Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets

Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets

The security of Internet of Things (IoT) and Industrial Internet of Things (IIoT) systems has been significantly enhanced through the integration of effective intrusion detection systems (IDSs). Machine learning (ML) has emerged as a highly efficient approach for designing cyber-attack detection sys...

Full description

Saved in:
Bibliographic Details
Main Authors: Shereen Ismail, Salah Dandan, Ala'a Qushou
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Internet of Things
Industrial Internet of Things
security
cyber-attacks
intrusion detection
machine learning
Online Access:https://ieeexplore.ieee.org/document/10937697/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The security of Internet of Things (IoT) and Industrial Internet of Things (IIoT) systems has been significantly enhanced through the integration of effective intrusion detection systems (IDSs). Machine learning (ML) has emerged as a highly efficient approach for designing cyber-attack detection systems to improve the security. This study reviewed recent advancements in the literature utilizing the TON_IoT, WUSTL-IIoT-2021, and Edge-IIoTset datasets. A comprehensive performance analysis of various supervised ML classification techniques was conducted to identify lightweight models suitable for deployment in resource-constrained IoT and IIoT environments. The performance of Decision Tree (DT), Random Forest (RF), and three ensemble techniques: Bagging, Stacking, and LightGBM (LGBM), was evaluated. The TON_IoT, WUSTL-IIOT-2021, and Edge-IIoTset imbalanced datasets, representing three distinct IIoT environments and encompassing numerous samples of different attack types, were used. The impact of imbalanced class distributions on model performance was analyzed. The imbalanced datasets were customized for training and testing ML models, with feature selection performed using Mutual Information (MI). Model performance was assessed using several metrics: Precision, Recall, Micro-F1, Model Size, and Training Time. Furthermore, a cross-dataset transfer learning approach was applied to evaluate how models trained on the TON_IoT dataset generalize when tested on the WUSTL-IIoT-2021 dataset, demonstrating the ability of the models to generalize across datasets with common features and attack labels. For real-time intrusion detection and network traffic analysis, we set up an experiment to deploy the trained ML models in a live network environment. The experiment provided real-time insights into CPU usage, memory consumption, and network activity, with predictions continuously logged for monitoring and further analysis.
ISSN:2169-3536

Similar Items