Enhancing IoT Cyber Attack Detection in the Presence of Highly Imbalanced Data

TL;DR

This paper proposes hybrid sampling techniques combined with machine learning models to improve IoT cyber attack detection accuracy in highly imbalanced datasets, achieving near-perfect classification performance.

Contribution

It introduces hybrid sampling methods tailored for IoT security datasets and evaluates their effectiveness with multiple ML models, highlighting the superior performance of Random Forest and Soft Voting ensemble.

Findings

Random Forest achieved a Kappa score of 0.9903 and accuracy of 0.9961.

Soft Voting ensemble achieved an accuracy of 0.9952 and AUC of 0.9997.

Hybrid sampling significantly improves attack detection in imbalanced IoT datasets.

Abstract

Due to the rapid growth in the number of Internet of Things (IoT) networks, the cyber risk has increased exponentially, and therefore, we have to develop effective IDS that can work well with highly imbalanced datasets. A high rate of missed threats can be the result, as traditional machine learning models tend to struggle in identifying attacks when normal data volume is much higher than the volume of attacks. For example, the dataset used in this study reveals a strong class imbalance with 94,659 instances of the majority class and only 28 instances of the minority class, making it quite challenging to determine rare attacks accurately. The challenges presented in this research are addressed by hybrid sampling techniques designed to improve data imbalance detection accuracy in IoT domains. After applying these techniques, we evaluate the performance of several machine learning models such as Random Forest, Soft Voting, Support Vector Classifier (SVC), K-Nearest Neighbors (KNN), Multi-Layer Perceptron (MLP), and Logistic Regression with respect to the classification of cyber-attacks. The obtained results indicate that the Random Forest model achieved the best performance with a Kappa score of 0.9903, test accuracy of 0.9961, and AUC of 0.9994. Strong performance is also shown by the Soft Voting model, with an accuracy of 0.9952 and AUC of 0.9997, indicating the benefits of combining model predictions. Overall, this work demonstrates the value of hybrid sampling combined with robust model and feature selection for significantly improving IoT security against cyber-attacks, especially in highly imbalanced data environments.