Advances, Systems and Applications
Table 3 A comparison of IDSs designed for IoT systems, with a focus on the types, techniques and features of these systems with respect to their adaptability to IoT-based smart environments
From: Intrusion detection systems for IoT-based smart environments: a survey
Reference | Type | Technique | Features |
|---|---|---|---|
Liu et al. (2011) [87] | NIDS | Machine learning & Signature model | 1- Self-adaption 2- Self-learning |
| Â | Â | Hybrid intrusion detection | Â |
Kasinathan et al. (2013) [88] | NIDS | Rule model & Signature model | 1- Detection of DoS attacks in 6LoWPAN |
| Â | Â | Hybrid intrusion detection | 2- Decreased false alarm rate |
Kasinathan et al. (2013) [90] | NIDS | Rule model & Signature model | 1- Monitoring of large networks 2- Light weight and scalability |
| Â | Â | Hybrid intrusion detection | 3- Detection of DoS attacks in 6LoWPAN |
Jun and Chi (2014) [91] | NIDS | Rule model | 1- Real-time detection |
| Â | Â | Anomaly-based intrusion detection | 2- High performance in real time |
Krimmling and Peter (2014) [92] | NIDS | Machine learning & Signature model | 1- Applicability to CoAP applications |
| Â | Â | Hybrid intrusion detection | 2- Light weight |
Butun et al. (2015) [93] | NIDS | Statistical model & Rule model | 1- Applicability to hierarchical WSNs |
| Â | Â | Hybrid intrusion detection | 2- Dependence on WSN clustering |
Surendar and Umamakeswari (2016) [82] | NIDS | Protocol model | 1- Detection of sinkhole attacks in 6LoWPAN |
| Â | Â | Specification-based intrusion detection | 2- QoS preservation 3- Isolation of malicious nodes |
Le et al. (2016) [83] | NIDS | Protocol model | 1- Energy efficiency 2- Detection of RPL attacks in 6LoWPAN |
| Â | Â | Specification-based intrusion detection | 3- Applicability to large-scale networks |
Bostani and Sheikhan (2017) [84] | NIDS | Protocol model & Machine learning | 1- Detection of RPL attacks in 6LoWPAN |
| Â | Â | Hybrid intrusion detection | 2- Real-time detection 3- Reduced number of communication messages |
Garcia-Font et al. (2017) [95] | NIDS | Machine learning & Signature model | 1- Applicability to WSNs |
| Â | Â | Hybrid intrusion detection | 2- Applicability to large-scale networks |
Fu et al. (2017) [96] | NIDS | Protocol model & Signature model | 1- Classification of attacks into categories |
| Â | Â | Hybrid intrusion detection | 2- Use of GUI tools |
Deng et al. (2018) [97] | NIDS | Machine learning & Data mining | 1- Light weight |
| Â | Â | Hybrid intrusion detection | 2- Improved detection efficiency with a low FPR |
Amouri et al. (2018) [99] | NIDS | Protocol model & Machine learning | 1- Low computational complexity |
| Â | Â | Hybrid intrusion detection | 2- Low resource requirements |
Liu et al. (2018) [100] | NIDS | Machine learning & Data mining | 1- Adaptability to high-dimensional spaces |
| Â | Â | Hybrid intrusion detection | 2- Reduced detection time 3- High accuracy on high-volume data |
Abhishek et al. (2018) [101] | NIDS | Statistical model | 1- Real-time detection |
| Â | Â | Anomaly-based intrusion detection | 2- Based on theoretical foundations with no need for training data |
Oh et al. (2014) [102] | HIDS | Pattern matching | 1- Reduced memory size requirements |
| Â | Â | Misuse-based intrusion detection | 2- Reduced processing workload 3- Increased speed |
| Â | Â | Â | 4- Scalable performance for a large number of patterns |
Summerville et al. (2015) [103] | HIDS | Payload model | 1- Low latency 2- Ultralight weight |
| Â | Â | Anomaly-based intrusion detection | 3- High throughput in hardware or software implementation |
Mohan et al. (2016) [37] | HIDS | Rule model & Signature model | 1- Simplicity |
| Â | Â | Hybrid intrusion detection | 2- Self-learning |
Arrignton et al. (2016) [104] | HIDS | Machine learning | 1- High-efficiency monitoring |
| Â | Â | Anomaly-based intrusion detection | 2- Cancellation of environment noise |
Gupta et al. (2013) [105] | Hybrid IDS | Machine learning | 1- Real-time detection 2- Adaptability to wireless networks |
| Â | Â | Anomaly-based intrusion detection | 3- Ability to operate as both a NIDS and a HIDS |
Raza et al. (2013) [106] | Hybrid IDS | Protocol model & Machine learning | 1- Detection of RPL attacks in 6LoWPAN |
| Â | Â | Hybrid intrusion detection | 2- Real-time detection 3- Light weight 4- Energy efficiency |
Khan and Herrmann (2017) [107] | Hybrid IDS | Protocol model | 1- Light weight 2- Energy efficiency |
| Â | Â | Anomaly-based intrusion detection | 3- Applicability in healthcare environments |