Multi Agent Anomaly detection Module
0 likes392 views
The project, funded by the EU's Horizon 2020 program, involves a multi-agent anomaly detection module aimed at securing IoT networks against cyber attacks through a distributed detection scheme. It leverages graph neural networks to monitor and predict anomalies in IoT devices, improving detection efficiency while reducing resource consumption. Performance evaluations demonstrate superior detection accuracy compared to existing methods against various attack scenarios.
Multi Agent Anomaly detection Module
- 1. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Secure and Safe Internet ofThings (SerIoT) 1 Horizon 2020, Project No. 780139 29.01.2021 Multi-agent Anomaly Detection module Information Technologies Institute, Centre of Research and Technology Hellas (CERTH/ITI)
- 2. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Multi-agent anomaly detection module(1/2) 2 Horizon 2020, Project No. 780139 The multi-agent Anomaly detection module is designed in order to: Secure a wide and complex IoT network infrastructure from adversarial actions ensuring smooth and resilient service provision. Address the distributed nature of cyber attacks by engaging a lower resource consuming distributed detection technique. Mitigate the case of an attack spreading to adjacent devices, providing early indentification of the compromised network device.
- 3. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Multi-agent anomaly detection module(2/2) 3 Horizon 2020, Project No. 780139 Why choosing the distributed detection scheme? To address the resource constraints in terms of bandwidth and power consumption posed by the utilization of heterogeneous IoT devices To better accommodate the complexity of an IoT network infrastructure by exploiting the merit of structural features exchange among neighboring nodes and their attached edges, in a localized monitoring scheme. To present a distributed detection scheme against the distributed nature of several DoS attacks with high detection efficiency. To identify infectious distributed attacks within the IoT network such as malware causing root-to-branch attacks, in a synergistic manner inheriting the advantages of a multi-agent system.
- 4. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 KPIs used for the anomaly detection method evaluation 4 Horizon 2020, Project No. 780139 Accuracy of Detection measures the successful results over the total number of detections. F1 score describes how precise the detection method has been in identifying normal and abnormal cases out of the actual positive and negative instances respectively. Detection Delay counts the time between the burst of the attack and its detection. Time of proactive detection indicates the time of early detection, before the attack spreads in the network. Bandwidth overhead describes the network load added by operating the detection method. Power Consumption overhead measures the added Power Consumption which the detection method has caused to the network.
- 5. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 High level overview of module operation Horizon 2020, Project No. 780139 4 1. The IoT network is reflected on a Graph structure where Nodes depict a set of network devices and Edges depict their interconnection links. 2. Intelligent Agents are positioned upon a set of Nodes (sensors, actuators, forwarders or servers) to monitor local devices and their connections. 3. Agents exchange traffic statistics information among their neighbors by engaging a Graph Neural Network algorithm. 4. Each Node is able to predict an anomaly score regarding itself and its adjacent neighbors’ status.
- 6. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Graph Neural Networks methodology for anomaly detection Horizon 2020, Project No. 780139 4 A set of features (traffic data) is associated to each Node and Edge of the network. Each agent deploying a Graph Neural Network algorithm with Edge and Node Deep Neural Networks (DNN) processes the feature vectors. • Edge DNN updates the features of neighboring nodes. • Node DNN uses the updated edge feature values to update the feature values of the specific node. Two classifiers are responsible to predict anomalies in the neighborhood, and the specific Node.
- 7. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Experimental results 7 Horizon 2020, Project No. 780139 The Proposed method was compared with SoA methods and Machine Learning techniques against several network traffic datasets to evaluate its performance. • Botnet CTU13 • IEEE Dataport IoT network intrusion attack dataset (TCP/SYN, UDP Flood, Port Scanning) • Infiltration attack simulated scenario • Worm attack propagation simulated scenario Extensive experiments showcase the outperformance of the GNN detection method compared to similar mechanisms in terms of detection efficiency.
- 8. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Experimental Resutls Portscan attack Detection method devices ROC score Accuracy GNN 99.00 99.00 SVM 91.36 91.36 Decision Tree 92.86 92.86 Random Forest 92.86 92.86 Infiltration attack Detection method devices ROC score Accuracy GNN 99.00 99.00 SVM 91.36 91.36 Decision Tree 92.86 92.86 Random Forest 92.86 92.86
- 9. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 Anomaly Detection interaction with Visual Analytics Dashboard 9 Horizon 2020, Project No. 780139 Anomaly detection recognizes five abnormal devices Active events are populated with abnormality details
- 10. This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme under grant agreement No. 780139 10 Horizon 2020, Project No. 780139 SerIoT project (2020), Deliverable ‘D4.6-Cross-layer anomaly detection framework’ - A. Protogerou, S. Papadopoulos, A. Drosou, D. Tzovaras, I. Refanidis, "A Graph Neural Network method for distributed Anomaly Detection in IoT", Evolving Systems (2020). - Yavuz, F.Y., ̈Unal, D., G ̈ul, E.: Deep learning for detection of routing attacks in theinternet of things. International Journal of Computational Intelligence Systems12(1),39–58 (2018) - Y. Meidan et al., "N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders," in IEEE Pervasive Computing, vol. 17, no. 3, pp. 12-22, Jul.-Sep. (2018). Related Publications