The robust scheme for intrusion detection system in Internet of Things

Abstract

Machine learning and deep learning-based anomaly intrusion detection systems (IDSs) have become prevalent in securing IoT networks due to their ability to monitor traffic and detect zero-day attacks. However, recent studies highlight the high vulnerability of these models to adversarial attacks, in which minor input perturbations can significantly decrease the detection accuracy. Although many studies have focused on adversarial attack and defense techniques for deep learning, machine learning, particularly decision trees, has received limited attention. In this study, we aim to assess the efficacy of the robust decision tree in adversarial IoT environments. Our first experiments reveal the robust decision tree’s sensitivity to the offset parameter. We thus propose a statistical approach to auto-select the offset value, enhancing model stability across varying attack offsets. Then, we present a robust scheme for IDSs in IoT environments. This approach employs the enhanced robust decision tree and a tabular deep learning model to detect and classify a range of cyber attacks. Our evaluation results on three popular IDS datasets—IoTID20, CIC-IDS-2017, and BOT-IoT—demonstrate that our proposed approach is robust under various adversarial attack conditions and achieves a consistent accuracy of over 95% in classifying different attack types.