2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN)

Intrusion Detection System for Internet of Things

based on a Machine Learning approach
Chao Liang1, Bharanidharan Shanmugam1, Sami Azam1, Mirjam Jonkman1, Friso De Boer1, Ganthan Narayansamy2
1College of Engineering, IT and Environment

Charles Darwin University, NT, Australia

2Razak Faculty of Technology and Informatics ,Universiti Teknologi Malaysia
[email protected]

Abstract—With the application of Internet of Things complex and changeable Internet of things attacks, and can
technology to every aspect of life, the potential damage caused intelligently cope with sudden intrusions. It is also intended
by Internet of things attacks is more serious than for that the research will try to improve the performance of the
traditional network attacks. Traditional intrusion detection system by optimizing the algorithm with regards to
systems do not serve the network environment of the IoT very parameter weight and learning rate. The scope of this
well, so it is important to study intrusion detection systems research will be finding a more efficient intrusion detection
suitable for the network environment of the Internet of Things. system for IoT devices. This research will focus on threats of
Researchers have found that the combination of machine
IoT devices, drawbacks of existing IDS for IoT devices and
learning technologies with an intrusion detection system is an
usable technologies that can be used to improve IDS for IoT
effective way to resolve the drawbacks traditional IDSs have
when they are used for IoT. This research involves the design
devices.
of a novel intrusion detection system and the implementation According to literature, most attacks are coming from the
and evaluation of its analysis model. This new intrusion network layer. This new intrusion detection system will
detection system uses a hybrid placement strategy based on a therefore focus on protocols of the network layer and the
multi-agent system. The new system consists of a data transport layer. In recent years, the TCP protocol has been
collection module, a data management module, an analysis favored by industry in IoT environments [2]. Therefore, this
module and a response module. For the implementation of the
paper focuses on the TCP protocol and the protocol of the
analysis module, this research applies a deep neural network
transport layer is explored in detail. The intrusion detection
algorithm for intrusion detection. The results demonstrate the
efficiency of deep learning algorithms for detecting attacks methods and simulation will be explained in the following
from the transport layer. Compared with traditional detection parts.
methods used in IDSs, the analysis indicates that deep learning The structure of this paper is as follows: The Introduction
algorithms are more suitable for intrusion detection in an IoT outlines the context and background of this topic.
network environment. Technologies and methods that the new IDS system will use
will be discussed next. Subsequently a new Intrusion
Keywords-component; Intrusion Detection System; IoT;
Detection System based on Machine Learning Technology
Machine Learning; Multi-agent system; Blockchain;
Cybersecurity will be proposed. This section will describe the details of the
system and the use of machine learning technology for the
I. INTRODUCTION Internet of Things. The next section will be Performance
Analysis to compare the system with other existing IDS
The Internet of Things (IoT) is a network that connects systems. Finally, the advantages and disadvantages of this
different objects to the Internet according to an agreed system and what can be achieved in future will be discussed.
protocol, in order for them to communicate and cooperate
with each other. The Internet of Things era will soon be II. PREVIOUS WORK
affecting our lives with its security issues in addition to its
convenience. The core network of the Internet of things is Many researchers have investigated how the IDS of
still a traditional network but it has more complexities. The Internet of things could be improved [3]. This section will
large number of nodes in the Internet of things makes the discuss four major themes: the placement strategy of the IDS
network more vulnerable, and the impact of attacks can be for IoT, the detection method of the IDS, the target threats of
more serious than for conventional networks. The the IDS, and the use of machine learning algorithms for
performance of traditional intrusion detection methods will intrusion detection. Identification and classification of
be greatly reduced in this complex environment [1,14]. At systems will be based on target threats, placement strategy
present, intelligent, distributed intrusion detection has and detection methods.
become a hot topic. Currently, research focuses on how to In 2016, Hodo et al. proposed an offline IDS for IoT [4].
apply neural network technology to intrusion detection The system collects and analyses data from the IoT network
systems. However, traditional neural networks have their and identifies DoS attacks using an Artificial Neural
shortcomings. Overcoming these problems has become the Network (ANN). Their placement strategy is based on
key to improving intrusion detection. monitoring IoT network traffic to detect DDoS/DoS attacks.
This research aims to find an effective solution to One centralized system monitors the packets flow in the IoT
security issues faced by the network environment of Internet environment. If the packets sent deviate from legitimate IoT
of Things. The findings of this research will be used to network traffic, the offline IDS warns a security team at an
develop an intrusion detection system that can detect early stage of the intrusion. The authors use an ANN to
analyse IoT network behaviour. By training the algorithm

978-1-5386-9353-7/19/$31.00 ©2019 IEEE

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on April 18,2023 at 22:56:24 UTC from IEEE Xplore. Restrictions apply.
using internet packet traces, the authors attempt to increase shows that it is possible to design a knowledge-driven,
the accuracy for DDoS/DoS detection. self-adapting Intrusion Detection System for IoT networks
[7]. The authors call this IDS Kalis. Kalis can apply different
In 2017, Bostani and Sheikhan proposed a new real-time communication protocols, collect data from each entity in the
intrusion detection system for IoT. This IDS aims to detect network and autonomously choose an effective set of
selective-forwarding attacks and sinkhole attacks [5]. The detection technologies to use. One of the advantages of this
system has a hybrid placement strategy and the framework system is that it is compatible with almost any protocol.
uses an anomaly-based central server with some According to the authors, experimental results show that the
specification-based components. Each specification-based performance of the Kalis system is better than traditional IDS
component sends their detection data to the centralized for detection of routing intrusions and DoS.
intrusion detection module. The centralized module predicts
the anomaly behaviour by using an unsupervised Optimum- Diro and Chilamkurti proposed a distributed IDS for
Path Forest (OPF) algorithm combined with a MapReduce Internet of things in 2018 using deep learning for attack
architecture. The authors claim that wormhole attacks can be detection [8]. Their detection scheme is based on an anomaly
detected by this new real-time IDS. method. Their experiments demonstrate good performance in
detecting IoT/Fog network attack comparing to traditional
Also in 2017, work presented by Yulong, Zheng, Jin,
IDSs.
Ousmane and Xuefei proposed a new intrusion detection
strategy for the IoT environment according to an automata A large number of articles about the security issues of
model [6]. This method aims to detect three types of IoT the Internet of Things have appeared in the last few years [9-
attacks (jam-attacks, false-attacks, and reply-attacks). The 11]. This new interest in how to protect the network
method is an extension of Labelled Transition Systems. The environment of Internet of Things leads to another question:
placement strategy of this IDS is a centralized approach, What factors determine the effectiveness of intrusion
since the data that are gathered by network nodes are sent to detection systems for the Internet of Things? Despite the
the Intrusion detection centre which in turn helps to build an wide application for intrusion detection systems in
Event Database. The system then uses an Event Analyser conventional networks, the use of machine learning in the
based on a specification method to detect intrusions. By intrusion detection system for security of Internet of Things
comparing the abstracted actions flows, this IDS can has received only limited attention. However, as pointed out
efficiently detect jam-attacks, false-attacks, and reply-attacks by Raza et al [12], traditional intrusion detection systems
in the IoT network. cannot protect the IPv6-connected IoT or more complex IoT
network environments. To date, only a few studies have
The 2017 Midi, Rullo, Mudgerikar and Bertino article investigated the possibility of using machine learning

Fig.1. SESS: A new IDS model based on multi-agent system and machine learning

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on April 18,2023 at 22:56:24 UTC from IEEE Xplore. Restrictions apply.
technology to improve intrusion detection systems for the C. Blockchain
Internet of Things [13-16]. More research into the use of The main characteristic of Blockchain technology is
machine learning in intrusion detection systems for security decentralization. The ledger of the blockchain is distributed
of the Internet of Things is therefore necessary. and transparent, so the destruction of one node has no effect
The research described above shows that there has been on the functionality of Blockchain. The whole transaction
progress in IDSs for IoT but also that there is room for network is changed from a star structure to a point to point
improvement. In this paper the design of a new IDS model (P2P) structure and security is greatly improved. Blockchain
for IoT is described. Details of technology and the model technology allows two parties to trade directly by using
structure will be described in the following sections. encryption. The security of the transaction is protected by
code and algorithms [21]. The parties involved in the
III. TECHNOLOGIES transaction do not need to know whether the other party is
Technologies that are applied in the new IDS model (SESS) trustworthy, nor does a third party need to endorse the trust.
are discussed in this section They only need to trust the algorithm used in Blockchain to
establish mutual trust. By using Blockchain technology,
A. Multi-agent System communication between agents can be secured.
A multi-agent system, having a set of multiple agents,
IV. SESS: A IDS MODEL FOR IOT
can modularize and simplify complex systems. Agents only
need to focus on their tasks and combine to form the whole A. Overview
system through coordination and communication. In a multi- The intrusion detection system proposed in this paper
agent system. Every agent is completely autonomous [17]. A adopts multi agent technology, see Fig. 1. Each agent is a
single agent can exist in any form. It can be an individual or relatively independent unit. Agents are allocated into four
a cluster. Agents can be developed in different languages and different modules and communicate with each other through
different design patterns can be used as long as there is a communication agents inside each module. In this way, each
standard communication mode. FIPA-ACL and KQML are module can work relatively independent. This reduces
commonly used agent communication modes. Mutual dependencies between modules. The whole system consists
communication is necessary to solve problems that a single of a collection module, a data processing module, a detection
agent cannot solve. and analysis module and a response module. SESS uses
Each agent has its own properties and operation rules. FIPA-ACL as agent communication language because FIPA-
During the operation of the multi-agent system, each agent ACL is supported by many communities. The four
executes tasks according to their action rules. Through the communication agents will be improved by interactive
cooperation between agents, multi-agent systems can help reinforcement learning as each agent is affected by other
humans solve some complex problems that ordinary systems agents.
cannot solve. Generally speaking, agents should have four Every successful action that other agents achieve will
basic characteristics: autonomy, responsiveness, initiative, create feedback which is sent to communication agents in the
and sociability [18]. same module. Communication agents create a feedback
B. Machine Learning report after collecting feedback from other agents in the
module. The feedback reports will be used for training
1) Multi-agent reinforcement learning
communication agents. The credit of each feedback will be
Multi-agent reinforcement learning is a very important assigned to communication agents based on their
field in reinforcement learning. In multi-agent systems, the contribution. Each action of communication agents will be
environment is changed by actions of multiple agents. When
，
counted as a transaction. Because only communication
an agent cannot well perceive the relationship between agents have the right to make commands most security
environmental changes and its own actions, it produces a issues will come via communication agents. Therefore all
non-standard Markov environment [19]. By using transactions will be recorded on Blockchain and only the
reinforcement learning, agents can be more efficient through system manager will have access to the smart contract
continuous training. With different design patterns of multi- (Chaincode) of this Blockchain. This system model uses
agent systems, different ways of reinforcement learning Hyperledger Fabric as Blockchain framework.
need to be used. Concurrent isolated reinforcement learning
(CIRL) can be applied when a single agent has an B. Function of Each Agent
independent learning mechanism and does not interact with 1) Communication agent
other agents. Interactive reinforcement learning can be Communication agents act as manager of a team in this
applied to the interaction learning of multiple agents. IDS model, controlling and monitoring other agents that are
2) Deep learning in the same group. They communicate and share
Deep learning turns the data into more abstract information with other communication agents. All actions of
expressions by using a complex nonlinear model. Deep communication agents are transactions of Blockchain and
learning originated from neural networks. Deep learning can controlled by rules in a smart contract. Feedback from other
approach complex functions by using a network structure agents is used to train the communication agents and
similar to neural networks, and exhibits a powerful ability to improve their performance.
learn the intrinsic characteristics of data sets from a large
number of unlabeled sample sets [20]. 2) Collection agent
The collection agents collect data from IoT devices and
the hosts and send it to communication agents.

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on April 18,2023 at 22:56:24 UTC from IEEE Xplore. Restrictions apply.
 3) Network and host data management agent attacked, this IDS model uses blockchain to record every
The network data management agent and the host data action of communication agents in order to protect the
management agent deal with data that come from the integrity of the system. Deep learning models are used by
network and the host separately. Both agents need to do data the detection agent and the training agent for intrusion
pre-processing, including missing value processing, data detection. The performance of a deep neural network is
integration, data standardization and so on. After the pre- demonstrated in next section. This IDS model has some
processing stage, the data will be scanned based on intrusion drawbacks, however, such as a complex data flow and a
detection rules that are obtained from other open source IDS high demand for resources. These drawbacks need to be
communities and the rules of the system manager. In discussed and resolved in the future.
addition, the data will be packaged and compressed to form
a pre-processed data package. The discovered intrusion V. SIMULATION
behaviours and the corresponding processing measures are The training agent and the detection agent are two of the
written to the intrusion detection package. The intrusion most important agents in this IDS model. Their performance
detection package is sent to the response agent after it is is determined by the algorithms used. The simulation
compared with the results of the detection agent. The therefore investigates the performance of the deep neural
labelled data are merged into a training set package, which network(DNN) that is used by these two agents.
is used to improve the accuracy of the detection agent. A. Dataset Selection
The network security audit data set KDDCUP99,
4) Database agent published by Stolfo et al, was compiled from the IDS data set
The database agent is the only agent which can alter the of MIT Lincoln Laboratory in 1998, which contained only
database. It can change database only on the communication network traffic data [22].
agent’s command.
The NSL-KDD data set overcomes some inherent
5) Training agent shortcomings of the KDD99 data sets. The NSL-KDD data
The training agent can read the training database, but set is widely used in the development of intrusion detection
cannot alter the database. The training agent starts training systems. This data set can be used as an effective benchmark
detection models, using BP algorithms. For a new data set to help researchers compare different intrusion
algorithm, the training agent needs to first initialise the detection methods. The NSL-KDD training set and test set
weights and then find the right weights, based on the are adequate, and the evaluation results of different research
accuracy rate, using a genetic algorithm. After training, the work will be consistent and comparable. Data of the NSL-
new trained detection model will be sent to communication KDD data set comes from three different protocols (TCP,
agents. UDP and ICMP). The NSL-KDD data set contains four
attack classes (DoS, Probe, R2L, U2R) and 39 different
6) Detection agent attack types [23]. This paper uses the NSL-KDD data set as
According to the protocol and the type of dataset, the data source of intrusion detection simulation.
detection agent chooses the optimal detection model to The NSL-KDD dataset has around 126 thousand data
detect attacks. Once intrusion detection is finished, the records. This paper uses KDDTrain±20Percent, a 20% subset
results are sent to communication agents. If the detection of the NSL-KDD dataset, as training dataset for the DNN
agent found intrusion behaviours based on the dataset, it model (approximately 25 thousand data records) and the
also sends the intrusion details and the countermeasures to KDDTest+, a test set with about 22 thousand data records, as
communication agents. testing data set. There are 41 features in the data set,
including duration, protocol type, service, flag and so on.
7) Response agent Each record of this data set has a class attribute which is the
The response agent sends warnings and suggested attack type.
countermeasures to the targeted device, host and firewall, Most attacks are DoS, accounting for 80%, of the data
according to the response plan that it gets from the while normal data accounted for 19%. The rest of the data
communication agents. represent Probe, R2L and U2R attacks. In a real-world
networking environment, DoS attacks account for most of
C. Summary
the attacks, so this training subset can effectively reflect the a
SESS is suitable for IoT networks of different sizes real-world network environment.
because agents can be added and removed according to
requirements and system performance and functions will not The attributes of the NSL-KDD data set differ greatly
be affected. By contrast, traditional IDSs just can be used because of the different measurement methods. To simplify
the calculation and achieve better results, it is necessary to
for the large or small networks that they are developed for.
standardize the attribute values of data sets. This is more
Therefore, SESS is more flexible than traditional IDS.
conducive to simulation. This paper uses a dummy variable
Communication agents are the brain of this system and they and z-score to encode original attributes.
control every process and function of this system. A multi-
agent reinforcement learning model is used to improve their
performance, which means the efficiency of this system will B. DNN Model
be improved as time goes on. This IDS model uses
blockchain technology for communication agents, because To get a good DNN model, this paper compared different
Optimizers, Init_modes and Activation functions by using
they control the whole system. To reduce the risk of being
NSL-KDD data set discussed above.

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on April 18,2023 at 22:56:24 UTC from IEEE Xplore. Restrictions apply.
 TABLE I. TRAINING EFFECT OF DIFFERENT OPTIMIZERS

Measurement Index
Optimizer Average Average Average TABLE IV. INTRUSION DETECTION PERFORMANCE ON DIFFERENT
Accuracy PROTOCOL
precision recall F1 score
Adam 98% 98% 98% 98% Measurement Index
Protocol Average Average Average
SGD 97% 97% 97% 97% Accuracy
precision recall F1 score
TCP 99% 99% 99% 99%
RMSprop 97% 98% 98% 98%
Adagrad UDP 93% 94% 94% 94%
94% 95% 95% 95%
Adadelta ICMP 98% 97% 97% 97%
98% 98% 98% 98%
Adamax 98% 98% 98% 98%
Nadam 98% 98% 98% 98%
As illustrated in TABLE IV, the DNN model can work
very well with the TCP and ICMP data set (accuracy rate is
99.1% and 98.1% respectively). However, the accuracy rate
TABLE II. TRAINING EFFECT OF DIFFERENT INIT_MODES
for the UDP protocol is only 93.7%. One possible reason for
this is that the there is a relatively small amount of data for
Measurement Index the UDP protocol. The features of the UDP protocol may be
Init_mode Average Average Average another reason.
Accuracy
precision recall F1 score
uniform 98% 98% 98% 98% For the data set which uses different attack types as class
attribute, DNN also has a good performance (accuracy rate is
lecun_unif
97% 98% 98% 98% 97%). However, the problem is that there are relatively few
orm
data for some attack types and that these cannot be
normal 98% 98% 98% 98%
distinguished very well.
zero 51% 26% 51% 35%
D. Overview
glorot_nor
98% 98% 98% 98% For this simulation, the number of the training epochs is
mal
glorot_uni 1000 and number of training data records is 25,193. The
98% 98% 98% 98%
form DNN model can achieve a high accuracy rate after 15 epochs
he_normal 98% 98% 98% 98% for distinguishing anomaly from normal and after 23 epochs
he_unifor
98% 98% 98% 98% for distinguishing different attack types. It means that this
m model needs around 375 data records to detect anomaly and
needs around 575 data records to distinguish the different
TABLE III. TRAINING EFFECT OF DIFFERENT ACTIVATION FUNCTIONS attack types. It demonstrates the usability of the model. The
model can be trained by a small data set and can be used by a
Measurement Index relatively small IoT network for intrusion detection. The
Activation
function Average Average Average
Accuracy
precision recall F1 score DNN has a very good performance in detecting attacks in the
IoT environment (98% for detecting anomaly and 97% for
linear 93% 94% 94% 94%
distinguishing different attack types), although there are
softmax 97% 98% 98% 98% some limitations, such as a low accuracy rate for
softplus 97% 98% 98% 98% distinguishing rare types of attack, which needs to be
improved in future.
softsign 98% 98% 98% 98%

relu 98% 98% 98% 98%

VI. FUTURE WORK
The work of this paper is based on a study of multi-
tanh 97% 98% 98% 98%
agent technology, block chains and neural networks to
sigmoid 97% 98% 98% 98% propose an intrusion detection system model for the Internet
hard_sigm
97% 97% 97% 97%
of Things. However, there are many theoretical aspects
oid worth further study.
• The next step is to continuously improve the
TABLE I, TABLE II and TABLE III summarize modules by running the system in the actual
performance of different optimizers, init_modes and environment to ensure that each agent works well
activation functions, those that have the highest accuracy rate with each other.
are chosen for the DNN model. Therefore, the DNN model • The performance of blockchain technology for this
uses Adamax as optimizer, glorot_normal as init_mode, relu new system can be further investigated.
as activation function. • More data sets could be collected to train the
C. Simulation Results system model to further improve the performance
of the system.
First, this paper uses normal and anomaly as values of
• A data set of rare attack types could be created and
class attribute. The intrusion detection accuracy rate is 0.98.
used for training the intrusion detection model, to
Then, the data set is separated based on the protocol; the
improve performance.
trans DNN model uses the separated data set.

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on April 18,2023 at 22:56:24 UTC from IEEE Xplore. Restrictions apply.
 • Developing good multi-agent reinforcement based on MapReduce approach," Computer Communications, vol. 98,
pp. 52-71, 2017/01/15/ 2017.
learning algorithms for training communication
[6] F. Yulong, Y. Zheng, C. Jin, K. Ousmane, and C. Xuefei, "An
agents and optimising the feedback training process Automata Based Intrusion Detection Method for Internet of Things,"
is a further step. Mobile Information Systems, vol. 2017, 2017.
• Other deep learning algorithms could be evaluated [7] D. Midi, A. Rullo, A. Mudgerikar, and E. Bertino, "Kalis—A System
to investigate whether this improves the for Knowledge-Driven Adaptable Intrusion Detection for the Internet
of Things," in Distributed Computing Systems (ICDCS), 2017 IEEE
performance of the intrusion detection system. 37th International Conference on, 2017, pp. 656-666: IEEE.
VII. CONCLUSION [8] A. A. Diro and N. Chilamkurti, "Distributed attack detection scheme
using deep learning approach for Internet of Things," Future
We conclude that IDS in IoT is still in its infancy and has Generation Computer Systems, vol. 82, pp. 761-768, 2018.
long way to go because of the large diversity of devices and [9] C. Liu, J. Yang, Y. Zhang, R. Chen, and J. Zeng, "Research on
attacks. This paper proposes an intrusion detection system immunity-based intrusion detection technology for the internet of
things," in Natural Computation (ICNC), 2011 Seventh International
model based on a multi-agent system, using blockchain and Conference on, 2011, vol. 1, pp. 212-216: IEEE.
deep learning. The flexibility of a multi-agent system means [10] R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of
that this new IDS can be used in IoT environments of security and privacy in distributed internet of things," Computer
different sizes. All actions of communication agents will be Networks, vol. 57, no. 10, pp. 2266-2279, 2013.
recorded on blockchain, which makes the system more [11] A. Gai, S. Azam, B. Shanmugam, M. Jonkman and F. D. Boer,
"Categorisation of security threats for smart home appliances", IEEE
secure from threats, including information tampering and International Conference on Computer Communication and
information disclosure. Use of multi-agent reinforcement Informatics 2018.
algorithms can help the system to improve its performance [12] S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion
continually. Based on this model, this paper studies the detection in the Internet of Things," Ad hoc networks, vol. 11, no. 8,
application of a neural network in intrusion detection pp. 2661-2674, 2013.
systems, and the simulation results show that the deep [13] W. L. Al-Yaseen, Z. A. Othman, and M. Z. A. Nazri, "Multi-level
hybrid support vector machine and extreme learning machine based on
learning algorithm has a better performance than traditional modified K-means for intrusion detection system," Expert Systems
methods. The simulation using the NSL-KDD dataset shows with Applications, vol. 67, pp. 296-303, 2017.
the high accuracy of DNN for intrusion detection on the [14] N. B. Idris and B. Shanmugam, "Artificial intelligence techniques
transport layer of the IoT environment. The performance of applied to intrusion detection," in 2005 Annual IEEE India
the DNN model in distinguishing anomaly from normal is Conference-Indicon, 2005, pp. 52-55: IEEE.
[15] A. Javaid, Q. Niyaz, W. Sun, and M. Alam, "A deep learning approach
better than other machine learning methods, such as for network intrusion detection system," in Proceedings of the 9th EAI
decision trees. The overall accuracy rate of the DNN model International Conference on Bio-inspired Information and
is 98%, which demonstrates the viability of deep learning Communications Technologies (formerly BIONETICS), 2016, pp. 21-
algorithms for IDS of IoT devices. However, some issues 26: ICST (Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering).
need to be addressed in future work. Some rare attack types
[16] W.-C. Lin, S.-W. Ke, and C.-F. Tsai, "CANN: An intrusion detection
cannot yet be detected with enough accuracy, although the system based on combining cluster centers and nearest neighbors,"
DNN model has a high accuracy rate in distinguishing the Knowledge-based systems, vol. 78, pp. 13-21, 2015.
more common attack types. This area needs more research. [17] M. Pipattanasomporn, H. Feroze, and S. Rahman, "Multi-agent
systems in a distributed smart grid: Design and implementation," in
Power Systems Conference and Exposition, 2009. PSCE'09.
ACKNOWLEDGMENT IEEE/PES, 2009, pp. 1-8: IEEE.
[18] S. Wang, J. Wan, D. Zhang, D. Li, and C. Zhang, "Towards smart
Authors would like to thank Charles Darwin University factory for industry 4.0: a self-organized multi-agent system with big
for supporting this research work. data based feedback and coordination," Computer Networks, vol. 101,
pp. 158-168, 2016.
REFERENCES [19] V. Mnih et al., "Human-level control through deep reinforcement
[1] M. S. Alnaghes and F. Gebali, "A Survey on Some Currently Existing learning," Nature, vol. 518, no. 7540, p. 529, 2015.
Intrusion Detection Systems for Mobile Ad Hoc Networks," in The [20] J. Schmidhuber, "Deep learning in neural networks: An overview,"
Second International Conference on Electrical and Electronics Neural networks, vol. 61, pp. 85-117, 2015.
Engineering, Clean Energy and Green Computing (EEECEGC2015), [21] A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou, "Hawk:
2015, vol. 12. The blockchain model of cryptography and privacy-preserving smart
[2] C. Gomez, A. Arcia-Moret, and J. Crowcroft, "TCP in the Internet of contracts," in 2016 IEEE symposium on security and privacy (SP),
Things: from ostracism to prominence," IEEE Internet Computing, vol. 2016, pp. 839-858: IEEE.
22, no. 1, pp. 29-41, 2018. [22] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed
[3] L. Santos, C. Rabadao, and R. Gonçalves, "Intrusion detection systems analysis of the KDD CUP 99 data set," in Computational Intelligence
in Internet of Things: A literature review," in 2018 13th Iberian for Security and Defense Applications, 2009. CISDA 2009. IEEE
Conference on Information Systems and Technologies (CISTI), 2018, Symposium on, 2009, pp. 1-6: IEEE.
pp. 1-7: IEEE. [23] L. Dhanabal and S. Shantharajah, "A study on NSL-KDD dataset for
[4] E. Hodo et al., "Threat analysis of IoT networks using artificial neural intrusion detection system based on classification algorithms,"
network intrusion detection system," in Networks, Computers and International Journal of Advanced Research in Computer and
Communications (ISNCC), 2016 International Symposium on, 2016, Communication Engineering, vol. 4, no. 6, pp. 446-452, 2015.
pp. 1-6: IEEE.
[5] H. Bostani and M. Sheikhan, "Hybrid of anomaly-based and
specification-based IDS for Internet of Things using unsupervised OPF

Authorized licensed use limited to: Consortium - Algeria (CERIST). Downloaded on April 18,2023 at 22:56:24 UTC from IEEE Xplore. Restrictions apply.