Intrusion Detection in Smart IoT Devices for People

with Disabilities
1st Muhammad Naveed 2nd Syed Muhammad Usman 3rd Muhammad Islam Satti
Department of Computer Science Department of Creative Technologies, Faculty of Computer Science and
Shaheed Zulfikar Ali Bhutto Institute of Faculty of Computing and AI Software Engineering
Science and Technology Air University Riphah University Islamabad,Pakistan
Islamabad,Pakistan Islamabad,Pakistan [email protected]
[email protected] [email protected]

4th Sama Aleshaiker 5th Aamir Anwar

School of Computing & Engineering School of Computing & Engineering
University of West London University of West London
London, United Kingdom London, United Kingdom
[email protected] [email protected]

Abstract— An intrusion Detection System (IDS) is a support to human beings. Figure 1 shows the IoT based
system that resides inside the network and monitors all devices used for healthcare.
incoming and outgoing traffic. It prevents unethical Healthcare systems have also embraced IoT as a tool to
activities from happening over the network. With the use raise the standard of care by replacing old systems with
of IoT devices, network traffic is also increased. Intruders smarter, more automated ones that improve patient care and
2022 IEEE International Smart Cities Conference (ISC2) | 978-1-6654-8561-6/22/$31.00 ©2022 IEEE | DOI: 10.1109/ISC255366.2022.9921991

and hackers are attracted to this network because of its diagnose patients more effectively. [2,3]. Mobile health is one
low processing power and openness. IoT has transformed of the examples of how IoT has revolutionized the health care
diagnostic and monitoring systems for patients in the sector and made things easy for patients and people with
healthcare industry. However, a secure network is disabilities. A Smart thermometer is commonly used device
needed for these health care devices. This research for patients to check their body temperature in real time. It is
proposes a hybrid model to secure the IoT network from a wearable gadget that connects wirelessly to smartphones and
external intrusions. The proposed method consists of has more functionality than a standard medical thermometer.
preprocessing data with the help of normalization and By wearing smart thermometer, patients’ temperature can be
feature selection by removing high correlated features tracked from anywhere. Some thermometers have additional
with the help of the Pearson correlation coefficient and functionality of dosage reminder that remind the patient next
Support Vector Machine (SVM) for classification. The dosage time. These thermometers help doctors to track
proposed approach has achieved an accuracy of 99.3%, patients’ health when they are away from them [3].
precision of 99.1% and an F-1 score of 99.25% on the Blood pressure check-up is regular activity for elder
standard dataset. Results have been compared with state- people and patients. In the past, patients have to visit doctors
of-the-art, and the proposed method outperforms all and medical center’s to have their blood pressure check-up.
performance measures. But now, thanks to new technology, everything may be
accessed with a single button press. Smart Blood Pressure
Keywords— Intrusion Detection in IoT devices, IoT for monitor system is IoT based system that generate the complete
healthcare, feature selection, Machine Learning, KDD99, graph of heartbeat readings. It provides a complete and
Intrusion Detection for healthcare devices, SVM, PCC comprehensive data of patients at their system. Smart blood
Pressure device helps patients and doctors to check blood
I. INTRODUCTION ) pressure and monitor the reading without regular visit of
patients and people with disabilities [4]. Smart Glucose
The Internet of Things (IoT) is a collection of digitally Monitoring is an IoT based device that monitor patients’
connected physical devices that communicate via network. glucose level and release glucose required for patient. These
Different sensors, actuators, and hardware components are devices also share patients’ data to control system and doctors
connected through a network to perform different action and can see their glucose level along with released quantity[5].
operations. IoT has the potential to simplify people's lives and Smart asthma monitoring and insulin pump devices are also
reduce human effort. The network devices have been designed health care device used for monitoring of patients and people
in such a manner that the amount of interaction between with disabilities [6]. With the enhancement in the use of IoT
human-to-human (HH) and human-to-computer (HC) is devices network traffic generated by IoT devices is also
reduced steadily. Currently, IoT is used in almost all increased. This increase in traffic makes the network traffic
industries and daily routines. The most popular IoT use cases containing
and devices are used in smart homes, automobile automation, IoT devices information more vulnerable to external
wearables gadgets and most importantly in healthcare. IoT attacks. These attacks not only effect the network traffic but
devices in health care have changed the life of elders, patients also cause privacy and security concerns for IoT applications
and people with disabilities [1]. From last few years a lot of and devices used for patients and handicapped people. In case
new devices are invented and used to provide the ease and of intrusion private data of patients’ movement, health,
location will be available over the network and if network is

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:34:12 UTC from IEEE Xplore. Restrictions apply.
 Figure 1: IoT Devices used for healthcare

easily compromised that can be serious concern for been done by using Genetic Algorithm (GA) [18], Principal
researchers. Anomaly based intrusion detection systems are Component Analysis (PCA) [19] and Particle Swarm
commonly used to classify network traffic of IoT devices. Optimization (PSO) [20-21]. For automated feature
These systems reside inside the network and detection any extraction Convolutional Neural Network (CNN) [22-25] and
abnormal activity happening over the network [7]. Intrusion Deep Neural Network (DNN) [25] have been used in recent
Detection System (IDS) is a software that analyses real-time studies. In the final step, multiple classifiers have been
network traffic and alerts for unusual activities. proposed by the researchers for classification between
Various strategies and processes have been proposed to anomaly and normal data. Few machine learning classifiers
address this issue with a greater success rate, but more work
are Support Vector Machine (SVM), Decision Tree (DT),
need to be done specifically for IoT devices and network. IDSs
Random Forest (RF), ensemble learning methods, and
employ machine learning and deep learning approaches,
however machine learning struggles with huge datasets. We thresholding have been used for classification of data. Deep
propose a hybrid model that classifies the network traffic learning approaches have also been utilized for classification
generated by IoT devices that can help to identify any and it includes different variants of CNN and LSTMs.
intrusion activity happening over the network. The rest of the Table 1 presents the critical evaluation of the recent state of
paper is organized as follows: section 2 presents critical the art studies proposed by researchers for intrusion detection
evaluation of the existing state of the art methods and in IoT devices specially used by the people with disabilities
highlights their limitations, section 3 describes proposed and highlights the limitations of these methods. Koroniotis et
methodology, results have been discussed in the section 4 and al [8] have normalization the data with the help of min max
conclusion and future directions in last section. normalization. Authors have extracted entropy-based
features and computed cross correlation using PCC for
II. LITERATURE REVIEW removal of highly correlated features followed by the
In this section, we will discuss some of the recent techniques classification using SVM [27] and LSTM [28-32]. A
and methods proposed for the security for IoT Devices used reasonable accuracy has been achieved with this method;
by the people with disabilities. Researchers [8-17] have however, preprocessing and feature extraction can be
proposed multiple machine learning/ deep learning-based improved.
models for intrusion detection in IoT devices which can be Anthi et al [12] have achieved highest accuracy among
used in healthcare specially for people with disabilities. All machine learning based methods in which Packet Description
these methods typically consist of three steps including Markup Language (PDML) has been used for feature
preprocessing of data, feature extraction/section and extraction and decision tree as classifier. Although this
classification between anomaly vs normal. Preprocessing of method has achieved high accuracy but with low F-1 score.
the data for treating missing values and normalization is very Razib et al [15] have proposed a deep learning-based method
important and methods without preprocessing of data have for intrusion detection in IoT devices with DNN [33] for
not been able to achieve good results. Some common feature extraction and LSTM for classification. This method
techniques for preprocessing include normalization, domain- has achieved high accuracy but with low F-1 score and
based features, and label encoders. Second step is feature precision. It has been observed in Table 1 that methods can
extraction followed by feature selection for decreasing the be categorized into two different techniques based on
dimensionality of the data. Features can be extracted in two machine learning and deep learning. Important performance
ways including handcrafted features and automated machine measures for all these methods are accuracy, precision and F-
learned features with the help of deep learning methods. 1 score. If a method outperforms in terms of accuracy but fails
Researchers [7,9,13,15] have extracted handcrafted features to achieve similar precision and F-1 score, then it limits the
including Pearson correlation coefficient, entropy, email performance of the method. Therefore, in this research, we
domain and statistical features, whereas feature selection has

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:34:12 UTC from IEEE Xplore. Restrictions apply.
 propose method that achieves high accuracy along with
precision and F-1 score.

Table 1: Critical evaluation of the existing methods for intrusion detection in IoT devices

Method Preprocessing Feature extraction/ Classification Limitations

selection

Koroniotis et al [8] Normalization Pearson correlation SVM, LSTM No effective preprocessing and
coefficient, Entropy feature selection
Diro et al [9] - - DNN No preprocessing, features
directly fed into DNN for
classification that resulted in low
accuracy.
Al-Hamar et al - Email domain features Similarity No preprocessing, very simple
[10] classification and as a result
achieved very low accuracy.
Precision and F-1 score not
reported.
Saba et al [11] - CNN LSTM No preprocessing and achieved
very low accuracy.
Precision and F-1 score not
reported.

Anthi et al [12] - PDML Decision tree No preprocessing and achieved

very low F-1 score
Saba et al [13] Domain based Genetic Algorithm Ensemble of DT Achieved good accuracy but
features and SVM precision and F-1 score were not
reported.
Saba et al [14] - PCA Random Forest No preprocessing. Achieved low
accuracy and F-1 score.
Razib et al [15] Label encoder, DNN LSTM Achieved better accuracy but
Data normal- with low precision and F1- score.
ization
Mihoub et al [16] - Statistical features LSTM No preprocessing, feature
extraction is also kept simple.
Achieved low accuracy,
precision and F-1 score not
reported.
Kan et al [17] - PSO CNN No preprocessing.
Achieved low accuracy,
precision and F-1 score not
reported.

duplicate entries in dataset that can cause the model overfit.

Filling of missing values in dataset is also part of data cleaning
III. PROPOSED METHODOLOGY where we fill out missing values with average values of the
This section presents the model for intrusion detection in column. In cleaning stage, we also normalize the dataset
IoT devices used for healthcare for people with disabilities. values as dataset can contain different discrete and continues
The proposed framework is given in the Figure 2. The values so a normalization step is required.
proposed model mainly consists of 3 major stages which are B. Data Reduction:
explained below. Data cleaning and reduction are part of data
pre-processing whereas SVM based classification model is Data is the processing of reducing input size of dataset. It
applied to classify the network traffic into normal and is very important step because we need to apply some relevant
intrusion. feature reduction technique that removes only irrelevant data
and keep the important features which are feed to
A. Data Cleaning: classification model. Proposed Feature reduction Technique
It is very first stage of proposed model. As the input data is Pearson correlation that find the cross correlation between
is a network traffic of IoT devices so there can be some multiple features and helps to identify and skip redundant and
irrelevant features which have no impact on classification dependent features of dataset. The equation of person
results so those features can be discarded from the input correlation is given below
dataset. Similarly in data cleaning stage we remove all

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:34:12 UTC from IEEE Xplore. Restrictions apply.
 ∑ ̅
1
∑ ∑ ̅

Figure 2: Flow diagram of the proposed methodology

where are the values in variables and is the mean of

values of variables. Similarly, are values of IV. RESULTS AND DISCUSSION
variables in dataset and ̅ is the mean of values of In this study we propose an Intrusion detection model for
variable. IoT devices used by the people with disabilities. The results
C. Classification Model: of proposed model are shown in Table 2. The proposed
model shows better results in all performance metrics as
After the data cleaning and Reduction main step in propose compared to other techniques as shown in Table 3. As
model is to apply classification technique on input data. performance measure we have used Accuracy, Precision,
Classification model classifies the dataset into given classes Recall and F1-Score. We used KDD99 a benchmark dataset
(Anomaly / Normal). Support Vector Machine (SVM) is for IoT networks. It contains around four lakhs of data with
used in proposed model for classification purpose. SVM 41 features with binary class and multiclass outcome
Classifies the data using hyperplane. It draws the feature. In the proposed model we use binary class data and
hyperplane between classes that differentiate type of classes applied SVM. After the SVM results K cross validation is
from each other. To validate the results of SVM model we applied and results of Model are shown the Table 2. Figure
applied K fold cross validation. It is procedure to find the 3 compares the accuracies of the existing methods with the
validity of machine learning algorithm. The cross validation proposed method. It has been observed that many methods
procedure relies on one parameter “k”. It is number of have not reported precision and F1-score which determines
samples that a data needs to split. If value of k is 10 that the validation of the method. Therefore, our proposed
means 10 fold cross validation is applied. In our Model we method not only perform well in terms of accuracy but also
applied 10 cross fold validation. have achieved better precision and F1-score.
Table 2: Proposed Model Results

Dataset Accuracy Precision F1 Score

KDD99 99.3 99.1 99.25

Table 3: Comparison of results with existing methods

Method Accuracy Precision F-1 Score

Koroniotis et 98.7% 99% 98%
al [1]
Diro et al [2] 97.00% 98.22% 98%
Al-Hamar et 92.36%
al [3] Figure 3: Comparison of accuracy with existing methods
Saba et al [5] 95.16% - -
Anthi et al 98% 98.8% 90.0%% V. CONCLUSION AND FUTURE WORK
[6] Our proposed Model for intrusion detection IoT devices for
Saba et al [7] 99.5% - - patients and people with disabilities shows better results
Saba et al [8] 93.2% 99.9% 96.1% than comparative techniques. Privacy and Security issue of
Razib et al 99.15% 98% 98.5% IoT devices used for patients can be overcome by using
[9] proposed model. Proposed Model not only secure the
Mihoub et al 97.45% - - network but also require less processing cost because of
[10] efficient processing techniques.
Kan et al 95% - - In future we can use specific IoT device data used for
[11] healthcare that can give us better idea and bigger picture of
Proposed 99.3% 99.1% 99.25% Network. For the proposed study we used standard IoT
Method Dataset. Similarly, Different Machine Learning and Deep
learning Techniques along with Processing methods can be
applied to specified IoT devices for healthcare.

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:34:12 UTC from IEEE Xplore. Restrictions apply.
 REFERENCES [18] Kan, X., Fan, Y., Fang, Z., Cao, L., Xiong, N.N., Yang, D. and Li,
X., 2021. A novel IoT network intrusion detection approach based
[1] Dang, L.M., Piran, M.J., Han, D., Min, K. and Moon, H., 2019. A on adaptive particle swarm optimization convolutional neural
survey on internet of things and cloud computing for healthcare. network. Information Sciences, 568, pp.147-162.
Electronics, 8(7), p.768.
[19] Pal, D. and Parashar, A., 2014, November. Improved genetic
[2] Gulati, U. and Dass, R., 2020. Intelligent car with voice assistance algorithm for intrusion detection system. In 2014 International
and obstacle detector to aid the disabled. Procedia Computer Conference on Computational Intelligence and Communication
Science, 167, pp.1732-1738. Networks (pp. 835-839). IEEE.
[3] Islam, S.M.R., Kwak, D., Kabir, M.D.H., Hossain, M., Kwak, [20] Usman, S.M., Latif, S. and Beg, A., 2020. Principle components
K.-S., The Internet of Things for Healthcare: A Comprehensive analysis for seizures prediction using wavelet transform. arXiv
Survey. IEEE Access, 3, 678–708, 2015 preprint arXiv:2004.07937.
[4] Hashim, Norlezah & Norddin, Nurbahirah & Idris, Fakrulradzi & [21] Wang, J., Hong, X., Ren, R.R. and Li, T.H., 2009. A real-time
Ilmani, Siti & Zahari, Madiha. (2020). IoT blood pressure intrusion detection system based on PSO-SVM. In Proceedings. The
monitoring system. Indonesian Journal of Electrical Engineering and 2009 International Workshop on Information Security and
Computer Science. 19. 1384. 10.11591/ijeecs.v19.i3.pp1384-1390. Application (IWISA 2009) (p. 319). Academy Publisher.
[5] Tuan Nguyen Gia, Mai Ali, Imed Ben Dhaou, Amir M. Rahmani, [22] Usman, S.M., Khalid, S. and Bashir, S., 2021. A deep learning based
Tomi Westerlund, Pasi Liljeberg, Hannu Tenhunen, IoT-based ensemble learning method for epileptic seizure prediction.
continuous glucose monitoring system: A feasibility study, Procedia Computers in Biology and Medicine, 136, p.104710.
Computer Science,Volume 109,2017,Pages 327-334
[23] Wu, K., Chen, Z. and Li, W., 2018. A novel intrusion detection
[6] Celler, B.G., Lovell, N.H. and Chan, D.K., 1999. The potential model for a massive network using convolutional neural networks.
impact of home telecare on clinical practice. Medical Journal of Ieee Access, 6, pp.50850-50859.
Australia, 171(10), pp.518-521.
[24] Hu, J., Liu, C. and Cui, Y., 2021. An improved CNN approach for
[7] Williams, P.A. and McCauley, V., 2016, December. Always network intrusion detection system. Int. J. Netw. Secur, 23(4),
connected: The security challenges of the healthcare Internet of pp.569-575.
Things. In 2016 IEEE 3rd World Forum on Internet of Things (WF-
IoT) (pp. 30-35). IEEE. [25] Xue, W., Jiang, T. and Shi, J., 2017, September. Animal intrusion
detection based on convolutional neural network. In 2017 17th
[8] Liu, F., Hu, Z., Zhang, A., Du, R., Qin, D. and Xu, J., 2021. Multiple International Symposium on Communications and Information
Classification Algorithm Based on Graph Convolutional Neural Technologies (ISCIT) (pp. 1-5). IEEE.
Network for Intrusion Detection.
[26] Usman, S.M., Khalid, S. and Aslam, M.H., 2020. Epileptic seizures
[9] Koroniotis, N., Moustafa, N., Sitnikova, E. and Turnbull, B., 2019. prediction using deep learning techniques. Ieee Access, 8, pp.39998-
Towards the development of realistic botnet dataset in the internet 40007.
of things for network forensic analytics: Bot-iot dataset. Future
Generation Computer Systems, 100, pp.779-796. [27] Kim, J., Shin, N., Jo, S.Y. and Kim, S.H., 2017, February. Method
of intrusion detection using deep neural network. In 2017 IEEE
[10] Diro, A.A. and Chilamkurti, N., 2018. Distributed attack detection international conference on big data and smart computing
scheme using deep learning approach for Internet of Things. Future (BigComp) (pp. 313-316). IEEE.
Generation Computer Systems, 82, pp.761-768.
[28] Usman, S.M., Khalid, S., Akhtar, R., Bortolotto, Z., Bashir, Z. and
[11] Al-Hamar, Y., Kolivand, H., Tajdini, M., Saba, T. and Qiu, H., 2019. Using scalp EEG and intracranial EEG signals for
Ramachandran, V., 2021. Enterprise Credential Spear-phishing predicting epileptic seizures: Review of available methodologies.
attack detection. Computers & Electrical Engineering, 94, p.107363. Seizure, 71, pp.258-269.
[12] Saba, T., 2021. Real time anomalies detection in crowd using [29] Hossain, M.D., Inoue, H., Ochiai, H., Fall, D. and Kadobayashi, Y.,
convolutional long short-term memory network. Journal of 2020. LSTM-based intrusion detection system for in-vehicle can bus
Information Science, p.01655515211022665. communications. IEEE Access, 8, pp.185489-185502.
[13] Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G. and [30] Kim, G., Yi, H., Lee, J., Paek, Y. and Yoon, S., 2016. LSTM-based
Burnap, P., 2019. A supervised intrusion detection system for smart system-call language modeling and robust ensemble method for
home IoT devices. IEEE Internet of Things Journal, 6(5), pp.9042- designing host-based intrusion detection systems. arXiv preprint
9053. arXiv:1611.01726.
[14] Saba, T., Sadad, T., Rehman, A., Mehmood, Z. and Javaid, Q., 2021. [31] Usman, S.M., Khalid, S. and Bashir, Z., 2021. Epileptic seizure
Intrusion detection system through advance machine learning for the prediction using scalp electroencephalogram signals. Biocybernetics
internet of things networks. IT Professional, 23(2), pp.58-64. and Biomedical Engineering, 41(1), pp.211-220.
[15] Saba, T., 2020, December. Intrusion detection in smart city hospitals [32] Boukhalfa, A., Abdellaoui, A., Hmina, N. and Chaoui, H., 2020.
using ensemble classifiers. In 2020 13th International Conference on LSTM deep learning method for network intrusion detection system.
Developments in eSystems Engineering (DeSE) (pp. 418-422). International Journal of Electrical and Computer Engineering, 10(3),
IEEE. p.3315.
[16] Al Razib, M., Javeed, D., Khan, M.T., Alkanhel, R. and Muthanna, [33] Naveed, M., Arif, F., Usman, S.M., Anwar, A., Hadjouni, M.,
M.S.A., 2022. Cyber Threats Detection in Smart Environments Elmannai, H., Hussain, S., Ullah, S.S. and Umar, F., 2022. A Deep
Using SDN-Enabled DNN-LSTM Hybrid Framework. IEEE Learning-Based Framework for Feature Extraction and
Access, 10, pp.53015-53026. Classification of Intrusion Detection in Networks. Wireless
[17] Mihoub, A., Fredj, O.B., Cheikhrouhou, O., Derhab, A. and Krichen, Communications and Mobile Computing, 2022.
M., 2022. Denial of service attack detection and mitigation for
internet of things using looking-back-enabled machine learning
techniques. Computers & Electrical Engineering, 98, p.107716.

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:34:12 UTC from IEEE Xplore. Restrictions apply.