Open Access

ARTICLE

Encrypted Cyberattack Detection System over Encrypted IoT Traffic Based on Statistical Intelligence

Il Hwan Ji¹, Ju Hyeon Lee¹, Seungho Jeon², Jung Taek Seo^2,*

1 Department of Information Security, Gachon University, Seongnam, 13120, Republic of Korea
2 Department of Computer Engineering (Smart Security), Gachon University, Seongnam, 13120, Republic of Korea

* Corresponding Author: Jung Taek Seo. Email:

(This article belongs to the Special Issue: Advanced Security for Future Mobile Internet: A Key Challenge for the Digital Transformation)

Computer Modeling in Engineering & Sciences 2024, 141(2), 1519-1549. https://doi.org/10.32604/cmes.2024.053437

Received 30 April 2024; Accepted 13 August 2024; Issue published 27 September 2024

Abstract

In the early days of IoT’s introduction, it was challenging to introduce encryption communication due to the lack of performance of each component, such as computing resources like CPUs and batteries, to encrypt and decrypt data. Because IoT is applied and utilized in many important fields, a cyberattack on IoT can result in astronomical financial and human casualties. For this reason, the application of encrypted communication to IoT has been required, and the application of encrypted communication to IoT has become possible due to improvements in the computing performance of IoT devices and the development of lightweight cryptography. The application of encrypted communication in IoT has made it possible to use encrypted communication channels to launch cyberattacks. The approach of extracting evidence of an attack based on the primary information of a network packet is no longer valid because critical information, such as the payload in a network packet, is encrypted by encrypted communication. For this reason, technology that can detect cyberattacks over encrypted network traffic occurring in IoT environments is required. Therefore, this research proposes an encrypted cyberattack detection system for the IoT (ECDS-IoT) that derives valid features for cyberattack detection from the cryptographic network traffic generated in the IoT environment and performs cyberattack detection based on the derived features. ECDS-IoT identifies identifiable information from encrypted traffic collected in IoT environments and extracts statistics-based features through statistical analysis of identifiable information. ECDS-IoT understands information about normal data by learning only statistical features extracted from normal data. ECDS-IoT detects cyberattacks based only on the normal data information it has trained. To evaluate the cyberattack detection performance of the proposed ECDS-IoT in this research, ECDS-IoT used CICIoT2023, a dataset containing encrypted traffic generated by normal and seven categories of cyberattacks in the IoT environment and experimented with cyberattack detection on encrypted traffic using Autoencoder, RNN, GRU, LSTM, BiLSTM, and AE-LSTM algorithms. As a result of evaluating the performance of cyberattack detection for encrypted traffic, ECDS-IoT achieved high performance such as accuracy 0.99739, precision 0.99154, recall 1.0, F1 score 0.99575, and ROC_AUC 0.99822 when using the AE-LSTM algorithm. As shown by the cyberattack detection results of ECDS-IoT, it is possible to detect most cyberattacks through encrypted traffic. By applying ECDS-IoT to IoT, it can effectively detect cyberattacks concealed in encrypted traffic, promoting the efficient operation of IoT and preventing financial and human damage caused by cyberattacks.

---

Keywords

---