A Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection

TL;DR

This paper compares various machine learning techniques, including supervised, unsupervised, and reinforcement learning, for detecting intrusions in IoT systems using the IoT-23 dataset, highlighting LightGBM's superior performance.

Contribution

It provides a comprehensive comparison of multiple ML methods for IoT intrusion detection, including novel application of DRL with DDQN in this context.

Findings

LightGBM achieved the most reliable detection performance.

Isolation Forest showed good anomaly detection capabilities.

Deep Reinforcement Learning demonstrated potential for continuous improvement.

Abstract

The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQN), adapted to the intrusion detection context. The most reliable performance was achieved by LightGBM. Nonetheless, iForest displayed good anomaly detection results and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.