Next Article in Journal
Optimizing the Performance of Breast Cancer Classification by Employing the Same Domain Transfer Learning from Hybrid Deep Convolutional Neural Network Model
Next Article in Special Issue
Exploiting Recurring Patterns to Improve Scalability of Parking Availability Prediction Systems
Previous Article in Journal
A Review of Relay Assignment Problem in the Cooperative Wireless Sensor Networks
Previous Article in Special Issue
Classification of Transition Human Activities in IoT Environments via Memory-Based Neural Networks
Open AccessArticle

Towards Near-Real-Time Intrusion Detection for IoT Devices using Supervised Learning and Apache Spark

Department of Law, Economics, Management and Quantitative Methods (DEMM), University of Sannio, I-82100 Benevento, Italy
*
Author to whom correspondence should be addressed.
Electronics 2020, 9(3), 444; https://doi.org/10.3390/electronics9030444
Received: 2 January 2020 / Revised: 3 March 2020 / Accepted: 5 March 2020 / Published: 6 March 2020
(This article belongs to the Special Issue Recent Machine Learning Applications to Internet of Things (IoT))
In the fields of Internet of Things (IoT) infrastructures, attack and anomaly detection are rising concerns. With the increased use of IoT infrastructure in every domain, threats and attacks in these infrastructures are also growing proportionally. In this paper the performances of several machine learning algorithms in identifying cyber-attacks (namely SYN-DOS attacks) to IoT systems are compared both in terms of application performances, and in training/application times. We use supervised machine learning algorithms included in the MLlib library of Apache Spark, a fast and general engine for big data processing. We show the implementation details and the performance of those algorithms on public datasets using a training set of up to 2 million instances. We adopt a Cloud environment, emphasizing the importance of the scalability and of the elasticity of use. Results show that all the Spark algorithms used result in a very good identification accuracy (>99%). Overall, one of them, Random Forest, achieves an accuracy of 1. We also report a very short training time (23.22 sec for Decision Tree with 2 million rows). The experiments also show a very low application time (0.13 sec for over than 600,000 instances for Random Forest) using Apache Spark in the Cloud. Furthermore, the explicit model generated by Random Forest is very easy-to-implement using high- or low-level programming languages. In light of the results obtained, both in terms of computation times and identification performance, a hybrid approach for the detection of SYN-DOS cyber-attacks on IoT devices is proposed: the application of an explicit Random Forest model, implemented directly on the IoT device, along with a second level analysis (training) performed in the Cloud. View Full-Text
Keywords: IoT; cyber-attacks; SYN-DOS; supervised machine learning; Apache Spark; MLlib; cloud environment; hybrid approach IoT; cyber-attacks; SYN-DOS; supervised machine learning; Apache Spark; MLlib; cloud environment; hybrid approach
Show Figures

Figure 1

MDPI and ACS Style

Morfino, V.; Rampone, S. Towards Near-Real-Time Intrusion Detection for IoT Devices using Supervised Learning and Apache Spark. Electronics 2020, 9, 444. https://doi.org/10.3390/electronics9030444

AMA Style

Morfino V, Rampone S. Towards Near-Real-Time Intrusion Detection for IoT Devices using Supervised Learning and Apache Spark. Electronics. 2020; 9(3):444. https://doi.org/10.3390/electronics9030444

Chicago/Turabian Style

Morfino, Valerio; Rampone, Salvatore. 2020. "Towards Near-Real-Time Intrusion Detection for IoT Devices using Supervised Learning and Apache Spark" Electronics 9, no. 3: 444. https://doi.org/10.3390/electronics9030444

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop