IoT Intrusion Detection: Implementing a Dual-Layered Security Approach

The proliferation of Internet of Things (IoT) devices has significantly increased the attack surface, making IoT security a critical concern. Traditional intrusion detection systems often fall short in addressing the complex and staged nature of IoT attacks. In this study, we propose a dual-layered intrusion detection system to enhance IoT security. The first layer employs the extreme gradient boosting algorithm to detect reconnaissance attacks, which are typically the initial stage of a multistage cyberattack. In the second layer, an artificial neural network is utilized to classify various IoT-specific attacks. Our model is evaluated using three benchmark datasets: UNSW-NB15, BoT-IoT, and IoT-ID20. The proposed model demonstrates a first-stage accuracy of 99.98%, sensitivity of 99.14%, and specificity of 94.47%. In the second stage, we achieved accuracy rates of 96.97%, 99.99%, and 98.70% across the datasets. This two-stage approach not only improves detection accuracy but also ensures early intervention by identifying reconnaissance attacks, thereby reducing the potential impact of subsequent attack stages. The primary objective of this model is to efficiently detect reconnaissance attacks with minimal resource consumption, thereby reducing the workload of the ANN model. Our findings underscore the importance of a staged defense mechanism in IoT networks, leveraging the strengths of different machine learning algorithms to provide robust security.