The internet of things (IoT) represents a burgeoning paradigm extensively employed in crafting intricate real-time applications, fostering interconnectedness and convenience. IoT applications suffer from several cybersecurity vulnerabilities. In pursuit of this objective, an IDS model called lightweight pyramidal U-Net with dual inception fusion framework is proposed. The IoT device layer comprises devices that continually generate network traffic for cloud applications which are directed to the edge layer, where two operations occur: traffic filtering and pre-processing and feature extraction. The model incorporates feature attention in the encoder phase and multiscale pyramidal layers in the decoder phase to robustly extract network features by capturing interdependencies among them. Experimental results demonstrate the superiority of our approach over state-of-the-art methodologies.
Top1. Introduction
The Internet of Things (IoT) has a big impact on our daily lives by connecting various embedded computing devices in the real world to the Internet (Nižetić et al., 2020). This makes connectivity between devices, systems, and services seamless. Drones and self-operating bots are just a few examples of the myriad of connected gadgets and Internet of Things innovations that range from smart homes and medical facilities to these. A massive network of linked devices is changing how data is handled and used as a result of the increasing use of IoT devices in households and businesses (Ahmad & Zhang, 2021). IoT is still becoming more and more popular, but it also faces growing security issues that require attention. IoT configurations typically include of low-resource devices and frequently do not receive regular security upgrades from their makers. Attacks with malevolent intent that target these security flaws in IoT systems can take advantage of the vulnerabilities created by this circumstance (Mishra & Tyagi, 2022). These kinds of attacks have the potential to seriously damage the core IoT architectures and the numerous apps that depend on them. Therefore, in order to actively detect and neutralize these attacks, it is imperative that a robust intrusion detection system (IDS) be implemented (Sisodia, 2020).
IDS is software or hardware, works by keeping an eye on system or network behaviours and looking for any unusual activity or policy violations (Lounis & Zulkernine, 2020). After that, they communicate reports to a central management hub. Although many intrusion detection systems (IDS) have been developed to improve security across Internet hosts and networks, the specific characteristics of IoT settings make it impractical to directly adapt typical IDS systems to IoT networks (Laghrissi et al., 2021; Sethi et al., 2021). IoT network devices are subject to limitations in terms of electricity, processing power, connectivity, and storage capacity. This necessitates a significant optimization, simplification, and modification of current security techniques (Bhati et al., 2022). Moreover, IoT networks employ unique protocol stacks and standards, which calls for the creation of particular security methods to meet these needs. Generally, there are two types of IDS exist such as Signature-based Intrusion Detection System (SIDS), and Anomaly-based Intrusion Detection System (AIDS) (Otoum et al., 2022). Signature intrusion detection systems (SIDS) use pattern-matching techniques to detect known attacks. Matching algorithms are used in SIDS to find previous incursions (Meera et al., 2021). In other words, an alarm is raised when the signature of an intrusion that is happening right now matches a record in the database that has the signatures of intrusions that have happened in the past (Hajj et al., 2021; Yosuf et al., 2020). AIDS can alleviate SIDS's limitations; it has attracted a lot of study attention. A standard model of a computer system's behavior in AIDS is created using knowledge-based, statistical, or machine-learning techniques (Abbas, Khan, Latif, Ajaz, Shah, & Ahmad, 2021; Khraisat & Alazab, 2021). Any significant difference between the behaviour that has been seen and this model is considered abnormal and may be a sign of an intrusion. This approach is predicated on the idea that harmful activity deviates from the usual patterns displayed by normal users. The SIDS were faced with higher complexity in terms of detecting only known attacks whereas the AIDS faced with lesser positive rate with lesser accuracy (Khraisat & Alazab, 2021).