Classification of IoT Gateway Intrusions using Machine Learning

Abstract

From the several studies it has been shown that it is possible to significantly improve the classification accuracy and performance of the detection engine by carefully selecting the relevant features for the intrusion detection system. Currently, with the development of new technologies such as cloud computing and big data, a huge amount of network traffic is being generated, and the intrusion detection system needs to collect and dynamically analyze the data that is transmitted through incoming traffic. Nevertheless, not all features in a large data set reflect traffic, so to improve the accuracy and speed of the intrusion detection system, selecting a minimal set of features is required. This study proposes a feature selection mechanism that eliminates unrelated features and identifies features that help improve recognition, based on the number of points each of the features identified in the selection process determines. To accomplish this goal, a recursive feature removal procedure was used, which involved classification based on the decision tree, and the corresponding attributes were subsequently identified. This approach applies to the NSL-KDD dataset, i.e., 2017 KDD dataset used in this experiment by the machine learning library written in Python. This approach identifies relevant characteristics in the dataset and improves the level of accuracy. These results indicate that feature selection significantly improves classification performance. For identifying the appropriate functionality with relevant factors allows for a better planning of the intrusion detection system.