Hybrid Classifier for Detecting Zero-Day Attacks on IoT Networks

Abstract

Listen

Translate article

Recently, Internet of Things (IoT) networks have been exposed to many electronic attacks, giving rise to concerns about the security of these networks, where their weaknesses and gaps can be exploited to access or steal data. These networks are threatened by several cyberattacks, one of which is the zero-day distributed denial-of-service (DDoS) attack, which is considered one of the dangerous attacks targeting network security. As such, it is necessary to find smart solutions to address such attacks swiftly. To address these attacks, this research proposed a hybrid IDS to detect cyber-attacks on IoT networks via machine learning (ML) algorithms, namely, XGBoost, K-nearest neighbors, and stochastic gradient descent (SGD), while classifiers are combined via an ML ensemble. Grid search CV was used to find the best hyperparameters for each classifier at each classification stage. Random projection was used to select the relevant features for training the model. In the evaluation and performance testing phase of the model, two cybersecurity datasets (CIC-IDS2017 and CIC-DDoS2019) were used to test the efficiency of the model in detecting zero-day threats. The best results were obtained for the CIC-DDoS2019 dataset, where 20 features out of the total selection were used. The model was able to achieve an accuracy of 99.91% and an intrusion detection time of 0.22 seconds. The confusion matrix results also revealed a reduction in false alarms. The results and their comparison with those of recent relevant studies demonstrated the effectiveness of the hybrid model in securing IoT networks from zero-day attacks as well as its superiority in terms of accuracy and intrusion detection time. This study is an important step in enhancing security in the IoT environment by presenting a new hybrid model that is capable of dealing with zero-day attacks that are difficult to detect with traditional models.