaningfulness of the extracted features from IoT-based communications. Also, with the growth of the IoT, feature extraction and selection are becoming increasingly difficult due to data heterogeneity, the generation of massive amounts of information, and the lack of feature standardization. Moreover, current proposals rely on complex feature extraction and selection techniques. As a result, this study introduces a novel approach for ML modeling, including decision trees and random forests, to detect anomalies in IoT. This study aims to overcome feature extraction and selection process dependency by integrating fingerprinting techniques based on locality-sensitive hashing (LSH) to represent network packet information in a suitable format for ML modeling and detecting harmful sequential network packets. The anomaly detection performance was assessed using two benchmark IoT datasets, ToN-IoT and MQTT-IoT, which contain cyberattacks threatening IoT networks. The proposal outperforms other methods regarding accuracy, precision, and FPR with values of 99.82%, 99.93%, and 0.13%, respectively.
期刊介绍:
Integration''s aim is to cover every aspect of the VLSI area, with an emphasis on cross-fertilization between various fields of science, and the design, verification, test and applications of integrated circuits and systems, as well as closely related topics in process and device technologies. Individual issues will feature peer-reviewed tutorials and articles as well as reviews of recent publications. The intended coverage of the journal can be assessed by examining the following (non-exclusive) list of topics:
Specification methods and languages; Analog/Digital Integrated Circuits and Systems; VLSI architectures; Algorithms, methods and tools for modeling, simulation, synthesis and verification of integrated circuits and systems of any complexity; Embedded systems; High-level synthesis for VLSI systems; Logic synthesis and finite automata; Testing, design-for-test and test generation algorithms; Physical design; Formal verification; Algorithms implemented in VLSI systems; Systems engineering; Heterogeneous systems.