A Machine Learning approach for anomaly detection on the Internet of Things based on Locality-Sensitive Hashing

Abstract

The increasing connectivity of devices on the Internet of Things (IoT) has created a favorable field for attacks. Consequently, current anomaly-based intrusion detection systems (AIDS) integrate artificial intelligence algorithms, such as machine learning (ML) and deep learning (DL), to manage high data volumes, recognize complex patterns, and detect unknown anomalies. However, the effectiveness of these methods is contingent upon the quality and meaningfulness of the extracted features from IoT-based communications. Also, with the growth of the IoT, feature extraction and selection are becoming increasingly difficult due to data heterogeneity, the generation of massive amounts of information, and the lack of feature standardization. Moreover, current proposals rely on complex feature extraction and selection techniques. As a result, this study introduces a novel approach for ML modeling, including decision trees and random forests, to detect anomalies in IoT. This study aims to overcome feature extraction and selection process dependency by integrating fingerprinting techniques based on locality-sensitive hashing (LSH) to represent network packet information in a suitable format for ML modeling and detecting harmful sequential network packets. The anomaly detection performance was assessed using two benchmark IoT datasets, ToN-IoT and MQTT-IoT, which contain cyberattacks threatening IoT networks. The proposal outperforms other methods regarding accuracy, precision, and FPR with values of 99.82%, 99.93%, and 0.13%, respectively.