Detection of Attacks on Industrial Internet of Things Using Fewer Features

Abstract

Malicious attack detection becomes a critical issue in Industrial IoT(IIoT) environments. Meanwhile, the IoT market is constantly growing, and new IoT devices are connected to the Internet day by day, causing a rapid increase in network traffic. To enable IDS to detect malicious attacks in high-load network environments, a lightweight IDS is required. Therefore, Machine Learning (ML) based intrusion detection systems (IDS) with fewer features to meet the lightweight IDS are applied to the TON_IoT dataset. A Pearson correlation coefficient (PCC) is applied to calculate correlations among features, followed by Jamovi analysis software’s frequency table to analyze the core features of the TON_IoT dataset. Finally, the original 45 features are reduced to 10 core features for IDS to detect malicious activity. To verify the performance of malicious attack activities with the reduced 10 core features, four evaluation criteria are used: accuracy, precision, recall, and F1 score. Two ML techniques, KNN and RF, are applied for testing. According to experimental results, both ML techniques can detect multiple types of attacks with an accuracy of over 99%, indicating that using the proposed 10 core features for attack detection can still yield high accuracy.