Neural Network-based Approach Towards Port Scan Attack Detection in Linux-based IoT Systems

In the era of a rapidly evolving technology space, the Internet of Things (IoT) has transformed our interaction with technology through lightweight devices. As the number of IoT devices grows, their security and privacy have become crucial. Port scanning attacks, a common and harmful network attack on IoT systems, are used by malicious actors to find network vulnerabilities and often serve as precursors to cyberattacks. This paper discusses the various neural network techniques evaluated for detecting port scanning attacks and also describes the methodology and results achieved. This paper uses the public ToN_IoT Linux datasets, a recent collection of data from various IoT network attacks, to train and evaluate neural network models for accurate port scanning attack detection. Two datasets were analyzed, including data from Linux disk audit traces and snapshots of Linux system processes recorded alongside the attacks. Various neural network techniques are investigated, showing results of varied performance across models evaluated using True Positive Rate (TPR) and False Positive Rate (FPR). The evaluated models demonstrated both high TPRs and FPRs, indicating a tradeoff. To maintain system credibility and avoid false alarms, a 1% FPR was set. Under this rule, RNN achieved the highest TPR (72.63%) for Linux disk activities, and ANN had the highest accuracy (63.78%) for Linux system processes. This research contributes valuable insights for network security professionals and researchers seeking to develop effective intrusion detection systems and further enhance network security.