Feature Engineering for Cyber-attack detection in Internet of Things

Abstract

Internet of Things (IoT) consists of group of devices which communicates information over private networks.One of the key challenges faced by IoT networks is the security breaches.With the objective of automating the detection of possible security breaches in five categories, IoT traffic created with Message Queue Telemetry Transport (MQTT) protocol is analyzed.The five categories of cyber-attacks considered are brute force, denial of service (DoS), flooding, malformed data, and SlowITe attacks along with legitimate traffic.The popular five machine learning (ML) models, LightGBM, Random Forest, MLP, AdaBoost, and Decision Tree Classifiers are trained to predict cyber-attacks.In traditional traffic analysis all the available features of MQTT traffic were utilized for the ML modeling and in this work, we challenge the practice by showing that automated feature selection improves the performance of the overall ML models.The average accuracy, precision, recall and the F1 score are used as performance evaluation metrics.It is observed that all models in average are able to achieve 90% of accuracy in classification, while MLP model is trained 10 times faster than the other models.Further the optimal number of features for correct classification is identified as 10 features through Monte Carlo analysis.With the reduced features, it is possible to detect DoS, flooding, and SlowITe attacks with more than 90% accuracy and precision.Yet, it is difficult to tell apart brute force and malformed data attacks.