Mitigating Adversarial Reconnaissance in IoT Anomaly Detection Systems: A Moving Target Defense Approach based on Reinforcement Learning

Authors

DOI:

https://doi.org/10.4108/eetiot.6574

Keywords:

Adversarial Machine Learning, Anomaly detection systems, IoT security, Threat mitigation, Reinforcement Learning

Abstract

The machine learning (ML) community has extensively studied adversarial threats on learning-based systems, emphasizing the need to address the potential compromise of anomaly-based intrusion detection systems (IDS) through adversarial attacks. On the other hand, investigating the use of moving target defense (MTD) mechanisms in Internet of Things (IoT) networks is ongoing research, with unfathomable potential to equip IoT devices and networks with the ability to fend off cyber attacks despite their computational deficiencies. In this paper, we propose a game-theoretic model of MTD to render the configuration and deployment of anomaly-based IDS more dynamic through diversification of feature training in order to minimize successful reconnaissance on ML-based IDS. We then solve the MTD problem using a reinforcement learning method to generate the optimal shifting policy within the network without a prior network transition model. The state-of-the-art ToN-IoT dataset is investigated for feasibility to implement the feature-based MTD approach. The overall performance of the proposed MTD-based IDS is compared to a conventional IDS by analyzing the accuracy curve for varying attacker success rates. Our approach has proven effective in increasing the resilience of the IDS against adversarial learning.

Downloads

Download data is not yet available.
<br data-mce-bogus="1"> <br data-mce-bogus="1">

References

IHS, S. (2018) Internet of things (iot) connected devices installed base worldwide from 2015 to 2025 (in billions).

Makhdoom, I., Abolhasan, M., Lipman, J., Liu, R.P. and Ni, W. (2018) Anatomy of threats to the internet of things. IEEE Communications Surveys & Tutorials 21(2): 1636–1675. DOI: https://doi.org/10.1109/COMST.2018.2874978

Giraldo, J., Urbina, D., Cardenas, A., Valente, J., Faisal, M., Ruths, J., Tippenhauer, N.O. et al. (2018) A survey of physics-based attack detection in cyberphysical systems. ACM Computing Surveys (CSUR) 51(4): 1–36. DOI: https://doi.org/10.1145/3203245

Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z. et al. (2017) Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17): 1093–1110.

Şendroiu, A. and Diaconescu, V. (2018) Hide’n’seek: an adaptive peer-to-peer iot botnet. architecture 3: 5.

Santos, L., Rabadao, C. and Gonçalves, R. (2018) Intrusion detection systems in internet of things: A literature review. In 2018 13th Iberian Conference on Information Systems and Technologies (CISTI) (IEEE): 1–7. DOI: https://doi.org/10.23919/CISTI.2018.8399291

Elrawy, M.F., Awad, A.I. and Hamed, H.F. (2018) Intrusion detection systems for iot-based smart environments: a survey. Journal of Cloud Computing 7(1): 1–20. DOI: https://doi.org/10.1186/s13677-018-0123-6

Zarpelão, B.B., Miani, R.S., Kawakani, C.T. and de Alvarenga, S.C. (2017) A survey of intrusion detection in internet of things. Journal of Network and Computer Applications 84: 25–37. DOI: https://doi.org/10.1016/j.jnca.2017.02.009

Al-Garadi, M.A., Mohamed, A., Al-Ali, A.K., Du, X., Ali, I. and Guizani, M. (2020) A survey of machine and deep learning methods for internet of things (iot) security. IEEE Communications Surveys & Tutorials 22(3): 1646–1685. DOI: https://doi.org/10.1109/COMST.2020.2988293

Alsoufi, M.A., Razak, S., Siraj, M.M., Nafea, I., Ghaleb, F.A., Saeed, F. and Nasser, M. (2021) Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review. Applied sciences 11(18): 8383. DOI: https://doi.org/10.3390/app11188383

Patel, V., Choe, S. and Halabi, T. (2020) Predicting future malware attacks on cloud systems using machine learning. In 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS) (IEEE): 151–156. DOI: https://doi.org/10.1109/BigDataSecurity-HPSC-IDS49724.2020.00036

Vorobeychik, Y., Kantarcioglu, M., Brachman, R., Stone, P. and Rossi, F. (2018) Adversarial machine learning, 12 (Springer). DOI: https://doi.org/10.1007/978-3-031-01580-9

Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D. and Kambhampati, S. (2020) A survey of moving target defenses for network security. IEEE Communications Surveys & Tutorials 22(3): 1909–1941. DOI: https://doi.org/10.1109/COMST.2020.2982955

Booij, T.M., Chiscop, I., Meeuwissen, E., Moustafa, N. and den Hartog, F.T. (2021) Ton_iot: The role of heterogeneity and the need for standardization of features and attack types in iot network intrusion data sets. IEEE Internet of Things Journal 9(1): 485–496. DOI: https://doi.org/10.1109/JIOT.2021.3085194

Huang, S., Papernot, N., Goodfellow, I., Duan, Y. and Abbeel, P. (2017) Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284 .

Mahmood, K., Gurevin, D., van Dijk, M. and Nguyen, P.H. (2021) Beware the black-box: On the robustness of recent defenses to adversarial examples. Entropy 23(10): 1359. DOI: https://doi.org/10.3390/e23101359

Ayub, M.A., Johnson, W.A., Talbert, D.A. and Siraj, A. (2020) Model evasion attack on intrusion detection systems using adversarial machine learning. In 2020 54th annual conference on information sciences and systems (CISS) (IEEE): 1–6. DOI: https://doi.org/10.1109/CISS48834.2020.1570617116

Zhong, Y., Zhu, Y., Wang, Z., Yin, X., Shi, X. and Li, K. (2020) An adversarial learning model for intrusion detection in real complex network environments. In Wireless Algorithms, Systems, and Applications: 15th International Conference, WASA 2020, Qingdao, China, September 13–15, 2020, Proceedings, Part I 15 (Springer): 794–806. DOI: https://doi.org/10.1007/978-3-030-59016-1_65

Lee, H., Bae, H. and Yoon, S. (2020) Gradient masking of label smoothing in adversarial robustness. IEEE Access 9: 6453–6464. DOI: https://doi.org/10.1109/ACCESS.2020.3048120

Xu, H., Ma, Y., Liu, H.C., Deb, D., Liu, H., Tang, J.L. and Jain, A.K. (2020) Adversarial attacks and defenses in images, graphs and text: A review. International Journal of Automation and Computing 17: 151–178. DOI: https://doi.org/10.1007/s11633-019-1211-x

Zhang, H. and Wang, J. (2019) Defense against adversarial attacks using feature scattering-based adversarial training. Advances in Neural Information Processing Systems 32.

Santhanam, G.K. and Grnarova, P. (2018) Defending against adversarial attacks by leveraging an entire gan. arXiv preprint arXiv:1805.10652 .

Navas, R.E., Cuppens, F., Cuppens, N.B., Toutain, L. and Papadopoulos, G.Z. (2020) Mtd, where art thou? a systematic review of moving target defense techniques for iot. IEEE internet of things journal 8(10): 7818–7832. DOI: https://doi.org/10.1109/JIOT.2020.3040358

Zhuang, R., DeLoach, S.A. and Ou, X. (2014) Towards a theory of moving target defense. In Proceedings of the first ACM workshop on moving target defense: 31–40. DOI: https://doi.org/10.1145/2663474.2663479

Mercado-Velázquez, A.A., Escamilla-Ambrosio, P.J. and Ortiz-Rodriguez, F. (2021) A moving target defense strategy for internet of things cybersecurity. IEEE Access 9: 118406–118418. DOI: https://doi.org/10.1109/ACCESS.2021.3107403

Jia, Q., Sun, K. and Stavrou, A. (2013) Motag: Moving target defense against internet denial of service attacks. In 2013 22nd International Conference on Computer Communication and Networks (ICCCN) (IEEE): 1–9. DOI: https://doi.org/10.1109/ICCCN.2013.6614155

Wang, L. and Wu, D. (2016) Moving target defense against network reconnaissance with software defined networking. In Information Security: 19th International Conference, ISC 2016, Honolulu, HI, USA, September 3-6, 2016. Proceedings 19 (Springer): 203–217. DOI: https://doi.org/10.1007/978-3-319-45871-7_13

Giraldo, J.A., El Hariri, M. and Parvania, M. (2022) Moving target defense for cyber–physical systems using iot-enabled data replication. IEEE Internet of Things Journal 9(15): 13223–13232. DOI: https://doi.org/10.1109/JIOT.2022.3144937

Wang, H., Li, F. and Chen, S. (2016) Towards costeffective moving target defense against ddos and covert channel attacks. In Proceedings of the 2016 ACMWorkshop on Moving Target Defense: 15–25. DOI: https://doi.org/10.1145/2995272.2995281

Osei, A.B., Yeginati, S.R., Al Mtawa, Y. and Halabi, T. (2022) Optimized moving target defense against ddos attacks in iot networks: When to adapt? In GLOBECOM 2022-2022 IEEE Global Communications Conference (IEEE): 2782–2787. DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001502

Von Neumann, J. and Morgenstern, O. (2007) Theory of games and economic behavior. In Theory of games and economic behavior (Princeton university press).

Shoham, Y. and Leyton-Brown, K. (2008) Multiagent systems: Algorithmic, game-theoretic, and logical foundations (Cambridge University Press). DOI: https://doi.org/10.1017/CBO9780511811654

Chen, H. and Koushanfar, F. (2023) Tutorial: Toward robust deep learning against poisoning attacks. ACM Transactions on Embedded Computing Systems 22(3): 1–15. DOI: https://doi.org/10.1145/3574159

Evans, C. and Hamkins, J.D. (2013) Transfinite game values in infinite chess. arXiv preprint arXiv:1302.4377.

Carter, T. (2007) An introduction to information theory and entropy. Complex systems summer school, Santa Fe .

Li, Y. (2017) Deep reinforcement learning: An overview. arXiv preprint arXiv:1701.07274 .

Ding, G., Aghli, S., Heckman, C. and Chen, L. (2018) Game-theoretic cooperative lane changing using datadriven models. In 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) (IEEE): 3640–3647. DOI: https://doi.org/10.1109/IROS.2018.8593725

Brunton, S.L. and Kutz, J.N. (2022) Data-driven science and engineering: Machine learning, dynamical systems, and control (Cambridge University Press). DOI: https://doi.org/10.1017/9781009089517

Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E. and Bellekens, X. (2020) Mqtt-iot-ids2020: Mqtt internet of things intrusion detection dataset. IEEE Dataport .

Downloads

Published

10-07-2024

How to Cite

[1]
A. Osei, Y. Al Mtawa, and T. Halabi, “Mitigating Adversarial Reconnaissance in IoT Anomaly Detection Systems: A Moving Target Defense Approach based on Reinforcement Learning”, EAI Endorsed Trans IoT, vol. 10, Jul. 2024.

Issue

Vol. 10 (2024): EAI Endorsed Transactions on Internet of Things

Section

Research article

License

Copyright (c) 2024 EAI Endorsed Transactions on Internet of Things

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.