Semi-supervised learning based distributed attack detection framework for IoT

• Published in: Applied soft computing Vol. 72; pp. 79 - 89
• Main Authors: Rathore, Shailendra, Park, Jong Hyuk
• Format: Journal Article
• Language: English
• Published: Elsevier B.V 01.11.2018
• Subjects: Cyber security; Fog computing; Internet of Things; Machine learning; Security attack detection; Fog computing; Internet of Things; Cyber security; Machine learning; Security attack detection
• ISSN: 1568-4946; 1872-9681
• DOI: 10.1016/j.asoc.2018.05.049

•Cyber security in Internet of Things (IoT) is studied.•Fog computing is applied to distributed attack detection (DAD).•Semi-supervised learning based DAD for IoT is proposed. Alongside the development of Internet of Things (IoT), security attacks are also increasing day by day. A number of centralized attack detection mechanisms have been proposed to detect attacks in IoT, wherein an attack detection system is deployed at the central point in the network that collects data from the network and classifies it as “attack” or “normal” using a supervised machine learning algorithm. Note, however, that these mechanisms have failed to achieve significant results due to the distinct requirements of IoT devices, such as scalability, distribution, resource limitations, and low latency. Moreover, the application of supervised machine learning for classification needs a significant amount of labeled data. In this paper, we introduce a fog-based attack detection framework that relies on the fog computing paradigm and a newly proposed ELM-based Semi-supervised Fuzzy C-Means (ESFCM) method. As an extension of cloud computing, fog computing enables attack detection at the network edge and supports distributed attack detection. The ESFCM method uses a semi-supervised fuzzy c-means algorithm to handle the labeled data issue and an Extreme Learning Machine (ELM) algorithm to provide good generalization performance at a faster detection rate. The evaluation was performed on the NSL-KDD dataset, demonstrating that the proposed framework achieved better performance than the centralized attack detection framework. More specifically, it recorded a lower detection time of 11 milliseconds and an accuracy rate of 86.53%.