A Development of Embedded Anomaly Behavior Packet Detection System for IoT Environment using Machine Learning Techniques

Youngchan Lim, Gicheol Choi, Kwangjae Lee


Despite the growth of IoT technology and related markets, aspect of the IoT security in the IoT field is not handled correctly due to several factors such as indiscreet participation in the market, poor optimization for the various specifications. In this paper, an embedded anomaly packet detection system using machine learning technology for an IoT environment is proposed and evaluated. The suggesting system is composed of two main devices—the packet collection device and the packet analysis device. The packet collection device collects network packets from the IoT devices that are connected to the system. The packet analysis device detects anomalies from the packet data by using the machine learning model. Detected anomalies, which are mostly considered as intrusions such as new or bypassing HTTP attacks as well as existing attacks, are responded in real-time. For conformity assessment in a real-time environment, TPR, FPR, accuracy, and detection speed was measured, and the measured values of the target embedded board are 100%, 0.56%, 99.5, and 2.4 to 13.4 seconds, respectively. The results of TPR, FPR, and accuracy indicate the model itself has an excellent ability to discriminate between anomalies, but it is challenging to apply it to an embedded system in terms of detection speed. Future studies need to apply anomaly detection models that are more suitable for embedded devices and unique hardware accelerators for computing artificial neural networks.


anomaly detection; HTTP request; behavior-based; embedded IoT security system.

Full Text:



Columbus, Louis. (2018) IoT market predicted to double by 2021, reaching $520b. [Online]. Available: https://www.forbes.com/sites/ louiscolumbus/2018/08/16/iot-market-predicted-to-double-by-2021-reaching-520b

Khan, M. A. and Salah, K., “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Comput. Syst., vol. 82, 2018, pp. 395-411.

Sharma, Pradip Kumar, and Jong Hyuk Park, “Blockchain based hybrid network architecture for the smart city,” Future Generation Comput. Syst., vol. 86, pp. 650-655, 2018.

Hadar, N., Siboni, S., and Elovici, Y, “A Lightweight Vulnerability Mitigation Framework for IoT Devices,” in Proc. 2017 Workshop on Internet of Things Secur. Privacy, 2017, pp. 71-75.

Ammar, Mahmoud, Giovanni Russello, and Bruno Crispo, “Internet of Things: A survey on the security of IoT frameworks,” J. Inf. Secur. Appl., vol. 38, pp. 8-27, 2018.

T. W. Tseng, C. T. Wu, and F. Lai, “Threat Analysis for Wearable Health Devices and Environment Monitoring Internet of Things Integration System,” IEEE Access, vol. 7, pp. 144983-144994, 2019.

T. A. Ahanger and A. Aljumah, “Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms,” IEEE Access, vol. 7, pp. 11020-11028, 2019.

Miloslavskaya, N. and Tolstoy, A., “Internet of Things: information security challenges and solutions,” Cluster Comput., vol. 22, no. 1, pp. 103–119, 2019.

M. Frustaci, P. Pace, G. Aloi, and G. Fortino, “Evaluating Critical Security Issues of the IoT World: Present and Future Challenges,” IEEE Internet of Things J., vol. 5, no. 4, pp. 2483-2495, Aug. 2018.

Poonia A.S., Banerjee C., Banerjee A., and Sharma S.K, “Security Issues in Internet of Things (IoT)-Enabled Systems: Problem and Prospects,” Soft Comput.: Theories Appl., vol. 1053, pp.1419-1423, 2020.

Raza, Shahid, Linus Wallgren, and Thiemo Voigt, “SVELTE: Real-time intrusion detection in the Internet of Things,” Ad hoc netw., vol. 11, no. 8, pp. 2661-2674, 2013.

Adat, Vipindev, and B. B. Gupta, “Security in Internet of Things: issues, challenges, taxonomy, and architecture,” Telecommun. Syst., vol. 67, no.3, pp. 423-441, 2018.

Amouri, A., Alaparthy, V. T., and Morgera, S. D., “Cross layer-based intrusion detection based on network behavior for IoT,” in WAMICON’18, 2018, pp. 1-4.

Amouri, Amar, Vishwa T. Alaparthy, and Salvatore D. Morgera. “A Machine Learning Based Intrusion Detection System for Mobile Internet of Things,” Sensors, vol. 20, no.2, pp. 1-15, 2020.

M. Ramadan, Y. Liao, F. Li, and S. Zhou, “Identity-Based Signature With Server-Aided Verification Scheme for 5G Mobile Systems,” IEEE Access, vol. 8, pp. 51810-51820, 2020.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network Anomaly Detection: Methods, Systems and Tools,” IEEE Commun. Surveys Tut., vol. 16, no. 1, pp. 303-336, 2013.

Hamamoto, Anderson Hiroshi, et al., “Network anomaly detection system using genetic algorithm and fuzzy logic,” Expert Syst. Appl., vol. 92, pp. 390-402, 2018.

Zhang, Daokun, et al., “Network representation learning: A survey,” IEEE Trans. Big Data, vol. 6, no. 1, pp. 3-28, 2020.

J. R. Binkley and B. Massey, “Ourmon and Network Monitoring Performance,” in USENIX’05 Ann. Technical Conf., 2005, pp. 95-108.

R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, “McPAD: A multiple classifier system for accurate payload-based anomaly detection,” J. Comput. Netw., vol. 53, no. 6, pp. 864-881, 2009.

Meidan, Y., Bohadana, M., Shabtai, A., Ochoa, M., Tippenhauer, N. O., Guarnizo, J. D., and Elovici, Y., “Detection of Unauthorized IoT Devices Using Machine Learning Techniques,” arXiv:1709.04647 [cs.CR], Sep. 2017.

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT,” in ICDCS’17, 2017, pp. 2177-2184.

T. D. Nguyen, S. Marchal, M. Miettinen, N. Asokan, and A.-R. Sadeghi, “DÏoT: A Federated Self-learning Anomaly Detection System for IoT,” in ICDCS’19, 2019, pp. 756-767.

Doshi, R., Apthorpe, N., and Feamster, N., “Machine Learning DDoS Detection for Consumer Internet of Things Devices,” in SPW’18, 2018, pp. 29-35.

Microsoft. (2012) SQL Injection. [Online]. Available: https:// docs.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ ms161953(v=sql.105)

Symantec, “Symantec Internet Security Threat Report: Trends for July–December 2007 (Executive Summary),” Symantec Corp., vol. 13, Apr. 2008.

G. Choi, Y. Lim, and K. Lee, “A Development of Anomaly Behavior Detection System for IoT Environment using Machine Learning,” in ICICPE’19, Dec. 2019, pp. 63-65.

Chawla, A., Jacob, P., Lee, B., and Fallon, S., “Bidirectional LSTM Autoencoder for Sequence based Anomaly Detection in Cyber Security,” Int. J. Simul. Syst., Sci. & Technol., vol. 20, no. 5, pp. 7.1-7.6, 2019.

Alexandra Murzina, Irina Stepanyuk, Fedor Sakharov, and Arseny Reutov. (2019) Detecting web attacks with a Seq2Seq autoencoder. [Online]. Available: http://blog.ptsecurity.com/2019/02/detecting-web-attacks-with-seq2seq.html

DOI: http://dx.doi.org/10.18517/ijaseit.10.4.12762


  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development