Elsevier

Computers & Security

Volume 73, March 2018, Pages 439-458
Computers & Security

Intelligent agents defending for an IoT world: A review

https://doi.org/10.1016/j.cose.2017.11.014Get rights and content

Abstract

Transition to the Internet of Things (IoT) is progressing without realization. In light of this securing traditional systems is still a challenging role requiring a mixture of solutions which may negatively impact, or simply, not scale to a desired operational level. Rule and signature based intruder detection remains prominent in commercial deployments, while the use of machine learning for anomaly detection has been an active research area. Behavior detection means have also benefited from the widespread use of mobile and wireless applications. For the use of smart defense systems we propose that we must widen our perspective to not only security, but also to the domains of artificial intelligence and the IoT in better understanding the challenges that lie ahead in hope of achieving autonomous defense. We investigate how intruder detection fits within these domains, particularly as intelligent agents. How current approaches of intruder detection fulfill their role as intelligent agents, the needs of autonomous action regarding compromised nodes that are intelligent, distributed and data driven. The requirements of detection agents among IoT security are vulnerabilities, challenges and their applicable methodologies. In answering aforementioned questions, a survey of recent research work is presented in avoiding refitting old solutions into new roles. This survey is aimed toward security researchers or academics, IoT developers and information officers concerned with the covered areas. Contributions made within this review are the review of literature of traditional and distributed approaches to intruder detection, modeled as intelligent agents for an IoT perspective; defining a common reference of key terms between fields of intruder detection, artificial intelligence and the IoT, identification of key defense cycle requirements for defensive agents, relevant manufacturing and security challenges; and considerations to future development. As the turn of the decade draws nearer we anticipate 2020 as the turning point where deployments become common, not merely just a topic of conversation but where the need for collective, intelligent detection agents work across all layers of the IoT becomes a reality.

Introduction

The approach of defending Information and Communications Technology (ICT) resources is a continually developing landscape that requires the attention of both researchers and professionals alike. No one system is foolproof or immune to the innumerable variance of attack and exploitation. With the development of information systems, security mechanisms have fought to keep in touch with actors that seek to exploit not only device or data, but also the fabric of computer systems. The nature of computer systems tread a fine line between security, functionality and ease of use; whereby shift only a little in favor of one, and risk the impedance of others. Intruder Detection/Prevention Systems (IDS/IPS) are but one mechanism that can aid in strengthening cyber-defenses, providing a means to monitor or constrain malicious network interactions (Sobh, 2006).

A significant drawback of detection systems is intrusions deemed to be false positives (FP), where a determined intrusion results in being false. FPs generate noise within the environment of positive occurred attacks. Several approaches exist in a means to deploy detection by affording intelligence mechanisms in reducing FP noise, Misuse, Anomaly and Behavioral. Misuse compares activity to rules or known attack signatures, anomaly seeks to divide unknown traffic of normal and malicious classes, while behavioral, or specification, is concerned with operational patterns. Of these means misuse detection is mostly employed in live deployments, yet suffers from zero-day, or unknown attacks. Yet in contrast to intruder detection, the use of intelligence has been successful within other computing domains such as sign language recognition (Yang et al., 2015), improved robot planning (Galindo et al., 2004), facial (Hsu et al., 2002) and sketch to photo recognition (Wan and Panetta, 2016), real-time object tracking (Stauffer and Grimson, 2000), visualization in chess (Lu et al., 2014) and multi-agents for traffic signaling improvements (Balaji and Srinivasan, 2010). To better determine the current approach of defense systems with intelligence, we present detection aligned with the intelligent agent framework defined by Russell et al. (2003).

A new challenge is faced with the development of the Internet of Things, or everything (IoT), considered a new communication direction in aiming to bridge the physical with the cyber world. Whereby the integration of connected systems, objects and devices, homo- and heterogeneous alike, provides access to untold services, information and application (Perera et al, 2014, Xu et al, 2014, Zanella et al, 2014). Given the increased connection of devices, and the generation of large sums of data, both personal and system, previous security methodologies require adaptation in order to maintain defensive expectations. The structure of an IoT environment sees communication and cooperation across many different system levels; the evolution of computing structures requires adaptive and self-adaptive technologies to maintain affordable security. Faith to garner its potential ability to operate and provide a level of expected security go hand in hand, as suggested by Stankovic (2014), considerations are needed due to the capacity of devices from a security perspective.

This paper is concerned with the current approaches of intrusion detection, its modeling from an intelligence perspective, and the security challenges for defense systems in the IoT. Contributions made within this review are the review of literature of traditional and distributed approaches to intruder detection, modeled as intelligent agents, for an IoT perspective; defining a common reference of key terms between fields of intruder detection, artificial intelligence and the IoT, identification of key defense cycle requirements for defensive agents, relevant manufacturing and security challenges; and considerations to future development.

The rest of the paper is organized as followed: Section 2 provides an overview of each domain and defines a collective context definition. In Section 3 we discuss agent models and their intelligence with respect to research of IDS systems. In Section 4 we discuss the use of intelligence, limitations and future challenges. Summaries of sections are added where appropriate, finally the paper is concluded in Section 5.

Section snippets

Background and related work

With three distinct fields, one almost within its infancy, we provide a summary or definition of key attributes relevant to each field in 2.1 Intrusion detection, 2.2 Intelligent agent, 2.3 Internet of Things. A brief summary of literature is provided in Section 2.4, identifying the key topics previously engaged. Importantly, we position a definitive intelligence model to draw and compare aspects for intrusion detection, IoT systems and intelligence terms into one collective reference in

Models and intelligence

Section 3.1 outlines the fitting of traditional approaches to intrusion detection (single instance, non distributed) approaches within our agent model. We identify characteristics unique to each deployment or research type and match these with agent qualities. Section 3.2 continues much like Section 3.1 yet attention is turned to distributed approaches (multiple instances, collaboration) and again their given agent assignment.

The defense of infrastructure, or determining actions that occurred

Discussion

For our discussion, we fist look at the current approaches that stand out against what we perceive to be challenges for the approaching IoT. Considerations to security policy, current challenges to state based agents, the data and attacks used in such approaches and future challenges are discussed.

Conclusions

The challenges for intrusion detection are numerous not only in their current format, but future security challenges redefine what we associate with detection models. The inclusion of everyday objects connecting to network applications opens further vectors for attacks and exploitation. Considering the work conducted thus far, challenges still, and potentially will always exist in developing methods to secure networks.

The development of IoT systems requires flexible and adaptive agents to not

Lei Pan works at Deakin University where he serves as the director of Master of Cyber Security course. He is mentoring and coaching security students in participating hackerthorns and ctf challenges. He is also an active educator at futurelern.com

References (81)

  • LiaoH.-J. et al.

    Intrusion detection system: a comprehensive review

    J Netw Comput Appl

    (2013)
  • LinS.-W. et al.

    An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection

    Appl Soft Comput

    (2012)
  • LinW.-C. et al.

    CANN: an intrusion detection system based on combining cluster centers and nearest neighbors

    Knowl Based Syst

    (2015)
  • C. Modi et al.

    A survey of intrusion detection techniques in cloud

    J Netw Comput Appl

    (2013)
  • S.K. Mohapatra et al.

    Big data analytic architecture for intruder detection in heterogeneous wireless sensor networks

    J Netw Comput Appl

    (2016)
  • A. Patel et al.

    An intrusion detection and prevention system in cloud computing: a systematic review

    J Netw Comput Appl

    (2013)
  • R. Roman et al.

    On the features and challenges of security and privacy in distributed internet of things

    Comput Netw

    (2013)
  • L. Sánchez-Casado et al.

    A model of data forwarding in MANETs for lightweight detection of malicious packet dropping

    Comput Netw

    (2015)
  • P. Sangkatsanee et al.

    Practical real-time intrusion detection using machine learning approaches

    Comput Commun

    (2011)
  • A. Shiravi et al.

    Toward developing a systematic approach to generate benchmark datasets for intrusion detection

    Comput Secur

    (2012)
  • R. Singh et al.

    An intrusion detection system using network traffic profiling and online sequential extreme learning machine

    Exp Syst Appl

    (2015)
  • T.S. Sobh

    Wired and wireless intrusion detection system: classifications, good characteristics and state-of-the-art

    Comput Stand Interface

    (2006)
  • J. Sonchack et al.

    Cross-domain collaboration for improved {IDS} rule set selection

    J Inform Secur Appl

    (2015)
  • SongJ. et al.

    Toward a more practical unsupervised anomaly detection system

    Inf Sci (Ny)

    (2013)
  • N. Sreelaja et al.

    Swarm intelligence based approach for sinkhole attack detection in wireless sensor networks

    Appl Soft Comput

    (2014)
  • SuM.-Y.

    Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems

    Comput Commun

    (2011)
  • C.-F. Tsai et al.

    A triangle area based nearest neighbors approach to intrusion detection

    Pattern Recognit

    (2010)
  • WangY. et al.

    PR-ELM: parallel regularized extreme learning machine based on cluster

    Neurocomputing

    (2016)
  • WuS.X. et al.

    The use of computational intelligence in intrusion detection systems: a review

    Appl Soft Comput

    (2010)
  • ZhangX. et al.

    Embedded feature-selection support vector machine for driving pattern recognition

    J Frankl Inst

    (2015)
  • ZhouZ.-H. et al.

    Ensembling neural networks: many could be better than all

    Artif Int

    (2002)
  • O.Y. Al-Jarrah et al.

    Data randomization and cluster-based partitioning for botnet intrusion detection

    IEEE Trans Cybernet

    (1796)
  • M.Q. Ali et al.

    Randomization-based intrusion detection system for advanced metering infrastructure

    ACM Trans Inf Syst Secur

    (2015)
  • M.Q. Ali et al.

    Automated anomaly detector adaptation using adaptive threshold tuning

    ACM Trans Inf Syst Secur

    (2013)
  • M.A. Ambusaidi et al.

    Building an intrusion detection system using a filter-based feature selection algorithm

    IEEE Trans Comput

    (2016)
  • C. Archibald et al.

    A distributed agent for computational pool

    IEEE Trans Comput Intell AI Games

    (2016)
  • N. Armanfard et al.

    Local feature selection for data classification

    IEEE Trans Pattern Anal Mach Intell

    (2016)
  • C. Atwell et al.

    Reverse TCP and social engineering attacks in the era of big data

  • P.G. Balaji et al.

    Multi-agent system in urban traffic signal control

    IEEE Comput Intell Mag

    (2010)
  • Y. Bengio et al.

    Representation learning: a review and new perspectives

    IEEE Trans Pattern Anal Mach Intell

    (2013)
  • Cited by (38)

    • Challenges in the implementation of internet of things projects and actions to overcome them

      2022, Technovation
      Citation Excerpt :

      This list allows for the advancement to a new framework of problems and actions specific to the context of IoT projects based on the theory of environmental impact. The analysis of co-occurrence and the association between the challenges and the actions resulting from this study can be considered the main implications for the theory (Atzori et al., 2017; Coulter and Pan, 2018; Khan and Salah, 2018; Hsu and Lin, 2016). The study by Benamati et al. (1997) did not make this relationship; it just listed the set of problems and the set of coping mechanisms.

    • CEIFA: A multi-level anomaly detector for smart farming

      2022, Computers and Electronics in Agriculture
    • On the Characterization and Risk Assessment of AI-Powered Mobile Cloud Applications

      2021, Computer Standards and Interfaces
      Citation Excerpt :

      Recent developments in the field of artificial intelligence (AI), Ultra-Reliable Low-Latency Communication (URLLC) [40], and ultra-fast fifth-generation (5G) networks have resulted in a large variety of mission-critical applications [28,67], which exploit advantages of AI [1,6,12,14,17,60,75].

    • The privacy paradox applies to IoT devices too: A Saudi Arabian study

      2020, Computers and Security
      Citation Excerpt :

      This definition contains the basic components of privacy invasions: information about someone that is shared with others against their will. The IoT network is considered particularly conducive to privacy invasions (Coulter and Pan, 2018). A 2013 study by Independent Security Evaluators (ISE) on the security of routers and Network-Attached Storage (NAS) devices was followed up by another similar study in 2019: the researchers found out that, in the 6-year timespan, no substantial improvements to device security were made (Mirani et al., 2019).

    • Code analysis for intelligent cyber systems: A data-driven approach

      2020, Information Sciences
      Citation Excerpt :

      Much of what allows the IoT to be beneficial in its mix of ML, sensors, and systems is in its ability to harness data and knowledge exported through data-driven outcomes. Excluding poorly labeled data and aging ML models, adversarial attacks and data poisoning are poised to cause disruption, as securing intrusions remains a challenging prospect for ML and IoT requirements [13]. Recent related surveys on either Android malware [20,21,55,73,75] or software vulnerability detection [25,68] focus on the application of various ML models.

    View all citing articles on Scopus

    Lei Pan works at Deakin University where he serves as the director of Master of Cyber Security course. He is mentoring and coaching security students in participating hackerthorns and ctf challenges. He is also an active educator at futurelern.com

    Rory Coulter received first class honours in Information Technology from Deakin University, Melbourne, Australia. He is currently a computer science Ph.D. candidate in artificial intelligence and cyber security at Swinburne University of Technology, Melbourne, Australia. His research interest includes data driven cyber security, intrusion detection, malware detection, machine learning and visualization. He is very interested in knowledge discovery through applying new fields and challenges to deep learning, traditional machine learning and visualization. Any resources that may be shared through Data or Datasets, software and code repositories are very much appreciated for collaboration.

    View full text