Cross Layer-Based Intrusion Detection Based On Network Behavior For Iot

The intrusion detection systems gained major significance in the field of internet of things (IoT) as the communicating entities could reach thousands of nodes. An intrusion detection system (IDS) that uses a hybrid learning approach, consists of two stages of detection, local and global. The data collection for the classification purposes at the local detection phase is intended to mimic the network behavior rather than node behavior and the ability to infer the state of the node. A scheme based on obtaining datasets related to the packet counts for normal and malicious cases, collected using promiscuous mode, is adopted in the network. The local detection is conducted by the dedicated sniffers (DS) where each DS uses supervised learning approach based on decision trees to generate correctly classified instances (CCIs). The global stage collects the CCIs sent from the dedicated sniffers (DS) to the super node (SN) and applies an iterative linear regression to generate a time-based profile called the accumulated measure of fluctuation (AMoF) for malicious and normal nodes. A profile of a malicious and a normal node is obtained, and an anomaly is detected after three iterations (processed samples).