Implementation of Intrusion Detection System in the

Internet of Things: A Survey

Shakir Zaman Haseeb Tauqeer Wakeel Ahmad
Department of Computer Science University Department of Computer Science University Department of Computer Science University
of Engineering and Technology Taxila of Engineering and Technology Taxila of Engineering and Technology Taxila
Taxila, Pakistan Taxila, Pakistan Taxila, Pakistan
[email protected] [email protected] [email protected]

Syed M. Adnan Shah Muhammad Ilyas

Department of Computer Science University Department of Computer Science and IT
of Engineering and Technology Taxila University of Sargodha
Taxila, Pakistan Sargodha, Pakistan
[email protected] [email protected]

Abstract— The Internet of Things (IoT) is a precipitously
evolving technology. In which interconnected computing devices and
sensors share data over the network to decipher different problems
and deliver new services. Medical treatment, control devices
remotely, and machine to machine interaction, etc., are services for
2020 IEEE 23rd International Multitopic Conference (INMIC) | 978-1-7281-9893-4/20/$31.00 ©2020 IEEE | DOI: 10.1109/INMIC50486.2020.9318047
Numerous technologies are involved in achieving the
objective of IoT. Such as, Smart Grid (SG), Radio Frequency
Identification (RFID), Near Field Communication (NFC),
Machine to Machine Communication (M2M) and Vehicle to
Vehicle Communication (V2V). IoT equipment are totally

users without human collaboration. Despite of having many
advantages it also has some disadvantages, Security is one of them.
There are many techniques used to preclude IoT from several attacks
Intrusion Detection System (IDS) is one of them. IDS is one of the
most original and well-organized methods that can protect IoT
devices from invaders and detect their attack with high accuracy.
This study discussed and briefly explained numerous kinds of attacks
like DDoS/DoS, hello flood and Sybil attack, etc., and also
anticipated different kinds of IDS approaches like Machine
Learning, SDN, and Automata-based IDS that can be beneficial for
the prevention and detection of IoT devices from attacks.
Keywords—IoT, IDS, Machine Learning, SDN, Automata
I. INTRODUCTION
Internet of Things (IoT) is a ubiquitous network in which
devices communicate without human interaction. The sensor
plays a key role in the IoT environment as the data is perceived
by these sensors and then sent to the central body for the further
process [1]. Smart devices like sensor nodes, smart TV, smart
mobile, smart doors, and smart heater get connected through the
Internet with each other to give information, to provide comfort
to humans [2]. Fig. 1 shows the architecture of the IoT network.
The gateway acts as a threshold between IoT devices (smart
AC, smart locks, smart lights, e.t.c) and control devices (laptops
and user's mobile phones). Due to incompatible devices
architecture, the IoT environment becomes heterogeneous. As a
result of heterogeneity, these devices are vulnerable to security
attacks. An intruder may take control of the smart devices
remotely and can use it for his malicious purposes, causing
billion dollars loss. As discussed in [3], in 2016, every IoT
device was attacked once in every two minutes. According to a
recent study by HP, currently, almost 70% of smart devices are
vulnerable to security threats. Another study by HP reveals that
90% of devices have collected personal information during the
testing phase. This data can be used for nasty purposes due to a
compromised device or as a result of a cyber-attack [4].
dependent on the power. It is core need of power supplier to
supply power in an efficient manner. To overcome the power
supplier issues (customer’s dissatisfaction, expensive resources
and interrupted power) a more reliable solution SG is proposed
in [5]. It helps in producing, supplying and transmitting power
in an efficient and reliable way. In RFID information is shared
through the radio frequency. RFID system comprises of
multiple readers and a tag. The data are stored on the tag
electronically. This system works in real time to monitor the
objects. NFC is also a sort of communication in which
information is shared wirelessly. A small amount of information
is shared only if both of the devices are NFC capable. Unlike
Bluetooth technology it doesn’t demand pre-connection.
Usually, It can send data over the distance of 20m or depends
on the size of the antenna. M2M communication occurs mostly
in computers, embedded processors, mobiles and sensors. This
is applicable in various fields like robotics, healthcare and smart
homes, etc. V2V consist of a vehicle which pretends to be a
node. Communication is achieved through sensors connected to
an ad-hoc network. It has quite complex structure as it doesn’t
follow a uniform protocol due to mobile vehicle. It can send
data over the distance of 1000m [6]. Software Defined Network
(SDN) makes the network programmable. Instead of routers and
switches, in SDN centralized controller is used for control

Fig.1. IoT Structure

978-1-7281-9893-4/20/$31.00 ©2020 IEEE

purpose. Routers and switches are just used as forwarding
device. SDN controller has a universal view of network and by
this, structure of network become easy to understand [7]. An
updated programmed network control is offered by SDN, which
split data planes and control that are established on the devices
of vendor’s application in smart gird [8].
Intrusion Detection System (IDS) is used to monitor
network. It also works as fire alarm system which only
identifies the incidents. With a lot of benefits, it also has some
issues for example if alarm is not listened properly then it may
harm the system. It also has more issues like incidents that occur
by IDS itself, it does not prevent the system form them. The
information it read form IP packet can also be faked which is
also a challenge. And finally where it provides easiness to users,
it also has some issues which need to be addressed.To mitigate
network security issues, numerous techniques are being used by
the users; IDS is one of them. It helps in detecting the intrusions
in the network and inform the user about threats. Early detection
of the attacks protects the network for being compromised. This
paper is organized as follows. Section I comprises of
Introduction. Section II describes IDS, and section III covers
various techniques implemented in IDS so far. In the end,
section IV is a brief conclusion of this research work.
II. INTRUSION DETECTION SYSTEM (IDS)
IDS aims to monitor the network, detect compromised
nodes, and intrusions in-network and alert the user about
detected intrusions [9]. It also works fine for both external and
internal attacks. This technology is evolving gradually to
mitigate computer crime. Usually, IDS have three main
components: Monitoring, Analysis & Detection, an Alarms.
Network traffic, patterns, and resources are monitored by the
monitoring module. Analysis and detection module plays a role
in detecting intrusion according to a specific algorithm. Alarm
module trigger alarms on the detection of intrusion. Fig. 2 [10]
depicts the architecture of IDS. The prevention system requires
numerous kinds of threats that can arise on data. This phase of
IDS is also known as the input section. In Intrusion Monitoring,
phase monitor the data and traffic. While in the Intrusion
Detection phase, the attack is detected if it matches the patterns.
Then after identifying an attack, in the response section, it will
produce a notification to make the system attentive to attacks.
And then, at the end of refinement, it uses to recover data that
is damaged or destroyed by attacks. There are two categories in
which IDS is classified, Network-Based Intrusion Detection
System (NIDS) and Host-Based Intrusion Detection System
(HIDS).
A. A Network-Based Intrusion Detection System (NIDS)
NIDS is used to detect network threats by monitoring and
analyzing network traffic. NIDS intends to cover those places
where the percentage of occurring of attack is greater.
Normally, it is placed on all subnets.
B. A host-Based Intrusion Detection System (HIDS)
HIDS is normally used in a single system. With the
connection of the internet, it runs on all devices that are
connected in a network. It equates the previous snapshot of the
file set to the file set of the entire system. Then alerts the
Fig.2. IDS Architecture
administrator if there is a change in the normal behavior of the
system.
III. IDS TECHNIQUES
A. Machine Learning Approach
Machine Learning is a child of Artificial Intelligence that
can learn from data and perform decisions with minimum
human interaction. Fig. 3 shows an overview of the Machine
Learning structure.
1. Supervised
In supervised machine learning algorithms, users have prior
knowledge about the output for a given sample. The main aim
of supervised learning is to train the machines on the data that
is already available with the authentic result. Supervised
learning usually occurs in classification whenever we want to
map the input to the output label. Some well-known supervised
algorithms are Random Forests, Support Vector Machine
(SVM), and Artificial Neural Network (ANN).
a) Artificial Neural Network (ANN)
The work in the field of ANN is started at the end of nineteen
and the start of the twentieth century. The first neural network
was developed in 1950. There are many things that computers
can do better than humans like mathematical problems etc. But
still, human brains are much faster and sensitive then computer
machines in the way of imagination and inspiration. ANN are
invented to make computers similar to human brains [11].
Pandeeswari et.al [12] anticipated that there are a lot of
resources which are affords by cloud computing. In this article
the authors proposed an anomaly detection based IDS. And for
improving detection ratio they used hybrid model which
combines, Fuzzy C Means and Artificial Neural Network. The
proposed system is implemented with Naïve Bayes classifier.
b) Random Forest
Random Forest is flexible and one of the most used
algorithms due to its easiness. The simple working of Random
Forest is that it builds decision trees and then combines them to
get optimal solutions or predictions. The most prominent
advantage of the Random Forest algorithm is that it is used for
both regression and classification. Usually, manufacturers do
not pay any attention to the Security of the devices. They are
only concerned about the low power hardware equipment [13].
Hence IoT devices are not computationally enabled to do the
large computational encryption task.
 Fig.3. Different approaches used for Intrusion Detection System in IoT
In [14], the proposed system has two basic parts. In the first
part, Network traffic monitoring device is used to gather data
from the nodes traffic and forward it to cloud analyzer for
feature extraction. Raspberry Pi-3 acts as a central device. The
second part is the detection and classification of the attacks.
Tshark is used as a network protocol analyzer. The main goal is
to capture network traffic and save as Pcap files. These Pcap are
uploaded for analysis to the cloud analyzer. BroIDS works as a
traffic analyzer and analyze Pcap files. To store the extracted
network features, MySQL database is used. These features are
then further used by the processing module. With the help of 31
estimators (decision trees), Random Forest Classifier and
Scikit-Learn ExtraTreesClassifier classify intrusions. Based on
the information gain ratio decision tree's quality is measured.
The output layer uses Softmax as an activation function. Output
dimensions of Softmax function are used as dataset categories,
one is regular, and 9 of them are attacks. The regularization of
dropouts is used to avoid overfitting.
c) Support vector machine (SVM)
The main concept of SVM is the decision plane. A decision
plane is like a separator that separates the members of different
classes. In this IDS, Machine Learning algorithms such as
SVM, naive Bayes classifier, J.48 decision tree, and decision
table are used in the anomaly detection model as supervised
algorithms. KDD99 dataset is used for training and evaluation
purposes [15]. Nowadays, most of the functional IDSs are either
for traditional IoT network architecture or conventional
wireless sensor networks (WSNs). But none of them is suitable
for IPV6. Famous traditional IDSs like Snort and Bro just
worked on an IP-Based system, but they cannot manage a
heterogeneous environment. That is why new components
should have the capacity to tackle such huge traffic. In [16], the
proposed system works dynamically and detects threats in real-
time. After network installation, two sets of data are gathered.
By seeking the help of these datasets, a Machine Learning
paradigm is created that acts as the core of the proposed model.
Wireshark is used as the network traffic analyzer. Nmap is used
as a network scanner to scan networks. Simple versions of DoS
attacks, such as UDP Flood and SYN Attacks, are injected for
network evolution. Classification experiments are carried out
by using the well-known Weka ML tools.
2. Unsupervised
In unsupervised learning, we do not need to train the model.
It produces results for unforeseen data based on its previous
experience. Therefore, it can find all kinds of unknown patterns.
These algorithms are used in clustering and association
problems [17].
a) Anomaly Detection
In anomaly detection, abnormal data points are discovered
in the dataset. This is useful in identifying fake operations,
finding damaged pieces of hardware, or pinpointing errors that
occurred during data entry work. Authors use a TOSSIM
simulator in [18]. Both anomaly detection and signature-based
detection were used in this paper. And named their solution as
a lightweight intrusion detection device because when an attack
is expected to occur, the anomaly detection technique is
triggered. When anomaly detection is enabled all the time, the
intrusion detection device can consume more energy.
In [19], Pajouh et al. discussed that in cybersecurity,
network anomaly detection is the most problematic and
challenging field. In the proposed paper, they anticipated a two-
tier classification model established on Naive Bayes
methodology. This proposed system offers low computation
because of feature selection and optimal measurement
reduction. Besides Security against multifaceted and occasional
attacks, it also provides sophisticated detection rates. This
model is accomplished by the SMOTE technique, and the NSL-
KDD data set is used. Earlier techniques for low resource IoT
devices, which used anomaly detection in IDS, could cause
high-energy consumption because they were triggered all the
time. So, in [20], Sedjelmaci et al. proposed a game-theoretic
method that is triggered only when a new attack is about to
occur. By this approach, false-positive rates are improved, and
the energy consumption is reduced.
b) Association Mining
Association mining classifies sets of items that commonly
take place simultaneously in your dataset. It aims to draw out
productive rules that help in producing new knowledge.
Association rules are solely based on the relations between the
items. These rules are represented by two terms antecedent
(predicts the consequence) and consequence (predicted by
antecedent in association).Furthermore these rules predicts the
occurrence of one item based on the occurrence of another
specific item. Analysis mechanism of Association mining
comprises of two main parts. First, to find out the item or
itemset from the given database. Second part is to identify
successive interferences from these itemset [21]. Applications
of Association mining are Basket data analysis, Cross
marketing and Catalog design, etc.
 c) Clustering
The best model for data is to consider that it has multiple
blobs. The main thing to build model like this, is that which data
point have relation with which blob. Data points that are close
enough are accumulated and created blobs from them. These
blobs are known as clusters and the technique used in this
process is called clustering [22]. The most famous clustering
algorithm was developed in 1957 that was k-means clustering.
After this, many other clustering algorithms have been
proposed and used to give benefits to the users. In these days’
data clustering is come up as an effective technique to correctly
fulfil the categorizing of data in realistic groups [23].
B. Deep learning and SDN based IDS
Deep Learning is a function of artificial intelligence which
tends to make computer to decide like a human brain. It
comprises of three categories known as semi-supervised,
supervised, and unsupervised. SDN makes the network
programmable. Instead of routers and switches, in SDN
centralized controller is used for control purposes. Routers and
switches are just used as forwarding devices. SDN controller
has a universal view of the network, and by this, the structure
of the network become easy to understand.
In [24] security solution is proposed by implementing a
novel IDS. In proposed work, the network connection phase and
network protocols of the host network are analyzed, and then
through virtual network channels, a connection is established.
The link prober module is primarily responsible for sending
probe signals to all host network devices (IoT personal area
network). Whenever a session request or handshake is received,
the connection prober extracts the information of the received
data packet and converts it into an appropriate protocol. Virtual
Network Client (VNC) module ensures the compatible network
channels according to the information gathered in-network
prober module. Controller module controls, an interfaces data
packet, and command exchange among Data Collection,
Transformation, and the VNC module. Connection Prober and
VNC module are autonomous and are also controlled by the
Controller module. Data collection and transformation tears
down data packets extracts header tags as functions, populates
the cached database, and then transfers all information to the
anomaly detection module based on Machine Learning.
Machine Learning-based anomaly detection module (MLAD)
consists of the Machine Learning engine. The engine is
responsible for separating the good tuple from the hostile tuple.
If the monitoring module detects unusual activity and has a
tuple-related decision-trigger, it activates the Actuator module
for further intervention. Otherwise, it activates the module of
the Trainer, which requires human interaction to continue the
learning process. Trainer module is invoked when MLAD is
needed to prepare for an unknown tuple, and human
intervention is also required. The key responsibility of the
Mitigation phase is to mitigate the attack and then launch an
appropriate response. The Handler component runs the
mitigation response on getting signal from Actuator module
In [25], Wani et al. use SDN based intrusion detection
technique to remove major threats of IoT. This system provides
Security and defends smart things from the top level. An
approach based on SDN gateway is used for routing the traffic
towards IoT. So, the gateway cannot pass an attack to the IoT
network. In [26], Alsmadi et al. discussed that the IDS system
performs improved and intellectual detection on conceivable
network attacks that are projected to occur. Intrusion Prevention
System (IPS) works with the amalgamation of IDS to take
action to terminate detected network attacks. But it is a very
problematic assignment to find difference between malicious
traffic and normal traffic through IDS/IPS. So, in this paper,
they proposed an SDN based IDS/IPS system to encounter these
challenges. Because they measured that programmable
networking is the best solution for these types of challenges.
C. Blockchain and Automata-based IDS
Blockchain (BC) technology is based on P2P topology. It is
distributed ledger technology that has the potential to store data
on thousands of servers globally. There are a lot of successful
implementations of Blockchain technology, but the first one is
the Bitcoin network[10]. Collaborative IDS is used to tackle
complex attacks, but it has flaws as well. This collaborative IDS
failed to mitigate personal attacks. Because of the distributed
existence, malicious nodes can provide false rules affecting the
detection of other nodes. Motivated by Blockchain technology
and to mitigate insider attacks, a CBSigIDS is proposed in [27].
For distributed architecture, the proposed system provides a
signature based trustworthy environment over a collaborative
network.
IoT devices work efficiently with a distributed, lightweight,
and scalable Security and privacy approach. A system that has
the aforementioned characteristics (distributed, secure, and
private nature) is Blockchain technology, which is the first
cryptocurrency that supports Bitcoin [28]. A solution is
proposed in [29] based on an innovative instance of Bitcoin by
eliminating the need for coins and the idea of Proof of Work
(POW). This anticipated model focused on tiered composition
and distributed fashion to ensure the safety of Bitcoin. To
convey the idea of their work in a better way, authors
demonstrated their thoughts in the domain of smart home (an
application of IoT). Overlay, smart home, and cloud storage are
three main parts of their projected design. The vulnerability of
built-in features, physical components, network device, and
application layer reside on different levels are a target by
security issues. Different protocols are used by users to interact
with these components, which can be demolished by security
threats. The various protocols supportive deployment of
components adds to the complexity of these countermeasures.
In [30] a survey of key security solutions is proposed. A
comprehensive analysis of security threats of all levels( high,
intermediate, and low) and solutions of such filthy problems are
discussed. IoT definition in the coming era is related to 5G
Internet. In [31], authors suggest a model based on automatons.
The proposed automata model can describe an IoT system's
communication. The implementation of this model into the
intrusion detection framework became possible. The proposed
IDS based on automatons consists of four parts: Event monitor,
Event Analyzer, Event Database, and Response Unit. But it
focuses mainly on the Event Analyzer and Response Unit.
 Table 1: Summary of IDS techniques

Ref. Problem Technique Tool

Heterogeneity in IoT devices, easy access to penetration tools, ANN and Random Forest, UNSW-
[14] TShark as network protocol analyzer.
distributed environment NB15 dataset.
Sony Smart TV, Samsung smartwatch,
Heterogeneity, Incompatibility with IPV6, rule base IDS, no
[16] Supervised Nova 3I smartphone, HP wireless
evaluation in a real environment.
printer, Whirlpool smart AC
[15] Failure in novel detection. SVM, J.48 decision tree KDD99
[18] High energy consumption due to high computation power. Unsupervised (Anomaly detection) Nash Equilibrium.
[19] Fail to detect novel attacks, DoS, Probe, R2L, and U2R Smote KDD99, NSL-KDD
High energy consumption, Heterogenous devices, Internal and Game Theory, ANN, Anomaly
[20] TOSSIM, TinyOS
External attacks Detection by supervised algorithms.
[24] DDoS, Botnets, Virus or Malware, Data Theft. SDN Mininet 2.0, RYU controller
[25] Failure in novel detection. Deep Learning N/A
[26] Static Firewall rules, network attacks, SDN, SDN based IDS/IPS N/A
[27] Insider attacks Blockchain approach N/A
Computation and energy consumption overhead of traditional
[29] Blockchain technology, Bitcoin. N/A
security methods.
[30] Limited power and less memory of IoT devices Blockchain technology. KD 99 dataset.
Unauthorized user Due to long-distance DOS attacks, a IOLTS, The Needham-Shroeder Public
[31] Automata theory
dynamic environment. Key
Sinkhole attack, Selective forwarding, Wormhole attack, IP
[32] N/A Raspberry Pi, 3B model
spoof attack, and (DDoS).
[33] External Intruders, Internal Intruders, (DoS), Zero-Day attack SIM, SEM Apache Server
[34] Hello, flood attack and Sybil attack. Hybrid Approach N/A

D. IDSs for Denial of Service Attack, Hello Flood Attack
and Sybil Attack in IoT
A solution is proposed against DOS attacks in [32] by
Sousa et al. The architecture of the system is as follows.
Sensor, Packet Analyzer, Attack Detection, Generation
Rules, and the IPTABLES rules for output, which are the
rules created by the firewall. It also has IP capture and packet
capture modules. IP Capture module captures IP addresses of
all active devices over the network. IP Capture's output is
input to Packet Capture to detect attacks. Once the packets
are collected, their features are extracted and loaded into the
database of DB Packs. Packet Analyzer uses these features to
determine whether traffic is coming from registered network
devices. Packet Analyzer uses these features to determine
whether traffic is coming from registered network devices. It
then shares information with the Attack Detection module.
The Attack Detection module is responsible for classifying
the attack based on the features provided by the Packet
Analyzer. Finally, the attack record is inserted into the
database. Generation Rules module produces the blocking
function against the attacks based on the history of attacks
stored in the database.
In [33], authors have proposed a tool named as Security
Information and Event Management (SIEM). This tool has
further two modules, Security Information Management
(SIM) and Security Event Manager (SEM). The main aim of
SIM is to gather information from the distributed candidate
resources of the system and store the collected information to
a single destination, just like a database. In the phase of
collection information, various software and tools are used.
SEM is used to monitor the collected information and detects
the attacks. In [34], Hodo et al. use the ANN techniques to
detect the various type of security attacks. This approach also
can detect a Distributed Denial of Service (DDoS) attacks.
ANN has two learning procedures, supervised and
unsupervised learning. In this technique, multi-layer
perception is used for training with the Feed-Forward
Learning algorithm and Backward Learning algorithm.
IV. SURVEY FINDINGS
IoT devices have less computation ability to perform
bulky processing tasks. Yet security of IoT devices can’t be
compromised. To overcome aforementioned defect a solution
is proposed in [8] based on machine learning algorithms.
Proposed work has three modules data collection, data
processing and detection module. Random Forest and Neural
Networks are used for detection and categorization of the
intrusions respectively. In [10] against DoS attacks a solution
is proposed based on machine learning and rule-based
approach to monitor the abnormal behavior of the network.
Machine learning approach assists in training the model for
the normal activities of the network. This model can detect
the anomaly even it occurs for the first time. Integrated
Intrusion Detection System is proposed in [15] based on
machine learning. This model doesn’t rely on router for
information gathering, rather it operates separately. Proposed
work comprises of three phases network connection,
detection and the mitigation phase. In [18] a blockchain based
collaborative IDS is proposed. This technique demolishes
insider attacks that occur due to shared information among
IDS nodes. In [21] a survey of security threats to IoT devices
along with solutions based on Blockchain technology is
conducted.
V. CONCLUSION
IoT is collection of devices with network connectivity. It is a
heterogeneous environment, as devices of different
manufacturers and specifications are connected to obtain the
objective of IoT. As IoT is evolving, but manufacturers have
not paid any reasonable security measurements.
Manufacturer of smart devices (smart lock, smart AC, smart
meters, etc.) mainly focuses on the less computational and
low energy consumption devices, consequently left behind
the security approaches for the devices. To tackle security
vulnerabilities, various techniques are being carried out; IDS
is one of them. Related works that have surveyed IDS has
covered IDS only in general terms. We follow a new way to
survey IDS; we have first chosen various techniques being
implemented in IDS. And then gathered the information for
each category based on technology and technique. In this
paper, we have surveyed IDS using Machine Learning, Deep
Learning, Blockchain, Automata theory, and SDN.
REFERENCES
[1] Porkodi, R. and V. Bhuvaneswari, "The internet of things (IOT)
applications and communication enabling technology standards: An
overview". in 2014 International conference on intelligent computing
applications. 2014. IEEE.
[2] Lou, Y., et al., "Personalized gesture interactions for cyber-physical
smart-home environments". Science China Information Sciences,
2017. 60(7): p. 072104.
[3] Collen, A., et al., "Ghost-safe-guarding home IoT environments with
personalised real-time risk control". in International ISCIS Security
Workshop. 2018. Springer.
[4] Kanuparthi, A., R. Karri, and S. Addepalli, "Hardware and embedded
security in the context of internet of things". in Proceedings of the 2013
ACM workshop on Security, privacy & dependability for cyber
vehicles. 2013.
[5] Faheem, M., et al., "Smart grid communication and information
technologies in the perspective of Industry 4.0: Opportunities and
challenges". Computer Science Review, 2018. 30: p. 1-30.
[6] Shah, S.H. and I. Yaqoob, "A survey: Internet of Things (IOT)
technologies, applications and challenges". in 2016 IEEE Smart Energy
Grid Engineering (SEGE). 2016. IEEE.
[7] Amin, R., M. Reisslein, and N. Shah, "Hybrid SDN networks: A survey
of existing approaches". IEEE Communications Surveys & Tutorials,
2018. 20(4): p. 3259-3306.
[8] Faheem, M., et al., "Energy efficient and reliable data gathering using
internet of software-defined mobile sinks for WSNs-based smart grid
applications". Computer Standards & Interfaces, 2019. 66: p. 103341.
[9] Ganapathy, S., et al., "Intelligent feature selection and classification
techniques for intrusion detection in networks: a survey". EURASIP
Journal on Wireless Communications and Networking, 2013. 2013(1):
p. 271.
[10] Pandey, P. and A. Barve, "An Energy-Efficient Intrusion Detection
System for MANET", in Data, Engineering and Applications. 2019,
Springer. p. 103-117.
[11] Witten, I.H. and E. Frank, "Data mining: practical machine learning
tools and techniques with Java implementations". Acm Sigmod Record,
2002. 31(1): p. 76-77.
[12] Pandeeswari, N. and G. Kumar, "Anomaly detection system in cloud
environment using fuzzy clustering based ANN". Mobile Networks and
Applications, 2016. 21(3): p. 494-505.
[13] Pacheco, J. and S. Hariri, "IoT security framework for smart cyber
infrastructures". in 2016 IEEE 1st International Workshops on
Foundations and Applications of Self* Systems (FAS* W). 2016.
IEEE.
[14] Mohamed, T., T. Otsuka, and T. Ito, "Towards Machine Learning Based
IoT Intrusion Detection Service". in International Conference on
Industrial, Engineering and Other Applications of Applied Intelligent
Systems. 2018. Springer.
[15] Mehmood, T. and H.B.M. Rais, "Machine learning algorithms in
context of intrusion detection". in 2016 3rd International Conference
on Computer and Information Sciences (ICCOINS). 2016. IEEE.
[16] Mridha, M., M.A. Hamid, and M. Asaduzzaman, "Issues of Internet of
Things (IoT) and an intrusion detection system for IoT using machine
learning paradigm". in Proceedings of International Joint Conference
on Computational Intelligence. 2020. Springer.
[17] Sarmah, D.K., "A Survey on the Latest Development of Machine
Learning in Genetic". Optimization in Machine Learning and
Applications: p. 91.
[18] Sedjelmaci, H., S.M. Senouci, and M. Al-Bahri, "A lightweight
anomaly detection technique for low-resource IoT devices: a game-
theoretic methodology". in 2016 IEEE International Conference on
Communications (ICC). 2016. IEEE.
[19] Pajouh, H.H., G. Dastghaibyfard, and S. Hashemi, "Two-tier network
anomaly detection model: a machine learning approach". Journal of
Intelligent Information Systems, 2017. 48(1): p. 61-74.
[20] Sedjelmaci, H., S.M. Senouci, and T. Taleb, "An accurate security game
for low-resource IoT devices". IEEE Transactions on Vehicular
Technology, 2017. 66(10): p. 9381-9393.
[21] Ceglar, A. and J.F. Roddick, "Association mining". ACM Computing
Surveys (CSUR), 2006. 38(2): p. 5-es.
[22] Forsyth, D., "Clustering", in Applied Machine Learning. 2019,
Springer. p. 155-182.
[23] Ghosal, A., et al., "A short review on different clustering techniques
and their applications", in Emerging Technology in Modelling and
Graphics. 2020, Springer. p. 69-83.
[24] Chawla, S. and G. Thamilarasu, "Security as a service: real-time
intrusion detection in internet of things". in Proceedings of the Fifth
Cybersecurity Symposium. 2018.
[25] Wani, A. and S. Revathi, "Analyzing threats of iot networks using sdn
based intrusion detection system (sdiot-ids)". in International
Conference on Next Generation Computing Technologies. 2017.
Springer.
[26] Alsmadi, I.M. and A. AlEroud, "SDN-based real-time IDS/IPS alerting
system", in Information Fusion for Cyber-Security Analytics. 2017,
Springer. p. 297-306.
[27] Li, W., et al., "Designing collaborative blockchained signature-based
intrusion detection in IoT environments". Future Generation Computer
Systems, 2019. 96: p. 481-489.
[28] Nakamoto, S., "A peer-to-peer electronic cash system". Bitcoin.–URL:
https://bitcoin. org/bitcoin. pdf, 2008.
[29] Dorri, A., et al., "Blockchain for IoT security and privacy: The case
study of a smart home". in 2017 IEEE international conference on
pervasive computing and communications workshops (PerCom
workshops). 2017. IEEE.
[30] Khan, M.A. and K. Salah, "IoT security: Review, blockchain solutions,
and open challenges". Future Generation Computer Systems, 2018. 82:
p. 395-411.
[31] Fu, Y., et al., "An automata based intrusion detection method for
internet of things". Mobile Information Systems, 2017. 2017.
[32] Sousa, B.F.L.M., et al., "An intrusion detection system for denial of
service attack detection in internet of things". in Proceedings of the
Second International Conference on Internet of things, Data and Cloud
Computing. 2017.
[33] Sornalakshmi, K., "Detection of DoS attack and zero day threat with
SIEM". in 2017 International Conference on Intelligent Computing and
Control Systems (ICICCS). 2017. IEEE.
[34] Hodo, E., et al., "Threat analysis of IoT networks using artificial neural
network intrusion detection system". in 2016 International Symposium
on Networks, Computers and Communications (ISNCC). 2016. IEEE.