Computer Science Department, Toronto Metropolitan University, Toronto, ON M5B 2K3, Canada.
School of IT Administration and Security, Seneca College of Applied Arts and Technology, Toronto, ON M2J 2X5, Canada.
Sensors (Basel). 2022 Jul 29;22(15):5690. doi: 10.3390/s22155690.
As IoT devices' adoption grows rapidly, security plays an important role in our daily lives. As part of the effort to counter these security threats in recent years, many IoT intrusion detection datasets were presented, such as TON_IoT, BoT-IoT, and Aposemat IoT-23. These datasets were used to build many machine learning-based IoT intrusion detection models. In this research, we present an explainable and efficient method for selecting the most effective universal features from IoT intrusion detection datasets that can help in producing highly-accurate and efficient machine learning-based intrusion detection systems. The proposed method was applied to TON_IoT, Aposemat IoT-23, and IoT-ID datasets and resulted in the selection of six universal network-flow features. The proposed method was tested and produced a high accuracy of 99.62% with a prediction time reduced by up to 70%. To provide better insight into the operation of the classifier, a Shapley additive explanation was used to explain the selected features and to prove the alignment of the explanation with current attack techniques.
随着物联网设备的快速普及,安全性在我们的日常生活中扮演着重要的角色。近年来,为了应对这些安全威胁,人们提出了许多物联网入侵检测数据集,如 TON_IoT、BoT-IoT 和 Aposemat IoT-23。这些数据集被用于构建许多基于机器学习的物联网入侵检测模型。在这项研究中,我们提出了一种可解释且高效的方法,用于从物联网入侵检测数据集中选择最有效的通用特征,从而帮助生成高精度、高效的基于机器学习的入侵检测系统。该方法应用于 TON_IoT、Aposemat IoT-23 和 IoT-ID 数据集,并从中选择了六个通用网络流特征。该方法经过测试,准确率高达 99.62%,预测时间最多可缩短 70%。为了更好地了解分类器的工作原理,我们使用 Shapley 加法解释来解释所选特征,并证明解释与当前攻击技术的一致性。
