Enhancement of IoT Intrusion Detection: Evaluating ML and DL Approaches with NetFlow Datasets

Abstract

The Internet of Things (IoT) is a concept that involves integrating diverse objects to enable seamless interaction between real-world and virtual entities. IoT is now connecting the physical world to networks. IoT devices can sense, process, transmit, and store data collected from the physical world. However, these devices are resource-constrained, creating significant security vulnerabilities in many IoT applications. Implementing effective security measures on such devices is challenging without compromising their performance or potentially causing damage. Consequently, there is a substantial gap between the security capabilities of current IoT devices and their security requirements. Computer security principles, namely Confidentiality, Integrity, and Availability (CIA), can be compromised by malicious intrusions or attacks on computers and information databases. This study proposed and compared 1D CNN and XGBoost for detecting malicious attacks in the IoT environment. The proposed techniques were evaluated on the five variants of NetFlow datasets. The experiments shows that the proposed techniques outperform the Ensemble Tree classifier, achieving better performance in binary and multi-class classification. The results for 1D CNN and XGBoost were compared on the basis of F1 measure, AUC, recall, correctness value, and ppv.. The comparison shows that XGBoost is the better-performing model across the NetFlow datasets. XGBoost's ability to capture complex patterns and optimize the classification task makes it robust and effective.