Towards an Explainable Universal Feature Set for IoT Intrusion Detection

Mohammed M. Alani; Ali Miri

doi:10.3390/s22155690

Sensors (Jul 2022)

Towards an Explainable Universal Feature Set for IoT Intrusion Detection

Mohammed M. Alani,
Ali Miri

Affiliations

Mohammed M. Alani: Computer Science Department, Toronto Metropolitan University, Toronto, ON M5B 2K3, Canada
Ali Miri: Computer Science Department, Toronto Metropolitan University, Toronto, ON M5B 2K3, Canada

DOI: https://doi.org/10.3390/s22155690
Journal volume & issue: Vol. 22, no. 15
p. 5690

Abstract

Read online

As IoT devices’ adoption grows rapidly, security plays an important role in our daily lives. As part of the effort to counter these security threats in recent years, many IoT intrusion detection datasets were presented, such as TON_IoT, BoT-IoT, and Aposemat IoT-23. These datasets were used to build many machine learning-based IoT intrusion detection models. In this research, we present an explainable and efficient method for selecting the most effective universal features from IoT intrusion detection datasets that can help in producing highly-accurate and efficient machine learning-based intrusion detection systems. The proposed method was applied to TON_IoT, Aposemat IoT-23, and IoT-ID datasets and resulted in the selection of six universal network-flow features. The proposed method was tested and produced a high accuracy of 99.62% with a prediction time reduced by up to 70%. To provide better insight into the operation of the classifier, a Shapley additive explanation was used to explain the selected features and to prove the alignment of the explanation with current attack techniques.

Published in Sensors

ISSN: 1424-8220 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Chemical technology
Website: http://www.mdpi.com/journal/sensors

About the journal

Abstract

Keywords