A lightweight Intrusion Detection for Internet of Things‐based smart buildings

Abstract

The integration of Internet of Things (IoT) devices into commercial or industrial buildings to create smart environments, such as Smart Buildings (SBs), has enabled real‐time data collection and processing to effectively manage building operations. Due to poor security design and implementation in IoT devices, SB networks face an array of security challenges and threats (e.g., botnet malware) that leverage IoT devices to conduct Distributed Denial of Service (DDoS) attacks on the Internet infrastructure. Machine Learning (ML)‐based traffic classification systems aim to automatically detect such attacks by effectively differentiating attacks from benign traffic patterns in IoT networks. However, there is an inherent accuracy‐efficiency tradeoff in network traffic classification tasks. To balance this tradeoff, we develop an accurate yet lightweight device‐specific traffic classification model. This model classifies SB traffic flows into four types of coarse‐grained flows, based on the locations of traffic sources and the directions of traffic transmissions. Through these four types of coarse‐grained flows, the model can extract simple yet effective flow rate features to conduct learning and predictions. Our experiments find the model to achieve an overall accuracy of 96%, with only 32 features to be learned by the ML model.