Two-step ensemble approach for intrusion detection and identification in IoT and fog computing environments

Due to Internet of Things devices resource limitations, security often does not receive enough attention. Intrusion detection approaches are important for identifying attacks and taking appropriate countermeasures for each specific threat. This work presents a two-step approach for intrusion detection and identification. The first step performs a traffic analysis with an Extra Tree binary classifier. Events detected as intrusive are analyzed in the second stage by an ensemble approach consisting of Extra Tree, Random Forest, and Deep Neural Network. An extensive evaluation was performed with the Bot-IoT, IoTID20, NSL-KDD, and CICIDS2018 intrusion datasets. The experiments demonstrated that the proposed approach could achieve similar or superior performance to other machine learning techniques and state-of-the-art approaches in all databases, demonstrating the robustness of the proposed approach.

Automated summary

Due to resource limitations in Internet of Things devices, security is often overlooked. This study proposes a two-step approach for intrusion detection and identification, which includes traffic analysis and ensemble methods. The proposed approach is evaluated on multiple intrusion datasets, demonstrating its robustness.