TechRxiv
Corr.pdf (584.83 kB)
Download file

Expert Knowledge Correlated Intrusion Detection System Evaluation Framework for Heterogeneous IoT

Download (584.83 kB)
preprint
posted on 18.11.2021, 06:44 authored by Nitish ANitish A, J. Hanumanthappa, Shiva Prakash S.P, Kirill Krinkin
The dynamic contexts of heterogeneous Internet of Things (HetIoT) adversely affect the performance of learning-based network intrusion detection systems (NIDS) resulting in increased misclassification rates---necessitating an expert knowledge correlated evaluation framework. The proposed generalizable framework includes intrusion root cause analysis, correlation model, and correlated classification metrics that can be generalized over any NID dataset, corresponding expert knowledge, detection technique, and learning-based algorithm to facilitate context-awareness in reducing false alerts. To achieve this, we perform experimentations on the Bot-IoT dataset---with generalized traffic behaviors from multiple existing NID datasets---employing the Support Vector Machine (SVM) machine learning and Multilayer Perceptron (MLP) shallow neural network classifiers, demonstrating the generalizability, robustness, and improved performance of the propounded framework compared to the existing literature. Furthermore, the proposed framework offers minimal processing overhead on the classifier algorithms.

Funding

Development Program of ETU ``LETI" within the framework of the Program of Strategic Academic Leadership, Priority-2030

History

Email Address of Submitting Author

nitish.anantha@acm.org

ORCID of Submitting Author

0000-0002-7461-668X

Submitting Author's Institution

University of Mysore

Submitting Author's Country

India