OPTIMIZING INTRUSION DETECTION IN IOT NETWORK ENVIRONMENTS THROUGH DIVERSE DETECTION TECHNIQUES

Abstract

The rapid proliferation of Internet of Things (IoT) environments has revolutionized numerous areas by facilitating connectivity, automation, and efficient data transfer. However, the widespread adoption of these devices poses significant security risks. This is primarily due to insufficient security measures within the devices and inherent weaknesses in several communication network protocols, such as the Message Queuing Telemetry Transport (MQTT) protocol. MQTT is recognized for its lightweight and efficient machine-to-machine communication characteristics in IoT environments. However, this flexibility also makes it susceptible to significant security vulnerabilities that can be exploited. It is necessary to counter and identify these risks and protect IoT network systems by developing effective intrusion detection systems (IDS) to detect attacks with high accuracy. This dissertation addresses these challenges through several vital contributions. The first approach concentrates on improving IoT traffic detection efficiency by utilizing a balanced binary MQTT dataset. This involves effective feature engineering to select the most important features and implementing appropriate machine learning methods to enhance security and identify attacks on MQTT traffic. This includes using various evaluation metrics such as accuracy, precision, recall, F1-score, and ROC-AUC, demonstrating excellent performance in every metric. Moreover, another approach focuses on detecting specific attacks, such as DoS and brute force, through feature engineering to select the most important features. It applies supervised machine learning methods, including Random Forest, Decision Trees, k-Nearest Neighbors, and Xtreme Gradient Boosting, combined with ensemble classifiers such as stacking, voting, and bagging. This results in high detection accuracy, demonstrating its effectiveness in securing IoT networks within MQTT traffic. Additionally, the dissertation presents a real-time IDS for IoT attacks using the voting classifier ensemble technique within the spark framework, employing the real-time IoT 2022 dataset for model training and evaluation to classify network traffic as normal or abnormal. The voting classifier achieves exceptionally high accuracy in real-time, with a rapid detection time, underscoring its efficiency in detecting IoT attacks. Through the analysis of these approaches and their outcomes, the dissertation highlights the significance of employing machine learning techniques and demonstrates how advanced algorithms and metrics can enhance the security and detection efficiency of general IoT network traffic and MQTT protocol network traffic.