Table 11 IDS in IoT using ANN approaches/techniques
Ref# | ANNs approach | Intrusion targets in IoT | Limitations |
|---|---|---|---|
[106] | Feed forward NNs | DoS, DDoS, Reconnaissance, Information theft | ✓ The precision drops for binary and multi-class classification |
[107] | Gated RNNs | All IoT layers attacks | ✓ This work is only applicable to low power IoT devices and low dataset |
[108] | ANNs | Worms, Shellcode, DoS, Backdoors, Reconnaissance | ✓ More complex dataset due to similar behaviour of normal network traffic and modern attacks [54] ✓ Real time network traffic is not addressed (Future focus) |
[109] | ANNs | DoS, DDoS | ✓ Other major type of attacks are not addressed by this approach |
[19] | ANNs | DDoS | ✓ Not appropriate for encrypted packets ✓ Accuracy is less for very old dataset ✓ Algorithm requires re-training after 5 to 6 years ✓ This approach is not tested in simulated environment ✓ Targets only DDoS |
[110] | ANNs | Anomalies in IoT data | ✓ Applicable for limited dataset and small scale system |
[111] | ANNs | Malicious shellcode pattern | ✓ It uses offline approaches of detecting shellcode ✓ Focus is only on shellcode patterns |
[112] | Deep RNN | DoS, Probe, R2L, U2R | ✓ NSL-KDD data set used which is not ideal dataset for IoT [54] ✓ It lacks modern footprint attacks scenarios [54] |
[113] | Conditional variant autoencoder | DoS, Probe, R2L, U2R | ✓ NSL-KDD data set used which is not ideal dataset for IoT [54] ✓ It lacks modern footprint attacks scenarios [54] |
[114] | Auto encoded DNN | DoS, Injection, Impersonation | ✓ Covers limited range of attacks ✓ Algorithm is trained offline ✓ Dataset in this approach is valid small networks |
[115] | ANN based IDS | DIS attack, Version attack | ✓ Simulated dataset ✓ Limited range of attacks |
[116] | Bi-directional LSTM RNN | Worms, Backdoor, DoS, Reconnaissance, Analysis | ✓ Small network dataset used ✓ Some attacks available in dataset were left unaddressed |
[117] | ANNs | DoS, Probe, Remote to Local (R2L), User to Root (U2R) | ✓ Dataset contain large amount of redundancy ✓ Dataset used by approach applicable to small network |
[118] | Fuzzy Clustering FC-ANN | DoS, Probe, R2L, U2R | ✓ More suitable for low frequent attacks such as R2L and U2R attacks but for high frequent attacks the accuracy drops a bit ✓ Determining the appropriate number of clustering is an issue |
[119] | LSTM & RNN | ▪ DoS, SYN flood attack | ✓ Very limited dataset used by this approach ✓ This approach is applicable to small network ✓ Limited number of attacks addressed |
[120] | Random neural network (RNN) | DoS, Malicious operation, Malicious control, Data type probing, Spying, Scan, Wrong setup attack | ✓ Method is checked against dataset which contains less features ✓ Not efficient for noisy and low quality data ✓ Implementation on different IoT devices will create complexity issue |
[121] | Dense RNN | DoS, Denial of sleep attacks | ✓ Probabilistic approach towards attack detection ✓ Applicable to small network |
[122] | Back propagation (BP) NN, and Radial basis function (RBF) NN | DoS, Probe, R2L, U2R | ✓ Dataset used by approach is redundant ✓ Can be applied to small network |
[123] | BP ANNs | DDoS, DoS | ✓ Detection rate drastically drops at second stage ✓ Detection rate is affected by time out values |
[124] | ANNs | DoS, Spoofing. Sniffing, Impersonation, Malware | ✓ Applied on limited number of IoT devices ✓ Test on Wi-Fi network only, not applicable to other networks like ZigBee ✓ A hypothetical approach towards detection |
[125] | CNN + RNN | Network traffic classification | ✓ Dependency of detection model on TCP window size and TIMESTAMP ✓ Results get worst by TIMESTAMP factor |
[126] | Autoencoder | Mirai attacks, BASHLITE attacks | ✓ More hypothetical approach ✓ Method applied to very small network |
[127] | RNN + LSTM | IoT malwares detection | ✓ Dataset used in this approach is small ✓ Improvements are required for real life environment implementation |
[128] | Feed forward (FF) ANN | DoS, Backdoors, Shellcode, Worms, Spams, Reconnaissance, Port scan, Generic | ✓ UNSW-NB15 data set is valid only for emulated and small networks |
[129] | LSTM-RNN | DoS, Probe, R2L, U2R | ✓ False Alarm Rate (FAR) requires more improvement ✓ Dataset suffers from redundancy ✓ Dataset used by model is for small network |
[139] | Deep Belief network DBN-IDS | Botnet, Brute force, DoS/DDoS, Infiltration, Port scan, Web attacks | ✓ Some other class of attacks needs to be included ✓ Dataset used by this model is emulated and valid for small traffic |
[141] | Multi CNN | DoS, Probe, R2L, U2R | ✓ This is offline learning ✓ Dataset is not ideal for IoT |
[142] | Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN) | UDP, ACK, DNS, SYN | ✓ Some attacks in the Mirai botnet dataset are skipped |