Behavior of the DenStream Clustering Algorithm for Attack Detection in the Internet of Things

Gabriel Keith Tazima; Bruno Zarpelao

doi:10.5433/1679-0375.2023.v44.48956

Behavior of the DenStream Clustering Algorithm for Attack Detection in the Internet of Things

Authors

Gabriel Keith Tazima State University of Londrina - DC/UEL https://orcid.org/0009-0000-2529-1092
Bruno Zarpelao State University of Londrina - DC\UEL https://orcid.org/0000-0001-9172-3578

DOI:

https://doi.org/10.5433/1679-0375.2023.v44.48956

Keywords:

stream mining, cyberattack detection, internet of things, cybersecurity

Abstract

Multiple attack detection schemes based on supervised batch learning are presented in the literature as an alternative to improve Internet of Things (IoT) security. These schemes require benign and malicious traffic samples for training and are unable to easily adapt to changes in the analyzed data. In this work, we study how we can use DenStream, an unsupervised stream mining algorithm, to detect attacks in IoT networks. This type of algorithm does not require labeled examples and can learn incrementally, adapting to changes. We aim to investigate whether attacks can be detected by monitoring the behavior of DenStream's clusters. The results showed that DenStream could provide indicators of attack occurrence in TCP, UDP, and ICMP traffic.

Downloads

Download data is not yet available.

Author Biographies

Gabriel Keith Tazima, State University of Londrina - DC/UEL

Master's student, Department of Computer Science, State University of Londrina, Londrina, Paraná, Brazil

Bruno Zarpelao, State University of Londrina - DC\UEL

Assistant Professor, Department of Computer Science, State University of Londrina (UEL), Londrina, Paraná, Brazil

References

Aggarwal, C. C., Philip, S. Y., Han, J., & Wang, J. (2003). A Framework for Clustering Evolving Data Streams. In Association for Computing Machinery, VLDB 03 Proceedings [Conference]. 29th International Conference on Very Large Data Bases.

Anthi, E., Williams, L., SÅ‚owiÅ„ska, M., Theodorakopoulos, G., & Burnap, P. (2019). A supervised intrusion detection system for smart home IoT devices. IEEE Internet of Things Journal, 6(5), 9042-9053.

Cao, F., Ester, M., Qian, W., & Zhou, A. (2006). Density-Based Clustering over an Evolving Data Stream with Noise. In Society for Industrial and Applied Mathematics, Proceedings of the 2006 SIAM International Conference on Data Mining [Conference]. SIAM International Conference on Data Mining, Philadelphia.

Chow, R. (2017). The Last Mile for IoT Privacy. IEEE Security & Privacy, 15(6), 73-76.

Gama, J. (2010). Knowledge discovery from data streams. CRC Press.

Gama, J., & Rodrigues, P. P. (2007). Data Stream Processing. In J. Gama & M. M. Gaber (Eds.), Learning from Data Streams: Processing Techniques in Sensor Networks (pp. 25-39). Springer Berlin Heidelberg.

Lohiya, R., & Thakkar, A. (2020). A Review on Machine Learning and Deep Learning Perspectives of IDS for IoT: Recent Updates, Security Issues, and Challenges. Archives of Computational Methods in Engineering, 28, 3211-3243.

Mohammadi, M., Rashid, T. A., Karim, S. H., Aldalwie, A. H. M., Tho, Q. T., Bidaki, M., Rahmani, A. M., & Hosseinzadeh, M. (2021). A comprehensive survey and taxonomy of the SVM-based intrusion detection systems. Journal of Network and Computer Applications, 178, 102983.

Moustafa, N., Turnbull, B., & Choo, K.-K. R. (2019). An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of Internet of Things. IEEE Internet of Things Journal, 6(3), 4815-4830.

Muthukrishnan, S. (2005). Data streams: Algorithms and applications. Now Publishers Inc.

Nakagawa, F. H. Y., Barbon, S. J., & Zarpelão, B. B. (2021). Attack Detection in Smart Home IoT Networks using CluStream and Page-Hinkley Test. In Institute of Electrical and Electronics Engineers, 2021 IEEE Latin-American Conference on Communications (LATINCOM) [Conference]. Latin-American Conference on Communications (LATINCOM), Santo Domingo, Dominican Republic.

Page, E. S. (1954). Continuous Inspection Schemes. Biometrika, 41(1/2), 100-115.

Pishva, D. (2017). Internet of things: Security and privacy issues and possible solution. In Institute of Electrical and Electronics Engineers, International Conference on Advanced Communication Technology (ICACT) [Conference]. 19th International Conference on Advanced Communication Technology (ICACT), PyeongChang, Korea, 797-808.

Ramírez-Gallego, S., Krawczyk, B., García, S., WoÅºniak, M., & Herrera, F. (2017). A survey on data preprocessing for data stream mining: Current status and future directions. Neurocomputing, 239, 39-57.

River. (2022). Standardscaler. https://riverml.xyz/0.15.0/ api/preprocessing/StandardScaler/

River. (2023). Pagehinkley. Pagehinkley. https://riverml.xyz/0.18.0/ api/drift/PageHinkley/

Scaranti, G. F., Carvalho, L. F., Barbon, S., Lloret, J., & Proença, M. L. (2022). Unsupervised online anomaly detection in Software Defined Network environments. Expert Systems with Applications, 191, 116225.

Yang, K., Ren, J., Zhu, Y., & Zhang, W. (2018). Active Learning for Wireless IoT Intrusion Detection. IEEE Wireless Communications, 25(6), 19-25.

Yin, C., Xia, L., Zhang, S., Sun, R., & Wang, J. (2018). Improved clustering algorithm based on high-speed network data stream. Soft computing (Berlin, Germany), 22(13), 4185-4195.

Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25-37.

Zheng, S., Apthorpe, N., Chetty, M., & Feamster, N. (2018). User Perceptions of Smart Home IoT Privacy. Proc. ACM Hum.-Comput. Interact., 2(CSCW).