An Intelligent Intrusion Detection System for Smart Consumer Electronics Network

The technological advancements of Internet of Things (IoT) has revolutionized traditional Consumer Electronics (CE) into next-generation CE with higher connectivity and intelligence. This connectivity among sensors, actuators, appliances, and other consumer devices enables improved data availability, and provides automatic control in CE network. However, due to the diversity, decentralization, and increase in the number of CE devices the data traffic has increased exponentially. Moreover, the traditional static network infrastructure-based approaches need manual configuration and exclusive management of CE devices. Motivated from the aforementioned challenges, this article presents a novel Software-Defined Networking (SDN)-orchestrated Deep Learning (DL) approach to design an intelligent Intrusion Detection System (IDS) for smart CE network. In this approach, we have first considered SDN architecture as a promising solution that enables reconfiguration over static network infrastructure and handles the distributed architecture of smart CE network by separating the control planes and data planes. Second, an DL-based IDS using Cuda-enabled Bidirectional Long Short-Term Memory (Cu-BLSTM) is designed to identify different attack types in the smart CE network. The simulations results based on CICIDS-2018 dataset support the validation of the proposed approach over some recent state-of-the-art security solutions and confirms it a phenomenal choice for next-generation smart CE network.


I. INTRODUCTION
T HE INTERNET of Things (IoT) is a network of devices embedded with software programs and sensors that utilize the Internet to communicate data.The amalgamation of IoT into traditional Consumer Electronics (CEs) has revolutionized it into next-generation CEs with higher connectivity and intelligence.This improved data availability and automatic control in the CE network are made possible by the connectivity of sensors, actuators, appliances, and other consumer devices [1].Nevertheless, CE devices connections are now remotely accessed anytime, anywhere in the world with the utilization of computing devices, including laptops, smartphones, and smartwatches, regardless of the network to which they are connected.These smart devices can be used in various fields, including smart homes [2].
The CE devices have significantly evolved in the last decade.According to a recent study, the CE segment might reach 2,873.1musers by 2025 while the Average Revenue Per User (ARPU) is expected to amount to U.S. 317.10 billion [3].Today, every device may create and share data online, contributing to the CE expansion.The traditional Internet architecture is a complex system with a multitude of network components, i.e., routers, middleboxes, switches, and several layers, etc. due to decentralization [4].Therefore, the traditional network design likewise struggles to adapt to the dynamic nature of modern applications.Moreover, the traditional static network infrastructure-based approaches need manual configuration and exclusive management of CE devices.Potentially, this results in inefficient use of all resources, which exposes systems to a variety of cyberattacks [5].However, it is clear from the current literature that smart CE networks are subject to various subtle, cyber threats, including botnets, brute force, Denial-of-Service (DoS), Distributed Denial of Service (DDoS), and Web attacks [6].The DDoS attack is identified as one of the most dangerous attacks on today's Internet.In DDoS, attackers use many compromised hosts to generate a lot of worthless traffic flow toward the target server, which causes servers to overload quickly by consuming their resources and making them unreachable to its user.Although DDoS attacks have been investigated for more than two decades, still it is the most compelling yet common attack approach in recent times [7].
In this regard, Software-Defined Networking (SDN) and Intrusion Detection System (IDS) can be considered the backbone for the next-generation smart CE network.An IDS is designed to detect threats and malicious behavior to defend the network against it [8].However, for timely detection, the conventional signature-based IDS must continuously be updated and have information tagged as signatures or patterns of prospective threats.Furthermore, it is unable to detect zero-day threats.Hence, Intelligent threat detection techniques should be developed to identify and counteract the most recent cyber threats in smart CE networks, which are constantly expanding with time.However, due to the specific service needs of smart CE (such as low latency, resource limitations, mobility, dispersion, and scalability), attack detection fundamentally differs from conventional approaches in such a network.Therefore, an adaptable, dynamic, well-timed, and cost-effective detection framework against various growing cyber threats is urgently needed for the CE networks [9].
SDN provides higher security, scalability, dynamism, efficiency, and reconfiguration.This is made possible by the built-in SDN architecture, in which the control functions are transferred to a central controller rather than being incorporated into the forwarding devices.This enables a controller to oversee and run a CE network from a broad perspective [10].Motivated by the aforementioned challenges and discussions, this scientific study aims to provide a highly scalable and effective SDN-orchestrated IDS to safeguard the CE networks from severe multi-vector cyber-attacks.Additionally, our proposed detection framework is highly scalable, adaptable, economical, and well-timed while utilising the underlying CE resources without running out of resources.The main contributions of this work are as follows.
• The authors employed SDN and an intelligent Cuda-enabled Bidirectional Long Short-Term Memory (Cu-BLSTM) to quickly and accurately identify threats in CE networks.Section IV presents the experimental setup and evaluation metrics.The results have been discussed in Section IV-A.Finally, the conclusion and future work is provided in Section V.

II. RELATED WORK
The CE is characterized by the integration of physical things into a network in a way that makes them active participants in corporate operations.These objects might include everything from network gear to sensors to home and healthcare products.CE is made up of a range of devices that can be wireless or wired and can be used in several places and networks.According to a recent Juniper report, more than 46 billion IoT devices were in operation by 2021.This includes sensors, actuators, and gadgets and represents a 200% growth over 2016 [11].In any changing computer and network paradigm, IoT becomes an integral part of it.IoT transformation is growing exponentially, leading to significant growth in terms of revenue and automation.Because these devices are created to satisfy the individual demands of users, it is difficult to find a solution that works for everyone [12].With security being a key concern right now, determining the security of these devices is difficult.These products are too diverse to be compared to a single procedure.
SDN and DL are combined for various benefits, including SDN's capacity to increase IoT's efficacy and Network Traffic Control in Vehicular Cyber-Physical Systems (VCPS) [13].Application (AP), control (CP), and data planes (DP), as well as associated south-and north-bound APIs are part of an SDN architecture.By separating the DP and CP, the introduction of SDNs has resulted in a new networking paradigm.The AP only offers a thorough implementation of commands given by the other planes and is strategically distinct from the other planes.While the whole network's decision-making is the responsibility of the CP.It has customizable characteristics that effectively connect the DP with other outside communication technologies like the IoT [14].The CP can allow the dynamic analysis of all data traffic passing across an IoT network.SDN provides bundled services for IoT, including flexibility, scalability, security, and resilience in multi-controller environment [15].Thus, a precise method of network inspection for identifying suspicious activity, threats, and attacks is made possible by the convergence of IoT with SDN, and this integration offers a bright future for such a network.Significant interest has been shown in Deep Learning (DL) in the last decade, and its applications are being investigated across a wide range of study fields, including healthcare, automobile design, and legal implementation [16].Additionally, various DL-based intrusion detection strategies have been put forth by researchers recently to defend against malicious threats and attacks in IoT networks.However, SDN-enabled, Intelligent IDS are still in the early stages of a thorough evaluation of diversified attacks in such networks.
The scientific literature has witnessed a plethora of research contributions made to secure IoT against a scattered array of internal and external attacks.The thorough development of DL-driven IDS is addressed in [17], which is primarily designed to detect common security attacks including port-based attacks and the DOS slowloris and DOS Hulk.To accomplish the intended security goals, the CICIDS2017 dataset is used for experimentation.The authors compared their proposed to existing techniques and exhibit a significant superiority in terms of productivity, with an attack detection accuracy of 98%.Another threat detection framework is proposed in [18] that is composed of two renowned classifiers, i.e., Spider Monkey optimization (SMO), and Stacked Deep Polynomial Network (SDPN).Along with DoS attacks, the designed model is capable to investigate major commonly occurring attacks such as User-to-Root (U2R) attacks, Remoteto-Local (R2L) attacks, probe attacks, etc.The designed framework is trained on the NDL-KDD dataset, and its performance is compared with benchmarked schemes.The model has significantly achieved 99.02% accuracy.
Authors have specifically designed an IDS to carefully detect DDoS attacks in large-scale IoT networks [19].The system is evaluated on comprehensive performance metrics where it remarkably achieves high attack detection accuracy.The authors of [20] created a threat intelligence technique for industrial environments.The size of the UNSW-NB15 and power system datasets was reduced in this work using Independent Component Analysis.Researchers have combined LSTM with Variational Auto Encoder (VAE) technique to design another attack detection scheme for IoT.The system is effectively trained on ToN-IoT and IoT-Botnet datasets to enhance the learning experience of the proposed system.The system has proven its efficiency on an analytical performance scale regarding attack detection accuracy, training time, etc. [21].Blockchain and DL-based solutions are also regarded as the best choice for threat detection in IoT.Authors have proposed a threat detection scheme based upon the core concepts of the Gated Recurrent Unit (GRU) and Deep Variational Auto Encoder (DVAE) technique.The proposed actively proves its efficiency against potential adversaries [22].In [23], the authors used Multi-Layer Perceptron (MLP) and Natural Language Processing (NLP) to discriminate between crucial and non-crucial posts on the dark Web.Another intrusion detection approach, capable of detecting the presence of cyber threats in IoT, is presented [24].The model is based on Convolutional Neural Network (CNN) classifier and is trained on the BoT-IoT dataset.CNN is also employed in another threat detection scheme proposed in [25], The model is specifically designed for botnet attacks, zero-day attacks, and DDoS attacks.The initial training of the proposed model is performed at the MQTT-IoT-IDS2020 dataset, and the run time performance is evaluated in terms of accuracy, precision, and Recall.CNN is integrated to design another anomaly detection framework purely designed to investigate suspicious entities over the network.The model is evaluated in comparison with some relevant security solutions on a performance scale of threat detection accuracy [26].The authors of [27] designed an ensembled model consist of naïve bayes, QDA, and ID3 classifiers and achieved 95.10% accuracy.Further, in [28], the authors used federated learning based NIDS namely SecFedNIDS to protect IoT networks from poisoning attacks.The authors achieved detection accuracy of 97.03% under CICIDS-2018 dataset.Another intrusion detection scheme using an ensemble approach consisting of ET, RF, and DNN is proposed in [29] to combat threats in IoT and Fog environments.BoT-IoT, IoTID20, NSL-KDD, and CICIDS-2018 datasets are used for a thorough evaluation of the model.The system significantly proves its effectiveness by achieving 98.21% accuracy on CICIDS-2018 dataset.The existing literature is summarized in Table I.

A. Network Model
SDN is considered as a well-established method for building integrated networks in recent years.Its architecture separates the data planes and control planes, allowing simplicity and flexibility.Furthermore, in traditional networks, each router in the network can only perceive the network's local state.The lack of a full overview of the whole network makes it challenging to construct a potentially powerful defensive mechanism against cyber threats.SDN, on the other hand, provides a global network perspective and centralized control capabilities, making network statistics easier to obtain.In SDN, the control plane manages routing choices, data transfers, and traffic monitoring via application techniques.The data plane incorporates many CE devices, such as intelligent devices, sensors, and other wireless technologies.The proposed Cu-BLSTM detection model is placed in the control plane for the following reasons; First and foremost, it is entirely adaptable and therefore capable of changing functionality.Secondly, it Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

B. Proposed DL-Driven BLSTM-Based Framework
A DL-driven Intelligent framework for threat detection in the CE network is provided, incorporating Cu-BLSTM.A lowcost, versatile, and powerful detection module is designed to detect threats across CE networks.Fig. 2 depicts a comprehensive workflow of the proposed acquisition module.Cu-BSLTM consists of two layers with 200 and 100 neurons.
In addition, we added one dense layer with 30 neurons.The proposed work utilized Relu as the activation function (AF) for all levels except the output layer.SoftMax, on the other hand, is employed in the output layer.The Categorical Crossentropy (CC-E) is used as a loss function (LF).Tests are run up to 10 epochs with 64 batch sizes to acquire effective findings.We utilized Cuda-enabled versions for GPU processing for an enhanced performance.Furthermore, the authors used the Keras framework, which is the foundation for Python TensorFlow.Cuda is a GPU-enhanced library that enables repeated readings, resulting in quicker multiplication of matrices.Moreover, we have used Cu-DNN and Cu-GRU as comparison models that have been trained and evaluated in the same environment.Cu-DNN consists of four dense layers with 100, 75, 50 and 30 neurons, respectively.Further, Cu-GRU comprises four layers of GRU with neurons of 500, 400, 300, and 100, respectively, with one dense layer of 03 neurons.

C. Cu-BLSTM
The proposed work used the Cu-BLSTM model for effective and timely threat detection in smart CE networks.An Artificial Neural Network (ANN) type called Recurrent Neural Networks (RNN) offers much promise for learning from earlier time steps [12].RNN utilizes Back Propagation Through Time to constantly learn from previous timesteps.Standard RNN cannot perform better when timesteps overlap.The RNN employs feedback loops and links hidden units to preserve information over time.It can take consecutive inputs of any length and produce fixed-length outputs because of such features.The back-propagation causes error signals to disappear or explode, causing weights to fluctuate, resulting in poor system performance and gradient vanishing problems.Analysts focused on Long-Short-Term Memory (LSTM), as LSTM blocks can save information for a long time.RNN with LSTM blocks was designed to solve this issue.However, to address the shortcomings of the LSTM model, researchers improved it and is known as BLSTM.By traversing time steps both forward and backward, BLSTM makes the best use of the data.To generate two layers side by side, the architecture copies the first recurrent network.The input is sent to the first layer in its original form, while the second layer receives a copy that has been reversed.Complete detail of the BLSTM is given by the authors in [30].The following are the transition functions for Cu-BLSTM gates: where As we used the softmax function in the output layer for multiclass classification.It is calculated by using equation (11).Further, the working of the proposed detection framework is shown in Algorithm 1.

IV. EXPERIMENTAL SETUP AND EVALUATION METRICS
The proposed model is trained using the Python version "Python 3.8" and using Keras.In addition, to enable comparable processing, the PC server is coupled with TensorFlow and the GPU-based package.The test was carried out using an Intel Core i7-7700 HQ CPU with a 2.80 GHz processor, along with a RAM 0f 16 GB, and a 6 GB, 1060 GPU.The proposed IDS is evaluated using CICIDS-2018 [31].The dataset consist of one benign class along with various classes of attacks, i.e., Brute-force (XSS), DDoS, DoS, SSH, etc.However, in this work, we used seven classes of the dataset.Further, we pre-processed the dataset by using various techniques.First, we deleted all lines with empty values and non-numerics since they may have an impact on the performance of the test model.Since DL algorithms primarily handle numerical data, we used the label encoder, i.e., sklearn, to transform any non-numerical values into numerical values.Furthermore, one hot encoding is done on the output label since segment order may affect model performance, resulting in unforeseen

A. Results and Discussion
This scientific study employed 10-fold cross-validation, and the findings are displayed in Table II to explicitly demonstrate unbiased outcomes.For a better understanding, each fold's results are shown in this section.The confusion matrix depicts the model's performance in the test data set.Data that is binary or multi-category.It is advantageous to assess the receiver's operational element's accuracy, precision, memory, and curve (ROC).The confusion matrix of the proposed model is depicted in Fig. 3.The figure is evident that the proposed model identifies all five classes properly.
Further, the ROC curve corrects the given data so that positive and negative positive values may be compared.The extent of segregation is mostly determined by the success of various class division issues, as demonstrated by the ROC.The ROC curve structure is located between the TP and FP levels.The detection accuracy reveals the Cu-BLSTM efficiency and performance.Fig. 5 depicts the ACC, PN, RL, and FS of all three models.The proposed model achieved 99.57% ACC with 99.62% PN.Further, the proposed model is having FS and RL of 99.23% and 99.39% respectively.The figure is evident that the proposed Cu-BLSTM model outclassed the baseline models.We have further provided the per-class accuracy of all three models in Table III    Other performance assessment methodologies, such as FP rate, FO rate, FD rate, and FN rate are also studied to properly evaluate the proposed model.Fig. 6 demonstrates that our proposed model has values of 0.0033, 0.0022, 0.0033, and 0.0029 percent for the FP rate, FN rate, FD rate, and FO rate.Furthermore, Cu-GRU outperforms Cu-DNN in terms of such metrics.For a thorough assessment, we have further calculated the TPR, TNR, and MCC.These values are obtained using the uncertainty matrix for comprehensive analysis.The proposed model, i.e., Cu-BLSTM yielded improved outcomes than Cu-DNN and Cu-GRU.Fig. 7 depicts the performance of these models, where it is clear that the proposed model achieved values of 99.15, 99.34, and 99.31 percent respectively, thus proving the efficacy of the proposed model.Furthermore, we have provided the testing time of the proposed model in Fig. 8.We did not considered the training time as it is mostly done offline.and [29], to validate its efficiency.The comparison is made in terms of ACC and the details are provided in Table IV.The table is evident that the proposed model outperformed the existing detection techniques, hence proving its efficiency.

V. CONCLUSION
In this article, to protect consumer electronics network, we proposed an intelligent intrusion detection system based on software-defined networking-orchestrated deep learning approach.Specifically, software-defined networking architecture was integrated with consumer electronics network to handle its distributed architecture and heterogeneous consumer electronic devices.Then, an IDS based on cuda-enabled bidirectional long short-term memory was proposed and deployed at control plane to enhance threat detection mechanism.We proved the effectiveness of the proposed IDS in terms of accuracy, precision and speed efficiency through experimental evaluation on the CICIDS-2018 dataset.We also compared the performance of the proposed IDS against some recent state-ofthe-art technique.In the future we aim to train the model on different datasets to further improve intrusion detection in such networks.Finally, we endorse DL-based Intelligent models for efficient threat detection in next-generation smart consumer electronic networks.

Fig. 4
depicts the ROC of the proposed Cu-BLSTM model, demonstrating the efficiency of the proposed model.The authors further provided the ACC, PN, RL, and FS of the CU-BLSTM model along with the baseline techniques.
Fig. 8 depicts the speed efficiency of the Cu-BLSTM and baseline models.The Cu-BLSTM model achieved a testing time of only 17.40 ms.On the other hand, Cu-DNN is having a better testing time of 25.2 ms than Cu-GRU.Finally, the performance of the proposed Cu-BSLTM model is compared with recent threat detection techniques from existing literature [27], [28],

TABLE III PER
-CLASS ACC OF CU-BLSTM AGAINST BASELINE MODELS

TABLE IV COMPARISON
OF CU-BLSTM WITH EXISTING LITERATURE