TY - JOUR
T1 - Honey-block
T2 - Edge assisted ensemble learning model for intrusion detection and prevention using defense mechanism in IoT
AU - Ntizikira, Ernest
AU - Wang, Lei
AU - Chen, Jenhui
AU - Saleem, Kiran
N1 - Publisher Copyright:
© 2023 Elsevier B.V.
PY - 2024/1/15
Y1 - 2024/1/15
N2 - The Internet of Things (IoT) has gained popularity with interconnected devices and diverse network applications, leading to increased vulnerability of sensitive data to security threats. Many researchers have focused on intrusion detection without considering prevention mechanisms. To overcome these issues, we propose the honeypot and blockchain-based intrusion detection and prevention (HB-IDP) model, in which edge computing is introduced to reduce the latency during communication. Initially, three-fold authentication is performed for entities (users, devices, and gateway) to ensure legitimacy using the camellia encryption algorithm (CEA), which provides secret keys. The proposed datasets (i.e., UNSW-NB15 and BoT-IoT) are pre-processed at the gateway using min–max normalization to reduce redundancy and complexity during feature extraction and classification. Signature-based intrusion detection is performed on the pre-processed data, with known attacks classified into three classes (normal, malicious, and suspicious) using the improved isolation forest (IIF) algorithm. Suspicious data are forwarded for anomaly detection to the edge level; here, a honeypot is deployed to attract the attacker's patterns. Ensemble learning technique, including multi-layer perceptron (MLP), general adversarial network (GAN), and lightweight convolutional neural Network (LCNN), is applied to classify suspicious packet behaviors. Once intrusions are detected, the proposed work prevents future intrusions by generating reports, which are then encrypted by the CEA algorithm and provided to legitimate users. All transactions (i.e., key generation, report generation, and attacker patterns) are stored in the blockchain. The HB-IDP model's performance and effectiveness were evaluated using network simulator 3.26 (NS-3.26), showcasing its superiority over existing approaches.
AB - The Internet of Things (IoT) has gained popularity with interconnected devices and diverse network applications, leading to increased vulnerability of sensitive data to security threats. Many researchers have focused on intrusion detection without considering prevention mechanisms. To overcome these issues, we propose the honeypot and blockchain-based intrusion detection and prevention (HB-IDP) model, in which edge computing is introduced to reduce the latency during communication. Initially, three-fold authentication is performed for entities (users, devices, and gateway) to ensure legitimacy using the camellia encryption algorithm (CEA), which provides secret keys. The proposed datasets (i.e., UNSW-NB15 and BoT-IoT) are pre-processed at the gateway using min–max normalization to reduce redundancy and complexity during feature extraction and classification. Signature-based intrusion detection is performed on the pre-processed data, with known attacks classified into three classes (normal, malicious, and suspicious) using the improved isolation forest (IIF) algorithm. Suspicious data are forwarded for anomaly detection to the edge level; here, a honeypot is deployed to attract the attacker's patterns. Ensemble learning technique, including multi-layer perceptron (MLP), general adversarial network (GAN), and lightweight convolutional neural Network (LCNN), is applied to classify suspicious packet behaviors. Once intrusions are detected, the proposed work prevents future intrusions by generating reports, which are then encrypted by the CEA algorithm and provided to legitimate users. All transactions (i.e., key generation, report generation, and attacker patterns) are stored in the blockchain. The HB-IDP model's performance and effectiveness were evaluated using network simulator 3.26 (NS-3.26), showcasing its superiority over existing approaches.
KW - Edge computing
KW - Ensemble learning
KW - Honeypot
KW - Internet of Things (IoT)
KW - Intrusion detection system (IDS)
KW - Intrusion prevention system (IPS)
UR - http://www.scopus.com/inward/record.url?scp=85182247537&partnerID=8YFLogxK
U2 - 10.1016/j.comcom.2023.11.023
DO - 10.1016/j.comcom.2023.11.023
M3 - 文章
AN - SCOPUS:85182247537
SN - 0140-3664
VL - 214
SP - 1
EP - 17
JO - Computer Communications
JF - Computer Communications
ER -