A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks

• Published in: IEEE transactions on emerging topics in computing Vol. 7; no. 2; pp. 314 - 323
• Main Authors: Pajouh, Hamed Haddad, Javidan, Reza, Khayami, Raouf, Dehghantanha, Ali, Choo, Kim-Kwang Raymond
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.04.2019; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Anomaly detection; CF-KNN; Classification; Computational modeling; Computer networks; Datasets; Dimensionality reduction; Discriminant analysis; Feature extraction; Hidden Markov models; Internet of Things; Intrusion detection; intrusion detection system; Intrusion detection systems; IoT; Modules; multi-layer classification; Principal component analysis; Reduction; Regression analysis
• ISSN: 2168-6750; 2168-6750
• DOI: 10.1109/TETC.2016.2633228

With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks.