A Hybrid Cluster-Based Classification Model for Anomaly Detection in Unbalanced IoT Networks

TL;DR

This paper introduces a hybrid clustering and classification approach to improve anomaly detection in unbalanced IoT network traffic, enhancing accuracy and robustness.

Contribution

It proposes a novel cluster-specific hybrid model that segments data with K-Means and applies tailored classifiers to each cluster, outperforming standard methods.

Findings

Cluster-specific models improve detection accuracy.

Hybrid approach handles diverse IoT traffic better.

Method outperforms single classifier baselines.

Abstract

Detecting anomalies in Internet of Things (IoT) networks is a critical security challenge, often hampered by highly imbalanced and diverse network traffic datasets. Standard classifiers struggle to perform well across all traffic types. This paper proposes a hybrid detection model to address this challenge using the Bot-IoT dataset. Instead of a single complex classifier, we first employ K-Means clustering to segment the training data into three distinct traffic profile clusters. We then train and evaluate multiple baseline machine learning models, including Decision Tree, KNN, and XGBoost, on each cluster independently to identify the optimal classifier for that specific data profile. Our results show that this clusterspecific, hybrid approach, which assigns different simple models to different clusters, improves detection accuracy and provides a more robust and efficient framework for handling diverse IoT attack traffic.