Towards autonomous IoT IDSs using ensemble learning and feature selection methods

Abstract

Intrusion Detection Systems (IDSs) are an efficient and effective solution against polymorphic and zero-day cyberattacks in IoT networks. Many IDSs have failed in practice due to a considerable number of false alarms, high False Positive Rates (FPR), and low Detection Rates (DR). Furthermore, with the rapidly growing number of connected devices in IoT networks and the wide variety of traffic types, it becomes challenging to develop a fast, light, and accurate IDS. This research provides substantial contributions to cybersecurity research on developing a scalable, adaptive, and lightweight IDS framework for IoT networks. It considers two main aspects, a novel ensemble feature selection method and a new ensemble detection model approach to achieve a reliable IDS architecture. The first contribution is developing a novel ensemble evaluation method for Feature Selection Methods (FSMs) to automatically construct an Ensemble Feature Selection Method (ENFSM). The proposed methodology combined five evaluation measurements. One of them is a new evaluation measurement that integrated the reduction rate with method speed and two new measurements that scored the whole feature set quality. Also, a novel cutoff mechanism for filter-based FSMs is proposed. The second contribution is developing a novel ensemble Model Selection Method (MSM) to automatically construct an ensemble detection model. The proposed method used three new integrated efficiency measurements and combined the recommendations in a novel way to increase the method’s reliability. Notably, the proposed ENFSM achieved a reduction percentage ranging from 51% to 79% over the four datasets without compromising the accuracy of the detection models. Furthermore, the proposed cutoff mechanism showed a noticeable improvement in the feature selection methods’ efficiency. The proposed ENFSM F and ROC-AUC scores ranged from 0.9 to 1 using most detection models. Furthermore, the generated feature set suited a vast range of models. The proposed ensemble models showed 0.99, 0.95, 1, and 0.99 F scores and 1, 0.98, 1, and 1 ROC-AUC scores on NSL-KDD, UNSW-NB15, BotNetIoT, and BoTIoT dataset, respectively. The proposed models overcame most models in terms of efficiency and showed a stable performance using a vast range of feature sets.