Classification of Legitimate and Compromised Data Inside IoT Environment Based on Machine Learning

Abstract

Internet of things is a technology where the physical objects are connected over the internet to carry out different functions. IoT objects are embedded with software, sensors, and other technologies for exchanging data with other objects. Adaptation of the internet and connectivity capability of the everyday device is becoming a reality. Despite its huge growth, the IoT market is facing many barriers due to its security and privacy issues. IoT devices have traditional security management controls (i.e., usage of default passwords, no policy control, and no firmware update), highlight them as highly susceptible and prone to be compromised devices. These vulnerabilities are exploited by the attackers since they can compromise the IoT devices and gain remote access for malicious attacks. These compromised devices are used for DDOS attacks, phishing campaigns and to compromise the data. Intrusion detection systems based on machine learning algorithms overcome the security limitations of the IoT environment. In the same context, Machine Learning based classification techniques are proposed by using features in MedBIoT dataset. MedBIoT dataset includes both normal and actual botnet traffic in a medium-sized IoT environment, which consists of 83 devices. We apply supervised Machine Learning algorithms, i.e., Random Forest (RF), K-nearest Neighbor. Using RF, we respectively achieve 99.33% and 98.70% of accuracies in binary and multiclass classification. We also applied Deep Learning techniques, i.e, 1D Convolutional Neural Network and 2D Convolutional Neural Network. Using 1D CNN, respectively achieve 98.20% and 98.40% of accuracies in binary and multiclass classification. Our evaluation results demonstrated our proposed method’s ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices which were part of a botnet.