Internet of Things expands the boundaries of the Internet to encompass many devices with constraint computational and power capabilities. This limits the implementation of security techniques such as Intrusion Detection Systems. In this paper, we propose a novel classification algorithm specifically designed for Internet of Things Intrusion Detection Systems. Our solution consists of two distinct layers. First, we employ a Negative Selection algorithm for creating a training set based only on the knowledge of the normal network behavior. Based on this data we train a simple Neural Network that is used to do the actual classification. This multilayer approach allows to distance the training complexity from the computationally and power constrained IoT devices. Furthermore, the addition of Negative Selection layer allows us to train a Neural Network only based on the self/normal behavior of the network, without the need for nonself/attack data. We call this algorithm Negative Selection Neural Network (NSNN). We test the algorithm against the KDD NSL dataset. The test results lead to the conclusion that the proposed algorithm is capable of functioning as network intrusion detection classifier.

• Marin Pamukov
• Vladimir Poulkov
• Vasil Shterev

Proceedings of International Conference on Telecommunications and Signal Processing (TSP), Athens, Greece, July 2018, pp. 636-640, DOI: 10.1109/TSP.2018.8441338.

https://ieeexplore.ieee.org/document/8441338