1.1 Introduction
The Internet of Things (IoT) refers to a set of devices used in a field that communicate with each other over the Internet. According to the global concept, all objects around the world have small computer capabilities and intelligence and can exchange data with each other. The IoT includes various components such as architecture, sensors, encoding, transmission, data processing, networking, and so on. Network security and privacy are the most challenging issues in the IoT, which has a large number of Internet-connected devices. Authentication and access control techniques are central to addressing security and privacy issues. These techniques prevent unauthorized users from accessing the network and unauthorized access from authorized users. For this purpose, intrusion detection techniques are used in the IoT [1]. In this chapter, the generalities of the subject are discussed and the principles of familiarity with the IoT are examined.
The IoT is a set of devices used in a field that communicate with each other over the Internet. According to the global concept, all objects around the world have small computer capabilities and intelligence and can exchange data with each other. The IoT includes various components such as architecture, sensors, encoding, transmission, data processing, networking, and so on. Network security and privacy are the most challenging issues in the IoT, which has a large number of Internet-connected devices. In the IoT-based smart homes, there are some sensors in different parts of the home that communicate with each other through the base station [1].
Today, security has become one of the most important needs with the development of technology and the increasing use of the Internet and network. Most economic, commercial, cultural, social, and governmental activities and interactions at all levels, including individuals, NGOs, and government agencies, are currently taking place in cyberspace. Vital and sensitive infrastructures and systems of countries either form a part of the countries’ cyberspace or are controlled, managed, and exploited through this space. Most of the vital and sensitive information of the countries has been transferred to this space or has been formed in it. A review of recent events in countries confirms the fact that most of the threats against countries, especially in critical infrastructure, either originate from cyberspace or directly threaten this space. Due to its inherent vulnerabilities and the growing trend of migration from the traditional world to it, cyberspace increases the risk of IT-based systems that are vital to countries’ economies. The increasing complexity of IT-based systems and networks poses security challenges for countries. Therefore, promoting operational stability and security, and securing infrastructure, especially vital and sensitive centers, is very important for countries [1].
Intrusion into the system is done with different motives, such as military, political, or so on. In some cases, this intrusion may be due to a defect in some parts of software such as the protocol or operating system.
As a result, tools and techniques are constantly being introduced to counter network attacks. The purpose of intrusion detection systems (IDSs) is to detect types of network attackers [2].
IDSs have models and types of algorithms that automate the process of detecting and monitoring network traffic. These systems divide network traffic into two categories: normal traffic and abnormal traffic [2].
In the field of computer and network security, network threats can be alerted to the user using IDSs. After receiving these alerts, the system takes appropriate action by other entities [3].
Two important tools in this area are the firewall and IDS. These two tools are different as follows [3]:
1. In firewalls, it is not possible to detect intrusion from within the network, but in IDSs, all network traffic can be monitored;
2. Firewalls are commonly used to prevent unauthorized users from entering the internal network, but IDSs are used to detect network attacks.
IDSs generally do the following [4]:
1. Monitoring and Evaluation;
2. Detection and response.
These attacks are very dangerous and endanger the security of the system. The important thing about these attacks is that they are unknown. Therefore, most algorithms have low efficiency in dealing with and categorizing these attacks [5].
Based on the above, security systems, firewalls, and IDSs are used to counter these attacks [5].
This book introduces a technique for detecting DoS attacks on the system. In this technique, neural networks are used to detect attacks. To do this, feedback-based neural networks are used after clearing and standardizing the dataset. The proposed technique is expected to improve the accuracy of attack detection in the system.

Due to technological advances in new systems such as the use of networks to connect computers or the Internet infrastructure, it can be argued that most computers use the Internet. One of the most challenging issues in this area is maintaining security on computers connected to the Internet. In this regard, simple solutions such as firewalls are provided. However, they do not meet the security needs of users. Users need to make sure about the comprehensiveness, accuracy, and integrity of their information. Therefore, a wide variety of intrusion detection techniques are used in the system. These techniques detect and deal with intrusion using data analysis in the system.
2.2 Firewalls
Firewalls protect the front access points of the system and are the first line of defense. They are mainly used to deny or accept protocols, ports, or IP addresses. Firewalls direct incoming traffic following a predefined policy. The general firewall configuration can be seen in Figure 2-1.

2.3 Intrusion detection systems (IDSs)
Intrusion detection systems (IDSs) are generally divided into two types: anomaly-based IDSs and misuse-based IDSs. In misuse-based IDSs, instructions are identified based on parameters such as system weakness and known signatures. However, they do not detect new attacks. IDSs, on the other hand, consider natural behavior parameters and use them to identify any action that is significantly different from the normal action. The misuse-based IDSs detect inputs by matching existing intrusion patterns with previous system patterns. Valuable system information is always attractive to attackers, and therefore, vulnerable to centralized network attacks. Intrusion refers to the process by which an attacker enters a system or system server and transmits malicious packets to the user’s system to steal, modify, or corrupt confidential or important information. In other words, intrusion means unauthorized transport of packets through the network [2].
IDSs detect ongoing system misuses using techniques such as port scanning systems, network traffic analysis (NTA), or clustering. These systems must operate intelligently to detect traffic or objects that did not already exist in the system and have not been defined for the system. For this reason, the use of techniques such as neural network or machine learning in these systems is important [3].
There is a general procedure for all IDSs. The data is first entered into the system and then preprocessed, which involves normalizing and deleting missing or ambiguous values from the data. The next step is to detect the attack. A message or notification is sent to the user after the attack is detected [1].