Hitting Moving Targets: Intelligent Prevention of IoT Intrusions on the Fly

Tan, S; Liu, W; Dong, Q; Chan, S; Yu, S; Zhong, X; He, D

Hitting Moving Targets: Intelligent Prevention of IoT Intrusions on the Fly

Tan, S Liu, W Dong, Q Chan, S Yu, S

Zhong, X He, D

Permalink

Publisher:: Institute of Electrical and Electronics Engineers (IEEE)
Publication Type:: Journal Article
Citation:: IEEE Internet of Things Journal, 2023, 10, (23), pp. 21000-21012
Issue Date:: 2023-12-01

Closed Access

	Filename	Description	Size
	Hitting_Moving_Targets_Intelligent_Prevention_of_IoT_Intrusions_on_the_Fly.pdf	Published version	2.93 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Tan, S
dc.contributor.author	Liu, W
dc.contributor.author	Dong, Q
dc.contributor.author	Chan, S
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.contributor.author	Zhong, X
dc.contributor.author	He, D
dc.date.accessioned	2024-03-12T01:22:57Z
dc.date.available	2024-03-12T01:22:57Z
dc.date.issued	2023-12-01
dc.identifier.citation	IEEE Internet of Things Journal, 2023, 10, (23), pp. 21000-21012
dc.identifier.issn	2372-2541
dc.identifier.issn	2327-4662
dc.identifier.uri	http://hdl.handle.net/10453/176533
dc.description.abstract	Massive Internet of Things (IoT) devices have been playing a critical role in both the cyber and physical worlds. Various cyber attacks pose significant risks to IoT. Machine learning-based intrusion detection system (IDS) has earned much research attention. However, the intrusion prevention system (IPS) is rarely explored. Realtime intrusion prevention is quite challenging because the decision has to be made during a flow rather than after it finishes. Restricted by aligning with the shortest flows, existing IPSs generally inspect only the very first packets, leading to information loss for accurate detection. In this article, we first measure the information loss quantitatively. Then we devise Sniper, an IoT IPS scheme consisting of a flow length predictor, a novel feature space, and an enhanced ensemble learning algorithm. The flow length predictor guides a proper prevention time point to preserve as much information as possible. The proposed Markov matrix-based feature encoding method further saves more information than existing ones. The enhanced learning algorithm ensures a low-false positive rate (FPR), which is critical for IPSs. We benchmark Sniper with one closed-world and three open-world data sets. The results show that Sniper achieves a 99.89% prevention rate and 0.03% FPR, which is superior to the five state-of-the-art baseline models.
dc.language	en
dc.publisher	Institute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartof	IEEE Internet of Things Journal
dc.relation.isbasedon	10.1109/JIOT.2023.3284155
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0805 Distributed Computing, 1005 Communications Technologies
dc.subject.classification	40 Engineering
dc.subject.classification	46 Information and computing sciences
dc.title	Hitting Moving Targets: Intelligent Prevention of IoT Intrusions on the Fly
dc.type	Journal Article
utslib.citation.volume	10
utslib.for	0805 Distributed Computing
utslib.for	1005 Communications Technologies
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
utslib.copyright.status	closed_access	*
dc.date.updated	2024-03-12T01:22:56Z
pubs.issue	23
pubs.publication-status	Published
pubs.volume	10
utslib.citation.issue	23

Abstract:

Massive Internet of Things (IoT) devices have been playing a critical role in both the cyber and physical worlds. Various cyber attacks pose significant risks to IoT. Machine learning-based intrusion detection system (IDS) has earned much research attention. However, the intrusion prevention system (IPS) is rarely explored. Realtime intrusion prevention is quite challenging because the decision has to be made during a flow rather than after it finishes. Restricted by aligning with the shortest flows, existing IPSs generally inspect only the very first packets, leading to information loss for accurate detection. In this article, we first measure the information loss quantitatively. Then we devise Sniper, an IoT IPS scheme consisting of a flow length predictor, a novel feature space, and an enhanced ensemble learning algorithm. The flow length predictor guides a proper prevention time point to preserve as much information as possible. The proposed Markov matrix-based feature encoding method further saves more information than existing ones. The enhanced learning algorithm ensures a low-false positive rate (FPR), which is critical for IPSs. We benchmark Sniper with one closed-world and three open-world data sets. The results show that Sniper achieves a 99.89% prevention rate and 0.03% FPR, which is superior to the five state-of-the-art baseline models.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/176533