Abstract
Volunteer computing uses Internet-connected devices (laptops, PCs, smart devices, etc.), in which their owners volunteer them as storage and computing power resources, has become an essential mechanism for resource management in numerous applications. The growth of the volume and variety of data traffic on the Internet leads to concerns on the robustness of cyberphysical systems especially for critical infrastructures. Therefore, the implementation of an efficient Intrusion Detection System for gathering such sensory data has gained vital importance. In this article, we present a comparative study of Artificial Intelligence (AI)-driven intrusion detection systems for wirelessly connected sensors that track crucial applications. Specifically, we present an in-depth analysis of the use of machine learning, deep learning and reinforcement learning solutions to recognise intrusive behavior in the collected traffic. We evaluate the proposed mechanisms by using KDD’99 as real attack dataset in our simulations. Results present the performance metrics for three different IDSs, namely the Adaptively Supervised and Clustered Hybrid IDS (ASCH-IDS), Restricted Boltzmann Machine-based Clustered IDS (RBC-IDS), and Q-learning based IDS (Q-IDS), to detect malicious behaviors. We also present the performance of different reinforcement learning techniques such as State-Action-Reward-State-Action Learning (SARSA) and the Temporal Difference learning (TD). Through simulations, we show that Q-IDS performs with \(\) detection rate while SARSA-IDS and TD-IDS perform at the order of \(\).
- I. Al-Ridhawi, S. Otoum, M. Aloqaily, Y. Jararweh, and Th. Baker. 2020. Providing secure and reliable communication for next generation networks in smart cities. Sustainable Cities and Society 56 (2020), 102080. http://dx.doi.org/10.1016/j.scs.2020.102080Google Scholar
Cross Ref
- L. Buttyan, D. Gessner, A. Hessler, and P. Langendoerfer. 2010. Application of wireless sensor networks in critical infrastructure protection: Challenges and design options [Security and Privacy in Emerging Wireless Networks]. IEEE Wireless Communications 17, 5 (October 2010), 44–49. http://dx.doi.org/10.1109/MWC.2010.5601957 Google Scholar
Digital Library
- Ismaeel Al Ridhawi, Yehia Kotb, Moayad Aloqaily, Yaser Jararweh, and Thar Baker. 2019. A profitable and energy-efficient cooperative fog solution for IoT services. IEEE Transactions on Industrial Informatics 16, 5 (2019), 3578–3586.Google Scholar
Cross Ref
- Safa Otoum, Burak Kantraci, and Hussein T. Mouftah. 2017. Hierarchical trust-based black-hole detection in WSN-based smart grid monitoring. IEEE International Conference on Communications (ICC) (2017). http://dx.doi.org/icc.2017Google Scholar
Cross Ref
- M. Al-Khafajiy, S. Otoum, Th. Baker, M. Asim, Z. Maamar, M. Aloqaily, M. J. Taylor, and M. Randles. 2020. Intelligent control and security of fog resources in healthcare systems via a cognitive fog model. ACM Transactions on Internet Technology (2020). Google Scholar
Digital Library
- Safa Otoum, Burak Kantarci, and Hussein T. Mouftah. 2017. Detection of known and unknown intrusive sensor behavior in critical applications. IEEE Sensors Letters 1, 5 (Oct 2017), 1–4. http://dx.doi.org/10.1109/LSENS.2017.2752719Google Scholar
Cross Ref
- Safa Otoum, Burak Kantraci, and Hussein T. Mouftah. 2018. Adaptively supervised and intrusion-aware data aggregation for wireless sensor clusters in critical infrastructures. In IEEE International Conference on Communications (ICC). 1–6.Google Scholar
- Safa Otoum, Burak Kantraci, and H. T. Mouftah. 2017. Mitigating false negative intruder decisions in WSN-based smart grid monitoring. In 13th International Wireless Communications and Mobile Computing Conference (IWCMC). 153–158. http://dx.doi.org/10.1109/IWCMC.2017.7986278Google Scholar
- R. Jain and H. Shah. 2016. An anomaly detection in smart cities modeled as wireless sensor network. In International Conference on Signal and Information Processing (IConSIP). 1–5. http://dx.doi.org/10.1109/ICONSIP.2016.7857445Google Scholar
- C. Ioannou, V. Vassiliou, and C. Sergiou. 2017. An intrusion detection system for wireless sensor networks. In 24th International Conference on Telecommunications (ICT). 1–5. http://dx.doi.org/10.1109/ICT.2017.7998271Google Scholar
- Ahmad Javaid, Quamar Niyaz, Weiqing Sun, and Mansoor Alam. 2016. A deep learning approach for network intrusion detection system. In 9th EAI International Conference on Bio-inspired Information and Communications Technologies (Formerly BIONETICS). 21–26. http://dx.doi.org/10.4108/eai.3-12-2015.2262516Google Scholar
Digital Library
- C. Yin, Y. Zhu, J. Fei, and X. He. 2017. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5 (2017), 21954–21961. http://dx.doi.org/10.1109/ACCESS.2017.2762418Google Scholar
Cross Ref
- L. Dali, A. Bentajer, E. Abdelmajid, K. Abouelmehdi, H. Elsayed, E. Fatiha, and B. Abderahim. 2015. A survey of intrusion detection system. In 2nd World Symposium on Web Applications and Networking (WSWAN). 1–6. http://dx.doi.org/10.1109/WSWAN.2015.7210351Google Scholar
- Stefano Zanero and Sergio M. Savaresi. 2004. Unsupervised learning techniques for an intrusion detection system. In ACM Symposium on Applied Computing (SAC’04). ACM, New York, 412–419. http://dx.doi.org/10.1145/967900.967988 Google Scholar
Digital Library
- Nico Görnitz, Marius Kloft, Konrad Rieck, and Ulf Brefeld. 2009. Active learning for network intrusion detection. In 2nd ACM Workshop on Security and Artificial Intelligence (AISec’09). ACM, New York, 47–54. http://dx.doi.org/10.1145/1654988.1655002 Google Scholar
Digital Library
- J. Straub. 2017. Testing automation for an intrusion detection system. In IEEE Autotestcon. 1–6. http://dx.doi.org/10.1109/AUTEST.2017.8080473Google Scholar
Cross Ref
- Andrew Honig, Andrew Howard, Eleazar Eskin, and Sal Stolfo. 2002. Adaptive Model Generation: An Architecture for Deployment of Data Mining-Based Intrusion Detection Systems. Kluwer Academic Publishers, 153–194.Google Scholar
- Mostafa A. Salama, Heba F. Eid, Rabie A. Ramadan, Ashraf Darwish, and Aboul Ella Hassanien. 2011. Hybrid intelligent intrusion detection scheme. In Soft Computing in Industrial Applications, António Gaspar-Cunha, Ricardo Takahashi, Gerald Schaefer, and Lino Costa (Eds.). Springer Berlin, Berlin, 293–303. Google Scholar
- Arnaldo Gouveia and Miguel Correia. 2017. A Systematic Approach for the Application of Restricted Boltzmann Machines in Network Intrusion Detection. Vol. 10305. 432–446. Google Scholar
- Yazan Otoum, Dandan Liu, and Amiya Nayak. DL-IDS: A deep learning–based intrusion detection framework for securing IoT. Transactions on Emerging Telecommunications Technologies n/a, n/a ([n.d.]), e3803. http://dx.doi.org/10.1002/ett.3803arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/ett.3803. e3803 ett.3803.Google Scholar
- M. Z. Alom, V. Bontupalli, and T. M. Taha. 2015. Intrusion detection using deep belief networks. In National Aerospace and Electronics Conference (NAECON). 339–344. http://dx.doi.org/10.1109/NAECON.2015.7443094Google Scholar
- Ugo Fiore, Francesco Palmieri, Aniello Castiglione, and Alfredo De Santis. 2013. Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122 (2013), 13–23. http://dx.doi.org/10.1016/j.neucom.2012.11.050 Google Scholar
Digital Library
- Yuancheng Li, Rong Ma, and Runhai Jiao. 2015. A hybrid malicious code detection method based on deep learning. International Journal of Security and Its Applications 9 (05 2015), 205–216.Google Scholar
Cross Ref
- A. Abeshu and N. Chilamkurti. 2018. Deep learning: The frontier for distributed attack detection in fog-to-things computing. IEEE Communications Magazine 56, 2 (Feb 2018), 169–175. http://dx.doi.org/10.1109/MCOM.2018.1700332 Google Scholar
Digital Library
- Rafal Kozik, Michal Choras, Massimo Ficco, and Francesco Palmieri. 2018. A scalable distributed machine learning approach for attack detection in edge computing environments. J. Parallel and Distrib. Comput. 119 (2018), 18–26. http://dx.doi.org/10.1016/j.jpdc.2018.03.006Google Scholar
Cross Ref
- Arturo Servin and Daniel Kudenko. 2008. Multi-agent reinforcement learning for intrusion detection. In Adaptive Agents and Multi-Agent Systems III. Adaptation and Multi-Agent Learning. Springer Berlin, Berlin, 211–223. Google Scholar
Digital Library
- Xin Xu and Tao Xie. 2005. A reinforcement learning approach for host-based intrusion detection using sequences of system calls. In Advances in Intelligent Computing. Springer Berlin, Berlin, 995–1003. Google Scholar
Digital Library
- Indah Tiyas, Ali Barakbah, Tri Harsono, and Amang Sudarsono. 2014. Reinforced intrusion detection using pursuit reinforcement competitive learning. EMITTER International Journal of Engineering Technology 2, 1 (2014), 39–49. http://dx.doi.org/10.24003/emitter.v2i1.16Google Scholar
Cross Ref
- James Cannady Georgia. 2000. Next generation intrusion detection: Autonomous reinforcement learning of network attacks. In 23rd National Information Systems Secuity Conference. 1–12.Google Scholar
- Arturo Servin. 2007. Towards traffic anomaly detection via reinforcement learning and data flow. Department of Computer Science, University of York, United Kingdom.Google Scholar
- Fatma Belabed and Ridha Bouallegue. 2016. An optimized weight-based clustering algorithm in wireless sensor networks. In 2016 International Wireless Communications and Mobile Computing Conference (IWCMC) (2016). http://dx.doi.org/10.1109/iwcmc.2016.7577152Google Scholar
Cross Ref
- Wei Zhang, Sajal Das, and Yonghe Liu. 2006. A trust based framework for secure data aggregation in wireless sensor networks. In IEEE Communications Society on Sensor and Ad Hoc Communications and Networks (2006). http://dx.doi.org/10.1109/sahcn.2006.288409Google Scholar
Cross Ref
- S. Seo, S. Park, and J. Kim. 2016. Improvement of network intrusion detection accuracy by using restricted Boltzmann machine. In 8th International Conference on Computational Intelligence and Communication Networks (CICN). 413–417. http://dx.doi.org/10.1109/CICN.2016.87Google Scholar
- Daoying Ma and Aidong Zhang. 2004. An adaptive density-based clustering algorithm for spatial database with noise. In IEEE International Conference on Data Mining (ICDM’04) (2004). http://dx.doi.org/10.1109/icdm.2004.10036 Google Scholar
Digital Library
- A. Ram, A. Sharma, A. S. Jalal, A. Agrawal, and R. Singh. 2009. An enhanced density-based spatial clustering of applications with noise. In IEEE International Advance Computing Conference. 1475–1478. http://dx.doi.org/10.1109/IADCC.2009.4809235Google Scholar
- Leo Breiman and Adele Cutler. [n.d.]. Random Forests. http://www.stat.berkeley.edu/ breiman/RandomForests/. Google Scholar
Digital Library
- Jiong Zhang, M. Zulkernine, and A. Haque. 2008. Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C 38/5 (2008), 649–659. http://dx.doi.org/10.1109/tsmcc.2008.923876 Google Scholar
Digital Library
- M. F. Jiang, S. S. Tseng, and C. M. Su. 2001. Two-phase clustering process for outliers detection. Pattern Recognition Letters 22/6-7 (2001), 691–700. http://dx.doi.org/10.1016/s0167-8655(00)00131-8 Google Scholar
Digital Library
- Daoying Ma and Aidong Zhang. An adaptive density-based clustering algorithm for spatial database with noise. IEEE Intl Conf on Data Mining (ICDM’04) ([n.d.]). http://dx.doi.org/10.1109/icdm.2004.10036 Google Scholar
Digital Library
- S. Doltsinis, P. Ferreira, and N. Lohse. 2014. An MDP model-based reinforcement learning approach for production station ramp-up optimization: Q-learning analysis. IEEE Transactions on Systems, Man, and Cybernetics: Systems 44, 9 (Sept 2014), 1125–1138. http://dx.doi.org/10.1109/TSMC.2013.2294155Google Scholar
Cross Ref
- Christopher J. C. H. Watkins and Peter Dayan. 1992. Q-learning. Machine Learning 8, 3 (01 May 1992), 279–292. http://dx.doi.org/10.1007/BF00992698 Google Scholar
Digital Library
- Xin Du and Jinjian Zhai. 2016. Algorithm trading using Q-learning and recurrent reinforcement learning. Positions Journal.Google Scholar
- Chris Gaskett, David Wettergreen, and Alexander Zelinsky. 1999. Q-learning in continuous state and action spaces. In Advanced Topics in Artificial Intelligence, Norman Foo (Ed.). Springer Berlin, Berlin, 417–428. Google Scholar
Digital Library
- D. Kumar, N. Logganathan, and V. P. Kafle. 2018. Double SARSA based machine learning to improve quality of video streaming over HTTP through wireless networks. In 2018 ITU Kaleidoscope: Machine Learning for a 5G Future (ITU K). 1–8. http://dx.doi.org/10.23919/ITU-WT.2018.8597682Google Scholar
- M. Tarique, K. E. Tepe, and M. Naserian. 2005. Hierarchical dynamic source routing: Passive forwarding node selection for wireless ad hoc networks. IEEE International Conference on Wireless and Mobile Computing, Networking and Communications 3 (Aug 2005), 73–78 Vol. 3. http://dx.doi.org/10.1109/WIMOB.2005.1512887Google Scholar
- The UCI KDD Archive, University of California, Irvine. KDD Cup 1999 Data. Available at http://www.kdd.ics.uci.edu/databases/kddcup99/kddcup99/html/, Last Visit: April.10.2018.Google Scholar
- P. Natesan and P. Balasubramanie. 2012. Multi stage filter using enhanced adaboost for network intrusion detection. International Journal of Network Security & Its Applications 4 (05 2012), 121–135.Google Scholar
- B. M. Beigh and M. A. Peer. 2014. Performance evaluation of different intrusion detection system: An empirical approach. In International Conference on Computer Communication and Informatics. 1–7. http://dx.doi.org/10.1109/ICCCI.2014.6921740Google Scholar
- Hesham Elmahdy, M. Elhamahmy, and Imane A. Saroit. 2010. A new approach for evaluating intrusion detection system. In Artificial Intelligent Systems and Machine Learning, Vol. 2. 290–298. Google Scholar
- M. Elhamahmy, N. Hesham, and A. Imane. 2010. A new approach for evaluating intrusion detection system. In Artificial Intelligent Systems and Machine Learning, Vol. 2. 290–298. Google Scholar
Index Terms
A Comparative Study of AI-Based Intrusion Detection Techniques in Critical Infrastructures
Recommendations
A Comparative Study of Techniques for Intrusion Detection
ICTAI '03: Proceedings of the 15th IEEE International Conference on Tools with Artificial IntelligenceDue to increasing incidents of cyber attacks and heightened concerns for cyber terrorism, implementing effective intrusion detection systems (IDSs) is an essential task for protecting cyber security--as well as physical security because of the great ...
Monitoring Network Traffic to Detect Stepping-Stone Intrusion
AINAW '08: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - WorkshopsMost network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...






Comments