A hybrid approach for efficient feature selection in anomaly intrusion detection for IoT networks

Abstract

The exponential growth of Internet of Things (IoT) devices underscores the need for robust security measures against cyber-attacks. Extensive research in the IoT security community has centered on effective traffic detection models, with a particular focus on anomaly intrusion detection systems (AIDS). This paper specifically addresses the preprocessing stage for IoT datasets and feature selection approaches to reduce the complexity of the data. The goal is to develop an efficient AIDS that strikes a balance between high accuracy and low detection time. To achieve this goal, we propose a hybrid feature selection approach that combines filter and wrapper methods. This approach is integrated into a two-level anomaly intrusion detection system. At level 1, our approach classifies network packets into normal or attack, with level 2 further classifying the attack to determine its specific category. One critical aspect we consider is the imbalance in these datasets, which is addressed using the Synthetic Minority Over-sampling Technique (SMOTE). To evaluate how the selected features affect the performance of the machine learning model across different algorithms, namely Decision Tree, Random Forest, Gaussian Naive Bayes, and k-Nearest Neighbor, we employ benchmark datasets: BoT-IoT, TON-IoT, and CIC-DDoS2019. Evaluation metrics encompass detection accuracy, precision, recall, and F1-score. Results indicate that the decision tree achieves high detection accuracy, ranging between 99.82 and 100%, with short detection times ranging between 0.02 and 0.15 s, outperforming existing AIDS architectures for IoT networks and establishing its superiority in achieving both accuracy and efficient detection times.