skip to main content
research-article

A Comparative Study of AI-Based Intrusion Detection Techniques in Critical Infrastructures

Published:22 July 2021Publication History
Skip Abstract Section

Abstract

Volunteer computing uses Internet-connected devices (laptops, PCs, smart devices, etc.), in which their owners volunteer them as storage and computing power resources, has become an essential mechanism for resource management in numerous applications. The growth of the volume and variety of data traffic on the Internet leads to concerns on the robustness of cyberphysical systems especially for critical infrastructures. Therefore, the implementation of an efficient Intrusion Detection System for gathering such sensory data has gained vital importance. In this article, we present a comparative study of Artificial Intelligence (AI)-driven intrusion detection systems for wirelessly connected sensors that track crucial applications. Specifically, we present an in-depth analysis of the use of machine learning, deep learning and reinforcement learning solutions to recognise intrusive behavior in the collected traffic. We evaluate the proposed mechanisms by using KDD’99 as real attack dataset in our simulations. Results present the performance metrics for three different IDSs, namely the Adaptively Supervised and Clustered Hybrid IDS (ASCH-IDS), Restricted Boltzmann Machine-based Clustered IDS (RBC-IDS), and Q-learning based IDS (Q-IDS), to detect malicious behaviors. We also present the performance of different reinforcement learning techniques such as State-Action-Reward-State-Action Learning (SARSA) and the Temporal Difference learning (TD). Through simulations, we show that Q-IDS performs with \(\) detection rate while SARSA-IDS and TD-IDS perform at the order of \(\).

References

  1. I. Al-Ridhawi, S. Otoum, M. Aloqaily, Y. Jararweh, and Th. Baker. 2020. Providing secure and reliable communication for next generation networks in smart cities. Sustainable Cities and Society 56 (2020), 102080. http://dx.doi.org/10.1016/j.scs.2020.102080Google ScholarGoogle ScholarCross RefCross Ref
  2. L. Buttyan, D. Gessner, A. Hessler, and P. Langendoerfer. 2010. Application of wireless sensor networks in critical infrastructure protection: Challenges and design options [Security and Privacy in Emerging Wireless Networks]. IEEE Wireless Communications 17, 5 (October 2010), 44–49. http://dx.doi.org/10.1109/MWC.2010.5601957 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ismaeel Al Ridhawi, Yehia Kotb, Moayad Aloqaily, Yaser Jararweh, and Thar Baker. 2019. A profitable and energy-efficient cooperative fog solution for IoT services. IEEE Transactions on Industrial Informatics 16, 5 (2019), 3578–3586.Google ScholarGoogle ScholarCross RefCross Ref
  4. Safa Otoum, Burak Kantraci, and Hussein T. Mouftah. 2017. Hierarchical trust-based black-hole detection in WSN-based smart grid monitoring. IEEE International Conference on Communications (ICC) (2017). http://dx.doi.org/icc.2017Google ScholarGoogle ScholarCross RefCross Ref
  5. M. Al-Khafajiy, S. Otoum, Th. Baker, M. Asim, Z. Maamar, M. Aloqaily, M. J. Taylor, and M. Randles. 2020. Intelligent control and security of fog resources in healthcare systems via a cognitive fog model. ACM Transactions on Internet Technology (2020). Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Safa Otoum, Burak Kantarci, and Hussein T. Mouftah. 2017. Detection of known and unknown intrusive sensor behavior in critical applications. IEEE Sensors Letters 1, 5 (Oct 2017), 1–4. http://dx.doi.org/10.1109/LSENS.2017.2752719Google ScholarGoogle ScholarCross RefCross Ref
  7. Safa Otoum, Burak Kantraci, and Hussein T. Mouftah. 2018. Adaptively supervised and intrusion-aware data aggregation for wireless sensor clusters in critical infrastructures. In IEEE International Conference on Communications (ICC). 1–6.Google ScholarGoogle Scholar
  8. Safa Otoum, Burak Kantraci, and H. T. Mouftah. 2017. Mitigating false negative intruder decisions in WSN-based smart grid monitoring. In 13th International Wireless Communications and Mobile Computing Conference (IWCMC). 153–158. http://dx.doi.org/10.1109/IWCMC.2017.7986278Google ScholarGoogle Scholar
  9. R. Jain and H. Shah. 2016. An anomaly detection in smart cities modeled as wireless sensor network. In International Conference on Signal and Information Processing (IConSIP). 1–5. http://dx.doi.org/10.1109/ICONSIP.2016.7857445Google ScholarGoogle Scholar
  10. C. Ioannou, V. Vassiliou, and C. Sergiou. 2017. An intrusion detection system for wireless sensor networks. In 24th International Conference on Telecommunications (ICT). 1–5. http://dx.doi.org/10.1109/ICT.2017.7998271Google ScholarGoogle Scholar
  11. Ahmad Javaid, Quamar Niyaz, Weiqing Sun, and Mansoor Alam. 2016. A deep learning approach for network intrusion detection system. In 9th EAI International Conference on Bio-inspired Information and Communications Technologies (Formerly BIONETICS). 21–26. http://dx.doi.org/10.4108/eai.3-12-2015.2262516Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Yin, Y. Zhu, J. Fei, and X. He. 2017. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5 (2017), 21954–21961. http://dx.doi.org/10.1109/ACCESS.2017.2762418Google ScholarGoogle ScholarCross RefCross Ref
  13. L. Dali, A. Bentajer, E. Abdelmajid, K. Abouelmehdi, H. Elsayed, E. Fatiha, and B. Abderahim. 2015. A survey of intrusion detection system. In 2nd World Symposium on Web Applications and Networking (WSWAN). 1–6. http://dx.doi.org/10.1109/WSWAN.2015.7210351Google ScholarGoogle Scholar
  14. Stefano Zanero and Sergio M. Savaresi. 2004. Unsupervised learning techniques for an intrusion detection system. In ACM Symposium on Applied Computing (SAC’04). ACM, New York, 412–419. http://dx.doi.org/10.1145/967900.967988 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Nico Görnitz, Marius Kloft, Konrad Rieck, and Ulf Brefeld. 2009. Active learning for network intrusion detection. In 2nd ACM Workshop on Security and Artificial Intelligence (AISec’09). ACM, New York, 47–54. http://dx.doi.org/10.1145/1654988.1655002 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. J. Straub. 2017. Testing automation for an intrusion detection system. In IEEE Autotestcon. 1–6. http://dx.doi.org/10.1109/AUTEST.2017.8080473Google ScholarGoogle ScholarCross RefCross Ref
  17. Andrew Honig, Andrew Howard, Eleazar Eskin, and Sal Stolfo. 2002. Adaptive Model Generation: An Architecture for Deployment of Data Mining-Based Intrusion Detection Systems. Kluwer Academic Publishers, 153–194.Google ScholarGoogle Scholar
  18. Mostafa A. Salama, Heba F. Eid, Rabie A. Ramadan, Ashraf Darwish, and Aboul Ella Hassanien. 2011. Hybrid intelligent intrusion detection scheme. In Soft Computing in Industrial Applications, António Gaspar-Cunha, Ricardo Takahashi, Gerald Schaefer, and Lino Costa (Eds.). Springer Berlin, Berlin, 293–303. Google ScholarGoogle Scholar
  19. Arnaldo Gouveia and Miguel Correia. 2017. A Systematic Approach for the Application of Restricted Boltzmann Machines in Network Intrusion Detection. Vol. 10305. 432–446. Google ScholarGoogle Scholar
  20. Yazan Otoum, Dandan Liu, and Amiya Nayak. DL-IDS: A deep learning–based intrusion detection framework for securing IoT. Transactions on Emerging Telecommunications Technologies n/a, n/a ([n.d.]), e3803. http://dx.doi.org/10.1002/ett.3803arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/ett.3803. e3803 ett.3803.Google ScholarGoogle Scholar
  21. M. Z. Alom, V. Bontupalli, and T. M. Taha. 2015. Intrusion detection using deep belief networks. In National Aerospace and Electronics Conference (NAECON). 339–344. http://dx.doi.org/10.1109/NAECON.2015.7443094Google ScholarGoogle Scholar
  22. Ugo Fiore, Francesco Palmieri, Aniello Castiglione, and Alfredo De Santis. 2013. Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122 (2013), 13–23. http://dx.doi.org/10.1016/j.neucom.2012.11.050 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Yuancheng Li, Rong Ma, and Runhai Jiao. 2015. A hybrid malicious code detection method based on deep learning. International Journal of Security and Its Applications 9 (05 2015), 205–216.Google ScholarGoogle ScholarCross RefCross Ref
  24. A. Abeshu and N. Chilamkurti. 2018. Deep learning: The frontier for distributed attack detection in fog-to-things computing. IEEE Communications Magazine 56, 2 (Feb 2018), 169–175. http://dx.doi.org/10.1109/MCOM.2018.1700332 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Rafal Kozik, Michal Choras, Massimo Ficco, and Francesco Palmieri. 2018. A scalable distributed machine learning approach for attack detection in edge computing environments. J. Parallel and Distrib. Comput. 119 (2018), 18–26. http://dx.doi.org/10.1016/j.jpdc.2018.03.006Google ScholarGoogle ScholarCross RefCross Ref
  26. Arturo Servin and Daniel Kudenko. 2008. Multi-agent reinforcement learning for intrusion detection. In Adaptive Agents and Multi-Agent Systems III. Adaptation and Multi-Agent Learning. Springer Berlin, Berlin, 211–223. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Xin Xu and Tao Xie. 2005. A reinforcement learning approach for host-based intrusion detection using sequences of system calls. In Advances in Intelligent Computing. Springer Berlin, Berlin, 995–1003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Indah Tiyas, Ali Barakbah, Tri Harsono, and Amang Sudarsono. 2014. Reinforced intrusion detection using pursuit reinforcement competitive learning. EMITTER International Journal of Engineering Technology 2, 1 (2014), 39–49. http://dx.doi.org/10.24003/emitter.v2i1.16Google ScholarGoogle ScholarCross RefCross Ref
  29. James Cannady Georgia. 2000. Next generation intrusion detection: Autonomous reinforcement learning of network attacks. In 23rd National Information Systems Secuity Conference. 1–12.Google ScholarGoogle Scholar
  30. Arturo Servin. 2007. Towards traffic anomaly detection via reinforcement learning and data flow. Department of Computer Science, University of York, United Kingdom.Google ScholarGoogle Scholar
  31. Fatma Belabed and Ridha Bouallegue. 2016. An optimized weight-based clustering algorithm in wireless sensor networks. In 2016 International Wireless Communications and Mobile Computing Conference (IWCMC) (2016). http://dx.doi.org/10.1109/iwcmc.2016.7577152Google ScholarGoogle ScholarCross RefCross Ref
  32. Wei Zhang, Sajal Das, and Yonghe Liu. 2006. A trust based framework for secure data aggregation in wireless sensor networks. In IEEE Communications Society on Sensor and Ad Hoc Communications and Networks (2006). http://dx.doi.org/10.1109/sahcn.2006.288409Google ScholarGoogle ScholarCross RefCross Ref
  33. S. Seo, S. Park, and J. Kim. 2016. Improvement of network intrusion detection accuracy by using restricted Boltzmann machine. In 8th International Conference on Computational Intelligence and Communication Networks (CICN). 413–417. http://dx.doi.org/10.1109/CICN.2016.87Google ScholarGoogle Scholar
  34. Daoying Ma and Aidong Zhang. 2004. An adaptive density-based clustering algorithm for spatial database with noise. In IEEE International Conference on Data Mining (ICDM’04) (2004). http://dx.doi.org/10.1109/icdm.2004.10036 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. A. Ram, A. Sharma, A. S. Jalal, A. Agrawal, and R. Singh. 2009. An enhanced density-based spatial clustering of applications with noise. In IEEE International Advance Computing Conference. 1475–1478. http://dx.doi.org/10.1109/IADCC.2009.4809235Google ScholarGoogle Scholar
  36. Leo Breiman and Adele Cutler. [n.d.]. Random Forests. http://www.stat.berkeley.edu/ breiman/RandomForests/. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Jiong Zhang, M. Zulkernine, and A. Haque. 2008. Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C 38/5 (2008), 649–659. http://dx.doi.org/10.1109/tsmcc.2008.923876 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. F. Jiang, S. S. Tseng, and C. M. Su. 2001. Two-phase clustering process for outliers detection. Pattern Recognition Letters 22/6-7 (2001), 691–700. http://dx.doi.org/10.1016/s0167-8655(00)00131-8 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Daoying Ma and Aidong Zhang. An adaptive density-based clustering algorithm for spatial database with noise. IEEE Intl Conf on Data Mining (ICDM’04) ([n.d.]). http://dx.doi.org/10.1109/icdm.2004.10036 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. S. Doltsinis, P. Ferreira, and N. Lohse. 2014. An MDP model-based reinforcement learning approach for production station ramp-up optimization: Q-learning analysis. IEEE Transactions on Systems, Man, and Cybernetics: Systems 44, 9 (Sept 2014), 1125–1138. http://dx.doi.org/10.1109/TSMC.2013.2294155Google ScholarGoogle ScholarCross RefCross Ref
  41. Christopher J. C. H. Watkins and Peter Dayan. 1992. Q-learning. Machine Learning 8, 3 (01 May 1992), 279–292. http://dx.doi.org/10.1007/BF00992698 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Xin Du and Jinjian Zhai. 2016. Algorithm trading using Q-learning and recurrent reinforcement learning. Positions Journal.Google ScholarGoogle Scholar
  43. Chris Gaskett, David Wettergreen, and Alexander Zelinsky. 1999. Q-learning in continuous state and action spaces. In Advanced Topics in Artificial Intelligence, Norman Foo (Ed.). Springer Berlin, Berlin, 417–428. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. D. Kumar, N. Logganathan, and V. P. Kafle. 2018. Double SARSA based machine learning to improve quality of video streaming over HTTP through wireless networks. In 2018 ITU Kaleidoscope: Machine Learning for a 5G Future (ITU K). 1–8. http://dx.doi.org/10.23919/ITU-WT.2018.8597682Google ScholarGoogle Scholar
  45. M. Tarique, K. E. Tepe, and M. Naserian. 2005. Hierarchical dynamic source routing: Passive forwarding node selection for wireless ad hoc networks. IEEE International Conference on Wireless and Mobile Computing, Networking and Communications 3 (Aug 2005), 73–78 Vol. 3. http://dx.doi.org/10.1109/WIMOB.2005.1512887Google ScholarGoogle Scholar
  46. The UCI KDD Archive, University of California, Irvine. KDD Cup 1999 Data. Available at http://www.kdd.ics.uci.edu/databases/kddcup99/kddcup99/html/, Last Visit: April.10.2018.Google ScholarGoogle Scholar
  47. P. Natesan and P. Balasubramanie. 2012. Multi stage filter using enhanced adaboost for network intrusion detection. International Journal of Network Security & Its Applications 4 (05 2012), 121–135.Google ScholarGoogle Scholar
  48. B. M. Beigh and M. A. Peer. 2014. Performance evaluation of different intrusion detection system: An empirical approach. In International Conference on Computer Communication and Informatics. 1–7. http://dx.doi.org/10.1109/ICCCI.2014.6921740Google ScholarGoogle Scholar
  49. Hesham Elmahdy, M. Elhamahmy, and Imane A. Saroit. 2010. A new approach for evaluating intrusion detection system. In Artificial Intelligent Systems and Machine Learning, Vol. 2. 290–298. Google ScholarGoogle Scholar
  50. M. Elhamahmy, N. Hesham, and A. Imane. 2010. A new approach for evaluating intrusion detection system. In Artificial Intelligent Systems and Machine Learning, Vol. 2. 290–298. Google ScholarGoogle Scholar

Index Terms

  1. A Comparative Study of AI-Based Intrusion Detection Techniques in Critical Infrastructures

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!