Expert Knowledge Correlated Intrusion Detection System Evaluation Framework for Heterogeneous IoT

The dynamic contexts of heterogeneous Internet of Things (HetIoT) adversely affect the performance of learning-based network intrusion detection systems (NIDS) resulting in increased misclassification rates---necessitating an expert knowledge correlated evaluation framework. The proposed generalizable framework includes intrusion root cause analysis, correlation model, and correlated classification metrics that can be generalized over any NID dataset, corresponding expert knowledge, detection technique, and learning-based algorithm to facilitate context-awareness in reducing false alerts. To achieve this, we perform experimentations on the Bot-IoT dataset---with generalized traffic behaviors from multiple existing NID datasets---employing the Support Vector Machine (SVM) machine learning and Multilayer Perceptron (MLP) shallow neural network classifiers, demonstrating the generalizability, robustness, and improved performance of the propounded framework compared to the existing literature. Furthermore, the proposed framework offers minimal processing overhead on the classifier algorithms.