Honey-block: Edge assisted ensemble learning model for intrusion detection and prevention using defense mechanism in IoT

The Internet of Things (IoT) has gained popularity with interconnected devices and diverse network applica-tions, leading to increased vulnerability of sensitive data to security threats. Many researchers have focused on intrusion detection without considering prevention mechanisms. To overcome these issues, we propose the honeypot and blockchain-based intrusion detection and prevention (HB-IDP) model, in which edge computing is introduced to reduce the latency during communication. Initially, three-fold authentication is performed for entities (users, devices, and gateway) to ensure legitimacy using the camellia encryption algorithm (CEA), which provides secret keys. The proposed datasets (i.e., UNSW-NB15 and BoT-IoT) are pre-processed at the gateway using min-max normalization to reduce redundancy and complexity during feature extraction and classification. Signature-based intrusion detection is performed on the pre-processed data, with known attacks classified into three classes (normal, malicious, and suspicious) using the improved isolation forest (IIF) algorithm. Suspicious data are forwarded for anomaly detection to the edge level; here, a honeypot is deployed to attract the attacker's patterns. Ensemble learning technique, including multi-layer perceptron (MLP), general adversarial network (GAN), and lightweight convolutional neural Network (LCNN), is applied to classify suspicious packet behaviors. Once intrusions are detected, the proposed work prevents future intrusions by generating reports, which are then encrypted by the CEA algorithm and provided to legitimate users. All transactions (i.e., key generation, report generation, and attacker patterns) are stored in the blockchain. The HB-IDP model's performance and effectiveness were evaluated using network simulator 3.26 (NS-3.26), showcasing its superiority over existing approaches.