LEMDA: A Novel Feature Engineering Method for Intrusion Detection in IoT Systems

TL;DR

This paper introduces LEMDA, a new feature engineering technique that enhances intrusion detection in IoT systems by selecting informative features, leading to improved accuracy and efficiency across multiple datasets and models.

Contribution

LEMDA is a novel feature engineering method that uses exponential decay and sensitivity factors to improve IDS performance in IoT systems.

Findings

LEMDA improves F1 scores by an average of 34%.

LEMDA reduces training and detection times.

LEMDA outperforms other feature engineering methods.

Abstract

Intrusion detection systems (IDS) for the Internet of Things (IoT) systems can use AI-based models to ensure secure communications. IoT systems tend to have many connected devices producing massive amounts of data with high dimensionality, which requires complex models. Complex models have notorious problems such as overfitting, low interpretability, and high computational complexity. Adding model complexity penalty (i.e., regularization) can ease overfitting, but it barely helps interpretability and computational efficiency. Feature engineering can solve these issues; hence, it has become critical for IDS in large-scale IoT systems to reduce the size and dimensionality of data, resulting in less complex models with excellent performance, smaller data storage, and fast detection. This paper proposes a new feature engineering method called LEMDA (Light feature Engineering based on the Mean Decrease in Accuracy). LEMDA applies exponential decay and an optional sensitivity factor to select and create the most informative features. The proposed method has been evaluated and compared to other feature engineering methods using three IoT datasets and four AI/ML models. The results show that LEMDA improves the F1 score performance of all the IDS models by an average of 34% and reduces the average training and detection times in most cases.