PII: S1389-1286(18)30873-9
DOI: https://doi.org/10.1016/j.comnet.2019.01.023
Reference: COMPNW 6707
Please cite this article as: Kelton A.P. da Costa, João P. Papa, Celso O. Lisboa, Roberto Munoz,
Victor Hugo C. de Albuquerque, Internet of Things: A Survey on Machine Learning-based Intrusion
Detection Approaches, Computer Networks (2019), doi: https://doi.org/10.1016/j.comnet.2019.01.023
This is a PDF file of an unedited manuscript that has been accepted for publication. As a service
to our customers we are providing this early version of the manuscript. The manuscript will undergo
copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please
note that during the production process errors may be discovered which could affect the content, and
all legal disclaimers that apply to the journal pertain.
ACCEPTED MANUSCRIPT
Abstract—In the world scenario, concerns with security and challenge, where the search for intrusion detection methods for
privacy regarding computer networks are always increasing. the IoT becomes fundamental.
T
Computer security has become a necessity due to the proliferation Many works are being carried out in this context to find
of information technologies in everyday life. The increase in
the best parameters and results for the detection of intrusion
IP
the number of Internet accesses and the emergence of new
technologies, such as the Internet of Things (IoT paradigm, are in IoT-based environments [11], [12]. Some recent studies are
accompanied by new and modern attempts to invade computer addressed in this survey, such as the work of Ahmed [13],
systems and networks. Companies are increasingly investing in which shows that detection is an important task and that it de-
CR
studies to optimize the detection of these attacks. Institutions are tects anomalous data from a given data set. The author points
selecting intelligent techniques to test and verify by comparing
the best rates of accuracy. This research, therefore, focuses out that intrusion detection is an interesting area and that it
on rigorous state-of-the-art literature on Machine Learning has been extensively studied in statistics and machine learning.
Techniques applied in Internet-of-Things and Intrusion Detection Costa et al. [14] also highlighted the importance of using
for computer network security. The work aims, therefore, recent
and in-depth research of relevant works that deal with several
intelligent techniques and their applied intrusion detection ar-
chitectures in computer networks with emphasis on the Internet
of things and machine learning. More than 95 works on the
US intelligent tools to assist intrusion detection but in the context
of computer networks. In their work, the authors employed
the unsupervised Optimum-Path Forest (OPF) classifier [15]
for intrusion detection in computer networks. The authors
AN
subject were surveyed, spanning across different themes related proposed a nature-based approach to estimate the probability
to security issues in IoT environments. density function (pdf) used for clustering purposes, which
Index Terms—Security Networks, Machine Learning, Internet- strongly influences the quality of the classification process.
of-Things, Survey, Intelligent Techniques, Machine Learning. Regarding the OPF classifier, Pereira et al. [16] proposed a
M
of the Internet. High access to information has given rise to concerns about connected devices on an untrustworthy Internet
critical threats, ranging from a virus to a network intrusion become inevitable [21]. Furthermore, security-related research
causing significant business losses and, as a consequence, in IoT is a promising and needed area, resulting in several
companies are investing in research using intelligent tech- techniques applied in this context to ensure, in some way, that
PT
niques to improve security as intrusion detection tools [1], some equipment and devices can prove to be reliable [22].
[2], [3], [4], [5]. The work developed by Evans [23] presents an interesting
Updating research in the area of intrusion detection in com- chart that approaches the perspective of users with some IoT
puter networks is becoming indispensable. A major concern devices; its shown that growth is exponential.
CE
arises with the IP protocol implementation in version 6 (IPv6) Cyber attacks, such as man-in-the-middle (MITM) and dis-
when it comes to security in networks, and more precisely in tributed denial of service (DDoS), are also common threats to
detecting intrusions since that with the IPv6 protocol, there is IoT. Work is being conducted to implement a system to protect
a connection to the Internet of Things (IoT). Such a synergy an IoT against such attacks. The FOCUS [22] system uses
AC
between IPv6 and the IoT paradigm allows free access to the a virtual private network (VPN) as security for IoT devices.
Internet by different devices, such as a blender, microwave, Also, the same system sends alerts during possible DDoS
clothing, wearable devices, and cognitive buildings [6], [7], attacks in IoT platforms. The study demonstrated a proof of
[8], [9], [10], among others, making network security a current concept and conducted experiments to evaluate performance.
Results showed effectiveness to filter malicious attacks with
Kelton A. P. da Costa, Department of Computing, São Paulo State Univer-
sity, Bauru, Brazil. Email: kelton@fc.unesp.br low response time and little use of network bandwidth.
João P. Papa, Department of Computing, São Paulo State University, Bauru, Bostani and Sheikhan [24] report that the insecurity of the
Brazil. Email: joao.papa@unesp.br Internet and wireless sensor networks, which are the main
Celso Lisboa, Department of Computing, São Paulo State University, Bauru,
Brazil. Email: celso.lisboa@yahoo.com.br components of IoT, make the IoT vulnerable to different
Roberto Munoz, School of Informatics Engineering, Universidad de Val- attacks. The same authors propose a new structure of real-
paraı́so, Valparaı́so, Chile. Email: roberto.munoz@uv.cl time intrusion detection, which consists of anomaly-based
Victor Hugo C. de Albuquerque, Graduate Program in Applied In-
formatics, University of Fortaleza, Fortaleza/CE, Brazil. Email: vic- intrusion detection modules and specifications for detecting
tor.albuquerque@unifor.br two routing attacks known in IoT as collectors and selective
ACCEPTED MANUSCRIPT
routing attacks. For such purpose, the specification-based to attacks. To our best knowledge, this work was one of the
intrusion detection agents, located at the router nodes, analyze first of its kind that intended to provide a broad overview of
the behavior of their host nodes and send their local results different research findings and proposed solutions concerning
to the root node through regular data packets and to an the issue of secure routing protocols among IoT devices.
anomaly-based intrusion, which is located at the root node. The primary purpose of this work is to compile recent works
It then employs the unsupervised OPF classifier to design that are oriented to improve IoT security. It also presents
clustering models using received data packets. The results of some research that highlight concerns about possible intrusions
the experiments showed that the proposed real-time hybrid or anomalies, giving, therefore, proposals to cope with such
approach achieved a true positive rate of 76.19% and a false issues using machine learning techniques.
positive rate of 5.92% when collector and selective attack were The remaining of this work is organized as follows. Sec-
launched simultaneously. tion II considers research works that make use of new and
Another recent survey by Alvarenga et al. [25] discusses the traditional machine-learning based algorithms in studies re-
T
issues to security, specifically regarding IoT, and the integra- lated to IoT, and it discusses relevant contributions of the
tion of real-world devices with the Internet since cybersecurity literature associated with IoT security methods. Section III
IP
threats are brought to most daily activities. Attacks against crit- presents some widely used datasets as well as the protocols
ical infrastructures, such as power plants and public transit, can adopted in the proposed experiments. Section IV presents the
have severe consequences for cities and entire countries. The
CR
discussion and take-home message learned from the works
authors presented a study about intrusion detection systems considered in this survey. Finally, Section V states conclusions
methods for IoT, and they also proposed a taxonomy to classify and a discussion about the future possibilities for research in
the papers used in this research, which was based on the IoT security.
attributes, detection method, Intrusion Detection System (IDS)
placement strategy, security threat, and validation strategy. It
was also noted that the research of IDS schemes for IoT is
still incipient and that the proposed solutions do not cover a
wide range of attacks and IoT technologies.
US A. Motivation
Recently, several works related to IoT have received at-
AN
tention in the academic area and also within the industry
Yang et al. [26] presented a study stating that IoT is
due to its potential use in several human activities. IoT
designed as a network consisting of small devices distributed
represents a potential solution to improve the quality of life of
over a wide area. To address the limitation of existing research,
people (e.g., the smartwatch, which monitors health through its
an anomaly-detection-based scheme was proposed to protect
sensors [29]), and several technologies have become popular
M
vulnerabilities in IoT devices. The work proposed a Model- However, we realize that no work has presented an in-depth
based Security Toolkit, which is integrated into a management view of the application of machine learning in the context of
framework for IoT devices and supports specification and IoT with a focus on the detection of intrusions to date, which
efficient evaluation of security policies to enable the protection ends up being the main contribution of this survey.
AC
C. Work Selection Criteria machine-learning systems face the difficulty of detecting these
The databases considered in the search and selection of small mutants of attacks over time.
works were the IEEE Xplore, Science Direct, Springer, Hin- Ramos et al. [42] presented a survey that focused on
dawi Publishing Corporation, MDPI Publisher of Open Access model-based quantitative security metrics that aim to quantify
Journals, and Wiley Online Library, mainly. The selected stud- overall network resilience against attacks. In this survey, an
ies were published from 2015 until the middle of 2017, with in-depth literature review of the state-of-the-art of Network
some works published in 2018. We believe that this survey Security Metrics (NSMs) has been presented focused in the
is of significant contribution to researchers and professionals Common Vulnerability Scoring System (CVSS) framework,
in the area of security in networks and other related fields. which is used as input by several security metric models.
Figure 1 depicts the number of works found on each database The differences between the security metrics field and other
and considered in this work. correlate areas have also been conducted. This study carried
out a comprehensive and detailed review of the main metric
T
80
proposals and has been presented more specifically in the
70
realm of model-based quantitative NSMs; a complete and
IP
60
50 thorough review of the main metric proposals has also been
Amount
40
30 presented. The main pros and cons of each reviewed work have
also been described. Eventually, an in-depth investigation of
CR
20
10
0
IEEExplore HINDAWI MDPI SPRINGER WILEY the main properties of the reviewed security metrics has been
Databases
presented, along with open issues and suggestions for future
Fig. 1. Histogram of works considered in this survey. research directions, followed by a discussion on past related
work. According to what has been presented in this review, it is
addresses the challenges and opportunities in the IoT domain. aggregation, and protocol adaptation services to achieve better
The authors portray the priority of a successful IoT network horizontal integration among IoT services. They directed on
that is capable of detecting compromised nodes along with the IoT protocols and standards reviewing the different proto-
collecting and preserving evidence of an attack or malicious cols and patterns in the different layers of an IoT environment
PT
activity. The study focused mainly on portraying significant and approached the main functionality and purpose of these
challenges in IoT. The authors also stated that detecting the protocols. The authors also researched the consequence of IoT,
presence of IoT systems is a challenge, considering that which are Big Data, cloud and fog computing, and the need
devices are designed to function passively and autonomously. for a new generation of data analytics algorithms and tools that
CE
In the past years, using machine learning to aid security are suitable for IoT big data, such as to be able to shrink input
and detection in IoT environments has become extremely size. Finally, three use-cases were presented that illustrate how
important to face the challenges reported previously [39], [40]. the different protocols presented in this survey fit together to
However, we have not found too many works that employed deliver new smart IoT services that deliver new functionality
AC
are constrained, and many security mechanisms are hard to for SDN using OpenFlow and discussed their performance
implement because the safety of IoT will certainly be related implications.
to many important scenarios of the future 5G. In this work, Wang et al. [4] emphasized that high-quality training data
an approach based on the automata theory was proposed is important to improve detection performance. The authors
concerning the vast heterogeneous IoT networks. The method proposed an effective intrusion detection framework based on
uses an extension of Labelled Transition Systems to propose Support Vector Machines (SVM) with augmented features.
a uniform description of IoT systems that can detect the They implemented a logarithm marginal density ratio transfor-
intrusions by comparing actions flows. mation with the goal of obtaining new and better-quality SVM
The research designed the intrusion detection approach, detection, and their empirical results showed effective values
built the Event Databases, and implemented the Event An- such as good performance, high detection rate, and low false
alyzer to achieve the IDS approaches. The proposed IDS was positive alarm.
able to detect three types of IoT attacks: jam-attack, false-
T
López-Benı́tez et al. [49] focused the research on multi-
attack, and reply-attack. disciplinary solutions through a suitable platform that takes
Still, regarding the concern with security and prevention of
IP
into account potential mutual effects and interactions among
intrusions in IoT, we noticed that its architecture is not yet the different dimensions of future IoT systems. The project,
standardized. For Adat et al. [12], organizations such as IEEE called “Internet of Surprise: Self-Organising Data”, constituted
CR
and ITU are working on the standardization of IoT. However, a platform to obtain an accurate and realistic evaluation of
some technologies such as IPv6, 6LoWPAN, IEEE 802.15.4 IoT solutions. The prototype enables the assessment and opti-
are then defined as a platform for IoT, yet the authors say mization of multidisciplinary aspects of IoT systems, including
that there are a few architectures for IoT and most of them issues related to hardware design, communications, and data
are based on a network layer and a layer that addresses the
needs of IoT. The most generic architecture proposed for IoT
is depicted in Figure 2. US processing.
Sedjelmaci et al. [50] employed the Nash equilibrium as
a proposal for a lightweight anomaly detection technique
based on the concept of game theory. The method mainly
AN
predicted the equilibrium state that allows the IDS to activate
its anomaly detection mode to detect new attack signatures.
The results showed that the data generated is viable, obtaining
excellent detection rates, low false positive alarm, and low
energy consumption. The authors used TOSSIM, a simulator
M
dimensional sample in the global dataset by an equivalent respect to security. As a consequence, many relevant types of
method with reduced dimensions. A reduced representation research in IoT have emerged with an emphasis specifically
was obtained using a dimensionality reduction approach which in IoT-based behavior when it comes to computer network
is used as input for classifiers. security.
Flauzac et al [48] discussed security architectures for IoT Several works related IoT presented new technologies that
based on software-defined networking (SDN). In this context, work together with the paradigm, always with an emphasis
the SDN-based architecture works with or without infrastruc- on the concern for security issues [54], [55], [56], [57], [58],
ture, called SDN-Domain. The work described the operation [59].
of the proposed architecture and summarized the opportunity For the sake of clarification, Table I and Table II sum-
to achieve network security more efficiently and flexibly with marized the works by the main purpose of the paper (PU),
SDN. In this paper, the network access control and global communication protocol (CP), application protocols (AP), data
traffic monitoring for ad-hoc networks were considered, as format (DF), machine learning technique (MLT), and precision
well as the work pointed out some architectural design choices rate (PR).
ACCEPTED MANUSCRIPT
TABLE I
I OT S UMARIZED W ORKS - PART 1
Reference PU CP AP DF MLT PR
[1] This work, in order to detect network attacks, using k-means algorithm TCP/IP - - k-means 80.19%
a new semi-supervised anomaly detection system has been designed
and implemented.
SVM,
[2] A useful intrusion detection framework by adopting a new optimization - - - 97.23%
MCLPDR
method, specifically, time-varying chaos particle swarm optimization.
TCP/IP,
[3] An intrusion detection technique that considers various points like the UDP, - - OS-ELM 98.66%
hugeness of network traffic dataset, feature selection, low accuracy ICMP
and high rate of false alarms.
[4] A useful intrusion detection framework based on a support vector TCP - - SVM 99.18%
T
machine with augmented features.
[5] A build a model for intrusion detection system using random forest - - - Random Forest 99.67%
IP
classifier.
neutral
[6] Examines the connection of Building Information Modeling and IoT TCP/IP - data - -
for filling these issues in the management of cognitive buildings. format
CR
[99,62% -
[11] A novel method for intrusion detection system based on sampling with TCP/IP - - LS-SVM
99.78%]
Least Square Support Vector Machine (LS-SVM).
RPL,
[12] Explain the history, background, statistics of IoT and security-based - - - -
IPv6
analysis of IoT architecture
[13]
[14]
US
Presents an in-depth investigation of four significant categories of
anomaly detection techniques which involve classification, statistical,
information theory and clustering.
-
-
-
-
-
SVM
Optimum-path forest,
Bat algorithm,
Firefly Algorithm
-
-
AN
(OPF).
TCP/IP,
[20] An overview of the major challenges facing IoTs. (Security, privacy, 6loWPAN, CoAP - - -
and interoperability) RPL
[21] A real-world simulation service uses Internet of Things capable IP - - - -
M
[23] Educate you in plain and simple terms so you can be well versed in - - - -
IoT and understand its potential to change everything we know to be
true today.
Optimum-Path
6LoWPAN, CoAP,
[24] A novel real-time hybrid intrusion detection frame- work - Forest Clustering, 96.02%
RPL DTLS
SA-IDSs
PT
6LoWPAN,
[25] A survey of IDS’s research efforts for IoT. In order to identify the CoAP - - -
RPL
main trends, open questions and future research possibilities.
[26] Using DDF-based state estimation techniques to detect false aggregate CSMA/CA - - - -
data and determine nodes that are suspected of injecting false data
CE
IPV6, CoAP,
[28] A propose the Internet of Things and its significance as well as growing - - -
6LoWPAN, DTLS
trends in today’s global IT scenario. A survey of the threats correlated
RPL
with IoT routing and identifies few of the research challenges as
discussed by the research fraternity and some of the potential research
directions in achieving secure and sustainable routing with IoT devices.
[37] To propose extensive guidelines for systematic literature reviews - - - - -
relevant for software engineering researchers, including Ph.D. students.
[38] Introduce existing significant security and forensics challenges within - - - - -
the IoT domain and then briefly discuss papers published in this special
issue targeting recognized challenges.
SVM,
[39] To analyze different supervised algorithms for the anomaly-based IP - - Naive Bayes, -
detection techniques. J48
ACCEPTED MANUSCRIPT
TABLE II
I OT S UMARIZED W ORKS - PART 2
Reference PU CP AP DF MLT PR
ADAM,
TCP/IP,
SVM,
[40] Show the various facets of network anomaly detection so that a UDP, - - -
CSF-KNN,
researcher can quickly become familiar with all these aspects. ICMP
OCSVM
TCP/IP, Telnet,
[41] Adopt a new approach, deep learning, cyber security to enable the ICMP, FTP, - SVM -
detection of attacks in the social internet of things. UDP IMAP
HTTP, SSH,
[42] The article presents a thorough state-of-the-art survey of model-based TCP/IP - - -
FTP, RSH
Network Security Metrics.
6LoPAN, RPL, CoRE,
[43] It analyzes existing protocols and mechanisms to protect IoT commu- - - -
UDP, IPV6 CoAP
T
nications, as well as open research questions.
DDS, CoAP,
RPL,
AMQP, MQTT,
IP
[44] Provide an overview IoT, with an emphasis on enabling technologies, 6LoWPAN, - - -
MQTT-SN, XMPP,
protocols, and application issues. IPV4/IPV6
HTTP REST
TCP, random forest, 99.00%,
CR
[45] A new network intrusion detection method that is appropriate for an ICMP, - - linear SVM, 92.00%,
Internet of Things network. UDP multinomial 65.00%
[46] Analyzes the existing CRADS, GIDP, and other intrusion detection TCP/IP - - - -
frameworks for MANET.
KNN,
[47] To design a fuzzy membership function to approach both dimension- - - - J48, -
[48] US
ality and anomaly mining so as reduce the computational complexity
and improve computational accuracies of classifier algorithms.
Describes the operation of the on Big Data, Data Mining Challenges on
IoT and Pervasive Systems and summarizes the opportunity to achieve
network security in a more efficient and flexible with SDN.
IP - -
SVM
- -
AN
AMQP, CoAP,
[49] A prototype developed in the context of the EPSRC/eFutures-funded TCP/IP DHCP, DNS, - - -
project Internet of Surprise: Self-Organising Data MQTT
SVM,
[50] To secure low resources IoT devices such as smart meters and sensors - - - -
NNs
against any malicious behaviors.
M
[51] To investigate how we can explore the characteristics of the sensor TCP/IP - - - -
network domain to achieve scale, fidelity, and integrity that would be
intractable in a general purpose context.
HTTP,
TCP/IP,
[52] Develops on a systematic analysis of the related literature, exploring CoAP, - - -
ED
UDP
the differences between the current Internet and IoT-based systems, MQTT
presenting an in-depth investigation of the challenges and future scenes
on IoT middleware.
[53] To present and discusses a set of basic requirements and a preliminary TCP/IP DCP - - -
performance evaluation of a sample application.
PT
[55] To review the advances on issues of security and privacy in IoV, Ariadne, - - SVM -
including security and privacy requirements, attack types, and the SRP
relevant solutions, and discuss challenges and future trends in this
area.
6LowPAN,
HTTP, HTTPS,
[56] Proposes security measures for a defined uniform and transparent TCP/IP, - - -
AC
TLS, CoAP
internet of things middleware, named UIoT. UPnP
[57] Propose an approach for the detection of incidents in the Internet of - - - - -
Things, based on a correlation analysis of the devices’ information.
III. M ETHODS AND DATASETS IoT/fog network attack detection system, and the experiments
showed the successful adoption of artificial intelligence to
In this section, we present some widely used datasets and cybersecurity purposes. The authors also designed and im-
methodology employed in papers related to IoT and its security plemented the system for attack detection in a distributed
issues [60], [61], [62], [63], [5], [64], [65], [2], [66], [67]. architecture concerning IoT applications, such as smart cities.
Diro and Chilamkurti [41] employed three original-size The evaluation process has considered accuracy, detection
datasets known as KDDCUP99, ISCX, and NSL-KDD for ex- rate, and false alarm rate as performance metrics to show
perimental purposes regarding intrusion detection in computer the effectiveness of deep models over shallow models. In the
networks. They proposed a distributed deep learning-based
ACCEPTED MANUSCRIPT
first round of experiments, the 2-class (normal and attack) comparison purposes. The performance of the classifiers was
and 4-class (normal, DoS, Probe, R2L.U2R) categories were obtained considering the error rate and the confusion matrix.
considered in the experimental section. Besides, unseen test Another interesting work was carried out by Guo et al. [82].
data were chosen to represent zero-day attack detections. The authors addressed a critical approach related to an indoor
The study comprised two main objectives. The first one location for IoT-based applications such as tracking the com-
aimted to compare the results of the distributed attack detec- pany’s assets, unattended parking, monitoring, geolocation,
tion with a centralized system conducted through deploying and smart cities. In short, the authors developed a framework
the deep learning model on a single node for the centralized for this context and employed the Adaboost and Random
system and multiple coordinated nodes for distributed attack Forest classifiers. Simulations demonstrated the robustness in
detection. To test the performance of the parallelism, the performance for the internal location problem.
number of machines used for training the network as a function Recent advances show that Convolutional Neural Networks
of training accuracy were varied. The second goal was to (CNNs) have an excellent performance in image classification
T
evaluate the effectiveness of deep learning against shallow tasks, especially when the size of the datasets is large and can
learning algorithms for attack detection in IoT-based systems. also be applied to related devices in the IoT context. Shen
IP
The deep learning system, after hyper-parameter optimization, et al. [83] applied CNN focusing on the high requirement
has used 123 input features, 150 neurons for the first layer, 120 for communication and data training that can be found in
and 50 neurons for the second and third layers, respectively, IoT architectures. Two popular datasets, MNIST and CIFAR-
CR
and the last layer contains a number of neurons equal to the 10, were used for training and testing. The MNIST dataset
number of classes. The model used batches of different sizes constituted 60, 000 training examples and 10, 000 for testing
and 50 epochs, and it has been trained with dropout to avoid purposes. The size of each digit image is 28 × 28, and the
the overfitting problem. CIFAR-10 dataset consists of 50, 000 training examples and
A recent work developed by Acharjya et al. [68] presented a
method that detects specific activities, such as the dropping of
people based on resources, called Motion Projection Profile.
The temporal difference is extracted from the image so that
US 10, 000 for testing. The results were promising and appropriate
to achieve good performance when implemented in IoT de-
vices for management and better use of the resources offered
by it.
AN
it is possible to represent several postural levels of a person. A paper presented by Azmoodeh et al. [84] addresses the
Such drops are detected by analyzing the projection profiles Internet of Things (IoT) for military environments, which
consisting of motion pixels as each row, column, diagonal left, constitutes a diverse amount of devices connected to the Inter-
and diagonal right temporal image changes, thus allowing real- net, ranging from medical devices to wearable technologies.
M
time recognition of the posture of the person. The aforementioned work presented a new dataset consisting
Furthermore relating to intrusion detection, several works of 1, 078 normal samples and 128 samples with malware
also been approaching that utilize Support Vector Machines specifically for IoT applications based on an Advanced RISC
with polynomial and Radial Basis Function (RBF) kernels, Machines (ARM) architectures. The samples were collected
ED
K-Nearest Neighbors (KNN), and the decision tree algorithm using the VirusTotal3 Threat Intelligence platform from Febru-
(J48) [69], [70], [71], [72], [73], [74], [75], [76] being that for ary 2015 through January 2017.
the classification and recognition of the types of intrusions, the The assessments demonstrated the robustness of the ap-
SVM with RBF presented reasonable precisions. proach in detecting malware with an accuracy rate of around
PT
Most of the work conducted so far takes advantage of 98% while still obtaining the ability to mitigate attacks of
datasets already used for other research. Basically, a lot of insertion of unwanted code. For the experiments, the authors
research proposes the use of several classifiers with several used a detection approach based on the selection of sequence
datasets and analyzes some of the requirements proposed in code classes as a resource for the classification of samples. A
CE
the study, such as accuracy, error rate, and the possibility of feature chart was created for each sample, and a deep learning
these results being feasible to employ in devices that consume approach was applied for malware classification purposes.
low computational resources, including low-powered devices Two recent works that deal specifically with the use of
to be used in the IoT context [77], [78], [79], [80]. machine learning techniques concerning security issues in IoT
AC
The Electronic IT and Imaging Lab [81] created a dataset architectures over KDD99 dataset can be referred as well. Al-
in video format that detected falls captured in a real-time Yaseen et al. [85] proposed a modified K-means approach to
environment through video surveillance using an RGB camera reduce the size of the training dataset as well as to balance
with a rate of 25 frames per second and resolution of 320×240 the data for training SVMs and Extreme Learning Machines
pixels. The dataset consists of two types of events: normal (ELMs). According to the experiments, the performance of the
daily activities and actions of falls performed by various actors proposed model achieved an accuracy of 95.75% and a false
in different environments. Besides, 250 video sequences were alarm rate of 1.87%.
captured with a time of 10 seconds each. The other work, conducted by Feng et al. [86], a new
The video sequence contains factors to be analyzed such machine-learning based data classification algorithm was used
as illumination, occlusions, and textured background. After and further applied to network intrusion detection. The pro-
feature extraction, the proposed method was tested using SVM posed approach, named Clustering based on Self-Organized
with polynomial and RBF kernels, K-NN, and a decision Ant Colony Network (CSOACN) was employed to classify
tree classifier using a 10-fold cross-validation approach for network activities as normal or abnormal. This new approach
ACCEPTED MANUSCRIPT
T
research by Zhao et al. [87], Bako and Ismail [88], Wang and
IP
Liu [89], Wu and Wang [90], Li et al. [91] and Yan et al. [92].
Fig. 3. The three main views of IoT.
For a better identification and visualization of all the
datasets related to this survey, Table III presents the works Another critical aspect addressed by Rayes and Salam [94]
CR
summarized through the dataset name (DN) and size (DS), as is that the security risks for IoT are severe if the devices are
well as the content type of the dataset (CTD). employed in companies since an attacker could have access
through invasion techniques in any of these intelligent devices,
allowing company espionage by the invader.
devices to improve their methods for better security mitigation. in all layers of the network architectures that are supported
It is necessary to identify all the vulnerabilities and threats that by IDS and not only focusing on the lowest layer level, as is
may exist that are designed explicitly for IoT architectures. usual. A trend also identified in the literature is the use of IDS
To reduce potential threats, it is perceived that the need for tools that support IoT, a direction that should be the focus of
PT
more studies that focus on the knowledge of threats becomes a many software manufacturers, in both open source and paid
fact for that context and that challenges in their security, such software.
as confidentiality and privacy, have been identified and must
V. C ONCLUSIONS
be addressed and avoided.
CE
TABLE III
DATABASES USED IN THE WORKS CONSIDERED IN THE PAPER .
Reference DN DS CTD
[60] KDD’99, NSL-KDD, Noisy Dataset - TCP-dump raw data
[61] - - -
[62] Dataset generated by personal computer 20,000 records -
[63] NSL-KDD, KDDCUP99 - Symbolic data
[64] KDD CUP 1999 212,123 samples -
[65] Piping dataset, Crack-box dataset 2,460, 1,380 levee passive seismic data
[66] NSL-KDD 148,517 Text file
T
[67] NSL-KDD, KDDCup 1999 33,300 records -
IP
[93] - - -
[69] NSL-KDD - -
[70] KDD 148,753 records -
CR
[71] - 307,641 Text file
[72] - - -
[73] NSL-KDD Cup 1999 10,000 -
[74]
[75]
[76]
[77]
NSL-KDD
AWID
NSL-KDD Cup 1999
-
US 148,516
1,795,575
106,154
-
TCP packets
-
TCP, UDP and ICMP data
-
AN
[78] - - -
[79] - - -
[80] - - -
M
[88] - - -
[89] - - -
[90] - - -
CE
[94] - - -
[95] - - -
[96] - - -
Some techniques can reduce the false positive rate but, in ACKNOWLEDGMENT
contrast, the training time and classification increases. On the
other hand, some techniques perform the inverse process, i.e.,
the false positive rate is stabilized, but at the price of a high The authors are grateful to FAPESP grants #2017/22905-6,
computational burden for training and testing. Such an issue is #2013/07375-0, #2014/12236-1, and #2016/19403-6 and by
way relevant for intrusion detection, where real-time detection the Brazilian National Council for Research and Development
is a relevant factor. (CNPq) via grants No. 429003/2018 − 8, 304315/2017 − 6,
430274/2018 − 1, 307066/2017 − 7 and 427968/2018 − 6.
ACCEPTED MANUSCRIPT
10
T
vol. 42, no. 22, pp. 8609–8624, 2015. [Online]. Available: “FOCUS: A fog computing-based security system for the internet
http://www.sciencedirect.com/science/article/pii/S0957417415004753 of things,” in 15th IEEE Annual Consumer Communications &
[4] H. Wang, J. Gu, and S. Wang, “An effective intrusion detection Networking Conference (CCNC). IEEE, jan 2018. [Online]. Available:
IP
framework based on svm with feature augmentation,” Knowledge- https://doi.org/10.1109/ccnc.2018.8319238
Based Systems, vol. 136, pp. 130–139, 2017. [Online]. Available: [23] D. Evans, “The internet of things: How the next evolution of the internet
http://www.sciencedirect.com/science/article/pii/S095070511730415X is changing everything,” Cisco White Paper, pp. 1–11, 2011.
[24] H. Bostani and M. Sheikhan, “Hybrid of anomaly-based and
CR
[5] N. Farnaaz and M. A. Jabbar, “Random forest modeling for network
intrusion detection system,” Procedia Computer Science, vol. 89, no. specification-based ids for internet of things using unsupervised opf
Supplement C, pp. 213–217, 2016. based on mapreduce approach,” Computer Communications, vol. 98,
[6] D. Pasini, S. M. Ventura, S. Rinaldi, P. Bellagente, A. Flammini, and no. Supplement C, pp. 52–71, 2017.
A. L. C. Ciribini, “Exploiting internet of things and building information [25] B. B. Zarpelao, R. S. Miani, C. T. Kawakani, and
modeling framework for management of cognitive buildings,” in IEEE S. C. Alvarenga, “A survey of intrusion detection in
International Smart Cities Conference (ISC2). IEEE, sep 2016.
[Online]. Available: https://doi.org/10.1109/isc2.2016.7580817
[7] W. Wu, S. Pirbhulal, H. Zhang, and S. C. Mukhopadhyay, “Quantitative
assessment for self-tracking of acute stress based on triangulation
principle in a wearable sensor system,” IEEE Journal of Biomedical
US internet of things,” Journal of Network and Computer
Applications, vol. 84, pp. 25–37, 2017. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S1084804517300802
[26] L. Yang, C. Ding, M. Wu, and K. Wang, “Robust detection
of false data injection attacks for data aggregation in an
AN
and Health Informatics, pp. 1–1, 2018. internet of things-based environmental surveillance,” Computer
[8] W. Wu, H. Zhang, S. Pirbhulal, S. Mukhopadhyay, and Y. Zhang, Networks, vol. 129, pp. 410–428, 2017, special Issue on 5G
“Assessment of biofeedback training for emotion management through Wireless Networks for IoT and Body Sensors. [Online]. Available:
wearable textile physiological monitoring system,” IEEE Sensors Jour- http://www.sciencedirect.com/science/article/pii/S1389128617302372
nal, vol. 15, no. 12, pp. 7087–7095, Dec 2015. [27] R. Neisse, G. Steri, I. N. Fovino, and G. Baldini, “Seckit: A model-
[9] W. Wu, S. Pirbhulal, K. Sangaiah, S. M. Chandra, and G. Li, “Opti- based security toolkit for the internet of things,” Computers and Security,
M
mization of signal quality over comfortability of textile electrodes for vol. 54, no. Supplement C, pp. 60–76, 2015.
ecg monitoring in fog computing based medical applications,” Future [28] D. Airehrour, J. Gutierrez, and S. K. Ray, “Secure routing for
Generation Computer Systems, vol. 86, pp. 515–526, 2018. internet of things: A survey,” Journal of Network and Computer
[10] S. Pirbhulal, H. Zhang, W. Wu, S. C. Mukhopadhyay, and Y. Zhang, Applications, vol. 66, pp. 198–213, 2016. [Online]. Available:
“Heartbeats based biometric random binary sequences generation to se- http://www.sciencedirect.com/science/article/pii/S1084804516300133
ED
cure wireless body sensor networks,” IEEE Transactions on Biomedical [29] I. Romdhani, “Chapter 9 - confidentiality and security for iot based
Engineering, vol. 65, no. 12, pp. 2751–2759, Dec 2018. healthcare,” in Securing the Internet of Things, S. Li and L. D. Xu, Eds.
[11] E. Kabir, J. Hu, H. Wang, and G. Zhuo, “A novel statistical Boston: Syngress, 2017, pp. 133–139.
technique for intrusion detection systems,” Future Generation [30] S. Li, “Chapter 1 - introduction: Securing the internet of things,” in
Computer Systems, vol. 79, pp. 303–318, 2018. [Online]. Available: Securing the Internet of Things, S. Li and L. D. Xu, Eds. Boston:
http://www.sciencedirect.com/science/article/pii/S0167739X17301371 Syngress, 2017, pp. 1–25.
PT
[12] V. Adat and B. B. Gupta, “Security in internet of things: issues, [31] ——, “Chapter 2 - security architecture in the internet of things,” in
challenges, taxonomy, and architecture,” Telecommunication Systems, Securing the Internet of Things, S. Li and L. D. Xu, Eds. Boston:
vol. 67, no. 3, pp. 423–441, Mar 2018. Syngress, 2017, pp. 27–48.
[13] M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of [32] I. Romdhani, “Chapter 8 - security concerns in social iot,” in Securing
CE
network anomaly detection techniques,” Journal of Network and the Internet of Things, S. Li, , and L. D. Xu, Eds. Boston: Syngress,
Computer Applications, vol. 60, pp. 19–31, 2016. [Online]. Available: 2017, pp. 131–132.
http://www.sciencedirect.com/science/article/pii/S1084804515002891 [33] ——, “Chapter 7 - existing security scheme for iot,” in Securing the
[14] K. A. P. Costa, Pereira, R. Y. M. Nakamura, C. R. Internet of Things, S. Li, , and L. D. Xu, Eds. Boston: Syngress, 2017,
Pereira, J. P. Papa, and A. X. Falcão, “A nature-inspired pp. 119–130.
approach to speed up optimum-path forest clustering and its [34] S. Li, “Chapter 5 - security requirements in iot architecture,” in Securing
AC
application to intrusion detection in computer networks,” Information the Internet of Things, S. Li and L. D. Xu, Eds. Boston: Syngress,
Sciences, vol. 294, pp. 95–108, 2015. [Online]. Available: 2017, pp. 97–108.
http://www.sciencedirect.com/science/article/pii/S0020025514009311 [35] ——, “Chapter 4 - iot node authentication,” in Securing the Internet of
[15] L. M. Rocha, F. A. M. Cappabianco, and A. X. Falcão, “Data clustering Things, S. Li and L. D. Xu, Eds. Boston: Syngress, 2017, pp. 69–95.
as an optimum-path forest problem with applications in image analysis,” [36] ——, “Chapter 3 - security and vulnerability in the internet of things,”
International Journal of Imaging Systems and Technology, vol. 19, no. 2, in Securing the Internet of Things, S. Li and L. D. Xu, Eds. Boston:
pp. 50–68, 2009. Syngress, 2017, pp. 49–68.
[16] C. R. Pereira, R. Y. M. Nakamura, K. A. P. Costa, and J. P. Papa, [37] B. Kitchenham and S. Charters, “Guidelines for performing systematic
“An optimum-path forest framework for intrusion detection in computer literature reviews in software engineering,” Keele University and
networks,” Engineering Applications of Artificial Intelligence, vol. 25, Durham University Joint Report, Tech. Rep. EBSE 2007–001, 2007.
no. 6, pp. 1226–1234, 2012. [Online]. Available: http://www.dur.ac.uk/ebse/resources/Systematic-
[17] J. P. Papa, A. X. Falcão, and C. T. N. Suzuki, “Supervised pattern reviews-5-8.pdf
classification based on optimum-path forest,” International Journal of [38] M. Conti, A. Dehghantanha, K. Franke, and S. Wat-
Imaging Systems and Technology, vol. 19, no. 2, pp. 120–131, 2009. son, “Internet of things security and forensics: Chal-
[18] J. P. Papa, A. X. Falcão, V. H. C. Albuquerque, and J. M. R. S. lenges and opportunities,” Future Generation Computer Sys-
Tavares, “Efficient supervised optimum-path forest classification for tems, vol. 78, pp. 544–546, 2018. [Online]. Available:
large datasets,” Pattern Recognition, vol. 45, no. 1, pp. 512–520, 2012. http://www.sciencedirect.com/science/article/pii/S0167739X17316667
ACCEPTED MANUSCRIPT
11
[39] T. Mehmood and H. B. M. Rais, “Machine learning algorithms in [58] M. A. N. F. Machaka, P. and A. Bagula, Using the Cumulative Sum
context of intrusion detection,” in 3rd International Conference on Algorithm Against Distributed Denial of Service Attacks in Internet of
Computer and Information Sciences (ICCOINS). IEEE, aug 2016. Things. Cham: Springer International Publishing, 2016, pp. 62–72.
[Online]. Available: https://doi.org/10.1109/iccoins.2016.7783243 [59] T. L. Chen, Z. and C. Lin, A Method for Detection of Anomaly Node in
[40] M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network IOT. Cham: Springer International Publishing, 2015, pp. 777–784.
anomaly detection: Methods, systems and tools,” IEEE Communications [60] J. Hussain and S. Lalmuanawma, “Feature analysis, evaluation and com-
Surveys & Tutorials, vol. 16, no. 1, pp. 303–336, 2014. [Online]. parisons of classification algorithms based on noisy intrusion dataset,”
Available: https://doi.org/10.1109/surv.2013.052213.00046 Procedia Computer Science, vol. 92, no. Supplement C, pp. 188–198,
[41] A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme 2016.
using deep learning approach for internet of things,” Future Generation [61] “Comparison of classification techniques applied for network
Computer Systems, vol. 82, pp. 761–768, 2018. [Online]. Available: intrusion detection and classification,” Journal of Applied Logic,
http://www.sciencedirect.com/science/article/pii/S0167739X17308488 vol. 24, pp. 109–118, year = 2017, issn = ”1570–8683”, url =
[42] A. Ramos, M. Lazar, R. H. Filho, and J. J. P. C. Rodrigues, http://www.sciencedirect.com/science/article/pii/S1 570 868 316 300 738,
“Model-based quantitative network security metrics: A survey,” IEEE author = Aziz, A. S. A. and Hanafi, S. E. and Hassanien, A. E.,.
Communications Surveys & Tutorials, vol. 19, no. 4, pp. 2704–2734, [62] S. L. Gautam and H. Om, “Computational neural network
regression model for host based intrusion detection system,”
T
2017. [Online]. Available: https://doi.org/10.1109/comst.2017.2745505
[43] J. Granjal, E. Monteiro, and J. S. Silva, “Security for the internet of Perspectives in Science, vol. 8, pp. 93–95, 2016. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S2213020916300192
things: A survey of existing protocols and open research issues,” IEEE
IP
Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1294–1312, [63] R. A. R. Ashfaq, X. Wang, J. Z. Huang, H. Abbas, and Y. He, “Fuzziness
2015. [Online]. Available: https://doi.org/10.1109/comst.2015.2388550 based semi-supervised learning approach for intrusion detection system,”
Information Sciences, vol. 378, pp. 484–497, 2017. [Online]. Available:
[44] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and http://www.sciencedirect.com/science/article/pii/S0020025516302547
CR
M. Ayyash, “Internet of things: A survey on enabling technologies, [64] M. R. G. Raman, N. Somu, K. Kirthivasan, and V. S. S.
protocols, and applications,” IEEE Communications Surveys & Sriram, “A hypergraph and arithmetic residue-based probabilistic
Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015. [Online]. Available: neural network for classification in intrusion detection systems,”
https://doi.org/10.1109/comst.2015.2444095 Neural Networks, vol. 92, pp. 89–97, 2017. [Online]. Available:
[45] M. Lopez-Martin, B. Carro, A. Sanchez-Esguevillas, and J. Lloret, http://www.sciencedirect.com/science/article/pii/S0893608017300333
“Conditional variational autoencoder for prediction and feature recovery
network,” Procedia Computer Science, vol. 52, no. Supplement C, pp. pp. 462–472, 2017.
1028–1033, 2015. [68] J. Arunnehru and M. K. Geetha, Internet of Things Based Intelligent
[49] M. Lppez-Benitez, T. D. Drysdale, S. Hadfield, and M. I. Elderly Care System. Cham: Springer International Publishing, 2017,
Maricar, “Prototype for multidisciplinary research in the context pp. 207–229.
[69] A. Abubakar and B. Pranggono, “Machine learning based intrusion de-
ED
(ICC), May 2016, pp. 1–6. International Symposium on Intelligent Systems and Informatics (SISY),
[51] P. Levis, N. Lee, M. Welsh, and D. Culler, “Tossim: Accurate and Sept 2017, pp. 000 277–000 282.
scalable simulation of entire tinyos applications,” 2003. [71] E. M. Kakihata, H. M. Sapia, R. T. Oiakawa, D. R. Pereira, J. P.
Papa, V. H. C. Albuquerque, and F. A. Silva, “Intrusion detection
[52] M. A. A. Cruz, J. J. P. C. Rodrigues, J. Al-Muhtadi, V. V.
Korotaev, and V. H. C. Albuquerque, “A reference model for system based on flows using machine learning algorithms,” IEEE Latin
CE
America Transactions, vol. 15, no. 10, pp. 1988–1993, oct 2017.
internet of things middleware,” IEEE Internet of Things Journal,
vol. 5, no. 2, pp. 871–883, apr 2018. [Online]. Available: [Online]. Available: https://doi.org/10.1109/tla.2017.8071245
https://doi.org/10.1109/jiot.2018.2796561 [72] O. Aslan and R. Samet, “Investigation of possibilities to detect malware
using existing tools,” in IEEE/ACS 14th International Conference on
[53] P. Bellagente, P. Ferrari, R. S. Flammini, A., and E. Sisinni, “Enabling Computer Systems and Applications (AICCSA), Oct 2017, pp. 1277–
profinet devices to work in iot: Characterization and requirements,”
AC
1284.
in IEEE International Instrumentation and Measurement Technology [73] D. A. Effendy, K. Kusrini, and S. Sudarmawan, “Classification of
Conference Proceedings 2016, May 2016, pp. 1–6. intrusion detection system (IDS) based on computer network,” in
[54] B. Karakostas, “Event prediction in an iot environ- 2nd International conferences on Information Technology, Information
ment using nave bayesian models,” Procedia Computer Systems and Electrical Engineering (ICITISEE). IEEE, nov 2017.
Science, vol. 83, pp. 11–17, 2016. [Online]. Available: [Online]. Available: https://doi.org/10.1109/icitisee.2017.8285566
http://www.sciencedirect.com/science/article/pii/S1877050916301168 [74] S. A. Ludwig, “Intrusion detection of multiple attack classes using a
[55] Y. Sun, L. Wu, S. Wu, S. Li, T. Zhang, L. Zhang, J. Xu, Y. Xiong, deep neural net ensemble,” in IEEE Symposium Series on Computational
and X. Cui, “Attacks and countermeasures in the internet of vehicles,” Intelligence (SSCI), Nov 2017, pp. 1–7.
Annals of Telecommunications, vol. 72, no. 5, pp. 283–295, Jun 2017. [75] K. Kim and M. E. Aminanto, “Deep learning in intrusion detection per-
[Online]. Available: https://doi.org/10.1007/s12243-016-0551-6 spective: Overview and further challenges,” in International Workshop
[56] H. Ferreira, G. Cerqueira, J. de Sousa, and R. Timoteo, “Security on Big Data and Information Security (IWBIS), Sept 2017, pp. 5–10.
analysis of a proposed internet of things middleware,” Cluster [76] Z. Y. Yin, X. and X. Chen, “A binary-classification method based
Computing, vol. 20, no. 1, pp. 651–660, Mar 2017. [Online]. Available: on dictionary learning and admm for network intrusion detection,” in
https://doi.org/10.1007/s10586-017-0729-3 International Conference on Cyber-Enabled Distributed Computing and
[57] P. A. Lavrova, D. and V. Gluhov, “Applying correlation analysis methods Knowledge Discovery (CyberC), Oct 2017, pp. 326–333.
to control flow violation detection in the internet of things,” Automatic [77] P. P. Jayaraman, X. Yang, A. Yavari, D. Georgakopoulos, and X. Yi,
Control and Computer Sciences, vol. 49, no. 8, pp. 735–740, Dec 2015. “Privacy preserving internet of things: From privacy techniques to a
ACCEPTED MANUSCRIPT
12
blueprint architecture and efficient implementation,” Future Generation [95] S. A. Shaikh, H. Chivers, P. Nobles, J. A. Clark, and H. Chen, “A
Computer Systems, vol. 76, pp. 540–549, nov 2017. [Online]. Available: deployment value model for intrusion detection sensors,” in Advances
https://doi.org/10.1016/j.future.2017.03.001 in Information Security and Assurance. Berlin, Heidelberg: Springer
[78] A. R. Sfar, E. Natalizio, Y. Challal, and Z. Chtourou, “A roadmap for Berlin Heidelberg, 2009, pp. 250–259.
security challenges in the internet of things,” Digital Communications [96] A. A. Gendreau and M. Moorman, “Survey of intrusion detection
and Networks, vol. 4, no. 2, pp. 118–137, 2018. [Online]. Available: systems towards an end to end secure internet of things,” in
http://www.sciencedirect.com/science/article/pii/S2352864817300214 IEEE 4th International Conference on Future Internet of Things
[79] “A framework for automating security analysis of the and Cloud (FiCloud). IEEE, aug 2016. [Online]. Available:
internet of things,” Journal of Network and Computer https://doi.org/10.1109/ficloud.2016.20
Applications, vol. 83, pp. 12–27, 2017. [Online]. Available: [97] K. Perumal and M. Manohar, A Survey on Internet of Things: Case Stud-
http://www.sciencedirect.com/science/article/pii/S1084804517300541”, ies, Applications, and Future Directions. Cham: Springer International
author = Ge, M. and Hong, J. B. and Guttmann, W. and Kim, D. S., Publishing, 2017, pp. 281–297.
[80] F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi,
“Internet of things security: A survey,” Journal of Network and
Computer Applications, vol. 88, pp. 10–28, 2017. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S1084804517301455
T
[81] I. Charfi, J. Miteran, J. Dubois, M. Atri, and R. Tourki, “Definition and
performance evaluation of a robust SVM based fall detection solution,”
IP
in 2012 Eighth International Conference on Signal Image Technology
and Internet Based Systems. IEEE, nov 2012. [Online]. Available: Kelton Pontara Augusto da Costa is graduated in
https://doi.org/10.1109/sitis.2012.155 Systems Analysis from the Sagrado Coração Uni-
[82] X. Guo, N. Ansari, L. Li, and H. Li, “Indoor localization by versity (USC). In 2004 received his Master’s Degree
CR
fusing a group of fingerprints based on random forests,” IEEE in Computer Science from the Euripides de Marilia
Internet of Things Journal, pp. 1–1, 2018. [Online]. Available: University (UNIVEM). In 2009 he received his
https://doi.org/10.1109/jiot.2018.2810601 Ph.D. in Electrical Engineering from the São Paulo
[83] Y. Shen, T. Han, Q. Yang, X. Yang, Y. Wang, F. Li, and University (USP). During 2010-2011, he worked as
H. Wen, “CS-CNN: Enabling robust and efficient convolutional a post-doctorate researcher at the Institute of Com-
[84]
neural networks inference for internet-of-things applications,” IEEE
Access, vol. 6, pp. 13 439–13 448, 2018. [Online]. Available:
https://doi.org/10.1109/access.2018.2810264
A. Azmoodeh, A. Dehghantanha, and K. R. Choo, “Robust
malware detection for internet of (battlefield) things devices
using deep eigenspace learning,” IEEE Transactions on
US puting of the University of Campinas (UNICAMP),
SP, Brazil. He worked as a post-doctorate researcher
at Department of Computer Science of the Paulista
Júlio de Mesquita Filho State University (UNESP), SP, Brazil. He is advisor
Professor of the Program Master’s Degree in Computer Science (UNESP).
He is evaluator undergraduate courses (INEP-MEC) and has experience in
AN
Sustainable Computing, pp. 1–1, 2018. [Online]. Available: Computer Science with emphasis in Computer Systems Architecture and
https://doi.org/10.1109/tsusc.2018.2809665 Distributed Systems, acting on the following topics: Management in Computer
[85] W. L. Al-Yaseen, Z. A. Othman, and M. Z. A. Nazri, “Multi-level Networks, Security in Computer Networks, Anomaly Detection Systems and
hybrid support vector machine and extreme learning machine based Signatures in Computer Networks and Data Flow Analysis in Computer
on modified k-means for intrusion detection system,” Expert Systems Networks.
with Applications, vol. 67, pp. 296–303, 2017. [Online]. Available:
M
http://www.sciencedirect.com/science/article/pii/S0957417416305310
[86] W. Feng, Q. Zhang, G. Hu, and J. X. Huang, “Mining network data for
intrusion detection through combining svms with ant colony networks,”
Future Generation Computer Systems, vol. 37, pp. 127–140, 2014,
special Section: Innovative Methods and Algorithms for Advanced Data-
ED
[87] Y. Zhao, L. T. Yang, and J. Sun, “A secure high-order CFS los, SP, Brazil. In 2008, he received his Ph.D. in
algorithm on clouds for industrial internet-of-things,” IEEE Transactions Computer Science from the University of Campinas,
on Industrial Informatics, pp. 1–1, 2018. [Online]. Available: SP, Brazil. During 2008-2009, he had worked as
https://doi.org/10.1109/tii.2018.2816343 a post-doctorate researcher at the same institute.
[88] B. Ali and A. Awad, “Cyber and physical security vulnerability He has been a Professor at the Computer Science
CE
assessment for IoT-based smart homes,” Sensors, vol. 18, no. 3, p. 817, Department, São Paulo, State University, since 2009,
mar 2018. [Online]. Available: https://doi.org/10.3390/s18030817 and his research interests include machine learning,
[89] L. Wang and X. Liu, “NOTSA: Novel OBU with three- pattern recognition and image processing.
level security architecture for internet of vehicles,” IEEE
Internet of Things Journal, pp. 1–1, 2018. [Online]. Available:
AC
https://doi.org/10.1109/jiot.2018.2800281
[90] H. Wu and W. Wang, “A game theory based collaborative security
detection method for internet of things systems,” IEEE Transactions on
Information Forensics and Security, vol. 13, no. 6, pp. 1432–1445, jun
2018. [Online]. Available: https://doi.org/10.1109/tifs.2018.2790382
[91] O. K. Li, H. and M. Dong, “Learning iot in edge: Deep learning for the Celso de Oliveira Lisboa Has a technical-vocational
internet of things with edge computing,” IEEE Network, vol. 32, no. 1, course by the National Service of Industrial Learning
pp. 96–101, Jan 2018. - São Paulo. He is graduated in Computer Science
[92] Q. Yan, W. Huang, X. Luo, Q. Gong, and F. R. Yu, “A multi-level from the São Paulo State University, SP, Brazil
DDoS mitigation framework for the industrial internet of things,” (2016). Currently is a a student in M.Sc. in Com-
IEEE Communications Magazine, vol. 56, no. 2, pp. 30–36, feb 2018. puter Science from the São Paulo State University,
[Online]. Available: https://doi.org/10.1109/mcom.2018.1700621 SP, Brazil.
[93] S. Majumder, E. Aghayi, M. Noferesti, H. Memarzadeh-Tehran, T. Mon-
dal, Z. Pang, and M. J. Deen, “Smart homes for elderly healthcarea
recent advances and research challenges,” Sensors, vol. 17, no. 11, 2017.
[94] A. Rayes and S. Samer, Internet of Things From Hype to Reality:
The Road to Digitization, 1st ed. Springer Publishing Company,
Incorporated, 2016.
ACCEPTED MANUSCRIPT
13
T
IP
CR
US
AN
Victor Hugo C. de Albuquerque Victor Hugo C. de
Albuquerque has a Ph.D. in Mechanical Engineer-
ing with emphasis on Materials from the Federal
University of Paraiba (UFPB, 2010), an MSc in
Teleinformatics Engineering from the Federal Uni-
versity of Ceara (UFC, 2007), and he graduated
M
Augmented and Virtual Reality Simulation Modeling for animals and humans.
Additionally, he has research at the microstructural characterization field
through the combination of non-destructive techniques with signal and image
processing and analysis and pattern recognition. Prof. Victor is the leader
of the Computational Methods in Bioinformatics Research Group. He is an
CE