Machine Learning Model to Identify Attacks on IoT Device

Abstract

Nowadays, the Internet of things (IoT) refers to the billions of devices designed to transfer data over the internet or other network. With the continuous growth and advancement of IoT applications, attacks on IoT devices have threatened many organisations and consumers in recent years. A successful IoT attack can bring many severe consequences for organisations, such as financial consequences. With Machine Learning approaches taking centre stage in today's computer technology, substantial efforts are being made to use machine learning in the art and science of IoT attack detection. However, most researchers have focused on supervised algorithms to detect IoT attacks, due to its effective capability in detecting IoT attacks, even though zero- day attacks are likely to go undiscovered, as supervised detection algorithms frequently misclassify them. Nevertheless, unsupervised detection techniques can play a significant role in detecting zero-day attacks when other mechanisms fail. Therefore, in the current study, an unsupervised ML model is presented that can distinguish between malicious and benign IoT traffic and effectively react to zero-day IoT attacks. The model is trained with a real data set, depending on the most popular unsupervised ML algorithms that have been successfully implemented with IoT attack problems: k- Means and Autoencoder. Using a real dataset makes the current approach overcome the limitations of one of the problems that may arise from real data in the actual environment, which is in regards to outlier values, by applying the capping approach to treat them. Subsequently, the results of the two unsupervised ML algorithms are presented to reflect their performance. The proposed approach successfully demonstrates that unsupervised models obtained promising results for detecting attacks on IoT network traffic. Moreover, the capping approach for the treatment of outlier values has been proven to improve the models’ performance.