Abstract
The application of a large number of Internet of Things (IoT) devices makes our life more convenient and industries more efficient. However, it also makes cyber-attacks much easier to occur because so many IoT devices are deployed and most of them do not have enough resources (i.e., computation and storage capacity) to carry out ordinary intrusion detection systems (IDSs). In this study, a lightweight machine learning-based IDS using a new feature selection algorithm is designed and implemented on Raspberry Pi, and its performance is verified using a public dataset collected from an IoT environment. To make the system lightweight, we propose a new algorithm for feature selection, called the correlated-set thresholding on gain-ratio (CST-GR) algorithm, to select really necessary features. Because the feature selection is conducted on three specific kinds of cyber-attacks, the number of selected features can be significantly reduced, which makes the classifiers very small and fast. Thus, our detection system is lightweight enough to be implemented and carried out in a Raspberry Pi system. More importantly, as the really necessary features corresponding to each kind of attack are exploited, good detection performance can be expected. The performance of our proposal is examined in detail with different machine learning algorithms, in order to learn which of them is the best option for our system. The experiment results indicate that the new feature selection algorithm can select only very few features for each kind of attack. Thus, the detection system is lightweight enough to be implemented in the Raspberry Pi environment with almost no sacrifice on detection performance.
Highlights
The training time of the random forest (RF) is faster than the logistic model tree (LMT), the testing time of the LMT is faster than RF in the case of using correlated-set thresholding on gain-ratio (CST-Gain Ratio (GR)) features
(VFDT), logisticAfter model treea(LMT), and random forest (RF)—were tested to be used using in ourour system
The performance of our detection system was examined using the public Bot-Internet of Things (IoT) dataset, which was collected in a simulated IoT environment
Summary
A vast number of Internet of Things (IoT) devices have been deployed in many applications as a result of the significant development of related technologies. The problem of cyber-attacks has become a challenging issue This is because most IoT devices have very limited resources (e.g., storage and computation capacity); they cannot carry out complicated intrusion detection systems. The network-based detection systems are implemented using predefined attack signatures. Are the detection mechanisms in IDSs. may be effective for new kinds of attacks, the problem of the high false positive rate is one ofthey the Misuse-based detection systems are implemented using predefined attack signatures. The IoT detection may be effective for new kinds of attacks, the problem of the high false positive devices-based. There are numerous variety of IoT devices is another challenge for implementing an anomaly detection system. IDSs mustThese be lightweight of their computation used everywhere These devices only need low power consumption. We proposed the new feature selection method, named correlated-set thresholding on gain-ratio (CST-GR), to make the system lightweight
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.