St.

Merry University
School of Graduate Studies
Research Methods and Communication

Review of Intrusion Detection System(IDS) in Internet

Of Things (IOT)

By: Erste Eshete (ID NO SGS/0527/2013A),

Eyasu Tesfaye (ID NO SGS/0564/2013A),
Gemechis Belay (ID NO SGS/0381/2013A),
Mogessie Bekele (ID NO SGS/0528/2013A),
Tagel Alemu (ID NO SGS/0391/2013A),
Yedamu Yohannes (ID NO SGS/0404/2012A)

TO: Getahun Semeon (PhD)

Date: 29/01/2021
Abstract: The Internet of things (IOT) is one of the modern technology that interconnect various
physical devices and internet in different domain of computerized system. The IoT incorporates
everything from the body sensor to the recent cloud computing and it works across
heterogeneous networks and standards. “It is estimated that a trillion of physical objects will be
connected to the Internet until 2022. “as result of this, there is no network is free from security
threats and vulnerabilities and each of the IOT layers is exposed to different types of threats.
Therefore, additional security devices particularly to IOT are needed. Intrusion Detection System
(IDS) could fulfill this purpose. In this paper, we present a literature review on the IDS in IOT
topic, mainly focusing on the current state of research by examining the literature, identifying
current trends and presenting open issues and future directions

Introduction

Nowadays, the evolution of internet and use of computer systems has resulted in huge
electronic transformation of data which experienced multiple problems such security, privacy
and confidentiality of information. (Putra Wanda1,2, Huang Jin Jie1)
The Internet of Things (IoT) has become a common news item and marketing trend.
Beyond the hype, IoT has emerged as an important technology with applications in
many fields. IoT has roots in several earlier technologies: pervasive information
systems, sensor networks, and embedded computing. The term IoT system more
accurately describes the use of this technology than does Internet of Things. Most
IoT devices are connected together to form purpose-specific systems; they are less
frequently used as general-access devices on a worldwide network. The IoT can be defined as
“data and devices continually available through the Internet.” Interconnection of things (objects)
that can be addressed unambiguously and heterogeneous networks constitute the IoT.
Radiofrequency identification (RFID), sensors, smart technologies, and nanotechnologies are the
major contributors to the IoT for a variety of services. The IoT also views everything as the
same, not even discriminating between
humans and machines. Things include end users, data centers (DCs), processing
units, smartphones, tablets, Bluetooth, ZigBee, the Infrared Data Association
(IrDA), ultra-wideband (UWB), cellular networks, Wi-Fi networks, near
field communication (NFC) DCs, RFID and their tags, sensors and chips, household
equipment, wristwatches, vehicles, and house doors that is IOT attracting the attention of hacker
(intruders).

Intrusion detection

Intrusion detection is the activity of detecting actions that intruders carry out against
information systems. IDS is composed of sensors, an analysis engine, and a reporting system.
Sensors are deployed at different network places or hosts. Their task is to collect network or host
data such as traffic statistics, packet headers, service requests, operating system calls, and file-
system changes. The sensors send the collected data to the analysis engine, which is responsible
to investigate the collected data and detect
ongoing intrusions. When the analysis engine detects an intrusion, the reporting system generates
an alert to the network administrator.
When the IDS notices a possible malicious threat, called an event, it logs the transaction and
takes appropriate action. The action may simply be to continue to log, send an alert, redirect the
attack, or prevent the maliciousness. If the threat is high risk, the IDS will alert the appropriate
people. Alerts can be sent by e-mail, Simple Network Management Protocol (SNMP), pager,
SMTP to a mobile device, or console broadcast. An IDS supports the defense-in-depth security
principle and can be used to detect a wide range of rogue events, including but not limited to the
following:
• Impersonation attempts
• Password cracking
• Protocol attacks
• Buffer overflows
• Installation of rootkits
• Rogue commands
• Software vulnerability exploits
• Malicious code, like viruses, worms, and Trojans
• Illegal data manipulation
• Unauthorized file access
• Denial of service (DoS)

Search Process
 Describe details such as date of search, databases searched, terms used for search,
initial number of studies retrieved, inclusions and exclusion criteria, and the process
leading to the final number of studies to review.

according to the author (author:B.B. Zarpelão et al.2017) on their paper, they presented a
survey about IDS research efforts for IoT. they selected 18 papers in the literature that proposed
specific IDS schemes for IoT or developed attack detection strategies for IoT that could be part
of an IDS. These papers were published between 2009 and 2016. They proposed a taxonomy to
classify these papers, which is
based on the following attributes: detection method, IDS placement
strategy, security threat, and validation strategy. they observed that the
research of IDS schemes for IoT is still incipient. The proposed
solutions do not cover a wide range of attacks and IoT technologies.
Moreover, it is not clear which detection method and placement
strategies are more adequate for IoT systems. Finally, validation
strategies are not well consolidated.

according to the author (Elhadj Benkhelifa, Member, IEEE, Thomas Welsh, Member, IEEE, and Walaa
Hamouda, Senior Member, IEEE)
As interest in the IoT grows, its application will involve
more data sensitive projects. As such, ensuring its security
is a priority. With preventative measures difficult to be implemented
due to inherent architectural constraints, solutions must turn to second line methods of defense.
We examined IDS as one such defense and determined that despite the variety of existing
systems available; none are able to defend against all types of attacks (from the physical layer
up) due to their architectural implementation. Therefore, we discussed the case that these
methods are out-dated whilst not holistically covering the whole IoT model. In order to
comprehensively secure IoT based networks built of heterogeneous device types, a new approach
must be taken. This involves the application
of more physical hardware, using network probes to collect data and securely transport it to a
remote server (likely cloud based) so as to perform detection types as resource intensive as
required.
Future works should consider full implementations through development of an IDS for IoT,
where data processing will be computed upon a cloud system. The system will be tested on a
variety of physical hardware to examine the effect of monitoring multiple different protocols in
varied environments,
upon the data collection and analysis process.

Discussion and Conclusions

In this article, we presented a abstract analysis about IDS analysis for IOT networks. In this
analysis we assay five recent works that were appear amid 2017 and 2019 that adduce IDS
solutions for IOT networks. We accomplish that analysis in IDS in IOT are still in its
adolescence and incipient. The works advised do not awning a lot of IoT technologies and cannot
ascertain a example array of attacks. Considering that adjustment action and apprehension
adjustment are so important characteristics of IDSs, we can as well accomplish that the analyzed
works do not ability a accord on which are the added able options for that characteristics in IDSs
in IoT. In agreement of approaching plan we, as a analysis team, accept that will be important
that approaching research’s should apply absorption on ability a accord on which are the able
adjustment action and apprehension method. Increase the advance apprehension array and abode
added IoT technologies should be as well important to accomplish in approaching research’s.

The researcher argue that open issues related to topics such as selection of detection method,
attack detection range, management and security of alert traffic, alert
correlation and improvement of validation strategies must be addressed in the future.
As future research, researchers may focus on the following issues:
to investigate strong and weak points of different detection methods and placement strategies; (2)
to increase the attack detection range; (3)
to address more IoT technologies; (4) to improve validation strategies;
(5) to improve security of alert traffic and management; and (6) to
develop further applications such as alert correlation and autonomic
management systems.

List of References
1. A survey of intrusion detection in Internet of Things, Bruno Bogaz Zarpelãoa, Rodrigo
Sanches Mianib, Cláudio Toshio Kawakania, Sean Carlisto de Alvarengaa ,2017
2. A Survey of Intrusion Detection System, Putra Wanda, Huang Jin Jie , 2019
3. Internet-of-Things (IoT) Systems, Marilyn Wolf
4. Security and Privacy in Internet of Things (IoTs)
5. Network-based Detection of IoT Botnet Attacks Using Deep Autoencoders. Yair Meidan,
Michael Bohadana, Yael Mathov, Yisroel Mirsky,
6. ,Dominik Breitenbacher, Asaf Shabtai, and Yuval Elovici,2018
7. Systematic Literature Review in Computer Science - A Practical Guide, RelaTeDCC
002/2016
8. 2017-Elsevier-A-survey-of-intrusion-detection-in-internet-of-things.pdf referenced URL
address
9. https://www.sciencedirect.com/science/article/abs/pii/S1084804517300802