Hybrid approach to intrusion detection in fog-based IoT environments

In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT en-vironments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. The characteristics of IoT devices make it impossible to apply these solutions in this environment. Also, the existing anomaly-based methods for multiclass detection do not present acceptable accuracy. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant con-tribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. It has high accuracy and recall rates and is ideal for composing the first level of the two-stage detection method of the presented architecture. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm. It was evaluated with the public databases NSL-KDD and CICIDS2017. We used the method of selecting attributes based on the rate of information gain. The approach proposed in this work obtained 99.77% accuracy for the NSL-KDD dataset and 99.85% accuracy for the CICIDS2017 dataset. The experimental results showed that the proposed hybrid approach was able to achieve greater precision about classic machine learning approaches and the recent advances in intrusion detection for IoT systems. In addition, the approach works with low overhead in terms of memory and processing costs.