Building a Intrusion Detection System for IoT Environment using Machine Learning Techniques

Abstract

Abstract The most basic feature of every smart device or endpoint device in IoT is to collect the large amount of data that is being generated and direct it to a destination server via the Internet. IoT network is vulnerable to attacks and identification of these malicious behaviours at an early stage can save the data from attacks. The main objective of this work is to build machine learning models to identify attacks in IoT network. To build a model, normal and attack data needs to be generated from the IoT environment. A test bed is build to simulate the IoT environment using Node MCU ESP8266, DHT11 sensor and wireless router. An adversarial system is build using a laptop system which performs actions of sniffing and poisoning attacks. Data captured from the sensors were temperature, humidity and due-point which are transmitted to ThinkSpeak platform using wireless gateway. In the normal phase, sensor values is captured by Node MCU and transmitted to Think Speak server which are stored and labelled as normal data. In the attacking phase, from an adversarial system, the attacker secretly intercepts the data, modifies the data when it is transmitted between the Node MCU and Think Speak server. In the attacking phase, Man in the Middle attack is performed in the network using ARP Poisoning and the data captured is labelled as attack data. Machine learning classifiers such as Naive Bayes, SVM, decision tree, Adaboost are built to categorize data into normal and attack classes.