Optimizing random forests to detect intrusion in the Internet of Things

The Internet of Things (IoT) has created new security challenges by connecting billions of smart devices to each other. One of these challenges is detecting attacks in IoT networks. Traditional attack detection methods are usually not suitable for large and complex networks such as IoT networks. In this research, a new model for detecting intrusion in IoT networks using Software-Defined Networking (SDN) is introduced. The main goal of the current research was to improve the stability of IoT networks against various attacks using an optimized machine learning model in a distributed manner. The presented approach uses the advantages of SDN, such as flexibility and centralized control, to improve intrusion detection performance. The proposed method includes two phases: first, the topology of the network is divided into a set of subdomains, and a controller node is assigned to each subdomain. Then, in the second phase, an ensemble classification model based on a random forest is utilized for detecting intrusion in each subdomain. This learning model is a forest of classification and regression trees (CARTs), each component of which is optimized by genetic algorithm (GA). Controller nodes can use this classification model to identify intrusion independently or cooperatively. The main novelty of the current work lies in optimizing multiple learning models and cooperatively utilizing them for intrusion detection goals. In an experimental environment based on MATLAB software, the effectiveness of this model for detecting intrusions on two databases, NSW-NB15 and NSLKDD, was evaluated. The findings of the experiments showed that this model can identify the attacks in these two databases with 98.06 % and 99.67 % accuracy respectively, which is significantly higher than the compared models.