The number of Internet of Things (IoT) attacks in the world reached over ***** million in December 2022. However, in the same month of 2021, the number of reported IoT attacks dropped to nearly ***********. The highest number of monthly attacks was detected in June 2022, with approximately ** million attacks.

Between 2020 and 2022, around a quarter of surveyed healthcare institutions in the United States experienced nine to 15 cyberattacks involving Internet of Things (IoT) and Internet of Medical Things (IoMT) devices. A further 24 percent reported experiencing four to eight cyberattacks in the measured period.

The number of Internet of Things (IoT) attacks in the United States reached over **** millions in October 2020. However, in the same month of 2021, the number of IoT attacks dropped to **** millions.

The share of IoT attacks has increased significantly starting 2020. However, in the fourth quarter of 2021, the share of IoT attacks dropped at **** percent, from ** percent in the same quarter in the previous year.

The number of Internet of Things (IoT) cyber attacks worldwide amounted to over *** million in 2022. Over the recent years, this figure has increased significantly from around ** million detected cases in 2018. In the latest measured year, the year-over-year increase in the number of Internet of Things (IoT) malware incidents was ** percent.

INFO ABOUT THE BOT-IOT DATASET, NOTE: only the csv files stated in the description are used

The BoT-IoT dataset can be downloaded from HERE. You can also use our new datasets: the TON_IoT and UNSW-NB15.

--------------------------------------------------------------------------

The BoT-IoT dataset was created by designing a realistic network environment in the Cyber Range Lab of UNSW Canberra. The network environment incorporated a combination of normal and botnet traffic. The dataset’s source files are provided in different formats, including the original pcap files, the generated argus files and csv files. The files were separated, based on attack category and subcategory, to better assist in labeling process.

The captured pcap files are 69.3 GB in size, with more than 72.000.000 records. The extracted flow traffic, in csv format is 16.7 GB in size. The dataset includes DDoS, DoS, OS and Service Scan, Keylogging and Data exfiltration attacks, with the DDoS and DoS attacks further organized, based on the protocol used.

To ease the handling of the dataset, we extracted 5% of the original dataset via the use of select MySQL queries. The extracted 5%, is comprised of 4 files of approximately 1.07 GB total size, and about 3 million records.

--------------------------------------------------------------------------

Free use of the Bot-IoT dataset for academic research purposes is hereby granted in perpetuity. Use for commercial purposes should be agreed by the authors. The authors have asserted their rights under the Copyright. To whom intent the use of the Bot-IoT dataset, the authors have to cite the following papers that has the dataset’s details: .

Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. "Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset." Future Generation Computer Systems 100 (2019): 779-796. Public Access Here.

Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Jill Slay. "Towards developing network forensic mechanism for botnet activities in the iot based on machine learning techniques." In International Conference on Mobile Networks and Management, pp. 30-44. Springer, Cham, 2017.

Koroniotis, Nickolaos, Nour Moustafa, and Elena Sitnikova. "A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework." Future Generation Computer Systems 110 (2020): 91-106.

Koroniotis, Nickolaos, and Nour Moustafa. "Enhancing network forensics with particle swarm and deep learning: The particle deep framework." arXiv preprint arXiv:2005.00722 (2020).

Koroniotis, Nickolaos, Nour Moustafa, Francesco Schiliro, Praveen Gauravaram, and Helge Janicke. "A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports." IEEE Access (2020).

Koroniotis, Nickolaos. "Designing an effective network forensic framework for the investigation of botnets in the Internet of Things." PhD diss., The University of New South Wales Australia, 2020.

--------------------------------------------------------------------------

The dataset has been introduced by the below-mentioned researches: E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, A. A. Ghorbani. "CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment," Sensor (2023) – (submitted to Journal of Sensors). The present data contains different kinds of IoT intrusions. The categories of the IoT intrusions enlisted in the data are as follows: DDoS Brute Force Spoofing DoS Recon Web-based Mirai

There are several subcategories are present in the data for each kind of intrusion types in the IoT. The dataset contains 1191264 instances of network for intrusions and 47 features of each of the intrusions. The dataset can be used to prepare the predictive model through which different kind of intrusive attacks can be detected. The data is also suitable for designing the IDS system.

This MQTT attack dataset includes memory attack data that was not available in any open MQTT dataset at the time of publication. It can be used as an extension to the popular MQTT-IDS-2020 dataset. The data were collected from real attacks and consist of the following files:EvilBufferOverflow.csvRootBufferOverflow.csvPasswordBufferOverflow.csvThe dataset is approximately 174.3 MB and contains over 700K instances. Additionally, three legitimate traffic CSV files are included and should be merged for binary classification.

1.Introduction

In the digital era of the Industrial Internet of Things (IIoT), the conventional Critical Infrastructures (CIs) are transformed into smart environments with multiple benefits, such as pervasive control, self-monitoring and self-healing. However, this evolution is characterised by several cyberthreats due to the necessary presence of insecure technologies. DNP3 is an industrial communication protocol which is widely adopted in the CIs of the US. In particular, DNP3 allows the remote communication between Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). It can support various topologies, such as Master-Slave, Multi-Drop, Hierarchical and Multiple-Server. Initially, the architectural model of DNP3 consists of three layers: (a) Application Layer, (b) Transport Layer and (c) Data Link Layer. However, DNP3 can be now incorporated into the Transmission Control Protocol/Internet Protocol (TCP/IP) stack as an application-layer protocol. However, similarly to other industrial protocols (e.g., Modbus and IEC 60870-5-104), DNP3 is characterised by severe security issues since it does not include any authentication or authorisation mechanisms. More information about the DNP3 security issue is provided in [1-3]. This dataset contains labelled Transmission Control Protocol (TCP) / Internet Protocol (IP) network flow statistics (Common-Separated Values - CSV format) and DNP3 flow statistics (CSV format) related to 9 DNP3 cyberattacks. These cyberattacks are focused on DNP3 unauthorised commands and Denial of Service (DoS). The network traffic data are provided through Packet Capture (PCAP) files. Consequently, this dataset can be used to implement Artificial Intelligence (AI)-powered Intrusion Detection and Prevention (IDPS) systems that rely on Machine Learning (ML) and Deep Learning (DL) techniques.

2.Instructions

This DNP3 Intrusion Detection Dataset was implemented following the methodological frameworks of A. Gharib et al. in [4] and S. Dadkhah et al in [5], including eleven features: (a) Complete Network Configuration, (b) Complete Traffic, (c) Labelled Dataset, (d) Complete Interaction, (e) Complete Capture, (f) Available Protocols, (g) Attack Diversity, (h) Heterogeneity, (i) Feature Set and (j) Metadata.

A network topology consisting of (a) eight industrial entities, (b) one Human Machine Interfaces (HMI) and (c) three cyberattackers was used to implement this DNP3 Intrusion Detection Dataset. In particular, the following cyberattacks were implemented.

• On Thursday, May 14, 2020, the DNP3 Disable Unsolicited Messages Attack was executed for 4 hours.
• On Friday, May 15, 2020, the DNP3 Cold Restart Message Attack was executed for 4 hours.
• On Friday, May 15, 2020, the DNP3 Warm Restart Message Attack was executed for 4 hours.
• On Saturday, May 16, 2020, the DNP3 Enumerate Attack was executed for 4 hours.
• On Saturday, May 16, 2020, the DNP3 Info Attack was executed for 4 hours.
• On Monday, May 18, 2020, the DNP3 Initialisation Attack was executed for 4 hours.
• On Monday, May 18, 2020, the Man In The Middle (MITM)-DoS Attack was executed for 4 hours.
• On Monday, May 18, 2020, the DNP3 Replay Attack was executed for 4 hours.
• On Tuesday, May 19, 2020, the DNP3 Stop Application Attack was executed for 4 hours.

The aforementioned DNP3 cyberattacks were executed, utilising penetration testing tools, such as Nmap and Scapy. For each attack, a relevant folder is provided, including the network traffic and the network flow statistics for each entity. In particular, for each cyberattack, a folder is given, providing (a) the pcap files for each entity, (b) the Transmission Control Protocol (TCP)/ Internet Protocol (IP) network flow statistics for 120 seconds in a CSV format and (c) the DNP3 flow statistics for each entity (using different timeout values in terms of second (such as 45, 60, 75, 90, 120 and 240 seconds)). The TCP/IP network flow statistics were produced by using the CICFlowMeter, while the DNP3 flow statistics were generated based on a Custom DNP3 Python Parser, taking full advantage of Scapy.

3. Dataset Structure

The dataset consists of the following folders:

• 20200514_DNP3_Disable_Unsolicited_Messages_Attack: It includes the pcap and CSV files related to the DNP3 Disable Unsolicited Message attack.
• 20200515_DNP3_Cold_Restart_Attack: It includes the pcap and CSV files related to the DNP3 Cold Restart attack.
• 20200515_DNP3_Warm_Restart_Attack: It includes the pcap and CSV files related to DNP3 Warm Restart attack.
• 20200516_DNP3_Enumerate: It includes the pcap and CSV files related to the DNP3 Enumerate attack.
• 20200516_DNP3_Ιnfo: It includes the pcap and CSV files related to the DNP3 Info attack.
• 20200518_DNP3_Initialize_Data_Attack: It includes the pcap and CSV files related to the DNP3 Data Initialisation attack.
• 20200518_DNP3_MITM_DoS: It includes the pcap and CSV files related to the DNP3 MITM-DoS attack.
• 20200518_DNP3_Replay_Attack: It includes the pcap and CSV files related to the DNP3 replay attack.
• 20200519_DNP3_Stop_Application_Attack: It includes the pcap and CSV files related to the DNP3 Stop Application attack.
• Training_Testing_Balanced_CSV_Files: It includes balanced CSV files from CICFlowMeter and the Custom DNP3 Python Parser that could be utilised for training ML and DL methods. Each folder includes different sub-folder for the corresponding flow timeout values used by the DNP3 Python Custom Parser. For CICFlowMeter, only the timeout value of 120 seconds was used.

Each folder includes respective subfolders related to the entities/devices (described in the following section) participating in each attack. In particular, for each entity/device, there is a folder including (a) the DNP3 network traffic (pcap file) related to this entity/device during each attack, (b) the TCP/IP network flow statistics (CSV file) generated by CICFlowMeter for the timeout value of 120 seconds and finally (c) the DNP3 flow statistics (CSV file) from the Custom DNP3 Python Parser. Finally, it is noteworthy that the network flows from both CICFlowMeter and Custom DNP3 Python Parser in each CSV file are labelled based on the DNP3 cyberattacks executed for the generation of this dataset. The description of these attacks is provided in the following section, while the various features from CICFlowMeter and Custom DNP3 Python Parser are presented in Section 5.

4.Testbed & DNP3 Attacks

The following figure shows the testbed utilised for the generation of this dataset. It is composed of eight industrial entities that play the role of the DNP3 outstations/slaves, such as Remote Terminal Units (RTUs) and Intelligent Electron Devices (IEDs). Moreover, there is another workstation which plays the role of the Master station like a Master Terminal Unit (MTU). For the communication between, the DNP3 outstations/slaves and the master station, opendnp3 was used.

Table 1: DNP3 Attacks Description

The size of the US IoT Security Market was valued at USD 19942.01 million in 2023 and is projected to reach USD 88881.92 million by 2032, with an expected CAGR of 23.80% during the forecast period. IoT (Internet of Things) security refers to the practices, technologies, and strategies used to safeguard interconnected devices, networks, and systems that communicate with each other over the internet. With the growing adoption of IoT devices—ranging from smart home gadgets to industrial sensors—the need for robust security measures has become paramount. These devices are typically embedded with sensors, software, and network connectivity, enabling them to collect and exchange data, often in real-time. However, this connectivity introduces vulnerabilities that can be exploited by malicious actors, such as unauthorized access, data breaches, and malware attacks. Recent developments include: May 2023: AWS announces that Configurable Endpoints will support Transport Layer Security (TLS) 1.3. TLS 1.3 offers two significant security and performance enhancements: it gets rid of older cipher suites and legacy features from earlier TLS versions, and it performs better thanks to a streamlined handshake procedure., April 2023: Cisco unveiled new industrial loT application cloud management capabilities, streamlined dashboards to unify IT and OT operations, and adaptable network intelligence to monitor and safeguard all industrial assets., June 2020: The United States-based technology corporation Microsoft Corporation purchased Cyber X, Inc. for a value of $165 million. Microsoft Corporation develops, produces, licenses, supports, and distributes computer software, personal computers, consumer electronics, and related services. Azure loT security solutions from Microsoft Corporation, including as Azure Sentinel, will now cover devices in a range of industrial environments thanks to this acquisition. A computer and network security company established in the USA is called Cyber X, Inc..

IEC 60870-5-104

Intrusion Detection Dataset

Readme File

ITHACA – University of Western Macedonia - https://ithaca.ece.uowm.gr/

Authors: Panagiotis Radoglou-Grammatikis, Thomas Lagkas, Vasileios Argyriou, Panagiotis Sarigiannidis

Publication Date: September 23, 2022

1.Introduction

The evolution of the Industrial Internet of Things (IIoT) introduces several benefits, such as real-time monitoring, pervasive control and self-healing. However, despite the valuable services, security and privacy issues still remain given the presence of legacy and insecure communication protocols like IEC 60870-5-104. IEC 60870-5-104 is an industrial protocol widely applied in critical infrastructures, such as the smart electrical grid and industrial healthcare systems. The IEC 60870-5-104 Intrusion Detection Dataset was implemented in the context of the research paper entitled "Modeling, Detecting, and Mitigating Threats Against Industrial Healthcare Systems: A Combined Software Defined Networking and Reinforcement Learning Approach" [1], in the context of two H2020 projects: ELECTRON: rEsilient and seLf-healed EleCTRical pOwer Nanogrid (101021936) and SDN-microSENSE: SDN - microgrid reSilient Electrical eNergy SystEm (833955). This dataset includes labelled Transmission Control Protocol (TCP)/Internet Protocol (IP) network flow statistics (Common-Separated Values (CSV) format) and IEC 60870-5-104 flow statistics (CSV format) related to twelve IEC 60870-5-104 cyberattacks. In particular, the cyberattacks are related to unauthorised commands and Denial of Service (DoS) activities against IEC 60870-5-104. Moreover, the relevant Packet Capture (PCAP) files are available. The dataset can be utilised for Artificial Intelligence (AI)-based Intrusion Detection Systems (IDS), taking full advantage of Machine Learning (ML) and Deep Learning (DL).

2.Instructions

The IEC 60870-5-104 dataset was implemented following the methodology of A. Gharib et al. in [2], including eleven features: (a) Complete Network Configuration, (b) Complete Traffic, (c) Labelled Dataset, (d) Complete Interaction, (e) Complete Capture, (f) Available Protocols, (g) Attack Diversity, (h) Heterogeneity, (i) Feature Set and (j) Metadata.

A network topology consisting of (a) seven industrial entities, (b) one Human Machine Interfaces (HMI) and (c) three cyberattackers was used to construct the IEC 60870-5-104 Intrusion Detection Dataset. The industrial entities use IEC TestServer[1], while the HMI uses Qtester104[2]. On the other hand, the cyberattackers use Kali Linux[3] equipped with Metasploit[4], OpenMUC j60870[5] and Ettercap[6]. The cyberattacks were performed during the following days.

• On Saturday, April 25, 2020, a DoS cyberattack (M_SP_NA_1_DoS) was executed for 2 hours, using the M_SP_NA_1 command.
• On Sunday, April 26, 2020, two cyberattacks were executed, namely (a) DoS (C_CI_NA_1_DoS) and (b) unauthorised injection (C_CI_NA_1), using the C_CI_NA_1 command for 2 hours.
• On Monday, April 27, 2020, one unauthorised injection attack (C_SE_NA_1) was executed for 4 hours, using the C_SE_NA_1 command.
• Tuesday, April 28, 2020 two cyberattacks were executed, namely (a) unauthorised injection (C_SC_NA_1) and (b) DoS (C_SE_NA_1_DoS), using the C_SC_NA_1 and C_SE_NA_1 commands for 2 hours and 4 hours, respectively.
• Wednesday, April 29, 2020, one DoS (C_SC_NA_1) cyberattack was performed for 2 hours, using the C_SC_NA_1 command.
• Friday, June 05, 2020, two cyberattacks were executed, namely (a) DoS (C_RD_NA_1_DoS) and (b) unauthorised injection (C_RD_NA_1), using the C_RD_NA_1 command for 2 and 4 hours, respectively.
• Saturday, June 06, 2020, two cyberattacks were executed, namely (a) DoS (C_RP_NA_1_DoS) and (b) unauthorised injection (C_RP_NA_1), using the C_RP_NA_1 command for 2 and 4 hours, respectively.
• Monday, June 08, 2020, a Man In The Middle (MITM) cyberattack was executed for 2 hours, filtering and dropping the IEC 60870-5-104 packets.

For each attack, a 7zip file is provided, including the network traffic and the network flow statistics for each entity. Moreover, a relevant diagram is provided, illustrating the corresponding cyberattack. In particular, for each entity, a folder is given, including (a) the relevant pcap file, (b) Transmission Control Protocol (TCP) / Internet Protocol (IP) network flow statistics in a Common Separated Value (CSV) format and (c) IEC 60870-5-104 flow statistics in a CSV format. The TCP/IP network flow statistics were generated by CICFlowMeter[7], while the IEC 60870-5-104 flow statistics were generated based on a Custom IEC 60870-5-104 Python Parser[8], taking full advantage of Scapy[9].

3.Dataset Structure

The dataset consists of the following files:

• 20200425_UOWM_IEC104_Dataset_m_sp_na_1_DoS.7z: A 7zip file including the pcap and CSV files related to the M_SP_NA_1 attack.
• 20200426_UOWM_IEC104_Dataset_c_ci_na_1_DoS.7z: A 7zip file including the pcap and CSV files related to the C_CI_NA_1_DoS attack.
• 20200426_UOWM_IEC104_Dataset_c_ci_na_1.7z: A 7zip file including the pcap and CSV files related to C_CI_NA_1 attack.
• 20200427_UOWM_IEC104_Dataset_c_se_na_1.7z: A 7zip file including the pcap and CSV files related to the C_SE_NA_1 attack.
• 20200428_UOWM_IEC104_Dataset_c_sc_na_1.7z: A 7zip file including the pcap and CSV files related to the C_SC_NA_1 attack.
• 20200428_UOWM_IEC104_Dataset_c_se_na_1_DoS.7z: A 7zip file including the pcap and CSV files related to the C_SE_NA_1_DoS attack.
• 20200429_UOWM_IEC104_Dataset_c_sc_na_1_DoS.7z: A 7zip file including the pcap and CSV files related to the C_SC_NA_1_DoS attack.
• 20200605_UOWM_IEC104_Dataset_c_rd_na_1_DoS.7z: A 7zip file including the pcap and CSV files related to the C_RD_NA_1_DoS attack.
• 20200605_UOWM_IEC104_Dataset_c_rd_na_1.7z: A 7zip file including the pcap and CSV files related to the C_RD_NA_1 attack.
• 20200606_UOWM_IEC104_Dataset_c_rp_na_1_DoS.7z: A 7zip file including the pcap and CSV files related to the C_RP_NA_1_DoS attack.
• 20200606_UOWM_IEC104_Dataset_c_rp_na_1.7z: A 7zip file including the pcap and CSV files related to the C_RP_NA_1 attack.
• 20200608_UOWM_IEC104_Dataset_mitm_drop.7z: A 7zip file including the pcap and CSV files related to the MITM attack.
• Balanced_IEC104_Train_Test_CSV_Files.zip: This zip file includes balanced CSV files from CICFlowMeter and the Custom IEC 60870-5-104 Python Parser that could be utilised for training ML and DL methods. The zip file includes different folders for the corresponding flow timeout values used for CICFlowMeter and IEC 60870-5-104 Python Parser, respectively.

Each 7zip file includes respective folders related to the entities/devices (described in the following section) participating in each attack. In particular, for each entity/device, there is a folder including (a) the overall network traffic (pcap file) related to this entity/device during each attack, (b) the TCP/IP network flow statistics (CSV file) from CICFlowMeter for the overall network traffic, (c) the IEC 60870-5-104 network traffic (pcap file) related to this entity/device during each attack, (d) the TCP/IP network flow statistics (CSV file) from CICFlowMeter for the IEC 608770-5-104 network traffic, (e) the IEC 60870-5-104 flow statistics (CSV file) from the Custom IEC 60870-5-104 Python Parser for the IEC 608770-5-104 network traffic and finally, (f) an image showing how the attack was executed. Finally, it is noteworthy that the network flow from both CICFlowMeter and Custom IEC 60870-5-104 Python Parser in each CSV file are labelled based on the IEC 60870-5-104 cyberattacks executed for the generation of this dataset. The description of these attacks is given in the following section, while the various features from CICFlowMeter and Custom IEC 60870-5-104 Python Parser are presented in Section 5.

4.Testbed & IEC 60870-5-104 Attacks

The testbed created for generating this dataset is composed of five virtual RTU devices emulated by IEC TestServer and two real RTU devices. Moreover, there is another workstation which plays the role of Master Terminal Unit (MTU) and HMI, sending legitimate IEC 60870-5-104 commands to the corresponding RTUs. For this purpose, the workstation uses QTester104. In addition, there are three attackers that act as malicious insiders executing the following cyberattacks against the aforementioned RTUs. Finally, the network traffic data of each entity/device was captured through tshark.

Table 1: IEC 60870-5-104 Cyberattacks Description

The Development of an Internet of Things (IoT) Network Traffic Dataset with Simulated Attack Data.

Abstract— This research focuses on the requirements for and the creation of an intrusion detection system (IDS) dataset for an Internet of Things (IoT) network domain.

A minimal requirements Internet of Things (IoT) network system was built to produce a dataset according to IDS testing needs for IoT security. Testing was performed with 12 scenarios and resulted in 24 datasets which consisted of normal, attack and combined normal-attack traffic data. Testing focused on three denial of service (DoS) and distributed denial of service (DDoS) attacks—“finish” (FIN) flood, User Datagram Protocol (UDP) flood, and Zbassocflood/association flood—using two communication protocols, IEEE 802.11 (WiFi) and IEEE 802.15.4 (ZigBee). A preprocessing test result obtained 95 attributes for the WiFi datasets and 64 attributes for the Xbee datasets .

TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis

Abstract-Focus of this research is TCP FIN flood attack pattern recognition in Internet of Things (IoT) network using rule based signature analysis method. Dataset is taken based on three scenarios normal, attack and normal-attack. The process of identification and recognition of TCP FIN flood attack pattern is done based on observation and analysis of packet attribute from raw data (pcap) using a feature extraction and feature selection method. Further testing was conducted using snort as an IDS. The results of the confusion matrix detection rate evaluation against the snort as IDS show the average percentage of the precision level.

Citing
Citation data : "TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis" - https://online-journals.org/index.php/i-joe/article/view/9848

@article{article,

author = {Stiawan, Deris and Wahyudi, Dimas and Heryanto, Ahmad and Sahmin, Samsuryadi and Idris, Yazid and Muchtar, Farkhana and Alzahrani, Mohammed and Budiarto, Rahmat},

year = {2019},
month = {04},
pages = {124},
title = {TCP FIN Flood Attack Pattern Recognition on Internet of Things with Rule Based Signature Analysis},
volume = {15},
journal = {International Journal of Online and Biomedical Engineering (iJOE)},
doi = {10.3991/ijoe.v15i07.9848}
}

Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)

Feature extraction solves the problem of finding the most efficient and comprehensive set of features. A Principle Component Analysis (PCA) feature extraction algorithm is applied to optimize the effectiveness of feature extraction to build an effective intrusion detection method. This paper uses the Principal Components Analysis (PCA) for features extraction on intrusion detection system with the aim to improve the accuracy and precision of the detection. The impact of features extraction to attack detection was examined. Experiments on a network traffic dataset created from an Internet of Thing (IoT) testbed network topology were conducted and the results show that the accuracy of the detection reaches 100 percent.

Citing
Citation data : "Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)" - https://ieeexplore.ieee.org/document/9251292

@inproceedings{inproceedings,

author = {Sharipuddin, and Purnama, Benni and Kurniabudi, Kurniabudi and Winanto, Eko and Stiawan, Deris and Hanapi, Darmawiiovo and Idris, Mohd and Budiarto, Rahmat},

year = {2020},
month = {10},
pages = {114-118},
title = {Features Extraction on IoT Intrusion Detection System Using Principal Components Analysis (PCA)},
doi = {10.23919/EECSI50503.2020.9251292}
}

The number of Internet of Things (IoT) devices worldwide is forecast to more than double from 19.8 billion in 2025 to more than 40.6 billion IoT devices by 2034. In 2034, the highest number of IoT devices will be found in China, with around 7.51 billion consumer devices. IoT devices are used in all types of industry verticals and consumer markets, with the consumer segment accounting for around 60 percent of all IoT or connected devices in 2025. This share is projected to stay at this level over the next ten years. Major verticals and use cases Major industry verticals with currently more than 100 million connected IoT devices are electricity, gas, steam & A/C, water supply & waste management, retail & wholesale, transportation & storage, and government. Overall, the number of IoT devices across all industry verticals is forecast to grow to more than eight billion by 2033. Major use-cases The most important use case for IoT devices in the consumer segment are consumer internet & media devices such as smartphones, where the number of IoT devices is forecast to grow to more than 17 billion by 2033. Other use cases with more than one billion IoT devices by 2033 are connected (autonomous) vehicles, IT infrastructure, asset tracking & monitoring, and smart grid.

Operating systems data and Network data.

Data Encryption Market Overview The global data encryption market is projected to register significant growth, with a market size of USD 14.5 billion in 2025 and a CAGR of 16% over the forecast period of 2025-2033. The increasing adoption of cloud computing and digital transformation initiatives are driving the demand for data encryption solutions to protect sensitive data from cyber threats. Additionally, industry regulations, such as GDPR and CCPA, are mandating organizations to implement data encryption measures, further fueling market growth. Market Drivers, Restraints, and Trends Key market drivers include rising cybersecurity threats, increasing data breaches, and the growing need for data privacy. The increasing adoption of IoT and mobile computing is also contributing to the need for data encryption. However, the high cost of implementation and the lack of skilled professionals can pose challenges to market growth. Notable market trends include the emergence of advanced encryption algorithms, such as quantum-safe cryptography, and the integration of encryption with AI and machine learning technologies. Regional factors, such as government regulations and technology adoption rates, also influence the market's growth trajectory. Recent developments include: On Apr. 11, 2023, Menlo Security, a leading provider of browser security solutions, published the results of the 10th Annual Cyberthreat Defense Report (CDR) by the CyberEdge Group. The report, partially sponsored by Menlo Security, highlights the augmenting importance of browser isolation technologies to combat ransomware and other malicious threats., The research revealed that most ransomware attacks include threats beyond data encryption. According to the report, around 51% of respondents confirmed that they have been using at least one type of browser or Internet isolation to protect their organizational data, while another 40% are about to deploy data encryption technology. Furthermore, around 33% of respondents noted that browser isolation is a key cybersecurity strategy to protect against sophisticated attacks, including ransomware, phishing, and zero-day attacks., On Feb.14, 2023, EnterpriseDB, a relational database provider, announced the addition of Transparent Data Encryption (TDE) based on open-source PostgreSQL to its databases. The new TDE feature will be shipped along with the firm's enterprise version of its database. TDE is a method of encrypting database files to ensure data security while at rest and in motion., Adding that most enterprises use TDE for compliance issues helps ensure data encryption on the hard drive and files on a backup. Before the development of built-in TDE, enterprises relied on either full-disk encryption or stackable cryptographic file system encryption., On Jan.25, 2023, Researchers from the Tokyo University of Science, Japan, announced the development of a faster and cheaper method for handling encrypted data while improving security. The new data encryption method developed by Japanese researchers combines the best of homomorphic encryption and secret sharing to handle encrypted data., Homomorphic encryption and secret sharing are key methods to compute sensitive data while preserving privacy. Homomorphic encryption is computationally intensive and involves performing computational data encryption on a single server, while secret sharing is fast and computationally efficient., In this method, the encrypted data/secret input is divided and distributed across multiple servers, each performing a computation, such as multiplication, on its data. The results of the computations are then used to reconstruct the original data., September 2022: Convergence Technology Solutions Corp., a supplier of software-enabled IT and cloud solutions, declared that it has obtained certification in Canada to sell and deploy IBM zsystems and LinuxONE., November 2019: Penta Security Systems announced that it has been selected as a finalist for the 2020 SC Magazine Awards, which are given by SC Media and celebrated in the United States. As a result, MyDiamo from Penta Security has been named the Best Database Security Solution of 2020. Additionally, this will result in the expansion of common-level encryption and improve the open-source DBMS installation procedure.. Potential restraints include: ISSUE REGARDING SECURITY AND DATA BREACH 44, HIGH IMPLEMENTATION COSTS AND COMPLEXITY 45; ISSUE WITH RESPECT TO DATA CONSISTENCY AND INTEROPERABILITY ACROSS DIFFERENT EDGE PLATFORMS 45.

The size of the Security Operation Center Market was valued at USD 43.68 billion in 2024 and is projected to reach USD 75.84 billion by 2033, with an expected CAGR of 8.2% during the forecast period. The Security Operation Center (SOC) market is experiencing significant growth, driven by the escalating frequency and sophistication of cyber threats. Organizations are increasingly investing in SOCs to enhance their cybersecurity posture and ensure the protection of critical assets. The market is characterized by a diverse range of service providers, including managed security service providers (MSSPs), consulting firms, and technology vendors, each offering specialized solutions tailored to various industry needs. Key drivers of this market expansion include the rising adoption of cloud services, the proliferation of Internet of Things (IoT) devices, and the growing regulatory requirements for data protection. Additionally, the integration of advanced technologies such as artificial intelligence (AI) and machine learning (ML) into SOC operations is enhancing threat detection and response capabilities, making them more proactive and efficient. Geographically, North America holds a substantial share of the SOC market, attributed to the presence of major cybersecurity firms and a high concentration of technology-driven enterprises. However, the Asia-Pacific region is emerging as a significant growth area, with increasing investments in digital transformation and a heightened focus on cybersecurity. The competitive landscape is marked by strategic partnerships, mergers, and acquisitions, as companies strive to expand their service offerings and market reach. Looking ahead, the SOC market is expected to continue its upward trajectory, with an emphasis on innovation and the development of comprehensive, integrated security solutions to address the evolving threat landscape. Recent developments include: June 2021: Secureworks Inc. announced the inclusion of the Secureworks Technology Alliance Partner programme to its Partner Program, which extends the Taegis ecosystem and data integrations to speed threat detection for all Taegis clients. Secureworks Technology Alliance Partners can now create powerful, comprehensive security solutions by integrating their own Taegis connectors., April 2021: Through its partnership with SentinelOne, AT&T Cybersecurity Inc. has created a managed endpoint security service. AT&T Managed Endpoint Security with SentinelOne correlates endpoint threat detection via a single software agent that combines Antivirus, Endpoint Protection, Endpoint Detection and Response, and IoT security tasks. The new solution protects endpoints against ransomware and other intrusions while also detecting extremely advanced threats in an enterprise network or cloud environment., November 2020: Alert Logic has announced its integration with AWS Network Firewall, a new managed solution that simplifies the deployment of critical network protections for Amazon Virtual Private Clouds (Amazon VPCs) on Amazon Web Services (AWS). Support for AWS Network Firewall adds another point of threat insight into customers' IT systems, allowing them to halt high-profile and regular web application attacks., August 2020: Alert Logic has introduced a new layer of its Partner Connect programme, designed specifically for managed service providers (MSPs) to deliver advanced cybersecurity services to their customers. MSPs may optimise unit economics and market penetration at scale by leveraging Alert Logic's best-in-class security solution and unique resources through the industry's first managed detection and response (MDR) partner programme., January 2020: Broadcom, Inc. bought Accenture's Cyber Security Services division from Symantec. The Cyber Security Services portfolio from Symantec comprises threat monitoring and analysis via a network of security operations centres, real-time opponent and industry-specific threat information, and incident response services.. Key drivers for this market are: The increasing number of cyber threats

The rising cost of data breaches

The growing demand for regulatory compliance

The adoption of new technologies, such as AI and ML

The increasing need for organizations to protect their data and systems from cyber attacks. Potential restraints include: The shortage of skilled cybersecurity professionals

The high cost of implementing and maintaining a SOC

The lack of integration between SOCs and other security technologies. Notable trends are: The adoption of AI and ML to automate security tasks

The development of new security analytics tools

The integration of SOCs with other security technologies, such as firewalls and intrusion detection systems.

According to Cognitive Market Research, the global industrial cybersecurity market size reached USD 23.5 billion in 2024 and will expand at a CAGR of 8.2% from 2024 to 2031. Market Dynamics of Industrial Cybersecurity Market

Key Drivers for Industrial Cybersecurity Market

Emergence of Disruptive Digital Technologies - Government agencies and other organizations are launching measures to accelerate the use of emerging technologies in manufacturing industries. For example, in 2022, the UAE's Ministry of Industry and Advanced Technology (MoIAT) and EDGE Group PJSC (UAE) signed a memorandum of understanding (MoU) to set up the first Industry 4.0 Enablement Centre to promote the robust implementation of Industry 4.0 technologies throughout the manufacturing sector in the country. Digital transformation boosts productivity, improves efficiency, and lowers manufacturing costs. However, it also gives hackers more opportunities to exploit vulnerable networks and systems. As per Trend Micro Incorporated (Japan), 61% of industrial manufacturers reported cybersecurity problems in their smart factories in 2020. These attacks affected manufacturing processes, causing output delays and permanent loss of capital and essential and confidential data. As a result, the heightened risk of cyberattacks associated with the emergence of disruptive digital technologies has increased the demand for access control, real-time security monitoring, and surveillance in manufacturing facilities, propelling the market adoption of cybersecurity solutions in the industrial sector.
Moreover, the constant increase in the utilization of cloud-based solutions by SMEs and industrial cybersecurity-as-a-service are leading trends in this global market expansion.

Key Restraints for Industrial Cybersecurity Market

The higher implementation costs, the complexity of integration across diverse industrial environments, and a shortage of specialized cybersecurity expertise are the primary barriers to the industrial cybersecurity market's growth.
The industry also faces substantial challenges as some firms are hesitant to adopt new technologies due to concerns about operational disruptions during deployment or potential compatibility issues with existing systems.

Introduction of the Industrial Cybersecurity Market

Industrial enterprises face more cybersecurity challenges than ever before. Ransomware and political instability heighten the risk of safety problems and operational disruptions. The industrial cybersecurity market includes technologies, solutions, and services for protecting industrial control systems (ICS), supervisory control & data acquisition (SCADA) systems, and other operational technology (OT) infrastructure against cyber-attacks and vulnerabilities. Malware, phishing attacks, ransomware, insider threats, and other malicious actions are examples of cyber threats that try to disrupt or compromise industrial processes, vital infrastructure, and manufacturing operations. The introduction of AI and IoT-powered industrial robots has raised the market demand for robust industrial cybersecurity services for defense against increased cyber-attacks and data breaches. The combination of AI and industrial robots enabled the automation of complex and repetitive activities, which is expanding industrial productivity and efficiency.

According to Cognitive Market Research, the global Data Protection as a Service DPAAS market size will be USD 28241.8 million in 2025. It will expand at a compound annual growth rate (CAGR) of 20.80% from 2025 to 2033.

North America held the major market share for more than 40% of the global revenue with a market size of USD 10449.47 million in 2025 and will grow at a compound annual growth rate (CAGR) of 18.6% from 2025 to 2033.
Europe accounted for a market share of over 30% of the global revenue with a market size of USD 8190.12 million.
APAC held a market share of around 23% of the global revenue with a market size of USD 6778.03 million in 2025 and will grow at a compound annual growth rate (CAGR) of 22.8% from 2025 to 2033.
South America has a market share of more than 5% of the global revenue with a market size of USD 1073.19 million in 2025 and will grow at a compound annual growth rate (CAGR) of 19.8% from 2025 to 2033.
Middle East had a market share of around 2% of the global revenue and was estimated at a market size of USD 1129.67 million in 2025 and will grow at a compound annual growth rate (CAGR) of 20.1% from 2025 to 2033.
Africa had a market share of around 1% of the global revenue and was estimated at a market size of USD 621.32 million in 2025 and will grow at a compound annual growth rate (CAGR) of 20.5% from 2025 to 2033.
Payment Processing category is the fastest growing segment of the Data Protection as a Service DPAAS industry

Market Dynamics of Data Protection as a Service DPAAS Market

Key Drivers for Data Protection as a Service DPAAS Market

Escalating Cybersecurity Threats and Data Breaches to Boost Market Growth

The rising frequency and complexity of cyberattacks have significantly intensified concerns around data security. Organizations are increasingly grappling with threats such as ransomware, data breaches, and phishing attacks, which can result in severe financial losses and reputational harm. For example, in 2023, the U.S. reported 2,365 data breaches impacting approximately 343.3 million individuals—a staggering 72% increase compared to 2021. In the UK, half of all businesses (50%) and nearly a third of charities (32%) reported experiencing some form of cybersecurity breach or attack in the past year. The figures are even higher among medium-sized businesses (70%), large enterprises (74%), and high-income charities with annual revenues over £500,000 (66%). Phishing remains the most prevalent type of attack, affecting 84% of businesses and 83% of charities. This is followed by impersonation attacks via email or online platforms (35% of businesses and 37% of charities) and malware infections (17% of businesses and 14% of charities). This escalating threat landscape highlights the critical need for robust data protection strategies, driving demand for Data Protection as a Service (DPaaS) solution. These services offer advanced security features such as data encryption, multi-factor authentication, and real-time monitoring to help organizations safeguard their sensitive information.

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024//./

Increasing Data Volumes from Digital Transformation and IoT to Boost Market Growth

The rapid surge in data generation—driven by digital transformation initiatives and the widespread adoption of Internet of Things (IoT) devices—has created an urgent need for efficient storage, backup, and recovery solutions. Global data volume skyrocketed from 2 zettabytes (ZB) in 2010 to an astounding 64.2 ZB by 2020, surpassing even the number of observable stars in the universe. This figure is projected to reach 181 ZB by 2025. Despite this explosive growth, only about 2% of the data created in 2020 was actually saved and stored by 2021. On a daily basis, the world produces around 2.5 quintillion bytes of data, with 90% of all existing data generated in just the past two years. Additionally, over 40% of internet data in 2020 was generated by machines. In this context, Data Protection as a Service (DPaaS) emerges as a vital solution, offering scalable, secure, and cost-effective means to protect this ever-expanding volume of data. DPaaS ensures data availability, security, and compliance with increasingly stringent regulatory requirements.

https://spacelift.io/blog/how-much-data-is-generated-every-day./

Restraint Factor for the Da...

Artificial Intelligence in Cyber Security Market size was valued at USD 9.86 Billion in 2024 and is projected to reach USD 67.95 Billion by 2031, growing at a CAGR of 30.10% from 2024 to 2031.

Global Artificial Intelligence in Cyber Security Market Drivers

Increasing Sophistication of Cyber Attacks: With cyber threats becoming more advanced, AI-powered systems help detect, predict, and respond to attacks that traditional security measures cannot handle. According to the FBI's Internet Crime Complaint Center (IC3), cybercrime reports increased by 69.4% in 2020, with reported losses exceeding USD 4.2 billion.

Growing Adoption of IoT and Cloud Technologies: According to (ISC)², the global cybersecurity workforce gap stands at 3.4 million professionals, with 63% of organizations reporting a shortage of IT security staff. The National Institute of Standards and Technology (NIST) reports that organizations using AI-powered security tools can handle 63% more security incidents with the same staff size. As more devices become interconnected through the Internet of Things (IoT) and cloud platforms, organizations require AI-driven solutions to safeguard against vulnerabilities.

Rising Data Breaches and Compliance Regulations: Stringent regulations like GDPR and CCPA push organizations to adopt AI-based cyber security solutions to comply with data protection laws and mitigate risks.

Shortage of Skilled Cyber Security Professionals: AI-driven solutions automate many security functions, addressing the shortage of skilled cybersecurity professionals and streamlining threat detection and response processes.

The global digital trust market is experiencing robust growth, driven by the increasing reliance on digital technologies across various sectors and the escalating need for robust cybersecurity measures. The market's Compound Annual Growth Rate (CAGR) of 13.12% from 2019 to 2024 signifies a considerable expansion, projecting a substantial market value by 2033. Key drivers include the rising prevalence of cyber threats, stringent government regulations regarding data privacy (like GDPR and CCPA), and the growing adoption of cloud-based services. The increasing sophistication of cyberattacks and the expanding attack surface created by interconnected devices (IoT) further fuel market expansion. The market is segmented by component (solutions and services), deployment mode (cloud-based and on-premises), organization size (large enterprises and SMEs), and end-user industry (banking, healthcare, IT, government, retail, energy, etc.). The cloud-based segment is likely to dominate due to its scalability, cost-effectiveness, and accessibility. Large enterprises currently hold a significant market share, but SMEs are rapidly adopting digital trust solutions to safeguard their operations. North America and Europe are currently leading the market, with Asia-Pacific poised for significant growth in the coming years. Market restraints include the high cost of implementation and the complexity of integrating various security solutions. However, ongoing technological advancements, coupled with increasing awareness of digital risks, are expected to overcome these hurdles and sustain the market's growth trajectory. The competitive landscape is highly fragmented, with established players like Cisco, IBM, Microsoft, Oracle, and AWS competing alongside specialized security firms such as Symantec, Thales, Entrust, DigiCert, and Comodo. These companies are constantly innovating and expanding their product portfolios to address the evolving needs of the market. Strategic partnerships, mergers and acquisitions, and the development of advanced technologies like AI-powered threat detection are key strategies adopted by market players. Future growth will be influenced by advancements in areas such as zero-trust security, blockchain technology for enhanced data security, and improved threat intelligence capabilities. The continued emphasis on data privacy regulations globally will also significantly impact the market's future trajectory. Overall, the digital trust market presents substantial growth opportunities for vendors capable of providing comprehensive and adaptable solutions addressing the expanding cybersecurity challenges in the digital age. Considering the CAGR and projected growth, we can reasonably estimate the 2025 market size to be around $XX billion (the exact figure requiring access to the original unspecified market size data). Recent developments include: June 2023: Sift, a global leader in digital trust and safety, unveiled a significant enhancement to its worldwide partner program during the Money 20/20 Europe event held in Amsterdam. The upgraded Sift partner program aims to extend the reach of Sift's cutting-edge fraud detection technology by forging strategic partnerships with companies across the globe. This expansion encompasses a diverse range of partner categories, including Solutions Partners, Payment Service Providers (PSPs), Payment Orchestration Platforms, Managed Services Providers (MSPs), and Technology Integration Partners, all of whom can harness the capabilities of Sift Connect's extensive library of open APIs., May 2023: DigiCert, a renowned provider of digital trust solutions and a distinguished member of the Oracle PartnerNetwork (OPN) joined forces with Oracle to deploy DigiCert ONE, a comprehensive digital trust platform, on Oracle Cloud Infrastructure (OCI). This collaboration is designed to offer customers the advantages of rapid DigiCert ONE implementation and the secure, high-performance architecture of OCI, which prioritizes data security and facilitates seamless single and multi-cloud deployments. Looking ahead, DigiCert and Oracle are committed to enhancing integration within the OCI ecosystem, enabling shared clients to efficiently manage their digital trust projects within a unified architecture.. Key drivers for this market are: The increasing number of breaches and cyberattacks, the growing importance of digital trust solutions, The rise of artificial intelligence (AI) and machine learning (ML) is creating new opportunities. Potential restraints include: The increasing number of breaches and cyberattacks, the growing importance of digital trust solutions, The rise of artificial intelligence (AI) and machine learning (ML) is creating new opportunities. Notable trends are: BFSI Segment is Expected to Drive the Market.