Detecting Internet of Things attacks using distributed deep learning

Autor: Paul Rad, Nicole Lang Beebe, Kim-Kwang Raymond Choo, Gonzalo De La Torre Parra
Rok vydání: 2020
Předmět:
Zdroj: Journal of Network and Computer Applications. 163:102662
ISSN: 1084-8045
DOI: 10.1016/j.jnca.2020.102662
Popis: The reliability of Internet of Things (IoT) connected devices is heavily dependent on the security model employed to protect user data and prevent devices from engaging in malicious activity. Existing approaches for detecting phishing, distributed denial of service (DDoS), and Botnet attacks often focus on either the device or the back-end. In this paper, we propose a cloud-based distributed deep learning framework for phishing and Botnet attack detection and mitigation. The model comprises two key security mechanisms working cooperatively, namely: (1) a Distributed Convolutional Neural Network (DCNN) model embedded as an IoT device micro-security add-on for detecting phishing and application layer DDoS attacks; and (2) a cloud-based temporal Long-Short Term Memory (LSTM) network model hosted on the back-end for detecting Botnet attacks, and ingest CNN embeddings to detect distributed phishing attacks across multiple IoT devices. The distributed CNN model, embedded into a ML engine in the client's IoT device, allows us to detect and defend the IoT device from phishing attacks at the point of origin. We create a dataset consisting of both phishing and non-phishing URLs to train the proposed CNN add-on security model, and select the N_BaIoT dataset for training the back-end LSTM model. The joint training method minimizes communication and resource requirements for attack detection, and maximizes the usefulness of extracted features. In addition, an aggregation of schemes allows the automatic fusion of multiple requests to improve the overall performance of the system. Our experiments show that the IoT micro-security add-on running the proposed CNN model is capable of detecting phishing attacks with an accuracy of 94.3% and a F-1 score of 93.58%. Using the back-end LSTM model, the model detects Botnet attacks with an accuracy of 94.80% using all malicious data points in the used dataset. Thus, the findings demonstrate that the proposed approach is capable of detecting attacks, both at device and at the back-end level, in a distributed fashion.
Databáze: OpenAIRE