Next Article in Journal
High Voltage, Low Current High-Power Multichannel LEDs LLC Driver by Stacking Single-Ended Rectifiers with Balancing Capacitors
Previous Article in Journal
Circuit Topologies for MOS-Type Gas Sensor
Previous Article in Special Issue
Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation
Open AccessFeature PaperArticle

A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks

Department of Electrical, Computer, and Software Engineering Ontario Tech University, Oshawa, ON L1G 0C5, Canada
*
Author to whom correspondence should be addressed.
Electronics 2020, 9(3), 530; https://doi.org/10.3390/electronics9030530
Received: 2 March 2020 / Revised: 19 March 2020 / Accepted: 20 March 2020 / Published: 23 March 2020
The significant increase of the Internet of Things (IoT) devices in smart homes and other smart infrastructure, and the recent attacks on these IoT devices, are motivating factors to secure and protect IoT networks. The primary security challenge to develop a methodology to identify a malicious activity correctly and mitigate the impact of such activity promptly. In this paper, we propose a two-level anomalous activity detection model for intrusion detection system in IoT networks. The level-1 model categorizes the network flow as normal flow or abnormal flow, while the level-2 model classifies the category or subcategory of detected malicious activity. When the network flow classified as an anomaly by the level-1 model, then the level-1 model forwards the stream to the level-2 model for further investigation to find the category or subcategory of the detected anomaly. Our proposed model constructed on flow-based features of the IoT network. Flow-based detection methodologies only inspect packet headers to classify the network traffic. Flow-based features extracted from the IoT Botnet dataset and various machine learning algorithms were investigated and tested via different cross-fold validation tests to select the best algorithm. The decision tree classifier yielded the highest predictive results for level-1, and the random forest classifier produced the highest predictive results for level-2. Our proposed model Accuracy, Precision, Recall, and F score for level-1 were measured as 99.99% and 99.90% for level-2. A two-level anomalous activity detection system for IoT networks we proposed will provide a robust framework for the development of malicious activity detection system for IoT networks. It would be of interest to researchers in academia and industry. View Full-Text
Keywords: flow-based intrusion detection; internet of things; machine learning; cybersecurity; vulnerabilities flow-based intrusion detection; internet of things; machine learning; cybersecurity; vulnerabilities
Show Figures

Figure 1

MDPI and ACS Style

Ullah, I.; Mahmoud, Q.H. A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks. Electronics 2020, 9, 530.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop