How Good Are Classification Models in Handling Dynamic Intrusion Attacks in IoT?

Abstract

Internet of things (IoT) is vulnerable to the intrusion that may lead to security threats in the IoT ecosystem. Due to different architecture and protocol stack, the traditional intrusion detection system (IDS) does not work well for generating alarm during possible intrusion in IoT. Machine learning is one of the potential tools for effective intrusion detection. However, to apply them in IoT, it may need customization to work with IoT traffic. The situation becomes adverse when the attack patterns are not known Apriori. To mislead IDS, attackers frequently change the attack patterns. As a result, traditional machine learning methods usually fail to handle such dynamic intrusion effectively. In this work, we try to assess seven (07) well-known classification models for their suitability in the IoT network in detecting novel/dynamic attacks. It is more vulnerable and lethal for a system, if a detection system misclassifies a novel (unseen) attack as normal traffic. During our study, we assess such scenario of misclassification by our candidate models. Our result reveals that random forest performs better in detecting seen IoT attacks. SVM is superior in keeping a low misclassification rate for dynamic attacks as regular traffic. Our investigation further concludes that the best IDS system is not always the best detector for handling novel attacks.