Skip to main content

Advertisement

SpringerLink
Log in

An efficient network intrusion detection model for IoT security using K-NN classifier and feature selection

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) interconnects billions of sensors and actuators to serve a meaningful purpose. However, it is always vulnerable to various menaces. Thus, IoT security represents a big concern in the research field. Various tools were developed to mitigate these security issues. So, Intrusion detection systems (IDS) have gained much attention in the research community due to their critical role in maintaining network security. In this work, we integrate a network IDS (NIDS) to enhance IoT security. This paper presents a network intrusion detection model for IoT environments using a K-Nearest Neighbors (K-NN) classifier and feature selection. We built the NIDS using the K-NN algorithm to improve the IDS accuracy (ACC) and detection rate (DR). Furthermore, the principal component analysis (PCA), univariate statistical test, and genetic algorithm (GA) are used for feature selection separately to improve the data quality and select the ten best performing features. The performance evaluation of our model is performed on the Bot-IoT dataset. After applying the feature selection, the models have shown promising results regarding ACC, DR, false alarm rate (FAR), and predicting time. Our proposed model provided 99.99% ACC and maintained its superior performance for the ten selected features. Furthermore, we calculated the prediction time, as we consider it critical in building IDS for IoT, and by applying feature selection, we reduced it significantly from 51,182.22 s to under a minute. This novel model presents many advantages and reliable performances compared with previous models relying on the same dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data availability

Assessments and Experimental results, obtained using Anaconda 3 IDE, are available and will be shared with authors at https://sites-Google.com/umi.ac.ma/azrour.

Notes

  1. https://research.unsw.edu.au/projects/bot-iot-dataset

References

  1. Ahmim A, Maglaras L, Ferrag MA, Derdour M, Janicke H (2019) A novel hierarchical intrusion detection system based on decision tree and rules-based models, in 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), IEEE, pp. 228–233

  2. Alaba FA, Othman M, Hashem IAT, Alotaibi F (2017) Internet of things security: a survey. J Netw Comput Appl 88:10–28

    Google Scholar 

  3. Aldweesh A, Derhab A, Emam AZ (2020) Deep learning approaches for anomaly-based intrusion detection systems: a survey, taxonomy, and open issues. Knowl-Based Syst 189:105124

    Google Scholar 

  4. Al-Qaseemi SA, Almulhim HA, Almulhim MF, Chaudhry SR (2016) IoT architecture challenges and issues: Lack of standardization, in 2016 Future technologies conference (FTC)

  5. Altman NS (1992) An introduction to kernel and nearest-neighbor nonparametric regression. Am Stat 46:175–185

    MathSciNet  Google Scholar 

  6. Ayo FE, Folorunso SO, Abayomi-Alli AA, Adekunle AO, Awotunde JB (2020) Network intrusion detection based on deep learning model optimized with rule-based hybrid feature selection. Inform Secur J: A Global Perspective 29(6):267–283

    Google Scholar 

  7. Azrour M, Mabrouki J, Guezzaz A, Farhaoui Y (2021) New enhanced authentication protocol for internet of things. Big Data Mining and Analytics 4(1):1–9

    Google Scholar 

  8. Azrour M, Mabrouki J, Farhaoui Y, Guezzaz A (2021) Security analysis of Nikooghadam et al.’s authentication protocol for Cloud-IoT. Intell Syst Big Data, Semantic Web Machine Learn:261–269

  9. Azrour M, Mabrouki J, Guezzaz A, Kanwal A (2021) Internet of things security: challenges and key issues. Secur Commun Netw 2021:11

    Google Scholar 

  10. Bamakan SMH, Wang H, Yingjie T, Shi Y (2016) An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199:90–102

    Google Scholar 

  11. Bennett KP, Demiriz A (1998) Semi-supervised support vector machines. Adv Neural Inf Proces Syst:368–374

  12. Blum A, Mitchell T (1998) Combining labeled and unlabeled data with co-training, in Proceedings of the eleventh annual conference on Computational learning theory, pp. 92–100

  13. Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176

    Google Scholar 

  14. Chanal PM, Kakkasageri MS (2020) Security and privacy in IoT: a survey. Wirel Pers Commun 115:1667–1693

    Google Scholar 

  15. Chen J, Qi X, Chen L, Chen F, Cheng G (2020) Quantum-inspired ant lion optimized hybrid k-means for cluster analysis and intrusion detection. Knowl-Based Syst 203:106167

    Google Scholar 

  16. Dunn OJ (1961) Multiple comparisons among means. J Am Stat Assoc 56(293):52–64

    MathSciNet  MATH  Google Scholar 

  17. Ester M, Kriegel H-P, Sander J, Xu X (1996) A density-based algorithm for discovering clusters in large spatial databases with noise., in Kdd-96 Proceedings, Munich, AAAI Press, pp. 226–231

  18. Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inform Secur Appl 50:102419

    Google Scholar 

  19. Friedman M (1937) The use of ranks to avoid the assumption of normality implicit in the analysis of variance. J Am Stat Assoc 32(200):675–701

    MATH  Google Scholar 

  20. Garcìa-Teodoro P, Dìaz-Verdejo J, Macià-Fernàndez G, Vàzquez E (2009) Anomaly-based network intrusion detection: Techniques, systems and challenges. Comput Secur 28:18–28

    Google Scholar 

  21. Ge M, Syed NF, Fu X, Baig Z, Robles-Kelly A (2021) Towards a deep learning-driven intrusion detection approach for internet of things. Comput Netw 186:107784

    Google Scholar 

  22. Gu J, Lu S (2020) An effective intrusion detection approach using SVM with naïve Bayes feature embedding. Comput Secur 103:102158

    Google Scholar 

  23. Gu J, Wang L, Wang H, Wang S (2019) A novel approach to intrusion detection using SVM ensemble with feature augmentation. Comput Secur 86:53–62

    Google Scholar 

  24. Guezzaz A, Asimi A, Asimi Y, Tbatou Z, Sadqi Y (2017) A lightweight neural classifier for intrusion detection. Gen Lett Math 2:57–66

    Google Scholar 

  25. Guezzaz A, Asimi A, Asimi Y, Tbatous Z, Sadqi Y (2019) A global intrusion detection system using PcapSockS sniffer and multilayer perceptron classifier. Int J Netw Secur 21:438–450

    Google Scholar 

  26. Guezzaz A, Asimi A, Asimi Y, Azrour M, Benkirane S (2021) A distributed intrusion detection approach based on machine leaning techniques for a cloud security. Intelligent Systems in Big Data, Semantic Web and Machine Learning:85–94

  27. Guezzaz A, Asimi Y, Azrour M, Asimi A (2021) Mathematical validation of proposed machine learning classifier for heterogeneous traffic and anomaly detection. Big Data Mining and Analytics 4(1):18–24

    Google Scholar 

  28. Guezzaz A, Benkirane S, Azrour M, Khurram S (2021) A reliable network intrusion detection approach using decision tree with enhanced data quality," Secur Commun Netw vol 2021

  29. Hodo E, Bellekens X, Hamilton A, Dubouilh P-L, Iorkyase E, Tachtatzis C, Atkinson R (2016) Threat analysis of IoT networks using artificial neural network intrusion detection system, in 2016 international symposium on networks, Computers and Communications (ISNCC), IEEE, pp. 1-6

  30. Idrissi I, Boukabous M, Azizi M, Moussaoui O, El Fadili H (2021) Toward a deep learning-based intrusion detection system for IoT against botnet attacks. IAES Int J Artific Intell 10:110

    Google Scholar 

  31. Jabbar MA, Aluvalu R, Seelam SSR (2017) RFAODE: A novel ensemble intrusion detection system. Procedia Comput Sci 115:226–234

    Google Scholar 

  32. Khalili A, Sami A, Khozaei A, Pouresmaeeli S (2018) SIDS: state-based intrusion detection for stage-based cyber physical systems. Int J Crit Infrastruct Prot 22:113–124

    Google Scholar 

  33. Khraisat A, Gondal I, Vamplew P, Kamruzzaman J (2019) Survey of intrusion detection system: techniques, datasets and challenges. Cybersecurity 2:1–22

    Google Scholar 

  34. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Futur Gener Comput Syst 100:779–796

    Google Scholar 

  35. Kuang T, Hu Z, Xu M (2020) A genetic optimization algorithm based on Adaptative dimensionality reduction," Math Problems Eng vol 2020

  36. Lee JD, Cha HS, Rathore S, Park JH (2021) M-IDM: a multi-classification based intrusion detection model in healthcare IoT. Computers, Materials and Continua 67(2):1537–1553

    Google Scholar 

  37. Li L, Yang D-Z, Shen F-C (2010) A novel rule-based intrusion detection system using data mining, in 2010 3rd International Conference on Computer Science and Information Technology, IEEE, pp. 169–172

  38. Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24

    Google Scholar 

  39. Liu FT, Ting KM, Zhou Z-H (2008) Isolation forest, in 2008 eighth ieee international conference on data mining, IEEE, pp. 413–422

  40. Mebawondu JO, Alowolodu OD, Mebawondu JO, Adetunmbi AO (2020) Network intrusion detection system using supervised learning paradigm. Scientific African 9:e00497

    Google Scholar 

  41. Meidan Y, Sachidananda V, Peng H, Sagron R, Elovici Y, Shabtai A (2020) A novel approach for detecting vulnerable IoT devices connected behind a home NAT. Comput Secur 97:101968

    Google Scholar 

  42. Miller DJ, Uyar HS (1997) A mixture of experts classifier with learning based on both labeled and unlabeled data, in Advances in neural information processing systems, pp. 571–577

  43. Mohamed Noor MB, Hassan WH (2018) Current research on internet of things (IoT) security: a survey. Comput Netw 148:283–294

    Google Scholar 

  44. Mukhopadhyay I, Gupta KS, Sen D, Gupta P (2015) Heuristic intrusion detection and prevention system, in 2015 International Conference and Workshop on Computing and Communication (IEMCON), IEEE, pp. 1–7

  45. Peng K, Leung V, Zheng L, Wang S, Huang C, Lin T (2018) Intrusion detection system based on decision tree over big data in fog environment. Wireless Commun Mobile Comput vol 2018

  46. Pise NN, Kulkarni P (2008) A survey of semi-supervised learning methods," in 2008 International conference on computational intelligence and security, vol. 2, IEEE, 2008, pp. 30–34

  47. Rathore S, Park JH (2020) A blockchain-based deep learning approach for cyber security in next generation industrial cyber-physical systems. IEEE Trans Industr Inform 17(8):5522–5532

    Google Scholar 

  48. Sadaf K, Sultana J (2020) Intrusion detection based on autoencoder and isolation Forest in fog computing. IEEE Access 8:167059–167068

    Google Scholar 

  49. Sadreazami H, Mohammadi A, Asif A, Plataniotis KN (2018) Distributed-graph-based statistical approach for intrusion detection in cyber-physical systems. IEEE Transactions on Signal and Information Processing over Networks 4(1):137–147

    MathSciNet  Google Scholar 

  50. Sallam AA, Kabir MN, Alginahi YM, Jamal A, Esmeel TK (2020) IDS for improving DDoS attack recognition based on attack profiles and network traffic features, in 2020 16th IEEE international colloquium on signal processing \& its applications (CSPA), IEEE, pp. 255–260

  51. Sarker IH, Abushark YB, Alsolami F, Khan AI (2020) Intrudtree: a machine learning based cyber security intrusion detection model. Symmetry 12(5):754

    Google Scholar 

  52. Saxena A, Saxena K, Goyal J (2019) Hybrid technique based on dbscan for selection of improved features for intrusion detection system, in Emerging Trends in Expert Applications and Security, Springer, pp. 365–377

  53. Sethi P, Sarangi SR (2017) Internet of things: architectures, protocols, and applications. J Electric Comput Eng 2017:1–25

    Google Scholar 

  54. Shafiq M, Tian Z, Sun Y, Du X, Guizani M (2020) Selection of effective machine learning algorithm and bot-IoT attacks traffic identification for internet of things in smart city. Futur Gener Comput Syst 107:433–442

    Google Scholar 

  55. Sicato JCS, Singh SK, Rathore S, Park JH (2020) A comprehensive analyses of intrusion detection system for IoT environment. J Inform Process Syst 16(4):975–990

    Google Scholar 

  56. Tcydenova E, Kim TW, Lee C, Park JH (2021) Detection of adversarial attacks in AI-based intrusion detection systems using explainable AI. Human-Centric Comput Inform Sci vol. 11

  57. Tufan E, Tezcan C, Acartürk C (2021) Anomaly-based intrusion detection by machine learning: a case study on probing attacks to an institutional network. IEEE Access 9:50078–50092

    Google Scholar 

  58. Ullah I, Mahmoud QH (2021) Design and development of a deep learning-based model for anomaly detection in IoT networks. IEEE Access 9:103906–103926

    Google Scholar 

  59. Verma A, Ranga V (2020) Machine learning based intrusion detection systems for IoT applications. Wirel Pers Commun 111(4):2287–2310

    Google Scholar 

  60. Von Solms R, Van Niekerk J (2013) "From information security to cyber security," computers & security, vol. 38, pp. 97–102

  61. Waskle S, Parashar L, Singh U (2020) Intrusion detection system using PCA with random forest approach, in 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), IEEE, pp. 803–808

  62. Wazirali R (2020) An improved intrusion detection system based on KNN Hyperparameter tuning and cross-validation. Arab J Sci Eng 45(12):10859–10873

    Google Scholar 

Download references

Funding

This research work was not funded and without financially supporting. We did this research work as professors of computer sciences and mathematics at Universities

Author information

Authors and Affiliations

  1. Technology Higher School Essaouira, Cadi Ayyad University, Marrakesh, Morocco

    Mouaad Mohy-eddine, Azidine Guezzaz & Said Benkirane

  2. STI laboratory, IDMS Team, Faculty of Sciences and Techniques, Moulay Ismail University of Meknes, Errachidia, Morocco

    Mourade Azrour

Authors
  1. Mouaad Mohy-eddine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azidine Guezzaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Said Benkirane
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mourade Azrour
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Azidine Guezzaz.

Ethics declarations

Conflicts of interests/competing interests

Also, we declare that we have no conflict of interest.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mohy-eddine, M., Guezzaz, A., Benkirane, S. et al. An efficient network intrusion detection model for IoT security using K-NN classifier and feature selection. Multimed Tools Appl 82, 23615–23633 (2023). https://doi.org/10.1007/s11042-023-14795-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-023-14795-2

Keywords

Search

Navigation