The significant increase of the Internet of Things (IoT) devices in smart homes and other smart infrastructure, and the recent attacks on these IoT devices, are motivating factors to secure and protect IoT networks. The primary security challenge to develop a methodology to identify a malicious activity correctly and mitigate the impact of such activity promptly. In this paper, we propose a two-level anomalous activity detection model for intrusion detection system in IoT networks. The level-1 model categorizes the network flow as normal flow or abnormal flow, while the level-2 model classifies the category or subcategory of detected malicious activity. When the network flow classified as an anomaly by the level-1 model, then the level-1 model forwards the stream to the level-2 model for further investigation to find the category or subcategory of the detected anomaly. Our proposed model constructed on flow-based features of the IoT network. Flow-based detection methodologies only inspect packet headers to classify the network traffic. Flow-based features extracted from the IoT Botnet dataset and various machine learning algorithms were investigated and tested via different cross-fold validation tests to select the best algorithm. The decision tree classifier yielded the highest predictive results for level-1, and the random forest classifier produced the highest predictive results for level-2. Our proposed model Accuracy, Precision, Recall, and F score for level-1 were measured as 99.99% and 99.90% for level-2. A two-level anomalous activity detection system for IoT networks we proposed will provide a robust framework for the development of malicious activity detection system for IoT networks. It would be of interest to researchers in academia and industry.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited