Honey-block: Edge assisted ensemble learning model for intrusion detection and prevention using defense mechanism in IoT

Ernest Ntizikira, Lei Wang*, Jenhui Chen, Kiran Saleem

*Corresponding author for this work

Research output: Contribution to journalJournal Article peer-review

6 Scopus citations

Abstract

The Internet of Things (IoT) has gained popularity with interconnected devices and diverse network applications, leading to increased vulnerability of sensitive data to security threats. Many researchers have focused on intrusion detection without considering prevention mechanisms. To overcome these issues, we propose the honeypot and blockchain-based intrusion detection and prevention (HB-IDP) model, in which edge computing is introduced to reduce the latency during communication. Initially, three-fold authentication is performed for entities (users, devices, and gateway) to ensure legitimacy using the camellia encryption algorithm (CEA), which provides secret keys. The proposed datasets (i.e., UNSW-NB15 and BoT-IoT) are pre-processed at the gateway using min–max normalization to reduce redundancy and complexity during feature extraction and classification. Signature-based intrusion detection is performed on the pre-processed data, with known attacks classified into three classes (normal, malicious, and suspicious) using the improved isolation forest (IIF) algorithm. Suspicious data are forwarded for anomaly detection to the edge level; here, a honeypot is deployed to attract the attacker's patterns. Ensemble learning technique, including multi-layer perceptron (MLP), general adversarial network (GAN), and lightweight convolutional neural Network (LCNN), is applied to classify suspicious packet behaviors. Once intrusions are detected, the proposed work prevents future intrusions by generating reports, which are then encrypted by the CEA algorithm and provided to legitimate users. All transactions (i.e., key generation, report generation, and attacker patterns) are stored in the blockchain. The HB-IDP model's performance and effectiveness were evaluated using network simulator 3.26 (NS-3.26), showcasing its superiority over existing approaches.

Original languageEnglish
Pages (from-to)1-17
Number of pages17
JournalComputer Communications
Volume214
DOIs
StatePublished - 15 01 2024

Bibliographical note

Publisher Copyright:
© 2023 Elsevier B.V.

Keywords

  • Edge computing
  • Ensemble learning
  • Honeypot
  • Internet of Things (IoT)
  • Intrusion detection system (IDS)
  • Intrusion prevention system (IPS)

Fingerprint

Dive into the research topics of 'Honey-block: Edge assisted ensemble learning model for intrusion detection and prevention using defense mechanism in IoT'. Together they form a unique fingerprint.

Cite this