SEQUENTIAL INTRUSION DETECTION SYSTEM FOR ZERO-TRUST CYBER DEFENSE OF IOT/IIOT NETWORKS
Article Sidebar
Main Article Content
Abstract
Relevance. The Internet of Things (IoT) and the Industrial Internet of Things (IIoT) and their widespread application make them attractive targets for cyber attacks. Traditional cybersecurity methods such as firewalls and antivirus software are not always effective in protecting IoT/IIoT networks due to their heterogeneity and large number of connected devices. The zero-trust principle can be more effective in protecting IoT/IIoT networks. This principle assumes on no inherent trustworthiness of any user, device, or traffic, requiring authorization and verification before accessing any network resource. This article presents a zero-trust-based intrusion detection system (IDS) that uses machine learning to secure IoT/IIoT networks. The aim of this article is to develop a two-component IDS for detecting and classifying cyber-attacks. The study utilizes machine learning techniques, such as Decision Tree, Random Forest, and XGBoost, on the Edge-IIoTset dataset. The following results were obtained. The IDS structure proposed here employs a sequential approach that consists of two AI modules. The first module detects attacks using a simpler model like Decision Tree. The second module uses more complex models like Random Forest or XGBoost to classify attack types. Experimental evaluation on the Edge-IIoTset dataset demonstrates the system's effectiveness, with an overall accuracy of 95% and significantly reduced response time compared to single complex model systems. Conclusion. The proposed design for an Intrusion Detection System (IDS) achieves high accuracy in detecting attacks while maintaining optimal performance and minimizing additional computational costs. This is especially crucial for real-time network monitoring in IoT/IIoT environments. Further research can focus on the practical implementation of the proposed IDS structure for physical realization in securing IoT/IIoT networks based on the zero-trust principle.
Article Details
References
Vailshery. L. S. (2023), Number of Internet of Things (IoT) Connected Devices Worldwide From 2019 to 2021, with Forecasts From 2022 to 2030, available at: https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
(2024), Cost of a Data Breach Report 2023”, IBM, available at: https://www.ibm.com/reports/data-breach
Rose, S., Borchert, O., Mitchell, S. and Connelly S. (2019), Zero trust architecture, NIST, Gaithersburg, MD, USA, Tech. Rep. NIST 800-207, available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
(2022), DoD Zero Trust Strategy, Department of Defense, USA, initial published version. 29 p., available at: https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTStrategy.pdf
Freter, R. (2022), Department of Defense (DoD) Zero Trust Reference Architecture, Version 2.0, In Proceedings of the Defense Information Systems Agency (DISA) and National Security Agency (NSA), USA, July 2022, 104 p., available at: https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v2.0(U)_Sep22.pdf
Spadaccino, P. and Cuomo, F. (2022), “Intrusion Detection Systems for IoT: Opportunities and Challenges offered by Edge Computing”, arXiv 2022, doi: https://doi.org/10.48550/arXiv.2012.01174
Gavrylenko, S., Poltoratskyi, V. and Nechyporenko, A. (2024), “Intrusion detection model based on improved transformer”, Advanced Information Systems, vol.8, no.1, pp. 94 – 99, doi: https://doi.org/10.20998/2522-9052.2024.1.12
Ullah, S., Boulila, W., Koubâa, A. and J. Ahmad, (2023), “MAGRU-IDS: A Multi-Head Attention-Based Gated Recurrent Unit for Intrusion Detection in IIoT Networks,” IEEE Access, vol. 11, pp. 114590–114601, doi: https://doi.org/10.1109/ACCESS.2023.3324657
Shmatko, O., Kolomiitsev, O., Rekova, N., Kuchuk, N. and Matvieiev, O. (2023), “Designing and evaluating DL-model for vulnerability detection in smart contracts”, Advanced Information Systems, vol. 7, no. 4, pp. 41–51. doi: https://doi.org/10.20998/2522-9052.2023.4.05
Park, C., Lee, J., Kim, Y., Park, J.-G., Kim, H. and Hong, D. (2023), “An Enhanced AI-Based Network Intrusion Detection System Using Generative Adversarial Networks”, IEEE Internet of Things Journal, vol. 10, no. 3, pp. 2330–2345, doi: https://doi.org/10.1109/JIOT.2022.3211346
Said R.B., Sabir, Z. and Askerzade, I. (2023), “CNN-BiLSTM: A Hybrid Deep Learning Approach for Network Intrusion Detection System in Software-Defined Networking With Hybrid Feature Selection”, IEEE Access, vol. 11, pp. 138732–138747, doi: https://doi.org/10.1109/ACCESS.2023.3340142
Sultana, N., Chilamkurti, N., Peng, W. and Alhad, R. (2019), “Survey on SDN based network intrusion detection system using machine learning approaches”, Peer-to-Peer Networking and Applications, vol. 12, pp. 493–501, doi: https://doi.org/10.1007/s12083-017-0630-0
Zaman, S., Alhazmi, Kh., Aseeri, M.A., Ahmed, M.R., Khan, R.T., Kaiser, M.S. and Mahmud, M. (2021), “Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey,” IEEE Access, vol. 9, pp. 94668–94690, doi: https://doi.org/10.1109/ACCESS.2021.3089681
Buczak, A. L. and Guven, E. (2016), “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection”, IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, second quarter, doi: https://doi.org/10.1109/COMST.2015.2494502
Moustafa, N., Hu, J. and Slay, J. (2019), “A holistic review of Network Anomaly Detection Systems: A comprehensive survey”, Journal of Network and Computer Applications, vol. 128, pp. 33–55, doi: https://doi.org/10.1016/j.jnca.2018.12.006
Khraisat, A., Gondal, I., Vamplew, P. and Kamruzzaman J. (2019), “Survey of intrusion detection systems: techniques, datasets and challenges”, Cybersecurity, vol. 2, article number 20, doi: https://doi.org/10.1186/s42400-019-0038-7
Lee, S.-W., Mohammed sidqi, H., Mokhtar, M., Rashidi, S., Rahmani, A.M., Masdari, M. and Hosseinzadeh, M. (2021), “Towards secure intrusion detection systems using deep learning techniques: Comprehensive analysis and review”, J. Netw. Comput. Appl., vol. 187, number 103111, doi: https://doi.org/10.1016/j.jnca.2021.103111
Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z. and Doss, R. (2022), “Zero Trust Architecture (ZTA): A Comprehensive Survey,” IEEE Access, vol. 10, 12 May 2022, pp. 57143–57179, doi:
https://doi.org/10.1109/ACCESS.2022.3174679
Yang, Z., Liu, X., Li, T., Wu, D., Wang, J., Zhao, Y. and Han, H. (2022), “A systematic literature review of methods and datasets for anomaly-based network intrusion detection”, Comput. Secur., vol. 116, 102675, doi: https://doi.org/10.1016/j.cose.2022.102675
Alsoufi, M.A., Razak, S., Siraj, M.M., Nafea, I., Ghaleb, F.A., Saeed, F. and Nasser, M. (2021), “Anomaly-Based Intrusion Detection Systems in IoT Using Deep Learning: A Systematic Literature Review”, Appl. Sci., 2021, vol. 11, 8383, doi: https://doi.org/10.3390/app11188383
Mishra, A. and Yadav, P. (2020), “Anomaly-based IDS to Detect Attack Using Various Artificial Intelligence & Machine Learning Algorithms: A Review”, 2nd International Conference on Data, Engineering and Applications (IDEA), Bhopal, India, pp. 1–7, doi: https://doi.org/10.1109/IDEA49133.2020.9170674
Ferrag, M.A., Friha, O., Hamouda, D., Maglaras, L. and Janicke, H. (2022), “Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning,” in IEEE Access, vol. 10, pp. 40281-40306. doi: https://doi.org/10.1109/ACCESS.2022.3165809
Nuaimi, T.A., Zaabi, S.A., Alyilieli, M., AlMaskari, M., Alblooshi, S., Alhabsi, F., Yusof, M.F.B. and Badawi, A.A. (2023), “A comparative evaluation of intrusion detection systems on the edge-IIoT-2022 dataset, Intelligent Systems with Applications”, vol. 20, 200298, ISSN 2667-3053, doi: https://doi.org/10.1016/j.iswa.2023.200298
Nkoro, E.C., Njoku, J.N., Nwakanma, C.I., Lee, J.-M. and Kim, D.-S. (2024), “Zero-Trust Marine Cyberdefense for IoT-Based Communications: An Explainable Approach”, Electronics, vol. 13, is. 276, doi: https://doi.org/10.3390/electronics13020276
Latif, Sh., Boulila, W., Koubaa, A., Zou, Z. and Ahmad, J. (2024), “DTL-IDS: An optimized Intrusion Detection Framework using Deep Transfer Learning and Genetic Algorithm”, Journal of Network and Computer Applications, vol. 221, 103784, ISSN 1084-8045, doi: https://doi.org/10.1016/j.jnca.2023.103784