Securing Microservices‐Based IoT Networks: Real‐Time Anomaly Detection Using Machine Learning

Abstract

Increased attention is being given to Internet of things (IoT) network security due to attempts to exploit vulnerabilities. Security techniques protecting availability, confidentiality, and information integrity have intensified as IoT devices are viewed as gateways to larger networks by malicious actors. As an additional factor, the microservices‐based platforms have overtaken the deployment of applications that support smart cities; however, the distributed nature of these architectures heightens susceptibility to malicious network infrastructure use. These risks can result in disruptions to system functioning or data compromise. Proposed strategies to mitigate these risks include developing intrusion detection systems and utilizing machine learning to differentiate between normal and anomalous network traffic, indicating potential attacks. This article outlines the development and implementation of an intrusion detection system (IDS) using machine learning to detect online anomalies in network traffic. Comprising a traffic extractor and anomaly detector, the system employs supervised learning with various datasets to train models. The results demonstrate the effectiveness of the decision tree model in detecting traditional denial of service (DoS) attacks, achieving high scores across multiple metrics: an F1‐score of 98.08%, precision of 99.25%, recall of 96.96%, and accuracy of 99.62%. The random forest model excels in identifying slow‐rate DoS attacks, attaining an F1‐score of 99.85%, precision of 99.91%, recall of 99.80%, and accuracy of 99.88%.