Intrusion Detection using Network Traffic Profiling and Machine Learning for IoT

TL;DR

This paper presents an anomaly-based intrusion detection system for IoT networks that uses network profiling and machine learning to identify cyber-attacks with high accuracy and low false positives.

Contribution

It introduces a dynamic network profiling approach combined with machine learning for IoT security, demonstrating effective attack detection on real testbed data.

Findings

Achieved 98.35% detection accuracy

Reduced false positives to 0.98%

Validated on Cyber-Trust testbed

Abstract

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.