Review Article

Hindawi
Computational Intelligence and Neuroscience

Volume 2023, Article ID 8981988, 24 pages
https://doi.org/10.1155/2023/8981988
Review Article
A Comprehensive Survey on Machine Learning-Based Intrusion
Detection Systems for Secure Communication in
Internet of Things
S. V. N. Santhosh Kumar ,1 M. Selvi ,2 and A. Kannan 2
1
School of Information Technology and Engineering, Vellore Institute of Technology, Vellore, India
2
School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India
Correspondence should be addressed to S. V. N. Santhosh Kumar; santhoshkumar.svn@vit.ac.in
Received 8 October 2022; Revised 3 December 2022; Accepted 10 December 2022; Published 27 January 2023
Academic Editor: Anastasios D. Doulamis
Copyright © 2023 S. V. N. Santhosh Kumar et al. Tis is an open access article distributed under the Creative Commons
Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is
properly cited.
Te Internet of Tings (IoT) is a distributed system which is made up of the connections of smart objects (things) that can
continuously sense the events in their sensing domain and transmit the data via the Internet. IoT is considered as the next
revolution of the Internet since it has provided vast improvements in day-to-day activities of humans including the provision of
efcient healthcare services and development of smart cities and intelligent transport systems. Te IoT environment, by the
application of suitable security mechanisms through efcient security management techniques, intrusion detection systems
provide a wall of defence against the attacks on the Internet and on the devices connected with Internet by efective monitoring of
the Internet trafc. Terefore, the intrusion detection system (IDS) is a resolution proposed by the researchers to monitor and
secure the IoT communication. In this work, a meticulous analysis of the security of IoT networks based on quality-of-service
metrics is performed for deploying intrusion detection systems by carrying out experiments on secured communication and
measuring the network’s performance based on comparing them with the existing security metrics. Finally, we propose a new and
efective IDS using a deep learning-based classifcation approach, namely, fuzzy CNN, for improving the security of commu-
nication. Te major and foremost advantages of this system include an upsurge in detection accuracy, the accurate detection of
denial of service (DoS) attacks more efciently, and the reduction of false positive rates.
1. Introduction of service (DoS) attack [8] which can exhaust both the
network and device resources [9] such as energy in the IoT
Te Internet of Tings (IoT) is the next revolution of the environment. From the literature, we see that security in IoT
Internet, where the smart objects are connected and man- is provided in many works by using cryptography-based
aged using remote way through the Internet [1] as a security mechanisms [10] such as symmetric key crypto-
backbone. Events in the deployed IoT environment are systems and public key cryptosystems [11].
sensed by the devices [2]. Due to the resource restraint Since the IoT devices are resource inhibited, the use of
nature [3] of sensors in the IoT and the environment where cryptographic techniques in IoT security [12] results in
they are deployed, the provision of efcient security is be- signifcant communication and computation overhead. Te
coming a major challenge [4]. Te deployment environment design and deployment of intrusion detection systems
of IoT devices is susceptible to several types of attacks [5] by (IDSs) are able to solve this issue. Terefore, IDSs have been
intruders such as hackers, malicious software, and viruses used widely for monitoring and noticing impostors in IoT
[6]. Te main aim of these intruders is to launch various environments in order to provide efcient security in IoT
forms of attacks which lead to the breach of data integrity in communication [13, 14]. An IDS is a software which is
the network [7]. Moreover, the intruder can launch a denial running on the devices of IoT. Te IDS monitors the
2 Computational Intelligence and Neuroscience
behaviour of the devices in the network and identifes the overall network throughput are used for efective mea-
malicious activities, if any, that are carried out by the devices. surement of QoS and also for comparative analysis.
When the intrusion (attack) is detected [15], it informs the Intrusion detection systems (IDSs) are powerful
device administrator, who takes the necessary actions to mechanisms [41] used on the Internet to identify the
prevent such intrusions by isolating the malicious devices. In anomalous behaviour of attackers based on their malicious
this way, the IDSs are useful to ensure device security in the activities. In this scenario, the IDSs must be developed not
IoT environment [16]. Intrusion detection systems are only to detect the known types of malicious attacks but also
broadly categorized into two classes [17] depending on the to detect the new types of attacks carried out on the data
type of intrusions explicitly, anomaly-based intrusions and communicated through the Internet using diferent ap-
fraud-based intrusions. Te anomaly intrusions are carried proaches. Terefore, both the IDSs that are either existing in
out by the external attackers. On the other hand, misuse the literature or that are being proposed newly must be
intrusions are carried out by the internal members of the IoT evaluated for their capabilities with suitable metrics such as
system who are provided with security credentials by the detection accuracy, false positive rate, and error rate. A
system administrator. realistic IDS evaluation needs to be tested with both
In another categorization performed depending on the benchmark datasets and also real datasets. Here, the
type of intrusions, the IDSs are categorised into four, benchmarking datasets are the most important basis since
namely, IDS based on signature, IDS based on anomaly [18], such datasets are created using large amounts of network
IDS based on specifcation [19, 20], and hybrid approach- data by using efcient construction methods and tested with
based IDS [21]. In IDS based on signatures [22], for each real systems for statistical signifcance, fair comparison, and
attack to be detected, it describes the attack pattern. In this validation of computational methods. When a newly pro-
scheme, a trigger message is raised when the attack matches posed machine learning algorithm is evaluated with the
the described pattern. By using this type of IDS, the known given dataset, the capability of the detection algorithm is
types of attacks can be detected more efciently. Te next demonstrated with high accuracy. Such algorithms are tested
category is anomaly-based IDS. In this scheme, data about with real network environment also; they provide a similar
the normal behaviour of the devices are obtained and values performance. Terefore, it is necessary to test a new clas-
are set. If the device behaviour values, the IDSs consider it as sifcation algorithm not only by varying the number of
suspicious behaviour [23, 24]. features but also by evaluating them using benchmark
Te anomaly IDS is making use of the location and datasets.
temporal constraints to identify the malicious devices. Te frst dataset used in the evaluation of IDSs is the
Diferent types of attacks are in communication such as DoS DARPA KDD 98 dataset. Tis was later extended to form the
attacks [25–27], Sybil attacks [28, 29], selective forwarding KDD’99 Cup dataset [42, 43]. Tis dataset consists of
attacks [30–32], worm whole attacks [33], black hole attacks connection records that were created by considering various
[34–36], sink hole attacks [37–39], jamming attacks, and combinations of attack types and also by including the
false data injection attacks [40]. Terefore, many investi- normal class, and they were used as the benchmark dataset
gators paid their thoughts in the detection of one or more of for evaluating any network-based IDS. Tis dataset was
these attacks by proposing diferent methods for intrusion developed by them by collecting and establishing their
detection and prevention. However, the user community is handmade and diverse test bed consisting of honeypots.
interested in knowing the most suitable method from all Other types of datasets that were created for the efective
these methods for protecting their IoT environment, as there evaluation of IDSs include the ISCXIDS 2012 dataset called
are no standard guidelines and suggestions provided in the the intrusion detection evaluation dataset proposed by
literature for choosing the most suitable approach for in- Shivari et al. [44, 45], the realistic dataset generated by
trusion discovery and inhibition for IoT applications. Te Haider et al. [46, 47], which was developed and validated
current need of the IoT community is the availability of a using fuzzy rules, and fnally the cloud intrusion detection
single work that analyses all the prevailing IDSs for IoT and dataset (CIDD) developed in 2017 by the Canadian Institute
afords suitable guidelines and recommendations for for Cyber Security [48].
selecting the best scheme for safeguarding their application. In this work, the evaluations were carried out uniformly
Measuring the QoS is an imperative and challenging using the benchmark dataset KDD’99 Cup dataset which is
task. Many research studies used the false positive rate as an discussed in [43, 49], and also, the works were validated
important metric for measuring the amount of security using real network trace data. One of the major reasons for
provided by IDSs. However, the attackers are carrying out selecting the KDD Cup 99 dataset for evaluation of the IDS
the attacks to reduce the network performance and to systems is that it was the widely accepted benchmark dataset
consume the network resources for denying the opportu- used in most of the research works on IDS. Tis dataset
nities to legitimate users from network access. Tis can be consists of 41 attributes in which 38 are numeric attributes
reduced more efectively by measuring the network capa- and the other 3 are symbolic attributes. Some of the attri-
bilities and the service provided by the IoT. Te measure- butes of this dataset are the duration attribute that describes
ment can be more efcient if and only if suitable metrics the time duration (number of seconds), the network con-
such as packet delivery ratio, delay, energy consumed, nection duration attribute which is a continuous data at-
packets expected and accelerated by the nodes, and the tribute, and protocol_type (A discrete data attribute
Computational Intelligence and Neuroscience 3
describing the transport and network layer protocols) in- not uniform and hence lacks in security provision. Helai [74]
cluding TCP and UDP. suggested a signature-based IDS by applying data mining
In this paper, a survey of IDSs developed for securing the techniques. In this system, classifcation and pattern rec-
Internet communication is presented, discussed, and ognition methods have been employed to make a distinction
compared. Te major contribution of this paper is that it not on the normal behaviour from the abnormal behaviour of
only proposes a new intelligent IDS but also provides a the devices, and hence, it improved the detection accuracy.
comprehensive survey and comparative analysis of intrusion However, this system is not suitable for an IoT environment
detection systems present in the literature and hence sug- since it involves more computational overhead.
gests suitable methods and works that can increase the Kolias et al. [75] proposed a security system which uses
security of IoT networks. IoT attacks originate from the swarm intelligence in the development of the IDS. Te
Internet, and therefore, this work includes attacks on parallel nature of SWAM intelligence has decreased the
computer networks, including both wired and wireless training time and hence improved the quality-of-intrusion
networks with and without mobility [50]. It considers both detection in many situations. However, the behaviour of the
acknowledgement-based schemes and machine learning- rules generated in this system was not uniform, and a small
based intelligent approaches that are used to increase the change in one rule afected the others. Jaisankar et al. [76]
security of the devices. carried out an investigation to IDS. In this work, they used
Te most important contribution of this paper is that it fuzzy rough sets [77] for performing outlier detection-based
proposes a new intelligent IDS by extending the convolution intrusion detection. Gendreu and Moorman [78] have
neural network (CNN) with fuzzy rules for accurate decision carried out a survey of IDS developed in the past for pro-
making [51, 52]. Moreover, this work evaluates the existing viding security to IoT. In this survey, the authors highlighted
IDSs that are also using fuzzy variables and compares them the general process of IDS and the current research chal-
and detection time by employing suitable evaluation metrics lenges of IDS in the IoT. Moreover, the requirements for
such as false positive rate, energy consumed, packet delivery developing the quality IDS in an IoT environment are
ratio, delay analysis, network throughput, and error rate in explained in this work. However, the latest trends and attack
the IoT environment. Finally, it provides recommendations patterns necessitate further analysis, and new techniques are
for choosing the best methods for designing and prevention, necessary.
which are demonstrated through measurements and met- Tangaramya et al. [79] proposed a secured model for
rics, as well as the new IDS proposed in this work for IoT outlier detection for wireless sensor networks. Tis article
networks. highlighted the open research challenges and provided the
scope for future improvements in the methods used in the
2. Literature Survey development of security in communication. Ammar et al.
[80] explained the need for enhancing the security of IoT by
Security of communication can be provided by using various providing security solutions for IoT. Tis work highlighted
methods including access control [53], optimization-based the basic idea for developing third-party security applica-
secure routing techniques [54], agent-based methods [55], tions. Yang et al. [81] proposed a security model that
temporal analysis [56], intrusion detection techniques de- analysed the security and privacy issues of the IoT. In this
veloped for feature selection and classifcation, key man- work, they have analysed the security issues on four layers.
agement techniques, encryption and decryption methods, However, the detection and prevention measures for the
trust management techniques, frewalls, and application attacks occurring in various layers are not provided in this
considerations [57–65]. Various authors have proposed a work. Kouicem et al. [69] provided an inclusive investigation
variety of mechanisms for providing security in IoT envi- on reliability issues in the IoT. Tey explained the use of
ronments through IDS. In this section, the review of articles SDN since it is able to preserve both security and privacy
by various authors on IDS in the IoT has been provided with more efciently. However, they have observed that most of
suitable analysis to highlight their benefts and limits in the the existing approaches involve more computational com-
feld of IDS in the IoT [66–70]. Owais et al. [71] suggested a plexities and overheads.
genetic algorithm-based [72] IDS for IoT. Moreover, their From the related works, the research gaps identifed are
proposed algorithm generates intelligent rules for analysing that most of the prevailing IDSs presented in the literature
the behaviour of the connected devices, so that it is possible are generic in nature, focusing on network security, and
to flter the malicious contents and also identify the mali- most of them do not focus on the use of deep learning-based
cious links present in the connected devices. Te limitation computational intelligence for developing a reliable intru-
of this work is that it has signifcant computation overhead sion detection system. Terefore, they are not appropriate
and unknown attacks are not detected by this system ac- for providing efcient security in the IoT environment. Te
curately. Wang et al. [73] proposed the use of the hidden need of the current IoT communication is the provision of a
Markov model (HMM) for developing IDS. In their work, fexible and more efcient security mechanism that can fnd
they considered efciency, speed, and precision as the op- the known as well as novel types of attacks and prevent them
timized parameters for evaluating their IDS. Teir proposed more intelligently using artifcial intelligence (AI) and
technique is to detect the intrusions based on anomalous machine learning (ML) techniques [82]. In this work, we
behaviour. Even though this system uses a statistical ap- propose a new intelligent IDS by performing feature ex-
proach to handle novel situations, the detection accuracy is traction, feature selection, and intelligent classifcation by
IDs in IoT
Based on Intrusion Detection Based on Detection based on

detection mechanism network structure attacks
1. IDS based on Anomaly 1. Centralized IDS 1. Denial of Service Attack

2. IDS based on Signature 2. Distributed IDS 2. Replay attack
3. IDS based on Specification 3. Hybrid IDS 3. Sybil attack
4. Hybrid IDS 4. Wormhole attack
5. False data attack
6. Jamming attack
Figure 1: Taxonomy of IDS in IoT.
extending the CNN classifer with a fuzzy rule-based ap- 4. Classification of IDS in the IoT
proach in which the fuzzy inference system identifes the
intruders more efectively through efcient rule matching Figure 1 shows the taxonomy of IDS in IoT. Te IDSs in the
and also by performing deductive inference. Moreover, a IoT are categorized into three groups, namely, IDSs based on
comprehensive survey of IDSs in the IoT is also carried out the intrusion detection mechanism used [14, 85–88], IDSs
in this work, which highlights the advantages and limitations where the detection is based on network structure, and IDSs
of the prevailing IDSs available for the IoT environment and developed by focusing on attack types.
compares them with the proposed work. Te major con- Te IDS-based mechanism is further subdivided into
tributions of this work include the comprehensive literature four categories, namely, anomaly detection, signature de-
survey, the identifcation of suitable metrics for comparison, tection, and specifcation and hybrid IDS. Te IDS detection
the measurement of various parameters more efciently by based on network structure is further classifed into CIDS,
identifying the granularity of the measurement, and fnally DIDS, and HIDS. Te intrusion detection based on attacks is
the proposal of a new IDS using deep learning techniques. further classifed into IDS for detecting denial of service
Based on the experiments carried out in this work, it is found attacks, reply attacks, Sybil attacks, wormhole attacks, false
that the proposed intelligent IDS is more efective in terms of data injection attacks, and jamming attacks.
intrusion detection rates and also in the reduction of false
positive rates.
4.1. IDS Based on Anomaly Detection. Anomaly intrusion
3. Intrusion Detection Systems for detection is a technique [89, 90] used to diferentiate the
IoT Communication normal behaviour of the devices from the abnormal be-
haviour. To detect the intrusion based on an anomaly, the
Te IDS in IoT is classifed into three groups built on their behaviour of the devices is compared with the normal be-
deployment, namely, the centralised IDS (CIDS), distributed haviour and a threshold (TH) value is used to fnd out if
IDS (DIDS), and hybrid IDS (HIDS). In CIDS, the analysis is there is any deviation by a device that exceeds the threshold.
carried out only on centralized servers, where they control all Such a device will be labelled as a suspected device and will
the devices present in the network. In this scheme, the IDS is be observed over a period of time. If the anomaly in the
normally placed on a centralized point of control for the behaviour continues in a device, it will be treated as a
devices [79] like end servers, cluster heads, and routers [83]. malicious device and will be isolated from communication
Te IDS analyses the data available in the network trafc to with other devices. Various authors have proposed diferent
detect intrusions [84]. Te next type of IDSs used in IoT techniques for providing security to the IoT environment
security is the distributed IDSs. In this scheme, the IDSs are based on anomaly detection.
deployed on the sensing nodes in the IoT devices. Each of the Fu et al. [91] proposed an IDS technique on detecting
sensors will be able to analyse the sensed data to identify the various attacks that was developed using the mining tech-
behaviour of the nodes in IoT devices in order to detect the nique. Tey have employed intrusion semantic techniques to
intrusions. Te hybrid IDS is a collective mixture of cen- detect the misbehaviour of the devices in an IoT environ-
tralized and distributive IDSs. Te concept of this scheme is ment. Teir proposed system uses slice time window
that the IDS is placed both in centralized servers and also in technique for accomplishing the intrusion detection. In this
the sensing devices present in the IoT environment. Te technique, the collected information about the devices is
advantage of hybrid IDS is that intrusions can be detected classifed based on time analysis. In this system, the anomaly
both in the centralized server and also in the sensing devices is detected by equating the existing data with the normal
[80]. profle and checking whether there is a deviation. If the data
are inconsistent, then it is considered as intrusion. Tis identify only a limited number of known attacks in the IoT
technique has been evaluated based on theoretical analysis. environment.
However, there exists signifcant complexity in the com- Pongle and Chavan [33] proposed an IDS which is able
parison of data in real time, and hence, the network life is to identify the worm hole assault based on their neighbour
afected considerably. Ding et al. [92] suggested an inno- device and location information. Te advantages of this
vative theory-based technique to detect the anomalies of method are its energy efciency and real-time intrusion
devices in an IoT environment. In this system, information detection capability. Moreover, the proposed intrusion de-
security is provided to the devices which utilize most net- tection system improves QoS by decreasing packet overhead
work resources. Te proposed system monitors malicious and improving the packet delivery ratio. Moreover, the
devices in order to identify selfsh devices and intruders. proposed method is able to detect only a single type of attack
Moreover, in this game-based model, each of the devices is which can be either known attacks or unknown attacks.
allowed to use an optimal quantity. Te devices utilize the Cervantes et al. [97] proposed an efcient IDS which is able
network resources during data transmission to monitor and to identify sinkhole attacks using watchdog and trust [98]
ensure against malicious devices which can cause vulnera- management mechanisms to monitor the behaviour of the
bility to the network. Te advantage of this system includes devices in an IoT environment. Te advantages of this
its ability to detect the normal behaviour in the system. Te method are that it optimizes both network and system
constraint of this model is the lack of required detection energy efciency and improves QoS in the network in terms
accuracy. of minimizing packet and routing overheads, and it increases
Ragasegarar et al. [93] proposed distributed anomaly the packet delivery ratio. Moreover, the proposed method
detection architecture for providing security to the devices. has low false-positive and false-negative rates. However, this
In this architecture, the grouping of devices is made using a model is able to detect only a limited number of attacks.
hyperellipsoidal plane method. Te information available on Moreover, the proposed IDS is complex in terms of high
each device is used to detect the neighbourhood behaviour computation overhead which is not desired in the IoT.
with respect to the abnormality of the devices both locally Summerville et al. [99] suggested a lightweight intrusion
and globally that are present in the group. Te devices collect detection outline which is able to detect the various attacks.
the information available to identify the local and global Te proposed system detects the intrusions using deep
abnormalities in the behaviour of the devices. Moreover, packet analysis and the intrusion detection scheme is
when the devices sense the data from the sensing domain, deployed in the IoT devices. Te advantage of this method
anomalies are detected based on the collected data. Te lies in its accurate intrusion detection capability. Moreover,
advantages are the upsurge in network life time and re- the proposed IDS is lightweight in nature and has a low false
duction in computation overhead. Te main limitation is the positive intrusion detection rate. It enhances the QoS by
reduction in intrusion detection accuracy when the width of reducing the communication overhead in the network. On
the hyperellipsoidal plane is expanded. Chen et al. [94] the other hand, there exist signifcant computation and
proposed a fusion-based protective technique to provide communication overheads during packet classifcation
better defence against the attacks caused by the intruders. In which consumes more energy and time. Moreover, the
this method, each device sends a one-bit message to the proposed IDS can only detect the known types of assaults
fusion cache for intrusion detection. Te beneft of this which can be detected from the routed packets sent from the
method is that it is robust by nature. Moreover, the proposed other devices in the IoT environment. Eliseev and Gurina
method is not accurate in detecting unknown types of [100] proposed an intrusion scheme which is able to observe
attacks. the abnormal behaviour of the devices in the IoT envi-
Ham et al. [95] suggested an efcient anomaly-based ronment. Teir proposed intrusion system uses a correlation
intrusion detection technique to detect malware in the function which is based on the request–response method.
android operating system using a linear support vector Te beneft of the planned method is that it is lightweight in
machine. Te benefts of this method are that it afords nature and thereby consumes only the optimal quantity of
true positive and intrusion detection accuracy when it is resources in the network. Moreover, their suggested in-
equated with other existing approaches. Te limitations trusion detection scheme ofers an improved accuracy rate.
are the existence of signifcant overhead in terms of Te limitations are its queuing delay and communication
computation. Moreover, the proposed method requires delay. Furthermore, the suggested IDS is complex in terms of
heavy implementation which can exhaust both the net- computational overhead which may exhaust the network
work and system resources of the devices in an IoT en- resources quickly.
vironment. Wang et al. [96] proposed an efcient security Grgic et al. [101] suggested a security framework for
mechanism which can train and detect the intrusions in devices in the IoT which can identify the malevolent nodes in
IoT devices in large scale to provide efcient IoT security IPV6-based distributed systems. Te proposed framework
services. Te advantages of this method are in its ability to monitors the anomalous behaviour of the devices using
provide efcient intrusion detection at real time with collaborative processing to identify the attack. Te advan-
better accuracy. Moreover, this method optimizes both tages of the system framework are its energy efciency and
system performance and network life time. Te limita- better intrusion detection accuracy. Te limitations are its
tions are that it consumes more energy and will exhaust high false positive rate and that it will be able to detect only
both network and system resources. Moreover, it is able to known types of assaults in an IoT environment. Sonar and
Upadhyay [102] designed a system which can identify high intrusion detection accuracy with fxed, generated
various attacks using intellectual agents. In this model, the attack signature patterns. Moreover, it is scalable and en-
intelligent agents [103] are placed in the network server, and sures better memory utilization. Te limitations are that it
gateway devices are used to monitor the behaviour of in- can only detect a fnite number of known attacks based on
coming data trafc. Te proposed system employs a blacklist the pregenerated signature patterns. Moreover, the proposed
and greylist colour diferentiator to show the diference system cannot be implemented in real time.
between malicious devices and legitimate devices. Te ad- Sun et al. [108] proposed an intrusion detection
vantages of their work are its low false high true positive rate. scheme which is able to detect malicious assaults using
Moreover, the proposed work has better intrusion detection cloud eye in an IoT-based cloud environment. On the
accuracy. Te limitations are that the proposed IDS will not device side, the cloud eye uses an intelligent lightweight
be viable for implementation in a reasonable amount of time agent scanner to detect the malicious data from the in-
and it does not provide device scalability. coming data packets. Te server side of the cloud eye
Hodo et al. [104] suggested a system which can detect consists of a large database which can store the predefned
distributed DoS attacks using a three-layer artifcial neural attack patterns and is updated periodically. Teir system
network (ANN). Four nodes act as the client, and one node employs Suspicious Bucket Cross Filtering (SBCF) to
acts as the server to perform data analytics. Te server acts as detect the malicious data from the data packets. Te type
a sink which receives the requests from the clients and of attack is identifed based on matching patterns with a
responds to their requests. Te advantages are that an expert predefned attack signature pattern. Te advantages of this
system is built using a knowledge-based approach to ef- system are that it provides trusted and secured services
ciently analyse and detect DDoS attacks from the data [109] without compromising privacy. Moreover, the
packets which have been received from the server. Moreover, proposed intrusion detection system provides better re-
the proposed model optimizes the resources in real time and source optimization and can efciently detect attacks with
has a better ability to detect the malicious activities of the limited predefned pattern signatures. Te limitations are
nodes. Te limitations are that intrusion detection accuracy that it consumes more memory and has the ability to
depends on probability estimation. Moreover, the expert detect only a limited number of known and familiar at-
system that uses the knowledge base should be trained more tacks based on the pregenerated signature patterns. Ta-
accurately to get better results. Table 1 gives the comparison ble 2 shows the comparison of various IDSs developed
of diferent IDSs based on anomaly detection. based on the signature patterns.
4.2. IDS Based on Signature. An IDS based on signature 4.3. IDS Based on Specifcation. IDS based on specifcation
provides better defence against the various network attacks detects the intrusion specifcation normally. Te detected
based on the generated signature. In this system, the current intrusions are captured by the legitimate system for further
behaviour of the network is matched with the malicious analysis. In the past, many researchers have designed many
attack patterns to trace the type of attacks generated by the IDSs based on their specifcations to provide enhanced
intruder. Many authors have proposed methods for pro- security to the IoT environment. Some of IDSs based on its
viding security to IoT environments using a signature-based specifcation are discussed in this section. Misra et al. [110]
intrusion detection approach. planned an IDS with the service oriented architecture (SOA)
Amin et al. [105] suggested a signature for securing the model in the IoT environment. In this IDS, the SOA is
Internet-protocol-based ubiquitous sensor networks. In this confgured to act as middleware to provide the services to the
IDS, the signature for various attack patterns are generated. IoT applications. Te proposed IDS sends a DALERTcontrol
Te generated attack patterns are stored as an array and kept message to all the available nodes. When the requests by the
in the bloom flter. When the data packets enter the bloom particular devices to middleware exceed the limit which is set
flter, it matches the attack pattern and flters them. Based on as threshold value, the system detects the possibility of
the pattern match, the type of attack is detected. Te ad- vulnerability in the network. Based on this information, the
vantages of this method are that it has a lower false alarm network administrator detects the intrusions. Te limita-
rate and provides better intrusion detection accuracy. tions are it has high false positive rate and it cannot be
Moreover, the proposed model is lightweight in nature, and implemented in the real time. Moreover, this IDS can be able
hence, it can perform better optimization [106] of the to detect only the intrusions and it is not able to confrm the
network resources. Te limitations are that it can only detect attack. Murynets and Jover [111] designed an intrusion
a fxed pattern of attacks. Moreover, there is communication detection system which is able to detect intrusions from
overhead during data transmission from nodes to the bloom short message sender (SMS) by using volumetric and
flter. Oh et al. [107] designed an IDS, which can identify the content-based techniques. Te aim of volumetric analysis is
various attack patterns using a matching engine. Here, the to detect the intrusion based on the deviation of the pre-
matching engine uses auxiliary shifting for the early iden- defned pattern. Te main aim of the content-based algo-
tifcation of attacks. By doing so, the attacks can be early rithm is to track the devices in the IoT environment. By
detected based on the matching pattern and can terminate muting these two algorithms, the independent DoS attack
the attack as early as possible. Te advantages of the system can be detected efciently. Te advantages of these IDSs are
are that it has improved computational complexity and has that they provide better intrusion detection accuracy. Te
Table 1: Comparison of diferent intrusion detection systems based on anomaly detection.

Author name Mechanism used Advantages Limitations
(1) Not suitable to handle unknown
(1) Adaptive in nature
Anomalies detection based on hierarchical type of attacks
Fu et al. [91]
distributed scheme (2) Low false positive rate
(2) High latency
(3) Less resource consumption
(1) High intrusion detection
Providing security with non-cooperative based (1) Low combination for IoT
Ding et al. [92] accuracy
game theory devices
(2) Low computation overhead
(1) Better intrusion detection
accuracy
(1) Intrusion accuracy deviates
Rajasegarar et al. Hyperellipsoidal cluster-based anomalies (2) Low communication
when width of hyperellipsoidal
[93] detection overhead
plane expands
(3) Better utilization of network
resources
(1) Network tropology known to
(1) Better robust in nature
attackers
Fusion-based intrusion defence mechanism to
Chen et al. [94] (2) Detects only limited number of
limit the attack damage (2) Low communication
known attacks
overhead
(3) Complex implementation
(1) Better true positive rate and
(1) More overhead
low false alarm
Ham et al. [95] Direct SVM built android malware detection (2) Complex implementation
(3) Detects only limited number of
accuracy
assaults
(1) Intrusion detection based on (1) Only detects the limited set of
real time attacks
Detecting intrusion based on online for large (2) Better optimization of
Wang et al. [96]
scale IoT devices network resources
(2) Complex implementation
(3) Better computation
overhead
(1) Better energy efciency (1) High false positive rate
Pongle and Wormhole detection attack based on node (2) Low overhead
(2) Only known type of attacks are
Chavan [33] location and information from neighbour nodes (3) Better intrusion detection
detected
accuracy
(1) Can only detects only known
(1) Better resource utilization
Cervantes et al. types of attacks
INTI based sink hole attack detection
[97] (2) Low false positive rate and
(2) High overhead
negative rate
(1) Lightweight IDS (1) Consumes more network
implementation resources
Correlation function-based anomalies detection
Eliseev and (2) High computation and
behaviour of the network server using the (2) Better reliability
Gurina [100] computation overhead
request-response method
(3) High intrusion detection (3) Fails to detect the unknown
accuracy types of attacks
(1) Detects only some limited
(1) Better energy efciency
number of known attacks
Malicious nodes detection in IPV6 IoT
Grgic et al. [101] (2) Better intrusion detection
environment using adaptive distributed systems
accuracy (2) Has high false positive rate
(3) Tolerant to device failure
(1) Cannot be implemented in real
(1) Has low false positive and
time
Sonar and Agent-based DDoS attack detection using the better true positive rate
(2) Not scalable in nature
Upadhyay [102] black list and grey list method
(2) Better intrusion detection (3) Only detects small number of
accuracy known attacks
(1) Knowledge-based expert (1) Probability-based estimation
system intrusion detection
(2) Better network resource
ANN based detection of DoS attacks in IoT
Hodo et al. [104] optimization
environment using MLP supervised learning (2) More training is needed to get
accurate detection of attacks
accuracy even with incomplete
data
Table 2: Comparison of IDS based on signature.

Authors Methodologies Advantages Limitations
(1) Moreover overhead due to
(1) Better false alarm rate
redundant data transmission
Amin et al. Network intrusion-based detection system (2) Better intrusion detection accuracy
[105] for IP-USN (3) Better optimization of network (2) Detects only limited number of
resources assaults
(4) Lightweight in nature
(1) Detects only limited set of fxed
(1) Low computational overhead
attacks
Oh et al. Pattern matching engine based malicious
(2) High intrusion detection accuracy
[107] node detection (2) Real time implementation is
with limited pregenerated signatures
not possible
(3) Scalable in nature
(1) Secured and trusted service with
(1) Consumes more memory
Sun et al. Malicious bodes detection system based on privacy
[108] cloud eye an antimalware detection system (2) Better time and space complexity (2) Detects only very few type of
(3) Better intrusion detection accuracy attacks
limitations are that it has complex implementation tasks and behaviour of all nodes to identify the nodes which drop
does not have the ability to detect intrusions in real time. packets. Te advantages of this IDS are its low storage and
Xia et al. [112] designed a new IDS which can identify the computational overhead. Te limitations are that intru-
node internal attacks in the IoT environment. Tis IDS has sions are not detected in real time. Moreover, intrusion
been designed along with a privacy aware routing protocol accuracy is inversely proportional to the total number of
which ensures the privacy of the nodes in the network. In the infected nodes. Fu et al. [115] proposed an IDS which can
route maintenance phase, the malicious activities are de- detect attacks using an automata model in the IoT en-
tected with the help of neighbour nodes and also based on vironment. Te proposed IDS has four main mechanisms,
the trafc analysis of the node’s past behaviour. Te ad- namely, event monitor, event data base, event analyser,
vantages are that it has better intrusion detection accuracy and response event. Te vital role of the event monitor is
and a low expectancy. Te limitations are its communication to check the activities in the network and transmit them in
and computation overheads. Moreover, the system can digital format to the event analyser. Te role of the event
identify only a restricted number of assaults. La et al. [113] database is to store the recorded events and diferentiate
proposed an IDS based on innovative model which can them into normal data and abnormal data. Te role of the
detect deceptive assaults. Te system employs honeypots as event analyser is to analyse the stored data, and it works
defence tool, which is capable of analysing the incoming data based on three submodules, namely, network structure
packets based on the predefned intelligent rules. Any sus- learning module, action fow abstraction learning module,
pected data packets are further analysed by the honeypots. and intrusion detection module. Te benefts of this IDS
Te advantage of this IDS is its better intrusion detection are its easy implementation and better intrusion detection
accuracy. Te limitations are its overhead in the intrusion rate. Te limitations are its communications overhead and
detection process which consumes more network resources increased resource consumption. Moreover, this IDS has
in the IoT environment. more delay and can be applied only to delay-tolerant
Ahmed and Ko [36] designed an IDS which can provide networks.
defence against the black hole attack. In local decision proce- Bose et al. [116] suggested an IDS which is able to detect the
dure, the data about relationships among the nodes is gathered selective forwarding attack in the IoT environment. Tis IDS
by the neighbours to detect the malicious behaviours. Te detects the intrusion in two ways, namely, CIDS and DIDS. In
validity of the malevolent nodes identifed at the local decision CIDS, the IDS is placed in the sink to detect the malicious nodes.
process is further verifed by the global node verifcation phase. In a distributed IDS, the intrusion detection scheme is located in
Te advantages of this IDS are its real-time intrusion detection the routing nodes. In this IDS, the nodes are monitored at two
and its intrusion detection exactness. Furthermore, the rec- places. Te frst level of monitoring is carried out by the router
ommended IDS has a better packet delivery ratio and provides nodes, and the second level of monitoring is carried out by the
good defence against black hole attacks in an IoT environment. sink. Initially, the router nodes checked the performance of their
Te limitations are that it is planned only to detect black hole neighbour and sent it to the sink. Te sink cross checks the
attacks and has high false positive and low true positive rates. behaviour of the nodes and identifes the nodes that drop
Moreover, the accuracy of IDS decreases as the count of infected packets frequently. Te nodes which release packets frequently
nodes increases. are called “malevolent nodes,” and they are isolated from the
Surendar and Umamakeswari [114] planned an IDS network. Te advantages of this IDS are its easy implementation
which can identify sinkhole assaults using intrusion de- with less complexity. Te limitations are its low intrusion de-
tection based on a constraint-based specifcation model tection accuracy and the fact that it consumes more network
with a request-response method in the IoT environment. resources. Moreover, the proposed IDS has high computation
Te observer node plays a vital role by checking the and communication overhead.
Table 3: Comparison of IDS based on specifcation.

(1) Better optimization of (1) High true positive and false
network resources negative rates
SOA-based attack detection based on the (2) Inability to detect the intrusion
Misra et al. [110]
system model in IoT environment (2) Better intrusion detection at the real time
accurateness (3) Implementation is very
complex
(1) Implementation is complex
Murynets and Jover Contact- and volumetric-based intrusion rate
[111] detection for SMS in IoT environment (2) Better resource
(2) Not a real-time IDS
optimization
(1) Better intrusion detection (1) Overhead in terms of
rate communication and computation
An incentive-based internal attack detection
(2) Low delay
Xia et al. [112] mechanism based on neighbour nodes to
(3) Provides trust-based (2) Can only detect the known
provide truthful information
security during intrusion number of limited attacks
detection
(1) Better intrusion detection (1) High overhead in terms of
Game theory model-based deceptive attack accuracy network resources
La et al. [113]
detection for honeypot-based IoT network (2) Real-time-based intrusion
(2) It has more coverage time
detection
(1) Real-time intrusion
(1) Tis IDS detects only black hole
detection with better
attack
accuracy
Detection of black hole attack using efcient
(2) Te intrusion accuracy
Ahmed and Ko [36] mitigations techniques for RPL networks in (2) Enhancement in packet
decreases when the number of
IoT environment delivery ratio (PDR)
infected nodes increases
(3) Overhead in terms of
(3) Better false positive rate
communication
(1) Better overhead in terms
Surendar and (1) Intrusion accuracy is indirectly
Specifcation based sink hole attack detection of storage
Umamakeswari et al. proportional with number of
in IoT networks (2) Better optimization of
[114] infected nodes
network resources
(1) Its easy implementation
(1) High consumption of network
and real time detection of
resources
intrusion
Automata model-based uniform intrusion (2) High latency and
Fu et al. [115] (2) Less complexity
detection in IoT networks computational overhead
(3) It has high false positive rate
when the percentage of infected
accuracy
node increases
(1) Better true positive rate (1) High consumption of network
with easy implementation resources
Sequential probability ratio test-based (2) Overhead in terms of
selective forward attack detection based on communication and has high
Bose et al. [116]
probability of packet drop in IoT delay
(2) Complexity is low
environment (3) False positive rate is high when
the percentage of infected nodes
increases
(1) Te intrusion detection
(1) Adaptiveness decreases when the volume of the
SFC and PCA algorithms-based attack data increases
Liu et al. [117]
detection in IoT environment (2) Better false data alarm
(3) Better intrusion detection (2) Resource consumption is high
accuracy
Liu et al. [117] have designed an IDS which can identify are employed for self-adjustment in the detection frequency.
the intrusion. Te proposed IDS classifes the data into low- Te advantages of this intrusion detection system are its high
risk and high-risk data. Moreover, SFC and PCA algorithms adaptiveness and better handling of false data alarm. Te
limitations are its false positive rate. Moreover, the intrusion extended to other networks. Moreover, the proposed IDS
detection accuracy decreases when the volume of the data can be implemented in real time and has a high positive
increases by the devices in IoT environment. Table 3 gives intrusion detection rate. Te limitations are that it consumes
the comparison of IDSs developed based on specifcation. more network resources and has improved communication
and computation overhead.
Matsunaga and Toyoda [121] designed an IDS which can
4.4. IDS Based on the Hybrid Detection Method. Te IDSs be able to detect the intrusion based on neighbour node
based on the hybrid method detect the abnormal behaviour broadcasting the latest rank based on the time stamp
of the nodes by combining the IDS based on anomaly de- method. Te system functions in two steps. In the frst step,
tection and signature generation. Te capability of the IDS is each node broadcasts its ranks to its neighbour nodes. In the
that it can identify the unknown types of attacks more ef- second stage, the time stamp has been attached to each node
fciently which were not detected in IDS-based anomaly to validate any anomalies. Te advantage of this IDS is that it
detection and signature generation. has more true positive intrusion detection rate, and it is
Various authors have proposed many IDSs based on the highly scalable in nature. Te limitations are it has overhead
hybrid approach to enhance the security of devices in the IoT in terms of computation and communication. Moreover, the
environment. Amin et al. [118] have designed the security proposed IDS consumes a lot of resources which afects the
framework which is able to detect attacks in the Internet network’s consistency.
protocol–ubiquitous sensor network (IP-USN). Te pro- Sedjelmaci et al. [122] suggested an IDS based on a game
posed framework works on two modules, namely, Internet theory approach with a hybrid intrusion detection method.
packet analyser (IPA) and the USN packet analyser. Te Te proposed IDS uses both anomaly- and signature-based
main aim of these modules is to provide efcient analysis of methods to detect intrusions in the network. Nash equi-
the incoming data trafc. IPA module is further subdivided librium (NE) is computed for all the nodes. Te computed
into two modules, namely, anomaly detector and pattern NE score and the type of intrusion detection method
classifer. Te vital role of the attack detector is to detect the employed are decoded. Te advantage of this IDS is that it
various behaviours of the devices. Te packet analyser de- has low overhead. Moreover, the system has an improved
tects the abnormal behaviour of the devices and maps it to intrusion detection rate and is lightweight in nature. Te
the predefned patterns using a machine learning algorithm limitations are that it has a high latency and complex
and groups them under a common label. Te advantages of computational overhead. Shreenivas et al. [123] suggested an
this IDS are its lightweight property and it has better false IDS where the attacks are detected based on EthereumX
error detection rate. Moreover, the proposed IDS has a high (ETX) value and geographical hints. Te proposed IDS uses
positive intrusion detection rate. Te limitations are the 6mapper to monitor the nodes behaviour in a directed
overhead of computation and the vulnerability to delay acyclic graph (DAG) based on calculated ETX values, and
during intrusion detection. the intrusion is detected. Te advantages of this IDS are its
Kasinathan et al. [119] have designed a security improved intrusion detection accuracy and its real-time
framework which can detect DoS attacks on the 6LoWPAN implementation. Te limitations are its increased false
(IPv6 over Low-Power Private Area Network) in the IoT positive intrusion detection accuracy.
environment. Te proposed framework efciently analysed Midi et al. [124] suggested an IDS which can detect
the incoming data packets in 6LoWPAN to detect the attacks based on expert knowledge driven in the IoT envi-
anomalies in the network. Once the intrusion is detected, the ronment. Te expert knowledge driven system monitors the
alarm is raised to the decision manager. Te DoS protection network to sense intrusions in the network. Te advantages
manager validates the intrusion with preloaded signatures of this IDS are its high intrusion detection accuracy and
which are stored in the database. If the detected anomaly better optimization of the network resources in terms of
matches with the predefned digital signatures. Te ad- RAM and CPU usage. Te limitations are its computation
vantage of this IDS is false intrusion detection rate that is overhead which afects the network performance consid-
decreased and improved availability. Te limitations are that erably. Sedjelmaci and Senouci [125] suggested an IDS which
this IDS can be implemented only to the network which is can detect wormhole and sinkhole attacks based on the game
operated only in dynamic topology. Moreover, the pre- theory model in the IoT environment. Te advantages of this
defned signatures are not updated frequently by the DoS IDS are its high intrusion detection accuracy and its
protection manager. lightweight nature. Moreover, the proposed IDS optimizes
Raza et al. [120] suggested an IDS which can identify the network resources. Te limitations are that it has compu-
assaults based on routing in the IoT environment. Te tational overhead which can afect the network performance
suggested IDS is designed using three modules. Te frst considerably. Table 4 gives the comparison of hybrid-based
module consists of 6LoWPAN mapper; the vital role of the intrusion detection methods.
module is to gather the information in the network. Te role
of the second module is to analyse the collected information 5. Proposed Model
and detect intrusions in the network. Te third module
comprises of distributed frewall; the abnormal activities Tis paper consists of two components, namely, the survey
enter into the network and also handle packet drops in the of related works and the proposed work. For the efective
network. Te advantages of it are that this IDS can be evaluation of the existing and proposed systems, the
Table 4: Comparison of hybrid-based intrusion detection methods used in the IoT environment.
(1) Better false intrusion
(1) Overhead in terms of computation
Detection of attacks using generalised architecture detection rate
Amin et al. [118]
for IP-USN in IoT environment (2) Better optimization of
(2) High latency
network resources
(1) Works only with the network with
(1) IDS based on real time
dynamic tropology
Detection of abnormal behaviour of nodes and
Kasinathan et al. (2) Better false intrusion
their matching signature using DoS protection (2) Te pregenerated signatures are
[119] detection alarm
manger not frequently updated by DoS
(3) Better resource
protection manager
optimization1
(1) Intrusion detection in (1) Resource consumption by the
Detection of routing attacks based on integrated
real time network is high
mini frewall-based anomaly detection and
Raza et al. [120] (2) Overhead is minimal
distributed frewall-based signature generation IDS (2) False intrusion detection rate is
(3) Better intrusion
in IoT environment high
detection accuracy
(1) High consumption of network
(1) Better overhead
resources
Detection of attacks based timestamp to detect the
Matsunaga and (2) False data intrusion
inconsistency of nodes during broadcast of rank to
Toyoda [121] detection is low (2) High overhead in terms of
the neighbour nodes
(3) Better intrusion computation
detection accuracy
(1) Better intrusion (1) High latency
detection accuracy (2) Computational overhead is high
Game theory-based efective attack detection using
Sedjelmaci et al. (2) Better false intrusion
anomaly and signature detection techniques for IoT
[122] detection rate (3) Network resources are not
networks
(3) Energy consumption optimized
by the nodes are high
(1) Intrusion detection in (1) High false positive intrusion
Shreenivas et al. ETX metric and geographical hints-based attack real time detection rate
[123] detection in IoT (2) Better power (2) Overhead in terms of computation
optimization and communication
detection accuracy
(2) Better utilization
Knowledge driven expect real time-based IDS for (1) Overhead in terms computation
Midi et al. [124] network and system
self-adapting IoT networks and communication
resources
(3) Low false intrusion
detection rate
detection accuracy
Sedjelmaci and Game theory-based worm hole, sink hole and black (1) Overhead in terms computation
(2) Delay is minimal
Senouci [125] hole attack detection in IoT environment and communication
(3) Network resource
consumption is low
following network set up has been used. Te simulation Te feature analysis subsystem computes the strengths of each
parameters are shown in Table 5. of the 41 attributes present in the dataset and provides a
Te overview of the intelligent IDS developed in this work is measured score in the form of an information gain ratio. Te
shown in Figure 2. Te developed model consists of 7 major feature selection subsystem selects the most contributing fea-
modules, namely, IoT IDS dataset, an administrator module, a tures with the help of the feature analysis subsystem and the
data preprocessing module, a classifcation module, a decision fuzzy inference system. Te selected features are given as
manager, a fuzzy inference system, and a knowledge base. In feedback attributes to the classifcation module. Te classif-
this work, the KDD cup 1999 dataset that consists of 41 features cation module analyses the features on its own and compares
has been used for developing the proposed system. Te ad- them with the features selected by the data preprocessing
ministrator module can be used as a user interface and also acts module. It applies fuzzy rules with the help of the fuzzy in-
as the intrusion prevention module whenever the decision ference system and the decision. Te decision manager has
manager provides reports on intrusion and intruders. Te data complete control over the system.
preprocessing module contains two submodules such as the Terefore, the decision manager coordinates with all the
feature analysis subsystem and the feature selection subsystem. other modules and makes the fnal decision on intrusions
Table 5: Simulation parameters.

Simulation parameters
Parameter name Parameter value
Network area (m2) 500 m × 500 m
No. of sensor nodes 50–500 nodes
Basic routing protocols LEACH protocol and AODV protocol
Mobility model (for mobile scenario) Random way point mobility model
Transport layer protocols TCP and UDP
Energy of nodes 2 J per node
Initial energy 0.5 J
Packet size 1024 bits
Eelec 50 nJ/bit
Data
IoT IDS Data set Admin Module Preprocessing
Module
Fuzzy Inference CNN

Decision Manager
System
Max Pooling Layers
Convolution Layers
Fuzzy Rule Manager
Knowledge Base
Fully Connected Layer

Fuzzification network
Rule firing
Rule Matching
Rule Extraction
Defuzzification
Figure 2: Architecture of the proposed system.
and notifes the intrusions and also about the intruders to the subsidizing features based on the sensitivity of the in-
administrator module for taking actions including pre- formation that is communicated through the IoT net-
venting the users and nodes from participation in the work. Based on the threshold and the information gain
communication. Te knowledge base present in this work ratio and the usage history of users, the feature selection
consists of domain rules, general rules, and fuzzy rules which algorithm selects the optimal number of features for the
are used by the decision manger and classifcation module particular application over the specifed duration of time
for making most efcient decisions. (Algorithm 1).
Table 6 shows the extracted dataset after applying the
intelligent feature selection algorithm. Initially, all 41 at-
5.1. Intelligent Feature Selection. Te intelligent feature tributes [127] from the IDS dataset were considered.
selection procedure [126] used in this work computes the Tese features are given as feedback to the deep fuzzy
information gain ratio for all the features present in the CNN proposed in this work. Moreover, the fuzzy CNN
dataset. It uses a threshold for choosing the most compares the given features with other features selected by it
Input: Intrusion detection Dataset for IDS, 41 features existent in the dataset from set, Fuzzy rules and Treshold (Tres).
Output: Selected features with ranks
Step 1: Initialize number of features NFS � {}
Step 2: Read the IDS dataset (IoT _DS), feature Set (FS1, FS2. . .. . ..FS41), fuzzy Rules (FR1, FR2. . ...FRn), Tres.
N � 71
Step 3: For i � 1 to N do//fnding the information gain ratio for the 71 features
Begin
Split (IoT dataset, AS1, AS2,. . .. . ..ASN, G1,G2)
j � i + 1;
Compute IGR values for all features (As1, AS2,. . .. . ...ASN) using the formulas
Info (G1) � − 􏽐m j�1 [freq(ASj, G1)/|G1|] log2 [freq(ASj, G1)/|G1|]
Info (G2) � 􏽐ni�1 [|Gi|/|G2|] ∗ info(Gi)
IGR (ASi) � [Info(G1) − Info(G2)/Info(G1) + Info(G2)] ∗ 100
If IGR (ASi) ≥ Tres then
FS � FS U ASi;
End If
Step 4: Apply Fuzzy rules.
Step 6: Check features again using fuzzy rules and fnd the important features.
Return selected feature set.
ALGORITHM 1: Intelligent fuzzy rule-based feature selection algorithm.
Table 6: Selected features list from the IDS dataset. IF. . .THEN rules. Tis deep fuzzy classifer performs both
S. No. Feature number Feature name
convolution and max pooling operations, where the con-
volution for two functions f and g is represented for the
1 2 protocol_type
2 4 src_byte
operator t using the integral given in the following equation
3 8 wrong_fragment as follows:
4 14 root_shell ∞ ∞
5 15 su_attempted (f ∗ g)(t) � 􏽚 f(τ)g(t − τ)dτ � 􏽚 f(t − τ)g(τ)dτ.
−∞ −∞
6 19 num_access_shells
7 27 dif_srv_rate (1)
8 29 srv_serror_rate Moreover, we used 9 max pooling layers and 10 con-
9 31 srv_dif_host_rate
volution layers that are integrated with a fuzzy inference
10 32 dst_host_count
11 35 dst_host_dif_srv_count system for performing the classifcation task. All these layers
12 36 dst_host_same_src_port_rate together are operating on the dataset and providing the set of
13 37 dst_host_srv_dif_host_rate features to be used for classifcation.
14 38 dst_host_serror_rate
(x + 1)
f(x) � 􏼢 􏼣. (2)
x
and applies fuzzy rules to fnd an optimal set of features.
As the bias function in the fully connected network
Finally, the optimal set of features is used by the fully
component of the proposed fuzzy CNN. If both are
connected network component of the fuzzy CNN for per-
matching, it proceeds with the classifcation process. In cases
forming the classifcation, whose results are used to identify
of mismatch, it consults with the decision manager to
the intrusions more accurately.
provide feedback on the attributes to be used based on the
sensitiveness of the attributes.
5.2. Fuzzy Inference System. Te fuzzy inference system
consists of fuzzy rules, marching, rule fring, and rule ex- 6. Analysis of Existing IDS Approaches
ecution components. In rule matching [128], frst it performs
fuzzifcation using a triangular membership function for all In this section, the performance analysis of various existing
the attributes, and then, it forms the fuzzy rules. Te decision intrusion detection approaches [129–136] is based on per-
manager takes the input from the fuzzy inference rules and formance metrics like intrusion detection accuracy (IDA),
executes it to take the decision. Te sample set of fuzzy rules false positive intrusion detection rate (FPIDR), real time
is given in Table 7. intrusion detection (RTID), fault tolerance rate (FTR), and
network resource optimization (NRO) scalability. Table 8
gives the performance investigation of diferent intrusion
5.3. Classifcation Algorithm. Te new intelligent deep detection approaches with the given performance metrics.
classifcation algorithm proposed and designed in this work Figure 3 gives the performance of various categories of
is accomplished by using the CNN algorithm with intrusion detection systems with various performance
Table 7: Fuzzy inference rules.

Flow type Label Attack type No. of packets dropped Decision
Low Anomaly DoS High Attacked
Low Anomaly Probe High Attacked
Low Anomaly L2R Medium Attacked
Medium Normal HTTP fooding Medium Attacked
High Anomaly R2L Low Attacked
Medium Normal UDP fooding Medium Attacked
High Anomaly ARP fooding Low Attacked
High Normal DoS-synfooding High Attacked
High Normal Normal Low Not attacked
High Anomaly DoS High Attacked
Low Anomaly L2R Low Attacked
High Normal Normal Medium Not attacked
Low Anomaly Normal Low Not attacked
High Anomaly R2L Low Attacked
Table 8: Performance investigation of diferent intrusion detection approaches.

IDS type Authors IDA FPIDR RTID FTR NRO Scalability
Fu et al. [91] √ × √ √ × √
Ding et al. [92] √ × × × √ ×
Rajasegarar et al. [93] √ × × × × ×
Chen et al. [94] × × √ √ × √
√ √ × × × ×
Ham et al. [95]
IDS based on anomaly detection Wang et al. [96] √ √ × √ × ×
Pongle and Chava [33] × × √ × √ ×
Carventes et al. [97] √ √ × × × √
Tangaramya et al. [23] × × × × √ ×
Grgic et al. [101] √ × √ × √ ×
Sonar &Upadhyay [102] √ √ × × × ×
Hudo et al. [104] √ √ √ × × ×
Amin et al. [105] √ √ × √ × ×
IDS based on signature Sun et al. [108] √ × √ × × ×
Oh et al. [107] × × √ × × √
Misra et al. [110] × × × √ × ×
Murynets and Jover [111] √ × × × √ ×
Xia et al. [112] √ × √ × × ×
La et al. [113] √ × √ × × ×
IDS based on specifca tion Ahmed and Ko [36] √ √ √ × × ×
Surender and Umamakeswari [114] √ √ √ × √ ×
Fu et al. [115] × × √ √ × ×
Gara et al. [30] √ × × × × ×
Liu et al. [117] × × √ √ × ×
Amin et al. [118] × √ × × √ ×
Kasinathan et al. [119] √ √ √ × × ×
Raza et al. [120] × × √ × × ×
IDS based on the hybrid method Matsunaga and Toyoda [121] √ √ √ √ × ×
Shreenivas et al. [123] √ × √ × √ ×
Midi et al. [124] √ √ √ × √ ×
Sedjelmaci and Senouci [125] √ √ √ × √ ×
metrics like intrusion detection rate (IDR), real time in- anomaly detection monitors the data efectively to detect the
trusion detection (RTID), fault tolerance rate (FTR), and irregular behaviour of the nodes and detect anomalies if
network resource optimization (NRO) scalability. there is a deviation from the normal behaviour. Hence, the
As shown in Figure 3, IDS based on anomaly detection IDS based on anomaly detection has better false positive rate.
has a better false positive intrusion detection rate when Te percentage of intrusion detection accuracy and network
compared with other categories IDS in the IoT environment. resource optimization of IDS based on signatures is much
Te reason for this improvement is that IDS based on higher compared with other IDS in the IoT environment.
Intrusion Detection Systems Performance Analysis

100
90
80
Detection Accuracy (%) 70
60
50
40
30
20
10
0
IDA FPIDR RTID FTR NRO Scalability
Evaluation Metrics
IDS based on anomaly detection IDS based on specification
IDS based on signature IDS based on hybrid method

Figure 3: Performance analysis of various intrusion detection systems.
Te reason for this performance is that an IDS based on From the graph in Figure 5, we could prove that the
signature efciently monitors the incoming data to detect proposed intelligent fuzzy CNN classifer presents a lower
any anomalies. Te detected anomalies are compared with communication delay because it has better attack detection
the predefned signature attacks which are generated by the accuracy and efciently identifes the malevolent nodes.
network administrator. If the detected anomalies match a Hence, it has better performance in communication delay.
predefned attack signature, the type of attack is detected. Figure 6 provides a comparative analysis of energy con-
Moreover, the IDS based on signatures has better optimi- sumption in the network with other existing systems.
zation of network resources. IDS based on the specifcation Figure 6 shows the proposed IDS consumes less energy in
has higher real time intrusion detection system since most of comparison with existing works such as the systems proposed
the IDS are designed based on generic frame work which by Ding et al. [92], Chen [94], and Wang [96] because the
detects the intrusion efciently. An ID based on a hybrid proposed system uses only a selected and optimal number of
detection method has better scalability and is fault-tolerant features and makes the classifer converge fast. Hence, the
by nature. suggested system has optimal energy consumption than the
other existing systems.
6.1. Simulation Results of the Proposed Work. Te proposed From the graph shown in Figure 7, we can understand
system is executed in the NS3 simulator. Te suggested that the proposed intelligent classifer has better network
system is compared with other prevailing systems using life-time analysis because it has better attack detection ac-
the performance parameters, namely, packet delivery curacy and efciently identifes the anomaly. In the proposed
ratio, delay, average energy consumption, network life work, the energy spent on communicating the packets sent
time, DoS attack, probe attack, L2R attack, R2L attack, and by malicious nodes is eliminated, and hence, it increased the
fnally security analysis. Figure 4 provides the comparative network lifetime as well. Figure 8 provides analysis in DoS
analysis based on packet delivery ratio (PDR) between the detection accuracy of the proposed system with other
proposed IDS and the other three existing systems on the existing approaches. From Figure 8, the proposed fuzzy
IDS. CNN can detect DoS attacks more efciently due to the use
From Figure 4, it is clear that the proposed IDS has a better of fuzzy rules.
PDR when equated with other related IDS works by Ding et al. Figure 9 provides an analysis of probe attack detection in
[92], Chen et al. [94], and Wang et al. [96]. Tis improvement the network. Te proposed fuzzy CNN detects the probe
is possible because the proposed system uses the feedback attacks more accurately with deductive inference.
from the results of the intelligent feature selection algorithm to Figure 10 provides the analysis of R2L attack for the
select the dominant features based on information gain. Fi- proposed IDS with other existing systems.
nally, it uses fuzzy-based CNN classifer to identify intrusions. From Figure 10, the proposed fuzzy CNN has more than
Hence, the proposed system has a better PDR. 5% detection accuracy in comparison to existing systems.
Packet Delivery Ratio analysis

95
PAcket delivery ratio (%)

90
85
80
75
70
E1 E2 E3 E4 E5
Experiments
Y.Ding [94] J wang [23]

P.y chen [96] Proposed
Figure 4: Packet delivery analysis.
Delay Analysis
16
14
12
10
Delay (m/s)
0
500 1000 1500 2000 2500
No of packets

Figure 5: Delay analysis.
Te use of a new bias function along with more classes of environment since they detect identifable and un-
fuzzy rules enabled the proposed fuzzy CNN classifer to identifable attacks
detect R2L attacks more reliably than the related classifer. (2) In real-time IoT security environment, AI and ML-
Figure 11 provides the analysis of the overall security based techniques with an anomaly intrusion detec-
provided after applying the IDSs in the network based on tion model can be deployed
comparisons.
(3) A secured routing algorithm must be developed by
From Figure 11, the overall security provided by the
including the IDS component in the nodes to pro-
proposed IDS higher than the security provided by the
vide highly secured communication
related IDSs tested in the IoT. Te security is increased since
the proposed system identifed the intruders more accurately (4) Feature selection and feature optimization tasks
and prevented the malicious nodes in the network com- must be carried out to develop IDSs with a higher
munication of IoT. detection rate
Based on the survey made in this work, the following (5) Rule optimization must be performed to reduce the
recommendations are provided: detection time
(1) Te hybrid intrusion detection systems are better To verify the usefulness of these suggestions, they were
candidates for providing security to the IoT implanted into the new IDS developed in this work and
Energy consumption analysis

25
20
Energy consumption (J) 15
10
0
1 2 3 4 5
No of rounds

Figure 6: Energy consumption analysis.
Network Life time analysis

100
95
Network lifetime (%)
90
85
80
E1 E2 E3 E4 E5
Experiments

Figure 7: Analysis of network lifetime.
DoS attack detection analysis

100
98
96
Detection Accuracy (%)
94
92
90
88
86
84
E1 E2 E3 E4 E5
Experiments

Figure 8: Analysis of DoS attack detection.
Probe attack detection analysis

100
Detection Accuracy (%)

98
96
94
92
90
88
E1 E2 E3 E4 E5
Experiments

Figure 9: Analysis of probe attack detection.
R2L attack detection analysis

40
35
R2L attack detection (%)
30
25
20
15
10
0
E1 E2 E3 E4 E5
Experiments

Figure 10: Analysis of R2L attack detection.
Security analysis
100
95
Overall Security (%)
90
85
80
75
E1 E2 E3 E4 E5
Experiments

Figure 11: Security analysis of the proposed system.
tested. Based on the experimental verifcation, this survey [2] P. L. R. Chze and K. S. Leong, A Secure Multi-Hop Routing for
provided the guidelines for the development of intelligent IoT Communication, pp. 428–432, IEEE World Forum on
IDS for IoT. Internet of Tings (WF-IoT), Seoul, 2014.
[3] N. N. Srinidhi, S. Dilip Kumar, and K. R. Venugopal,
“Network optimizations in the internet of things: a review,”
7. Conclusion and Future Challenges Engineering Science and Technology, an International Jour-
nal, vol. 22, no. 1, pp. 1–21, 2019.
In this paper, we provide a detailed analysis of IDS developed in
[4] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and
the IoT environment that are presented by various researchers. E. K. Markakis, “A survey on the internet of things (IoT)
In addition, we proposed a new intelligent IDS using fuzzy forensics: challenges, approaches, and open issues,” IEEE
CNN to overcome the limitations of the IDSs present in the Communications Surveys & Tutorials, vol. 22, no. 2,
literature. Te IDS in IoTpresented in this paper was subdivided pp. 1191–1221, 2020.
into four categories, namely, IDS based on anomaly detection, [5] I. Butun, P. Österberg, and H. Song, “Security of the internet
signature, specifcations, and hybrid method for performing the of things: vulnerabilities, attacks, and countermeasures,”
comparative analysis. Under each category, an in-depth analysis IEEE Communications Surveys & Tutorials, vol. 22, no. 1,
of various existing IDS protocols is carried out. Moreover, the pp. 616–644, 2020.
performance analysis of each category of IDS are carried out [6] S. R. Zahra and M. Ahsan Chishti, “RansomWare and in-
based on various performance metrics like network resource ternet of things: a new security nightmare,” in Proceedings of
optimization, false positive intrusion detection rate, and scal- the 2019 9th International Conference on Cloud Computing,
pp. 551–555, Noida, India, November 2019.
ability. Finally, the intelligent IDS which is developed in this
[7] I. Makhdoom, M. Abolhasan, J. Lipman, R. P. Liu, and
work utilizes information gain ratio for selecting prominent W. Ni, “Anatomy of threats to the internet of things,” IEEE
features. For intrusion classifcation, the intelligent fuzzy-based Communications Surveys & Tutorials, vol. 21, no. 2,
CNN classifer is employed to accurately classify the intrusion pp. 1636–1675, Second Quarter 2019.
based on QoS parameters. Te proposed intelligent classifer is [8] L. Liang, K. Zheng, Q. Sheng, and X. Huang, “A denial of
simulated using the NS3 simulator, and it is compared with the service attack method for an IoT system,” in Proceedings of
performance metrics, namely, packet delivery ratio, delay, av- the 2016 8th International Conference on Information
erage energy consumption, network life time, DoS attack, probe Technology in Medicine and Education (ITME), pp. 360–364,
attack, L2R attack, R2L attack, and fnally security analysis. Te Fuzhou, June 2016.
proposed system is enhanced by security by more than 10%, the [9] C. Gray, R. Ayre, K. Hinton, and R. S. Tucker, “Power
network life time by more than 5% and the detection accuracy Consumption of IoT Access Network Technologies,” in
by 4% than the existing works. Te future plan of the suggested Proceedings of the 2015 IEEE International Conference on
Communication Workshop (ICCW), pp. 2818–2823, London,
system is to apply the proposed intelligent IDS to an IoT-based
June 2015.
network with dynamic network topology. [10] J. Granjal, E. Monteiro, and J. Sa Silva, “Security for the
internet of things: a survey of existing protocols and open
Data Availability research issues,” IEEE Communications Surveys & Tutorials,
vol. 17, no. 3, pp. 1294–1312, 2015.
Te data used to support the fndings of this study are [11] J. M. Carracedo, M. Milliken, P. Kaur Chouhan et al.,
available from the corresponding author upon request. “Cryptography for security in IoT,” in Proceedings of the 5th
International Conference on Internet of Tings: Systems,
Conflicts of Interest pp. 23–30, Berlin, April 2018.
[12] A. Karati, C. I. Fan, and R. H. Hsu, “Provably secure and
Te authors declare that they have no conficts of interest. generalized signcryption with public verifability for secure
data transmission between resource-constrained IoT de-
vices,” IEEE Internet of Tings Journal, vol. 6, no. 6,
Authors’ Contributions pp. 10431–10440, Dec, 2019.
Dr. A Kannan, senior professor, Vellore Institute of Tech- [13] D. Fang, Y. Qian, and R. Q. Hu, “A fexible and efcient
authentication and secure data transmission scheme for IoT
nology, has provided the expert advice and carried out the
applications,” IEEE Internet of Tings Journal, vol. 7, no. 4,
revision of the manuscript. pp. 3474–3484, April 2020.
[14] N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, and
Acknowledgments P. Faruki, “Network intrusion detection for IoT security
based on learning techniques,” IEEE Communications Sur-
We thank the Vellore Institute of Technology, Vellore, India veys & Tutorials, vol. 21, no. 3, pp. 2671–2701, 2019.
for providing the funding to this manuscript. [15] I. Kang, M. K. Jeong, and D. Kong, “A diferentiated one-
class classifcation method with applications to intrusion
References detectiofcation method with applications to intrusion de-
tection,” Expert Systems with Applications, vol. 39, no. 4,
[1] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, pp. 3899–3905, 2012.
and M. Ayyash, “Internet of things: a survey on enabling [16] M. Eskandari, Z. H. Janjua, M. Vecchio, F. Antonelli, and
technologies, protocols, and applications,” IEEE Commu- I. D. S. Passban, “Passban IDS: an intelligent anomaly-based
nications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, intrusion detection system for IoT edge devices,” IEEE In-
2015. ternet of Tings Journal, vol. 7, no. 8, pp. 6882–6897, 2020.
[17] E. Anthi, L. Williams, M. Słowińska, G. Teodorakopoulos, [31] B. Yu and B. Xiao, “Detecting selective forwarding attacks in
and P. Burnap, “A supervised intrusion detection system for wireless sensor networks,” in Proceedings of the 20th Inter-
smart home IoT devices,” IEEE Internet of Tings Journal, national Parallel and Distributed Processing Symposium, p. 8,
vol. 6, no. 5, pp. 9042–9053, 2019. Cluj-Napoca, Romania, April 2006.
[18] R. Samrin and D. Vasumathi, “Review on anomaly based [32] A. Mathur and M. Newe, “Defence against black hole and
network intrusion detection system,” in Proceedings of the selective forwarding attacks for medical WSNs” in the IoT,”
2017 International Conference on Electrical, Electronics, Sensors, vol. 16, no. 1, p. 118, 2016.
Communication, Computer, and Optimization Techniques [33] P. Pongle and G. Chavan, “Real time intrusion and
(ICEECCOT), pp. 141–147, Mysuru, May 2017. wormhole attack detection in internet of things,” Interna-
[19] A. Le, J. Loo, and M. Chai, “A specifcation-based IDS for tional Journal of Computer Application, vol. 121, no. 9,
detecting attacks on RPL-based network topology,” Infor- pp. 1–9, 2015.
mation, vol. 7, no. 2, p. 25, 2016. [34] G. Soni and R. Sudhakar, “A L-IDS against dropping attack
[20] R. Sekar, A. Gupta, J. Frullo et al., “Specifcation-based to secure and improve RPL performance in WSN aided IoT,”
anomaly detection: a new approach for detecting network in Proceedings of the 2020 7th International Conference on
intrusions,” in Proceedings of the 9th ACM Conference on Signal Processing and Integrated Networks (SPIN), pp. 377–
Computer and Communications Security, pp. 265–274, 383, Noida, India, September 2020.
Zhengzhou China, March 2002. [35] W. Meng, W. Li, and L.-F. Kwok, “Efm: enhancing the
[21] X. Tong, Z. Wang, and H. Yu, “A research using hybrid RBF/ performance of signature-based network intrusion detection
Elman neural networks for intrusion detection system secure systems using enhanced flter mechanism,” Computers &
model,” Computer Physics Communications, vol. 180, no. 10, Security, vol. 43, pp. 189–204, 2014.
pp. 1795–1801, 2009. [36] F. Ahmed and Y.-B. Ko, “Mitigation of black hole attacks in
[22] U. Sheikh, H. Rahman, H. S. Al-Qahtani, T. Kumar Hazra, routing protocol for low power and lossy networks,” Security
and N. U. Sheikh, “Countermeasure of Attack Vectors Using and Communication Networks, vol. 9, no. 18, pp. 5143–5154,
Signature-Based IDS in IoT Environments,” in Proceedings of 2016.
the 2019 IEEE 10th Annual Information Technology, Elec- [37] Y. Liu, M. Ma, X. Liu, N. N. Xiong, A. Liu, and Y. Zhu,
tronics and Mobile Communication Conference (IEMCON), “Design and analysis of probing route to defense sink-hole
pp. 1130–1136, Zhengzhou China, November 2019. attacks for internet of things security,” IEEE Transactions on
[23] K. Tangaramya, K. Kulothungan, R. Logambigai, M. Selvi,
Network Science and Engineering, vol. 7, no. 1, pp. 356–372,
S. Ganapathy, and A. Kannan, “Energy aware cluster and
2020.
neuro-fuzzy based routing algorithm for wireless sensor
[38] K. Mabodi, M. Yusef, S. Zandiyan, K. Mabodi, L. Irankhah,
networks in IoT,” Computer Networks, vol. 151, pp. 211–223,
and R. Fotohi, “Multi-level trust-based intelligence schema
2019.
for securing of internet of things (IoT) against security
[24] S. V. N. Santhosh Kumar, Y. Palanichamy, M. Selvi,
threats using cryptographic authentication,” Te Journal of
S. Ganapathy, and A. Kannan, “Energy efcient secured K
Supercomputing, vol. 2, pp. 1–26, 2020.
means based unequal fuzzy clustering algorithm for efcient
[39] S. Kumar, T. Vealey, and H. Srivastava, “Security in internet
reprogramming in wireless sensor networks,” Wireless
of things: challenges, solutions and future directions,” in
Networks, Springer, Berlin, Germany, pp. 1–22, 2021.
[25] L. Jingna, “An analysis on DoS attack and defense tech- Proceedings of the 2016 49th Hawaii International Conference
nology,” in Proceedings of the 2012 7th International Con- on System Sciences (HICSS), pp. 5772–5781, Koloa, De-
ference on Computer Science & Education (ICCSE), cember 2016.
pp. 1102–1105, Zhengzhou China, January 2012. [40] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks
[26] C. Zhang and R. Green, “Communication security in internet against state estimation in electric power grids,” ACM
of thing: preventive measure and avoid DDoS attack over IoT Transactions on Information and System Security, vol. 14,
network,” in Proceedings of the 18th Symposium on Com- no. 1, pp. 1–33, 2011.
munications & Networking, pp. 8–15, Berlin, Germany, June [41] M. H. Ali, B. A. D. Al Mohammed, A. Ismail, and
2015. M. F. Zolkipli, “A new intrusion detection system based on
[27] T. Kalidoss, L. Rajasekaran, K. Kanagasabai, G. Sannasi, and fast learning network and particle swarm optimization,”
A. Kannan, “QoS aware trust based routing algorithm for IEEE Access, vol. 6, pp. 20255–20261, 2018.
wireless sensor networks,” Wireless Personal Communica- [42] S. Ganapathy, P. Vijayakumar, Y. Palanichamy, and
tions, vol. 110, no. 4, pp. 1637–1658, 2020. A. Kannan, “An intelligent CRF based feature selection for
[28] J. Newsome, E. Shi, D. Song, and A. Perrig, “Te Sybil attack efective intrusion detection,” Te International Arab Journal
in sensor networks: analysis &defenses,” in Proceedings of the of Information Technology, vol. 13, no. 1, pp. 44–50, 2016.
3rd International Symposium on Information Processing in [43] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A
Sensor Networks, pp. 259–268, Montreal, QC, Canada, April detailed analysis of the KDD CUP 99 data set,” in Proceedings
2004. of the IEEE Symposium on Computational Intelligence in
[29] M. A. Jan, P. Nanda, X. He, and R. P. Liu, “A Sybil attack Security and Defense Applications, pp. 1–6, Ottawa, July 2009.
detection scheme for a centralized clustering-based hierar- [44] A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani,
chical network,” Proceedings of the Trust- com/BigDataSE/ “Toward developing a systematic approach to generate
ISPA, vol. 1, pp. 318–325, 2015. benchmark datasets for intrusion detection,” Computers &
[30] F. Gara, L. B. Saad, and R. B. Ayed, “An intrusion detection Security, vol. 31, no. 3, pp. 357–374, 2012.
system for selective forwarding attack in IPv6-based mobile [45] A. Jamalipour and S. Murali, “A taxonomy of machine
WSNs,” in Proceedings of the 2017 13th International Wireless learning based intrusion detection systems for the internet of
Communications and Mobile Computing Conference things: a survey,” IEEE Internet of Tings Journal, vol. 9,
(IWCMC), pp. 276–281, Valencia, Spain, June 2017. no. 12, pp. 9444–9466, 2022.
[46] R. Rajendran, S. V. N. Santhosh Kumar, Y. Palanichamy, and [60] S. Bose and A. Kannan, “Detecting denial of service attacks
K. Arputharaj, “Detection of DoS attacks in cloud networks using cross layer based intrusion detection system in wireless
using intelligent rule based classifcation system,” Cluster ad hoc networks,” in Proceedings of the International Con-
Computing, vol. 22, no. 1, pp. 423–434, 2019. ference on Signal Processing, Communications and Net-
[47] W. Haider, J. Hu, J. Slay, B. Turnbull, and Y. Xie, “Generating working, ICSCN’08, IEEE, pp. 182–188, Chennai, India,
realistic intrusion detection system dataset based on fuzzy March 2008.
qualitative modeling,” Journal of Network and Computer [61] S. Viswanathan, R. S. Bhuvaneswaran, S. Ganapathy, and
Applications, vol. 87, pp. 185–192, 2017. A. Kannan, “Euler phi function and gamma function based
[48] I. Sharafaldin and A. A. Ghorbani, “Toward generating a new elliptic curve encryption for secured group communication,”
intrusion detection dataset and intrusion trafc character- Wireless Personal Communications, vol. 125, no. 1, pp. 421–
ization,” in Proceedings of the 4th International Conference on 451, 2022.
Information Systems Security and Privacy (ICISSP), [62] G. Logeswari, S. Bose, and T. Anitha, “An intrusion detection
pp. 108–116, Portugal, January 2018. system for SDN using machine learning,” Intelligent Auto-
[49] W. Lee, S. J. Stolfo, P. K. Chan et al., “Real time data mining- mation & Soft Computing, vol. 35, no. 1, pp. 867–880, 2023.
based intrusion detection,” Proceedings of Information [63] S. Latif, M. Driss, W. Boulila et al., “Deep learning for the
Survivability Conference and Exposition II, vol. 1, pp. 89–100, Industrial Internet of Tings (IIoT): a comprehensive survey
2001. of techniques, implementation frameworks, potential ap-
[50] J. Song, H. Takakura, Y. Okabe, M. Eto, D. Inoue, and plications, and future directions,” Sensors, vol. 21, no. 22,
K. Nakao, “Statistical analysis of honeypot data and building p. 7518, 2021.
of Kyoto 2006+ dataset for NIDS evaluation,” in Proceedings [64] M. Y. Aldarwbi, A. H. Lashkari, and A. A. Ghorbani, “Te
of the First Workshop on Building Analysis Datasets and sound of intrusion: a novel network intrusion detection
Gathering Experience Returns for Security, pp. 29–36, system,” Computers & Electrical Engineering, vol. 104, Article
Raleigh, North Carolina, July 2011. ID 108455, 2022.
[51] S. S. Sivatha Sindhu, S. Geetha, and A. Kannan, “Decision [65] W. Qiu, Y. Ma, X. Chen, H. Yu, and L. Chen, “Hybrid in-
tree based light weight intrusion detection using a wrapper trusion detection system based on Dempster-Shafer evidence
approach,” Expert Systems With Applications, vol. 39, 2012. theory,” Computers & Security, vol. 117, Article ID 102709,
[52] B. Senthilnayaki, K. Venkatalakshmi, and A. Kannan, “In- 2022.
[66] T. Sherasiya, H. Upadhyay, and H. Patel, “A survey: intrusion
trusion detection system using fuzzy rough set feature se-
detection system for internet of things,” International
lection and modifed KNN classifer,” Te International Arab
Journal on Computer Science and Engineering, vol. 5, no. 2,
Journal of Information Technology, vol. 16, no. 4, pp. 746–
pp. 91–98, 2016.
753, 2019.
[67] B. B. Zarpelão, R. S. Miani, C. T. Kawakani, and
[53] P. Puneeth, T. Bhanuteja, M. Selvi, S. V. N. Santhoshkumar,
S. C. de Alvarenga, “A survey of intrusion detection in In-
and A. Kannan, “Privacy-enhanced access control for pro-
ternet of Tings,” Journal of Network and Computer Ap-
viding efcient security in cloud environment,” Advances in
plications, vol. 84, pp. 25–37, 2017.
Intelligent Systems and Computing Proceedings of Tird In-
[68] S. Anwar, J. Mohamad Zain, M. F. Zolkipli et al., “From
ternational Conference on Intelligent Computing, Information intrusion detection to an intrusion response system: fun-
and Control Systems, vol. 1415, pp. 815–825, 2022. damentals, requirements, and future directions,” Algorithms,
[54] S. Vijayalakshmi, S. Bose, G. Logeswari, and T. Anitha, vol. 10, no. 2, pp. 39–24, 2017.
“Hybrid defense mechanism against malicious packet [69] D. E. Kouicem, A. Bouabdallah, and H. Lakhlef, “Internet of
dropping attack for MANET using game Teory,” Cyber things security: a top–down survey,” Computer Networks,
security and applications, vol. 1, Article ID 100011, 2022. vol. 141, pp. 199–221, 2018.
[55] S. Veeraraghavan, S. Bose, K. Anand, and A. Kannan, “An [70] Y. Zhang, N. Meratnia, and P. J. Havinga, “Outlier detection
intelligent agent based approach for intrusion detection and techniques for wireless sensor networks: a survey,” IEEE
prevention in adhoc networks,” International Conference on Communications Surveys & Tutorials, vol. 12, no. 2,
Signal Processing, Communications and Networking ICSCN, pp. 159–170, 2010.
vol. 07, pp. 534–536, 2007. [71] S. Owais, V. Snasel, P. Kromer, and A. Abraham, “Survey:
[56] M. Selvi, R. Logambigai, S. Ganapathy, L. Sai Ramesh, using genetic algorithm approach in intrusion detection
H. K. Nehemiah, and A. Kannan, “Fuzzy temporal approach systems techniques,” in Proceedings of the 2008 7th Computer
for energy efcient routing in WSN,” Proceedings of Inter- Information Systems and Industrial Management Appli-
national Conference on Informatics and Analytics, vol. 117, Cations, pp. 300–307, Ostrava, Czech Republic, June 2008.
no. 5, pp. 1–117, 2016. [72] P. Ramasubramanian and A. Kannan, “A genetic-algorithm
[57] R. Fotohi, M. Abdan, and S. Ghasemi, “A self-adaptive in- based neural network short-term forecasting framework for
trusion detection system for securing UAV-to-UAV com- database intrusion prediction system,” Soft Computing,
munications based on the human immune system in UAV vol. 10, no. 8, pp. 699–714, 2006.
networks,” Journal of Grid Computing, vol. 20, no. 3, [73] P. Wang, L. Shi, B. Wang, Y. Wu, and Y. Liu, “Survey on
pp. 22–26, 2022. HMM based anomaly intrusion detection using system
[58] A. Heidari and M. A. Jabraeil Jamali, “Internet of Tings calls,” in Proceedings of the 2010 5th International Conference
Intrusion Detection Systems: A Comprehensive Review and on Computer Science & Education, pp. 102–105, Ostrava,
Future Directions,” Cluster Computing, vol. 7, pp. 1–28, 2019. Czech Republic, June 2010.
[59] M. Mahdavisharif, S. Jamali, and R. Fotohi, “Big data-aware [74] R. G. M. Helali, “Data mining based network intrusion
intrusion detection system in communication networks: a detection system: a survey,” in Proceedings of the Novel
deep learning approach,” Journal of Grid Computing, vol. 19, Algorithms and Techniques in Telecommunications and
pp. 46–28, 2021. Networking, pp. 501–505, Newyork, NY, USA, March 2010.
[75] C. Kolias, G. Kambourakis, and M. Maragoudakis, “Swarm [90] G. Perdisci, G. G. Roberto, and W. Lee, “Using an Ensemble
intelligence in intrusion detection: a survey,” Computers & of One-Class SVM Classifers to Harden Payload-Based
Security, vol. 30, no. 8, pp. 625–642, 2011. Anomaly Detection Systems,” in Proceedings of the 6th In-
[76] N. Jaisankar, S. `pathy, Y. Palanichamy, A. Kannan, and ternational Conference on Data Mining (ICDM’06),
K. Anand, “An intelligent agent based intrusion detection pp. 488–498, Newyork, NY, USA, March 2006.
system using fuzzy rough set based outlier detection,” Soft [91] R. Fu, K. Zheng, D. Zhang, and Y. Yang, “An intrusion
Computing Techniques in Vision Science, vol. 395, pp. 147– detection scheme based on anomaly mining in Internet of
153, 2012. Tings,” in Proceedings of the 4th IET International Con-
[77] K. Selvakumar, L. Sairamesh, and A. Kannan, “Wise inference on Wireless, Mobile and Multimedia Networks
trusion detection system using fuzzy rough set-based feature (ICWMMN 2011), pp. 315–320, Kyoto, Japan, June 2011.
extraction and classifcation algorithms,” International [92] Y. Ding, X. W. Zhou, Z. M. Cheng, and F. H. Lin, “A security
Journal of Operational Research, vol. 35, no. 1, pp. 87–107, diferential game model for sensor networks in context of the
2019. internet of things,” Wireless Personal Communications,
[78] A. A. Gendreau and M. Moorman, “Survey of intrusion vol. 72, no. 1, pp. 375–388, 2013.
detection systems towards an end to end secure internet of [93] S. Rajasegarar, A. Gluhak, M. Ali Imran et al., “Ellipsoidal
things,” in Proceedings of the 2016 IEEE 4th International neighbourhood outlier factor for distributed anomaly de-
Conference on Future Internet of Tings and Cloud (FiCloud), tection in resource constrained networks,” Pattern Recog-
pp. 84–90, Vienna, Austria, April 2016. nition, vol. 47, no. 9, pp. 2867–2879, 2014.
[79] K. Tangaramya, K. Kulothungan, S. Indira Gandhi, M. Selvi, [94] P. Y. Chen, S. M. Cheng, and K. C. Chen, “Information
S. Kumar, and A. Kannan, “Intelligent fuzzy rule-based fusion to defend intentional attack in internet of things,”
approach with outlier detection for secured routing in IEEE Internet of Tings Journal, vol. 1, no. 4, pp. 337–348,
WSN,” Soft Computing, vol. 24, pp. 16483–16497, 2020. 2014.
[80] M. Ammar, G. Russello, and B. Crispo, “Internet of things: a [95] H. S. Ham, H. H. Kim, M. S. Kim, and M. J. Choi, “Linear
survey on the security of IoT frameworks,” Journal of In- SVM-based android malware detection for reliable IoT
formation Security and Applications, vol. 38, pp. 8–27, 2018. services,” Journal of Applied Mathematics, vol. 2014, Article
[81] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A survey on ID 594501, 10 pages, 2014.
security and privacy issues in internet-of-things,” IEEE In- [96] J. Wang, Q. Kuang, and S. Duan, “A new online anomaly
ternet of Tings Journal, vol. 4, no. 5, pp. 1250–1258, 2017. learning and detection for large-scale service of Internet of
[82] W. Yassin, Z. Muda, W. Yassin, M. N. Sulaiman, and Ting,” Personal and Ubiquitous Computing, vol. 19, no. 7,
N. I. Udzir, “Intrusion detection based on K-Means clus- pp. 1021–1031, 2015.
tering and Naı̈ve Bayes classifcation,” in Proceedings of the [97] C. Cervantes, D. Poplade, M. Nogueira, and A. Santos,
2011 7th International Conference on Information Technology “Detection of sinkhole attacks for supporting secure routing
in Asia, pp. 1–6, Vienna, Austria, June 2011. on 6lowpan for internet of things,” in Proceedings of the 2015
[83] O. Y. Al-Jarrah, O. Alhussein, P. D. Yoo et al., “Data ran- IFIP/IEEE International Symposium on Integrated Network
domization and cluster-based partitioning for botnet in- Management (IM), pp. 606–611, IEEE, Ottawa, ON, Canada,
trusion detection,” IEEE Transactions on Cybernetics, vol. 46, May 2015.
no. 8, pp. 1796–1806, Aug, 2016. [98] M. Selvi, K. Tangaramya, S. Ganapathy, K. Kulothungan,
[84] D. E. Denning, “An Intrusion Detection Model,” IEEE H. Khannah Nehemiah, and A. Kannan, “An energy aware
Transaction on Software Engineering, vol. 13, pp. 222–232, trust based secure routing algorithm for efective commu-
1987. nication in wireless sensor networks,” Wireless Personal
[85] Z. A. Khan and P. Herrmann, “A trust based distributed Communications, vol. 105, no. 4, pp. 1475–1490, 2019.
intrusion detection mechanism for internet of things,” in [99] D. H. Summerville, K. M. Zach, and Y. Chen, “Ultra-
Proceedings of the 2017 IEEE 31st International Conference on lightweight deep packet anomaly detection for Internet of
Advanced Information Networking and Applications (AINA), Tings devices,” in Proceedings of the 2015 IEEE 34th In-
pp. 1169–1176, Taipei, June 2017. ternational Performance Computing and Communications
[86] A. A. Gendreau and M. Moorman, “Survey of Intrusion Conference (IPCCC), pp. 1–8, Nanjing, China, June 2015.
Detection Systems towards an End to End Secure Internet of [100] V. Eliseev and A. Gurina, “Algorithms for network server
Tings,” in Proceedings of the 2016 IEEE 4th International anomaly behaviour detection without trafc content in-
Conference on Future Internet of Tings and Cloud (FiCloud), spection,” in Proceedings of the 9th Inter- National Confer-
pp. 84–90, Vienna, March 2016. ence on Security of Information and Networks, pp. 67–71,
[87] H. E. Hendaoui and H. Youssef, “FID: fuzzy based intrusion ACM, Newyork NY USA, Feburary 2016.
detection for distributed smart devices,” in Proceedings of the [101] K. Grgic, D. Zagar, and V. KrizanovicCik, “System for
2017 IEEE/ACS 14th International Conference on Computer malicious node detection in IPv6-based wireless sensor
Systems and Applications (AICCSA), pp. 1330–1337, Ham- networks,” Journal of Sensors, vol. 2016, Article ID 6206353,
mamet, January 2017. 20 pages, 2016.
[88] S. Hajiheidari, K. Wakil, M. Badri, and N. J. Navimipour, [102] K. Sonar and H. Upadhyay, “An approach to secure internet
“Intrusion detection systems in the Internet of things: a of things against DDoS,” in Proceedings of the International
comprehensive investigation,” Computer Networks, vol. 160, Conference on ICT for Sustainable Development, pp. 367–376,
no. No.4, pp. 165–191, 2019. 2016.
[89] O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, “An [103] S. Ganapathy, P. Yogesh, and A. Kannan, “Intelligent agent
intelligent intrusion detection system (IDS) for anomaly and based intrusion detection system using enhanced multiclass
misuse detection in computer networks,” Expert Systems SVM,” Computational Intelligence and Neuroscience,
with Applications, vol. 29, no. 4, pp. 713–722, 2005. vol. 2012, Article ID 850259, 10 pages, 2012.
[104] E. Hodo, X. Bellekens, A. Hamilton et al., “Treat analysis of [117] L. Liu, B. Xu, X. Zhang, and X. Wu, “An intrusion detection
IoT networks using artifcial neural network intrusion de- method for internet of things based on suppressed fuzzy
tection system,” in Proceedings of the 2016 International clustering,” EURASIP Journal on Wireless Communications
Symposium on Networks, Computers and Communications and Networking, vol. 2018, no. 1, Article ID 113, 2018.
(ISNCC), pp. 1–6, NewYork, NY, USA, June 2016. [118] S. O. Amin, Y. jig Yoon, M. S. Siddiqui, and C. S. Hong, “A
[105] S. O. Amin, M. S. Siddiqui, C. S. Hong, and J. Choe, “A novel novel intrusion detection framework for IP-based sensor
coding scheme to implement signature based IDS in IP based networks,” in Proceedings of the International Conference on
sensor networks,” in Proceedings of the IFIP/IEEE Interna- Information Networking, 20 09, pp. 1–3, Newyork, NY, USA,
tional Symposium on Integrated Network Manage- April 2009.
ment–Workshops, pp. 269–274, New York, NY, USA, June [119] P. Kasinathan, C. Pastrone, M. A. Spirito, and M. Vinkovits,
2009. “Denial-of-service detection in 6LoWPAN based internet
[106] A. S. Eesa, Z. Orman, and A. M. A. Brifcani, “A novel feature- of things,” in Proceedings of the 2013 IEEE 9th International
selection approach based on the cuttlefsh optimization al- Conference on Wireless and Mobile Computing, Networking
gorithm for intrusion detection systemsfsh coptimization and Communications (WiMob), pp. 600–607, Berlin, Ger-
algorithm for intrusion detection systems,” Expert Systems many, June 2013.
with Applications, vol. 42, no. 5, pp. 2670–2679, 2015. [120] S. Raza, L. Wallgren, and T. Voigt, “SVELTE: real-time
[107] D. Oh, D. Kim, and W. W. Ro, “A malicious pattern de- intrusion detection in the internet of things,” Ad Hoc
tection engine for embedded security systems in the Internet Networks, vol. 11, no. 8, pp. 2661–2674, 2013.
of Tings,” Sensors, vol. 14, no. 12, pp. 24188–24211, 2014. [121] T. Matsunaga and I. Toyoda, “Low false alarm attackers
[108] H. Sun, R. Wang and J. S. Buyya, CloudEyes: cloud-based detection in RPL by considering timing inconstancy between
malware detection with reversible sketch for resource-con- the rank measurements,” IEICE Communications Express,
strained internet of things (IoT) devices,” Software: Practice vol. 4, no. 2, pp. 44–49, 2015.
and Experience, vol. 47, no. 3, pp. 421–441, 2016. [122] H. Sedjelmaci, S. M. Senouci, and M. Al-Bahri, “A light-
[109] A. R. Rajeswari, K. Kulothungan, S. Ganapathy, and weight anomaly detection technique for low-resource IoT
A. Kannan, “A trusted fuzzy based stable and secure routing devices: a game-theoretic methodology,” in Proceedings of
algorithm for efective communication in mobile adhoc the 2016 IEEE International Conference on Communications
networks,” Peer-to-Peer Networking and Applications, vol. 12, (ICC), pp. 1–6, IEEE, Dublin, Ireland, June 2016.
[123] D. Shreenivas, S. Raza, and T. Voigt, “Intrusion detection in
no. 5, pp. 1076–1096, 2019.
the RPL-connected 6LoWPAN networks,” in Proceedings of
[110] S. Misra, P. V. Krishna, H. Agarwal, A. Saxena, and
the 3rd ACM International Workshop on IoT Privacy,
M. S. Obaidat, “A learning automata based solution for
pp. 31–38, Seoul, Korea, May 2017.
preventing distributed denial of service in Internet of things,”
[124] D. Midi, A. Rullo, A. Mudgerikar, and E. Bertino, “Kalis - a
in Proceedings of the 2011 International Conference on In-
system for knowledge–driven adaptable intrusion detection
ternet of Tings and 4th International Conference on Cyber,
for the internet of things,” in Proceedings of the 2017 IEEE
pp. 114–122, Washington, DC, USA, June 2011.
37th International Conference on Distributed Comput- Ing
[111] I. Murynets and R. P. Jover, “Anomaly detection in cellular
Systems (ICDCS), pp. 656–666, Atlanta, GA, USA, April
machine-to-machine communications,” in Proceedings of the
2017.
2013 IEEE International Conference on Communications [125] H. Sedjelmaci and T. Senouci, “An accurate security game for
(ICC), pp. 2138–2143, IEEE, June 2013. low-resource IoT devices,” IEEE Transactions on Vehicular
[112] Y. Xia, H. Lin, and L. Xu, “An AGV mechanism based secure Technology, vol. 66, no. 10, pp. 9381–9393, 2017.
routing protocol for internet of things,” in Proceedings of the [126] S. W. Lin, K. C. Ying, C. Y. Lee, and Z. J. Lee, “An intelligent
2015 IEEE International Conference on Computer and In- algorithm with feature selection and decision rules applied to
formation Technology; Ubiquitous Computing and Commu- anomaly intrusion detection,” Applied Soft Computing,
nications; Dependable, Autonomic and Secure Computing, vol. 12, no. 10, pp. 3285–3290, 2012.
pp. 662–666, Newyork, NY, USA, June 2015. [127] K. Anand, S. Ganapathy, K. Kulothungan, P. Yogesh, and
[113] Q. D. La, T. Q. S. Quek, S. Lee, and H. Jin, “Deceptive attack A. Kannan, “A rule based approach for attribute selection
and defense game in honeypot-enabled networks for the and intrusion detection in wireless sensor networks,” Pro-
internet of things,” IEEE Internet of Tings Journal, vol. 3, cedia Engineering, vol. 38, pp. 1658–1664, 2012.
no. 6, pp. 1025–1035, 2016. [128] L. Prema Rajeswari and A. Kannan, “An active rule approach
[114] M. Surendar and A. Umamakeswari, “InDReS: an intrusion for network intrusion detection with enhanced C4.5 Algo-
detection and response system for internet of things with rithm,” International Journal of Communication, vol. 4,
6LoWPAN,” in Proceedings of the International Conference pp. 285–385, 2008.
on Wireless Communications, Signal Processing and Net- [129] Y. Xiao, C. Xing, T. Zhang, and Z. Zhao, “An intrusion
Working (WiSPNET), pp. 1903–1908, Chennai, India, March detection model based on feature reduction and convolu-
2016. tional neural networks,” IEEE Access, vol. 7, pp. 42210–
[115] Y. Fu, Z. Yan, J. Cao, O. Koné, and X. Cao, “An automata 42219, 2019.
based intrusion detection method for internet of things,” [130] Y. Zhang, X. Chen, L. Jin, X. Wang, and D. Guo, “Network
Mobile Information Systems, vol. 2017, Article ID 1750637, intrusion detection: based on deep hierarchical network and
13 pages, 2017. original fow data,” IEEE Access, vol. 7, pp. 37004–37016,
[116] S. Bose, S. Bharathimurugan, and A. Kannan, “Multi-layer 2019.
integrated anomaly intrusion detection system for mobile [131] S. Ganapathy, K. Kulothungan, S. Muthuraj Kumar,
adhoc networks,” in Proceedings of the 2007 IEEE Interna- M. Vijayalakshmi, P. Yogesh, and A. Kannan, “Intelligent
tional Conference on Signal Processing, Communications and feature selection and classifcation techniques for intrusion
Network, pp. 360–365, Chennai, India, June 2007. detection in networks: a survey,” EURASIP Journal on
Wireless Communications and Networking, vol. 2013, no. 1,

pp. 271–316, 2013.
[132] P. Nancy, S. Muthurajkumar, S. Ganapathy, S. Santhosh
Kumar, M. Selvi, and K. Arputharaj, “Intrusion detection
using dynamic feature selection and fuzzy temporal decision
tree classifcation for wireless sensor networks,” IET Com-
munications, vol. 14, no. 5, pp. 888–895, 2020.
[133] A. L. Muna, E. Sitnikova, N. HawawrehMoustafa, and
S. Elena, “Identifcation of malicious activities in industrial
internet of things based on deep learning modelfcation of
malicious activities in industrial internet of things based on
deep learning models,” Journal of Information Security and
Applications, vol. 41, pp. 1–11, 2018.
[134] C. Xiang and S. M. Lim, “Design of multiple-level hybrid
classifer for intrusion detection system,” IEEE Transactions
on System, Man, Cybernetics, Part A, Cybernetics, vol. 2,
no. 28, pp. 117–122, 2002.
[135] C. Xu, J. Shen, X. Du, and F. Zhang, “An intrusion detection
system using a deep neural network with gated recurrent
units,” IEEE Access, vol. 6, pp. 48697–48707, 2018.
[136] N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep
learning approach to network intrusion detection,” IEEE
Transactions on Emerging Topics in Computational Intelli-
gence, vol. 2, no. 1, pp. 41–50, 2018.

Review Article

Uploaded by

Copyright:

Available Formats

Review Article

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Review Article

Uploaded by

Copyright:

Available Formats

Hindawi

Computational Intelligence and Neuroscience

S. V. N. Santhosh Kumar ,1 M. Selvi ,2 and A. Kannan 2

Correspondence should be addressed to S. V. N. Santhosh Kumar; santhoshkumar.svn@vit.ac.in

Academic Editor: Anastasios D. Doulamis

Based on Intrusion Detection Based on Detection based on

1. IDS based on Anomaly 1. Centralized IDS 1. Denial of Service Attack

Figure 1: Taxonomy of IDS in IoT.

Table 1: Comparison of diferent intrusion detection systems based on anomaly detection.

Table 2: Comparison of IDS based on signature.

Table 3: Comparison of IDS based on specifcation.

Table 5: Simulation parameters.

Fuzzy Inference CNN

Max Pooling Layers

Fully Connected Layer

Figure 2: Architecture of the proposed system.

ALGORITHM 1: Intelligent fuzzy rule-based feature selection algorithm.

Table 7: Fuzzy inference rules.

Table 8: Performance investigation of diferent intrusion detection approaches.

Intrusion Detection Systems Performance Analysis

Detection Accuracy (%) 70

IDS based on anomaly detection IDS based on specification

IDS based on signature IDS based on hybrid method

Packet Delivery Ratio analysis

PAcket delivery ratio (%)

Y.Ding [94] J wang [23]

Y.Ding [94] J wang [23]

Energy consumption analysis

Energy consumption (J) 15

Y.Ding [94] J wang [23]

Network Life time analysis

Y.Ding [94] J wang [23]

DoS attack detection analysis

Y.Ding [94] J wang [23]

Probe attack detection analysis

Detection Accuracy (%)

Y.Ding [94] J wang [23]

R2L attack detection analysis

Y.Ding [94] J wang [23]

Y.Ding [94] J wang [23]

Wireless Communications and Networking, vol. 2013, no. 1,

You might also like