Intelligent agents defending for an IoT world: A review
Introduction
The approach of defending Information and Communications Technology (ICT) resources is a continually developing landscape that requires the attention of both researchers and professionals alike. No one system is foolproof or immune to the innumerable variance of attack and exploitation. With the development of information systems, security mechanisms have fought to keep in touch with actors that seek to exploit not only device or data, but also the fabric of computer systems. The nature of computer systems tread a fine line between security, functionality and ease of use; whereby shift only a little in favor of one, and risk the impedance of others. Intruder Detection/Prevention Systems (IDS/IPS) are but one mechanism that can aid in strengthening cyber-defenses, providing a means to monitor or constrain malicious network interactions (Sobh, 2006).
A significant drawback of detection systems is intrusions deemed to be false positives (FP), where a determined intrusion results in being false. FPs generate noise within the environment of positive occurred attacks. Several approaches exist in a means to deploy detection by affording intelligence mechanisms in reducing FP noise, Misuse, Anomaly and Behavioral. Misuse compares activity to rules or known attack signatures, anomaly seeks to divide unknown traffic of normal and malicious classes, while behavioral, or specification, is concerned with operational patterns. Of these means misuse detection is mostly employed in live deployments, yet suffers from zero-day, or unknown attacks. Yet in contrast to intruder detection, the use of intelligence has been successful within other computing domains such as sign language recognition (Yang et al., 2015), improved robot planning (Galindo et al., 2004), facial (Hsu et al., 2002) and sketch to photo recognition (Wan and Panetta, 2016), real-time object tracking (Stauffer and Grimson, 2000), visualization in chess (Lu et al., 2014) and multi-agents for traffic signaling improvements (Balaji and Srinivasan, 2010). To better determine the current approach of defense systems with intelligence, we present detection aligned with the intelligent agent framework defined by Russell et al. (2003).
A new challenge is faced with the development of the Internet of Things, or everything (IoT), considered a new communication direction in aiming to bridge the physical with the cyber world. Whereby the integration of connected systems, objects and devices, homo- and heterogeneous alike, provides access to untold services, information and application (Perera et al, 2014, Xu et al, 2014, Zanella et al, 2014). Given the increased connection of devices, and the generation of large sums of data, both personal and system, previous security methodologies require adaptation in order to maintain defensive expectations. The structure of an IoT environment sees communication and cooperation across many different system levels; the evolution of computing structures requires adaptive and self-adaptive technologies to maintain affordable security. Faith to garner its potential ability to operate and provide a level of expected security go hand in hand, as suggested by Stankovic (2014), considerations are needed due to the capacity of devices from a security perspective.
This paper is concerned with the current approaches of intrusion detection, its modeling from an intelligence perspective, and the security challenges for defense systems in the IoT. Contributions made within this review are the review of literature of traditional and distributed approaches to intruder detection, modeled as intelligent agents, for an IoT perspective; defining a common reference of key terms between fields of intruder detection, artificial intelligence and the IoT, identification of key defense cycle requirements for defensive agents, relevant manufacturing and security challenges; and considerations to future development.
The rest of the paper is organized as followed: Section 2 provides an overview of each domain and defines a collective context definition. In Section 3 we discuss agent models and their intelligence with respect to research of IDS systems. In Section 4 we discuss the use of intelligence, limitations and future challenges. Summaries of sections are added where appropriate, finally the paper is concluded in Section 5.
Section snippets
Background and related work
With three distinct fields, one almost within its infancy, we provide a summary or definition of key attributes relevant to each field in 2.1 Intrusion detection, 2.2 Intelligent agent, 2.3 Internet of Things. A brief summary of literature is provided in Section 2.4, identifying the key topics previously engaged. Importantly, we position a definitive intelligence model to draw and compare aspects for intrusion detection, IoT systems and intelligence terms into one collective reference in
Models and intelligence
Section 3.1 outlines the fitting of traditional approaches to intrusion detection (single instance, non distributed) approaches within our agent model. We identify characteristics unique to each deployment or research type and match these with agent qualities. Section 3.2 continues much like Section 3.1 yet attention is turned to distributed approaches (multiple instances, collaboration) and again their given agent assignment.
The defense of infrastructure, or determining actions that occurred
Discussion
For our discussion, we fist look at the current approaches that stand out against what we perceive to be challenges for the approaching IoT. Considerations to security policy, current challenges to state based agents, the data and attacks used in such approaches and future challenges are discussed.
Conclusions
The challenges for intrusion detection are numerous not only in their current format, but future security challenges redefine what we associate with detection models. The inclusion of everyday objects connecting to network applications opens further vectors for attacks and exploitation. Considering the work conducted thus far, challenges still, and potentially will always exist in developing methods to secure networks.
The development of IoT systems requires flexible and adaptive agents to not
Lei Pan works at Deakin University where he serves as the director of Master of Cyber Security course. He is mentoring and coaching security students in participating hackerthorns and ctf challenges. He is also an active educator at futurelern.com
References (81)
- et al.
A novel SVM-kNN-PSO ensemble method for intrusion detection system
Appl Soft Comput
(2016) - et al.
Self-organized things (SoT): an energy efficient next generation network management
Comput Commun
(2016) - et al.
Security of software defined networks: a survey
Comput Secur
(2015) - et al.
Efficient parallel implementation of kernel methods
Neurocomputing
(2016) - et al.
Ensemble based collaborative and distributed intrusion detection systems: a survey
J Netw Comput Appl
(2016) - et al.
A two-level hybrid approach for intrusion detection
Neurocomputing
(2016) - et al.
Parallel ensemble of online sequential extreme learning machine based on MapReduce
Neurocomputing
(2016) - et al.
A multi-level intrusion detection method for abnormal network behaviors
J Netw Comput Appl
(2016) - et al.
A novel hybrid {KPCA} and {SVM} with {GA} model for intrusion detection
Appl Soft Comput
(2014) - et al.
A distributed intrusion detection system for resource-constrained devices in ad-hoc networks
Ad Hoc Netw
(2010)
Intrusion detection system: a comprehensive review
J Netw Comput Appl
An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection
Appl Soft Comput
CANN: an intrusion detection system based on combining cluster centers and nearest neighbors
Knowl Based Syst
A survey of intrusion detection techniques in cloud
J Netw Comput Appl
Big data analytic architecture for intruder detection in heterogeneous wireless sensor networks
J Netw Comput Appl
An intrusion detection and prevention system in cloud computing: a systematic review
J Netw Comput Appl
On the features and challenges of security and privacy in distributed internet of things
Comput Netw
A model of data forwarding in MANETs for lightweight detection of malicious packet dropping
Comput Netw
Practical real-time intrusion detection using machine learning approaches
Comput Commun
Toward developing a systematic approach to generate benchmark datasets for intrusion detection
Comput Secur
An intrusion detection system using network traffic profiling and online sequential extreme learning machine
Exp Syst Appl
Wired and wireless intrusion detection system: classifications, good characteristics and state-of-the-art
Comput Stand Interface
Cross-domain collaboration for improved {IDS} rule set selection
J Inform Secur Appl
Toward a more practical unsupervised anomaly detection system
Inf Sci (Ny)
Swarm intelligence based approach for sinkhole attack detection in wireless sensor networks
Appl Soft Comput
Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems
Comput Commun
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognit
PR-ELM: parallel regularized extreme learning machine based on cluster
Neurocomputing
The use of computational intelligence in intrusion detection systems: a review
Appl Soft Comput
Embedded feature-selection support vector machine for driving pattern recognition
J Frankl Inst
Ensembling neural networks: many could be better than all
Artif Int
Data randomization and cluster-based partitioning for botnet intrusion detection
IEEE Trans Cybernet
Randomization-based intrusion detection system for advanced metering infrastructure
ACM Trans Inf Syst Secur
Automated anomaly detector adaptation using adaptive threshold tuning
ACM Trans Inf Syst Secur
Building an intrusion detection system using a filter-based feature selection algorithm
IEEE Trans Comput
A distributed agent for computational pool
IEEE Trans Comput Intell AI Games
Local feature selection for data classification
IEEE Trans Pattern Anal Mach Intell
Reverse TCP and social engineering attacks in the era of big data
Multi-agent system in urban traffic signal control
IEEE Comput Intell Mag
Representation learning: a review and new perspectives
IEEE Trans Pattern Anal Mach Intell
Cited by (38)
AIoT for sustainable manufacturing: Overview, challenges, and opportunities
2023, Internet of Things (Netherlands)Challenges in the implementation of internet of things projects and actions to overcome them
2022, TechnovationCitation Excerpt :This list allows for the advancement to a new framework of problems and actions specific to the context of IoT projects based on the theory of environmental impact. The analysis of co-occurrence and the association between the challenges and the actions resulting from this study can be considered the main implications for the theory (Atzori et al., 2017; Coulter and Pan, 2018; Khan and Salah, 2018; Hsu and Lin, 2016). The study by Benamati et al. (1997) did not make this relationship; it just listed the set of problems and the set of coping mechanisms.
CEIFA: A multi-level anomaly detector for smart farming
2022, Computers and Electronics in AgricultureOn the Characterization and Risk Assessment of AI-Powered Mobile Cloud Applications
2021, Computer Standards and InterfacesCitation Excerpt :Recent developments in the field of artificial intelligence (AI), Ultra-Reliable Low-Latency Communication (URLLC) [40], and ultra-fast fifth-generation (5G) networks have resulted in a large variety of mission-critical applications [28,67], which exploit advantages of AI [1,6,12,14,17,60,75].
The privacy paradox applies to IoT devices too: A Saudi Arabian study
2020, Computers and SecurityCitation Excerpt :This definition contains the basic components of privacy invasions: information about someone that is shared with others against their will. The IoT network is considered particularly conducive to privacy invasions (Coulter and Pan, 2018). A 2013 study by Independent Security Evaluators (ISE) on the security of routers and Network-Attached Storage (NAS) devices was followed up by another similar study in 2019: the researchers found out that, in the 6-year timespan, no substantial improvements to device security were made (Mirani et al., 2019).
Code analysis for intelligent cyber systems: A data-driven approach
2020, Information SciencesCitation Excerpt :Much of what allows the IoT to be beneficial in its mix of ML, sensors, and systems is in its ability to harness data and knowledge exported through data-driven outcomes. Excluding poorly labeled data and aging ML models, adversarial attacks and data poisoning are poised to cause disruption, as securing intrusions remains a challenging prospect for ML and IoT requirements [13]. Recent related surveys on either Android malware [20,21,55,73,75] or software vulnerability detection [25,68] focus on the application of various ML models.
Lei Pan works at Deakin University where he serves as the director of Master of Cyber Security course. He is mentoring and coaching security students in participating hackerthorns and ctf challenges. He is also an active educator at futurelern.com
Rory Coulter received first class honours in Information Technology from Deakin University, Melbourne, Australia. He is currently a computer science Ph.D. candidate in artificial intelligence and cyber security at Swinburne University of Technology, Melbourne, Australia. His research interest includes data driven cyber security, intrusion detection, malware detection, machine learning and visualization. He is very interested in knowledge discovery through applying new fields and challenges to deep learning, traditional machine learning and visualization. Any resources that may be shared through Data or Datasets, software and code repositories are very much appreciated for collaboration.