Abstract
Smart homes, which incorporate IoT technologies to provide home security, efficient environmental services, conveniences, and improved living standards, are becoming the centre of smart urban developments. With the increased inter-connectivity of smart objects and sensors, there is now, also, an increased level of cyber threats, which can compromise privacy and security. These threats either modify packets of information or inject modified packets into the networks. This chapter examines current intrusion detection systems (IDSs) and presents a unique solution to overcome intrusion detection challenges. It discusses the implementation of smart home IDS (SHIDS), using a machine learning based signature and anomaly intrusion detection scheme to detect network intrusions in the smart home. Suggested mechanism is based on naïve Bayes technique to improve the detection performance. The performance of SHIDS has been tested with network intrusions resulting from DoS, probe, remote-to-local (R2L), and user-to-root (U2R) attacks.
TopIntroduction
Cities play a significant role in the developing environmental, social, and economic aspects nationally and globally (Ismagilova, et al., 2019). More than half of the world’s population currently lives in cities and it is predicted that 2.5 billion more will move to cities. Its is estimated that new inhabitants would make it about 60% of the world population to live in cities by 2050. This is supported by the United Nations’ (UN) prediction that 6.5 billion people will live in cities by 2050 (Ismagilova, et al., 2019). A consequence of this rapid urbanisation is that cities are facing many challenges as their assets and foundations are brought under huge pressure. An emerging trend to efficiently run cities and to decrease the impact of these challenges is the deployment of digital and communication technologies to build an integrated infrastructure (combining sensors and actuators, intelligent objects such as smart phones, networking, storage resources and physical computing) giving rise to the concept, now commonly known as smart or intelligent or digital cities.
Ismagilova, et al. (2019) report that many countries have already developed smart cities by utilising these technologies to refine different aspects of the city’s performance, monitoring and the management of critical services relating to provision of water, transport, traffic, health, environment, public and private sector, homes, quality of life for residents and many more. Many cities are becoming smarter than ever before, due to revolutionary developments in the area of Internet of Things (IoT). IoT has been steadily incorporated into some of the main operational and service aspects of a city such as Smart Energy, Smart Buildings (including Smart Homes), Smart Mobility, Smart Healthcare, Smart Security, Smart Governance, Smart Citizens, Smart Infrastructure (Arasteh, et al., 2016). Hui, et al. (2017) argue that “SH [Smart Home] is the basic building block of smart cities” and setting up of smart cities is the key for manageable fast urbanisation.
The ubiquity and popularity of the Internet, and low cost of IoT based devices, are the contributing factors to the rapid development of Smart Homes in intelligent cities. In contemporary Smart Home systems, there is a plethora of sensors, actuators, and relevant digital devices, all inter-connected wirelessly. Most of the time, they operate behind the scenes monitoring, collecting, storing, communicating, and processing data. Easy access to these wireless networks and devices on them is an essential prerequisite of the legitimate users of these Smart Homes, but that is also the very reason that has brought about new security and privacy challenges.
One of the main objectives in building Smart Homes within Intelligent Cities equipped with smart devices and smart appliances with Internet connectivity is to provide comfort to its user and efficiency of processing of devices and operation of systems within the homes such as security. To its owners, a Smart Home is a complex digital ecosystem that can be accessed, like any other Internet device or service, from anywhere in the world. However, the very same conveniences a Smart Home offers its owner also allow, unfortunately, an intruder to launch attacks on it remotely or sitting within its wireless network range. From the intruder's viewpoint, attacking a Smart Home either remotely or in the wireless range is more attractive than a physical break-in (Jose, 2017). Unlike other wireless sensor networks, the Smart Home wireless networks pose new security challenges. The attacker can easily fulfil their objective by targeting and compromising a less secure smart device in the home and make it to obey their orders. Smart Home is appealing to the intruder to target, as most of the existing defensive strategies are focusing on the attacks that happen in the application layer and the transmission layer and not so much in the physical network layer.
One way to improve the security of Smart Homes is to refuse access through the Internet, but that would defeat the very purpose of making a home “smart” and it would also kill the idea of Home and City Automation. Therefore, it is very important that access to Smart Homes over the Internet is provided securely and all in-house wireless networks with their connected devices are secured as much as possible. One way to achieve this is by narrowing access to the home over the Internet, and by restricting access only to a few selected people to the trusted fixed number of devices in the home. To accomplish this, it is necessary to identify a priori the number of devices and the users who need access to them.
Key Terms in this Chapter
Particle: In an optimisation problem where there is a population of candidate solutions, the candidate solution that is chosen as the one to optimise over the search space is called a particle.
Gini Index: Gini index gives the probability of incorrectly classifying labels when randomly selected from data. It is a measure of the impurity of the dataset and is used as a metric in CART to create binary splits.
Particle Swarm Optimisation (PSO): This refers to an optimisation technique that optimises a problem by iteratively improving a candidate solution a.k.a. particle. Simple mathematical formulae are used to move these particles in search space in search of the optimised solution.
Machine Learning: It refers to a technique that automates building analytical models using algorithms to analyse large amounts of data. It is based on the idea that computer systems can learn by identifying patterns within data and make decisions with minimal human intervention.
Best Solution (in PSO): This is the optimum solution for the particle’s position obtained by applying the cost optimisation function to randomly moving particles.
Simulated Annealing (SA): This refers to the unsupervised machine learning algorithm based on features optimisation to extract different features from the given data with the objective of finding a global optimum.
Internet of Things (IoT): This refers to a collection of physical objects such as home appliances, personal digital devices, wearables, security systems, smart buildings, smart vehicles, national critical infrastructure, etc., embedded with sensors, actuators, microcontrollers, storage, and software and connected to other similar devices and systems over the Internet.
Logistic Regression Methods: It refers to statistical techniques used in machine learning for solving binary classification problems in which there is one or more independent variables that determines the dependent variable (outcome).
Mirai: This refers to a malware that takes advantage from flaws or security holes in IoT devices, especially those running Linux, and turns them into remotely controlled bots. It infects smart home devices and change them into bots or zombies that can be controlled remotely.
Principal Component Analysis (PCA): It refers to a statistical technique that transforms a set of possibly correlated variables into a set of linearly correlated variables called principal components.
Naïve Bayes: Naïve Bayes is an algorithm used in supervised machine learning for predictive modelling. It is based on the assumption that the features of a measurement are statistically independent.
Anomaly detection: This refers to the act of identifying rare events in network operation that could be the result of network intrusions. Anomalies raise suspicion because they differ significantly from the data observed during normal operation.
Classification and Regression Trees (CART): CART refers to decision tree algorithms used in machine learning for the purpose of classification and regression. It belongs to supervised machine learning algorithm category. The classification tree part of the CART algorithm is used to identify the class within which the target variable is most likely to fall whereas the regression tree is used to predict the value of the variable.