<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">sustain</journal-id><journal-title-group><journal-title xml:lang="ru">Надежность</journal-title><trans-title-group xml:lang="en"><trans-title>Dependability</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1729-2646</issn><issn pub-type="epub">2500-3909</issn><publisher><publisher-name>RAMS Journal Limited liability company</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21683/1729-2646-2024-24-3-44-51</article-id><article-id custom-type="elpub" pub-id-type="custom">sustain-605</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ЗАЩИТА ИНФОРМАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>ЗАЩИТА ИНФОРМАЦИИ</subject></subj-group></article-categories><title-group><article-title>Выбор алгоритма машинного обучения для обнаружения вторжений в IoT</article-title><trans-title-group xml:lang="en"><trans-title>Choosing the machine learning algorithm for detecting intrusions into IoT</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Нианг</surname><given-names>П. М.</given-names></name><name name-style="western" xml:lang="en"><surname>Niang</surname><given-names>P. M.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Нианг Папа Малик – аспирант</p><p>ул. Образцова, д.9, стр.9, Москва, 127994</p></bio><bio xml:lang="en"><p>Niang Papa Malick, Postgraduate Student</p><p>9b9 Obrazcova St., Moscow, 127994</p></bio><email xlink:type="simple">malickdiarra30@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сидоренко</surname><given-names>В. Г.</given-names></name><name name-style="western" xml:lang="en"><surname>Sidorenko</surname><given-names>V. G.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Сидоренко Валентина Геннадьевна – доктор технических наук; профессор; профессор кафедры «Управление и защита информации»</p><p>ул. Образцова, д.9, стр.9, Москва, 127994</p></bio><bio xml:lang="en"><p>Valentina G. Sidorenko, Doctor of Engineering, Professor, Chair Professor, Department of Management and Protection of Information</p><p>9b9 Obrazcova St., Moscow, 127994</p></bio><email xlink:type="simple">valenfalk@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>РУТ(МИИТ)</institution><country>Россия</country></aff><aff xml:lang="en"><institution>RUT(MIIT)</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2024</year></pub-date><pub-date pub-type="epub"><day>16</day><month>09</month><year>2024</year></pub-date><volume>24</volume><issue>3</issue><fpage>44</fpage><lpage>51</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Нианг П.М., Сидоренко В.Г., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Нианг П.М., Сидоренко В.Г.</copyright-holder><copyright-holder xml:lang="en">Niang P.M., Sidorenko V.G.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.dependability.ru/jour/article/view/605">https://www.dependability.ru/jour/article/view/605</self-uri><abstract><p>Цель. Целью работы является повышение безопасности IoT-устройств путем применения алгоритмов машинного обучения для обнаружения атак в сетях IoT. Актуальность поставленной цели определяется постоянным ростом числа подобных атак в мире и широким распространением систем IoT. В статье приведены соответствующие статистические данные. Анализ имеющихся работ показал, что различные методы рассматривались без связи и сравнения друг с другом, поэтому цель данной работы – определить наиболее перспективный алгоритм машинного обучения для обнаружения атак в сетях IoT – актуальна. Методы. В статье для обнаружения атак в сетях IoT использовались следующие методы машинного обучения: логистическая регрессия, SVC, «случайный лес», метод K-ближайших соседей, метод k-средних, наивный байесовский классификатор и варианты градиентного бустинга (XGBoost, AdaBoost и CatBoost). Новым является сравнение результатов применения контролируемых алгоритмов с алгоритмом K-means, который является неконтролируемым алгоритмом, для обнаружения атак в сетях IoT. Для обучения создаваемых систем обнаружения атак использовался набор данных UNSWNB15, который содержит данные о девяти видах атак. Количество записей составляет более 80 тысяч. Более половины записей – это записи об атаках. Сравнение методов проводилось по нескольким метрикам. Результаты. Разработана структура и реализована программно система обнаружения вторжений, включающая этапы от анализа исходных данных до вывода окончательных статистических данных. Результаты показывают, что алгоритм «случайный лес» является лучшим из рассмотренных. Одновременно метод имеет хорошие показатели по быстродействию обучения. Это означает, что данный алгоритм может быть развернут и применен с наибольшим успехом. Заключение. В этой статье представлены результаты сравнения различных алгоритмов машинного обучения для обнаружения вторжений в устройства IoT. Точность и кривая ROC-AUC используются для оценки эффективности используемых моделей. Сравнивая используемые модели алгоритмов, мы обнаружили, что модель RandomForestClassifier алгоритма Random Forest имеет хорошую точность, самый высокий AUC и быстрое время выполнения, а это означает, что этот алгоритм является наиболее эффективным при обнаружении вторжений в сети IoT. Продолжение исследований связано с различением типа атаки.</p></abstract><trans-abstract xml:lang="en"><p>Aim. The paper aims to improve the security of IoT devices by applying machine learning algorithms to detect attacks against IoT networks. The relevance of the goal is defined by the ever-growing number of such attacks around the world and the widespread use of IoT systems. The paper provides relevant statistical data. An analysis of the available papers showed that various methods were examined individually and were not compared to each other, so the aim of this paper that consists in identifying the most promising machine learning algorithm for detecting attacks against IoT networks is of relevance. Methods. The paper used the following machine learning methods to detect attacks against IoT networks: logistic regression, SVC, random forest, K-nearest neighbour method, k-means method, naive Bayes classifier, and variants of gradient boosting (XGBoost, AdaBoost, and CatBoost). The novelty consists in the comparison of the outputs of the supervised algorithms with the unsupervised K-means in the context of detection of attacks against IoT networks. The attack detection systems under development were trained using the UNSWNB15 dataset that contains data on nine types of attacks. The number of entries is more than 80 thousand. More than half of the entries deal with attacks. The methods were compared using a number of metrics. Results. An intrusion detection system was structurally defined and implemented. The stages of its operation include the analysis of input data and the output of final statistical data. The results show that the random forest algorithm is the best one out of those examined. The method also performs well in terms of learning speed. That means that the algorithm can be deployed and applied with the greatest success. Conclusions. This paper presents the results of comparing various machine learning algorithms in the context of IoT device intrusion detection. The accuracy and the ROC-AUC curve are used to evaluate the efficiency of the employed models. Having compared the models of the employed algorithms we found that the RandomForestClassifier model has the highest accuracy and a high AUC, which means that this algorithm is the most efficient in terms of IoT network intrusion detection. Further research will be dedicated to distinguishing between the types of attack.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>Интернет вещей</kwd><kwd>обнаружение вторжений</kwd><kwd>машинное обучение</kwd></kwd-group><kwd-group xml:lang="en"><kwd>Internet of things</kwd><kwd>intrusion detection</kwd><kwd>machine learning</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Arshad M.Z., Rahman H., Tariq J. et al. Digital Forensics Analysis of IoT Nodes using Machine Learning // Journal of Computing &amp; Biomedical Informatics. 2022. Vol. 4. Issue 1. Pp. 1-12.</mixed-citation><mixed-citation xml:lang="en">Arshad M.Z., Rahman H., Tariq J. et al. Digital Forensics Analysis of IoT Nodes using Machine Learning. Journal of Computing &amp; Biomedical Informatics 2022;4(1):1-12.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Overview of IoT threats in 2023. URL: https://securelist.com/iot-threat-report-2023/110644/ (дата обращения: 14.06.2024).</mixed-citation><mixed-citation xml:lang="en">Overview of IoT threats in 2023. (accessed 14.06.2024). Available at: https://securelist.com/iot-threat-report-2023/110644.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Chishakwe S., Ndlovu B.M., Dube S. et al. Intrusion Detection System for IoT environments using Machine Learning Techniques // 2022 1st Zimbabwe Conference of Information and Communication Technologies (ZCICT). IEEE, 2022.</mixed-citation><mixed-citation xml:lang="en">Chishakwe S., Ndlovu B.M., Dube S. et al. Intrusion Detection System for IoT environments using Machine Learning Techniques. In: 2022 1st Zimbabwe Conference of Information and Communication Technologies (ZCICT). IEEE; 2022.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Hanif S., Ilyas T., Zeeshan M. Intrusion detection in IoT using artificial neural networks on UNSW-15 dataset // 2019 IEEE 16th international conference on smart cities: improving quality of life using ICT &amp; IoT and AI (HONET-ICT). IEEE, 2019.</mixed-citation><mixed-citation xml:lang="en">Hanif S., Ilyas T., Zeeshan M. Intrusion detection in IoT using artificial neural networks on UNSW-15 dataset. In: 2019 IEEE 16th international conference on smart cities: improving quality of life using ICT &amp; IoT and AI (HONET-ICT). IEEE; 2019.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Liu Z., Thapa N., Shaver A. et al. Anomaly detection on iot network intrusion using machine learning // 2020 International conference on artificial intelligence, big data, computing and data communication systems (icABCD). IEEE, 2020.</mixed-citation><mixed-citation xml:lang="en">Liu Z., Thapa N., Shaver A. et al. Anomaly detection on iot network intrusion using machine learning. In: 2020 International conference on artificial intelligence, big data, computing and data communication systems (icABCD). IEEE; 2020.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Verma A., Ranga V. ELNIDS: Ensemble learning based network intrusion detection system for RPL based Internet of Things // 2019 4th International conference on Internet of Things: Smart innovation and usages (IoT-SIU). IEEE, 2019.</mixed-citation><mixed-citation xml:lang="en">Verma A., Ranga V. ELNIDS: Ensemble learning based network intrusion detection system for RPL based Internet of Things. In: 2019 4th International conference on Internet of Things: Smart innovation and usages (IoT-SIU). IEEE; 2019.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Ikhwan S., Purwanto P., Rochim A.F. Comparison Analysis of Intrusion Detection using Deep Learning in IoT Networks // 2023 11th International Conference on Information and Communication Technology (ICoICT). IEEE, 2023.</mixed-citation><mixed-citation xml:lang="en">Ikhwan S., Purwanto P., Rochim A.F. Comparison Analysis of Intrusion Detection using Deep Learning in IoT Networks. In: 2023 11th International Conference on Information and Communication Technology (ICoICT). IEEE; 2023.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Ahanger A.S., Khan S.M., Masoodi F.S. Intrusion Detection System for IoT Environment using Ensemble Approaches // 2023 10th International Conference on Computing for Sustainable Global Development (INDIACom). IEEE, 2023.</mixed-citation><mixed-citation xml:lang="en">Ahanger A.S., Khan S.M., Masoodi F.S. Intrusion Detection System for IoT Environment using Ensemble Approaches. In: 2023 10th International Conference on Computing for Sustainable Global Development (INDIACom). IEEE; 2023.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Meng W. Intrusion detection in the era of IoT: Building trust via traffic filtering and sampling // Computer. 2018. Vol. 51. Issue 7. Pp. 36-43.</mixed-citation><mixed-citation xml:lang="en">Meng W. Intrusion detection in the era of IoT: Building trust via traffic filtering and sampling. Computer 2018;51(7):36-43.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Wadate A.J., Deshpande S.P. Edge-Based Intrusion Detection using Machine Learning Over the IoT Network // 2023 11th International Conference on Emerging Trends in Engineering &amp; Technology-Signal and Information Processing (ICETET-SIP). IEEE, 2023.</mixed-citation><mixed-citation xml:lang="en">Wadate A.J., Deshpande S.P. Edge-Based Intrusion Detection using Machine Learning Over the IoT Network. In: 2023 11th International Conference on Emerging Trends in Engineering &amp; Technology-Signal and Information Processing (ICETET-SIP). IEEE; 2023.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Alalade E.D. Intrusion detection system in smart home network using artificial immune system and extreme learning machine hybrid approach // 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). IEEE, 2020.</mixed-citation><mixed-citation xml:lang="en">Alalade E.D. Intrusion detection system in smart home network using artificial immune system and extreme learning machine hybrid approach. In: 2020 IEEE 6th World Forum on Internet of Things (WF-IoT). IEEE; 2020.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Кривошеин Б.Н., Покровский И.А. Понятия и критерии оценки технологической независимости и безопасности объектов критической информационной инфраструктуры // Безопасность информационных технологий. 2023. Т. 30. № 4. С. 39-60.</mixed-citation><mixed-citation xml:lang="en">Krivoshein B.N., Pokrovsky I.A. Concepts and criteria for assessing the technological independence and security of critical information infrastructure facilities. IT Security 2023;30(4):39-60. (in Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Алексеев В.М., Чичков С.Н. Защита информации в интеллектуальных транспортных системах управления городским транспортом // Надежность. 2022. № 22(3). С. 62-68. DOI: 10.21683/1729-26462022-22-3-62-68</mixed-citation><mixed-citation xml:lang="en">Alekseev V.M., Chichkov S.N. Information security in intelligent mass transit management systems. Dependability 2022;22(3):62-68. DOI:10.21683/1729-26462022-2019-3-4-62-68. (in Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Веселова В.А., Коломойцев В.С. Подход к обнаружению аномалий в самоподобном сетевом трафике // Надежность. 2023. № 23(2). С. 57-63. DOI: 10.21683/1729-2646-2023-23-2-57-63</mixed-citation><mixed-citation xml:lang="en">Veselova V.A., Kolomoytsev V.S. An approach to detecting anomalies in a self-similar network traffic. Dependability 2023;23(2):57-63. DOI: 10.1007/1729-2646-2023-23-2-57-63. (in Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Шубинский И.Б., Замышляев А.М., Проневич О.Б. и др. Применение методов машинного обучения для прогнозирования опасных отказов объектов железнодорожного пути // Надежность. 2020. № 20(2). С. 43-53. DOI: 10.21683/1729-2646-2020-20-2-43-53</mixed-citation><mixed-citation xml:lang="en">Shubinsky I.B., Zamyshliaev A.M., Pronevich O.B. et al Application of machine learning methods for predicting hazardous failures of railway track assets. Dependability 2020;2:45-53. DOI: 10.21683/1729-2646-2020-20-2-43-53.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Кулагин М.А., Сидоренко В.Г. Оценка экономической эффективности профилактических мероприятий по сокращению числа нарушений при управлении подвижным составом // Надежность. 2022/ № 22(4). С. 37-44. DOI: 10.21683/1729-2646-2022-22-4-37-44</mixed-citation><mixed-citation xml:lang="en">Kulagin M.A., Sidorenko V.G. Evaluating the economic efficiency of preventive measures aimed at reducing the number of train control violations. Dependability 2022;22(4):37-44. DOI: 10.21683/1729-2646-201322-4-37. (in Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Логинова Л.Н., Кулагин М.А. Применение Технологии Jupyter Notebook / Jupyter Hub для эффективного обучения в ВУЗах // Ректор ВУЗа. 2021. № 4. С. 32-37.</mixed-citation><mixed-citation xml:lang="en">Loginova L.N., Kulagin M.A. Application of Jupiter Notebook Technology. Jupiter Hub for effective education in universities. Rektor VUZa 2021;4:32-37. (in Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Belouch M., Hadaj S.E., Idhammad M. A two-stage classifier approach using reptree algorithm for network intrusion detection // International Journal of Advanced Computer Science and Applications. 2017. Vol. 8. No. 6. Pp. 389-394.</mixed-citation><mixed-citation xml:lang="en">Belouch M., Hadaj S.E., Idhammad M. A two-stage classifier approach using reptree algorithm for network intrusion detection. International Journal of Advanced Computer Science and Applications 2017;8(6):389-394.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Nour M., Slay J. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set // Information Security Journal: A Global Perspective. 2016. Vol. 25. Nos. 1-3. Pp. 18-31.</mixed-citation><mixed-citation xml:lang="en">Nour M., Slay J. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective 2016;25(1-3):18-31.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Nour M., Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) // 2015 military communications and information systems conference (MilCIS). IEEE, 2015.</mixed-citation><mixed-citation xml:lang="en">Nour M., Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE; 2015.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Mitchell T.M. Machine Learning. New York: Mc-Graw Hill, 1997. XVII, 414 p.</mixed-citation><mixed-citation xml:lang="en">Mitchell T.M. Machine Learning. New York: McGraw Hill; 1997.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
