IoT devices typically stream data such as sensor values to other devices including cloud-based services. Analyzing these streams for cyber-attacks is a challenging task. This is due to the infinite nature of stream-based datatypes. Analyzing streams can require additional real-time processing and computational performance capabilities. In this article, we focus on how concept drifts affect Botnet cyber-attack detection in IoT scenarios. To reveal the result, we incorporate the concept drift analysis to detect cyber-attacks on the Bot-IoT dataset, which consists of legitimate and simulated IoT network traffics, together with various types of attacks. We designed subdatasets of the Bot-IoT to ensure the concept drift occurs that eventually complete the experiments. The detection accuracies improved 15%-26% compared with the classification models without concept drift analysis. We also gain superior performance results by comparing confusion matrices when concept drift analysis is ongoing. We propose a technique featuring a dynamic sliding window based on the residual projection to perform concept drift analysis. During the process of finding concepts in data streams, the sample number is updated dynamically by comparing the anomalous quantity obtained by the residual projection method in the current window to the previous one. In addition to the Bot-IoT dataset, our method is also applied to two popular synthetic datasets SEA Concept and UG-2C-5D. The results demonstrate the effectiveness of our method with respect to the false alarm rate, misses, and average delay.

Concept Drift Analysis by Dynamic Residual Projection for Effectively Detecting Botnet Cyber-Attacks in IoT Scenarios

Qiao H.;
2022-01-01

Abstract

IoT devices typically stream data such as sensor values to other devices including cloud-based services. Analyzing these streams for cyber-attacks is a challenging task. This is due to the infinite nature of stream-based datatypes. Analyzing streams can require additional real-time processing and computational performance capabilities. In this article, we focus on how concept drifts affect Botnet cyber-attack detection in IoT scenarios. To reveal the result, we incorporate the concept drift analysis to detect cyber-attacks on the Bot-IoT dataset, which consists of legitimate and simulated IoT network traffics, together with various types of attacks. We designed subdatasets of the Bot-IoT to ensure the concept drift occurs that eventually complete the experiments. The detection accuracies improved 15%-26% compared with the classification models without concept drift analysis. We also gain superior performance results by comparing confusion matrices when concept drift analysis is ongoing. We propose a technique featuring a dynamic sliding window based on the residual projection to perform concept drift analysis. During the process of finding concepts in data streams, the sample number is updated dynamically by comparing the anomalous quantity obtained by the residual projection method in the current window to the previous one. In addition to the Bot-IoT dataset, our method is also applied to two popular synthetic datasets SEA Concept and UG-2C-5D. The results demonstrate the effectiveness of our method with respect to the false alarm rate, misses, and average delay.
2022
18
6
3692
3701
Bot-IoT; concept drift; cyber-attack detection; dynamic sliding window; residual projection
Qiao H.; Novikov B.; Blech J.O.
File in questo prodotto:
File Dimensione Formato  
2318-2028740.pdf

Accesso aperto

Tipo di file: PDF EDITORIALE
Dimensione 2.06 MB
Formato Adobe PDF
2.06 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2318/2028740
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 23
  • ???jsp.display-item.citation.isi??? 14
social impact