Intrusion detection in internet of things networks based on machine learning methods

Abstract

Introduction: The growing amount of digital data generated, among others, by smart devices of the Internet of Things makes it important to study the application of machine learning methods to the detection of network traffic anomalies, namely the presence of network attacks. Purpose: To propose a unified approach to detecting attacks at different levels of IoT network architecture, based on machine learning methods. Results: It was shown that at the wireless sensor network level, attack detection is associated with the detection of anomalous behavior of IoT devices, when the deviation of an IoT device behavior from its profile exceeds a predetermined level. Smart IoT devices are profiled on the basis of statistical characteristics, such as the intensity and duration of packet transmission, the proportion of retransmitted packets, etc. At the level of a local or global wired IoT network, data is aggregated and then analyzed using machine learning methods. Trained classifiers can become a part of a network attack detection system, making decisions about compromising a node on the fly. Models of classifiers of network attacks were experimentally selected both at the level of a wireless sensor network and at the level of a local or global wired network. The best results in terms of completeness and accuracy estimates are demonstrated by the random forest method for a wired local and/or global network and by all the considered methods for a wireless sensor network. Practical relevance: The proposed models of classifiers can be used for developing intrusion detection systems in IoT networks.