Detecting Internet of Things attacks using distributed deep learning. (1st August 2020)
- Record Type:
- Journal Article
- Title:
- Detecting Internet of Things attacks using distributed deep learning. (1st August 2020)
- Main Title:
- Detecting Internet of Things attacks using distributed deep learning
- Authors:
- De La Torre Parra, Gonzalo
Rad, Paul
Choo, Kim-Kwang Raymond
Beebe, Nicole - Abstract:
- Abstract: The reliability of Internet of Things (IoT) connected devices is heavily dependent on the security model employed to protect user data and prevent devices from engaging in malicious activity. Existing approaches for detecting phishing, distributed denial of service (DDoS), and Botnet attacks often focus on either the device or the back-end. In this paper, we propose a cloud-based distributed deep learning framework for phishing and Botnet attack detection and mitigation. The model comprises two key security mechanisms working cooperatively, namely: (1) a Distributed Convolutional Neural Network (DCNN) model embedded as an IoT device micro-security add-on for detecting phishing and application layer DDoS attacks; and (2) a cloud-based temporal Long-Short Term Memory (LSTM) network model hosted on the back-end for detecting Botnet attacks, and ingest CNN embeddings to detect distributed phishing attacks across multiple IoT devices. The distributed CNN model, embedded into a ML engine in the client's IoT device, allows us to detect and defend the IoT device from phishing attacks at the point of origin. We create a dataset consisting of both phishing and non-phishing URLs to train the proposed CNN add-on security model, and select the N_BaIoT dataset for training the back-end LSTM model. The joint training method minimizes communication and resource requirements for attack detection, and maximizes the usefulness of extracted features. In addition, an aggregation ofAbstract: The reliability of Internet of Things (IoT) connected devices is heavily dependent on the security model employed to protect user data and prevent devices from engaging in malicious activity. Existing approaches for detecting phishing, distributed denial of service (DDoS), and Botnet attacks often focus on either the device or the back-end. In this paper, we propose a cloud-based distributed deep learning framework for phishing and Botnet attack detection and mitigation. The model comprises two key security mechanisms working cooperatively, namely: (1) a Distributed Convolutional Neural Network (DCNN) model embedded as an IoT device micro-security add-on for detecting phishing and application layer DDoS attacks; and (2) a cloud-based temporal Long-Short Term Memory (LSTM) network model hosted on the back-end for detecting Botnet attacks, and ingest CNN embeddings to detect distributed phishing attacks across multiple IoT devices. The distributed CNN model, embedded into a ML engine in the client's IoT device, allows us to detect and defend the IoT device from phishing attacks at the point of origin. We create a dataset consisting of both phishing and non-phishing URLs to train the proposed CNN add-on security model, and select the N_BaIoT dataset for training the back-end LSTM model. The joint training method minimizes communication and resource requirements for attack detection, and maximizes the usefulness of extracted features. In addition, an aggregation of schemes allows the automatic fusion of multiple requests to improve the overall performance of the system. Our experiments show that the IoT micro-security add-on running the proposed CNN model is capable of detecting phishing attacks with an accuracy of 94.3% and a F-1 score of 93.58%. Using the back-end LSTM model, the model detects Botnet attacks with an accuracy of 94.80% using all malicious data points in the used dataset. Thus, the findings demonstrate that the proposed approach is capable of detecting attacks, both at device and at the back-end level, in a distributed fashion. Highlights: IoT attack mitigation using distributed deep learning. Distributed CNN model to detect phishing and application layer DDoS. Cloud-based temporal LSTM network model to detect botnet attacks. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 163(2020)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 163(2020)
- Issue Display:
- Volume 163, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 163
- Issue:
- 2020
- Issue Sort Value:
- 2020-0163-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-08-01
- Subjects:
- Cyber security -- Cloud computing -- Machine learning -- Deep learning -- Recurrent neural network
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2020.102662 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 13431.xml