Behavior of the DenStream Clustering Algorithm for Attack Detection in the Internet of Things

Behavior of the DenStream Clustering Algorithm for Attack Detection in the Internet of Things

Authors

DOI:

https://doi.org/10.5433/1679-0375.2023.v44.48956

Keywords:

stream mining, cyberattack detection, internet of things, cybersecurity

Abstract

Multiple attack detection schemes based on supervised batch learning are presented in the literature as an alternative to improve Internet of Things (IoT) security. These schemes require benign and malicious traffic samples for training and are unable to easily adapt to changes in the analyzed data. In this work, we study how we can use DenStream, an unsupervised stream mining algorithm, to detect attacks in IoT networks. This type of algorithm does not require labeled examples and can learn incrementally, adapting to changes. We aim to investigate whether attacks can be detected by monitoring the behavior of DenStream's clusters. The results showed that DenStream could provide indicators of attack occurrence in TCP, UDP, and ICMP traffic.

Metrics

Metrics Loading ...

Author Biographies

Gabriel Keith Tazima, State University of Londrina - DC/UEL

Master's student, Department of Computer Science, State University of Londrina, Londrina, Paraná, Brazil

Bruno Zarpelao, State University of Londrina - DC\UEL

Assistant Professor, Department of Computer Science, State University of Londrina (UEL), Londrina, Paraná, Brazil

References

Aggarwal, C. C., Philip, S. Y., Han, J., & Wang, J. (2003). A Framework for Clustering Evolving Data Streams. In Association for Computing Machinery, VLDB 03 Proceedings [Conference]. 29th International Conference on Very Large Data Bases. DOI: https://doi.org/10.1016/B978-012722442-8/50016-1

Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., & Burnap, P. (2019). A supervised intrusion detection system for smart home IoT devices. IEEE Internet of Things Journal, 6(5), 9042–9053. DOI: https://doi.org/10.1109/JIOT.2019.2926365

Cao, F., Ester, M., Qian, W., & Zhou, A. (2006). Density-Based Clustering over an Evolving Data Stream with Noise. In Society for Industrial and Applied Mathematics, Proceedings of the 2006 SIAM International Conference on Data Mining [Conference]. SIAM International Conference on Data Mining, Philadelphia. DOI: https://doi.org/10.1137/1.9781611972764.29

Chow, R. (2017). The Last Mile for IoT Privacy. IEEE Security & Privacy, 15(6), 73–76. DOI: https://doi.org/10.1109/MSP.2017.4251118

Gama, J. (2010). Knowledge discovery from data streams. CRC Press. DOI: https://doi.org/10.1201/EBK1439826119

Gama, J., & Rodrigues, P. P. (2007). Data Stream Processing. In J. Gama & M. M. Gaber (Eds.), Learning from Data Streams: Processing Techniques in Sensor Networks (pp. 25–39). Springer Berlin Heidelberg. DOI: https://doi.org/10.1007/3-540-73679-4_3

Lohiya, R., & Thakkar, A. (2020). A Review on Machine Learning and Deep Learning Perspectives of IDS for IoT: Recent Updates, Security Issues, and Challenges. Archives of Computational Methods in Engineering, 28, 3211–3243. DOI: https://doi.org/10.1007/s11831-020-09496-0

Mohammadi, M., Rashid, T. A., Karim, S. H., Aldalwie, A. H. M., Tho, Q. T., Bidaki, M., Rahmani, A. M., & Hosseinzadeh, M. (2021). A comprehensive survey and taxonomy of the SVM-based intrusion detection systems. Journal of Network and Computer Applications, 178, 102983. DOI: https://doi.org/10.1016/j.jnca.2021.102983

Moustafa, N., Turnbull, B., & Choo, K.-K. R. (2019). An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of Internet of Things. IEEE Internet of Things Journal, 6(3), 4815–4830. DOI: https://doi.org/10.1109/JIOT.2018.2871719

Muthukrishnan, S. (2005). Data streams: Algorithms and applications. Now Publishers Inc. DOI: https://doi.org/10.1561/9781933019604

Nakagawa, F. H. Y., Barbon, S. J., & Zarpelão, B. B. (2021). Attack Detection in Smart Home IoT Networks using CluStream and Page-Hinkley Test. In Institute of Electrical and Electronics Engineers, 2021 IEEE Latin-American Conference on Communications (LATINCOM) [Conference]. Latin-American Conference on Communications (LATINCOM), Santo Domingo, Dominican Republic. DOI: https://doi.org/10.1109/LATINCOM53176.2021.9647769

Page, E. S. (1954). Continuous Inspection Schemes. Biometrika, 41(1/2), 100–115. DOI: https://doi.org/10.1093/biomet/41.1-2.100

Pishva, D. (2017). Internet of things: Security and privacy issues and possible solution. In Institute of Electrical and Electronics Engineers, International Conference on Advanced Communication Technology (ICACT) [Conference]. 19th International Conference on Advanced Communication Technology (ICACT), PyeongChang, Korea, 797–808. DOI: https://doi.org/10.23919/ICACT.2017.7890229

Ramírez-Gallego, S., Krawczyk, B., García, S., Woźniak, M., & Herrera, F. (2017). A survey on data preprocessing for data stream mining: Current status and future directions. Neurocomputing, 239, 39–57. DOI: https://doi.org/10.1016/j.neucom.2017.01.078

River. (2022). Standardscaler. https://riverml.xyz/0.15.0/ api/preprocessing/StandardScaler/

River. (2023). Pagehinkley. Pagehinkley. https://riverml.xyz/0.18.0/ api/drift/PageHinkley/

Scaranti, G. F., Carvalho, L. F., Barbon, S., Lloret, J., & Proença, M. L. (2022). Unsupervised online anomaly detection in Software Defined Network environments. Expert Systems with Applications, 191, 116225. DOI: https://doi.org/10.1016/j.eswa.2021.116225

Yang, K., Ren, J., Zhu, Y., & Zhang, W. (2018). Active Learning for Wireless IoT Intrusion Detection. IEEE Wireless Communications, 25(6), 19–25. DOI: https://doi.org/10.1109/MWC.2017.1800079

Yin, C., Xia, L., Zhang, S., Sun, R., & Wang, J. (2018). Improved clustering algorithm based on high-speed network data stream. Soft computing (Berlin, Germany), 22(13), 4185–4195. DOI: https://doi.org/10.1007/s00500-017-2708-2

Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25–37. DOI: https://doi.org/10.1016/j.jnca.2017.02.009

Zheng, S., Apthorpe, N., Chetty, M., & Feamster, N. (2018). User Perceptions of Smart Home IoT Privacy. Proc. ACM Hum.-Comput. Interact., 2(CSCW). DOI: https://doi.org/10.1145/3274469

Downloads

Published

2023-12-18

How to Cite

Tazima, G. K., & Zarpelao, B. (2023). Behavior of the DenStream Clustering Algorithm for Attack Detection in the Internet of Things. Semina: Ciências Exatas E Tecnológicas, 44, e48956. https://doi.org/10.5433/1679-0375.2023.v44.48956

Issue

Vol. 44 (2023)

Section

Computer Science

License

Copyright (c) 2023 Gabriel Keith Tazima, Bruno Bogaz Zarpelao (COMP/UEL)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

The Copyright Declaration for articles published in this journal is the author’s right. Since manuscripts are published in an open access Journal, they are free to use, with their own attributions,  in educational and non-commercial applications.  The Journal has the right to make, in the original document, changes regarding linguistic norms, orthography, and grammar, with the purpose of ensuring the standard norms of the language and the credibility of the Journal. It will, however, respect the writing style of the authors. When necessary, conceptual changes, corrections, or suggestions will be forwarded to the authors. In such cases, the manuscript shall be subjected to a new evaluation after revision. Responsibility for the opinions expressed in the manuscripts lies entirely with the authors.

This journal is licensed with a license Creative Commons Attribution-NonCommercial 4.0 International.

Crossref
Scopus
Google Scholar
Europe PMC

Funding data