A Review of Intrusion Detection Systems and Their Evaluation in the IoT

TL;DR

This review analyzes 51 studies on IoT intrusion detection systems from 2008 to 2018, highlighting current techniques, limitations, and the need for standardized datasets and comparative evaluations.

Contribution

It provides a comprehensive summary of existing IoT IDS approaches, identifies gaps in evaluation and data sharing, and discusses challenges specific to IoT device constraints.

Findings

Limited inter-paper comparisons and lack of shared datasets.

Many approaches struggle to detect certain attack types.

Resource constraints significantly impact IDS effectiveness.

Abstract

Intrusion Detection Systems (IDS) are key components for securing critical infrastructures, capable of detecting malicious activities on networks or hosts. The procedure of implementing a IDS for Internet of Things (IoT) networks is not without challenges due to the variability of these systems and specifically the difficulty in accessing data. The specifics of these very constrained devices render the design of an IDS capable of dealing with the varied attacks a very challenging problem and a very active research subject. In the current state of literature, a number of approaches have been proposed to improve the efficiency of intrusion detection, catering to some of these limitations, such as resource constraints and mobility. In this article, we review works on IDS specifically for these kinds of devices from 2008 to 2018, collecting a total of 51 different IDS papers. We summarise the current themes of the field, summarise the techniques employed to train and deploy the IDSs and provide a qualitative evaluations of these approaches. While these works provide valuable insights and solutions for sub-parts of these constraints, we discuss the limitations of these solutions as a whole, in particular what kinds of attacks these approaches struggle to detect and the setup limitations that are unique to this kind of system. We find that although several paper claim novelty of their approach little inter paper comparisons have been made, that there is a dire need for sharing of datasets and almost no shared code repositories, consequently raising the need for a thorough comparative evaluation.