Intrusion Detection for Time-Series IoT Data with Recurrent Neural Networks and Feature Selection
preprintposted on 08.01.2021, 23:38 by Naeem Firdous SyedNaeem Firdous Syed, Meng Meng Ge, Zubair Baig
Deep learning (DL) techniques are being widely researched for their effectiveness in detecting cyber intrusions against the Internet of Things (IoT). However, time sensitive Critical Infrastructures (CIs) that rely on IoT require quicker detection of cyber intrusions close to the constrained devices in order to prevent service delays. FoG layer with higher computing resources and close proximity to IoT devices makes them suitable to deploy deep learning techniques for effective intrusion detection. However, communication overheads due to large volume of IoT data and computation requirements for deep learning models prevents effective use of FoG layer and raises scalability issues. To counter these issues, we propose a novel IoT intrusion detection framework incorporates feature selection step on time-series IoT data, followed by a deep learning Recurrent Neural Network (SimpleRNN and Bi-directional Long Short-Term Memory (LSTM)) based IoT attack detection. The effectiveness of the proposed approach was evaluated using the high-dimensional BoT-IoT dataset which contains large volumes of realistic IoT attack traffic. Results show that feature selection methods significantly ( 90%) reduced the dataset size and still achieved an increased recall rate compared to full feature set without loosing class differentiation ability. The SimpleRNN and Bi-LSTM models also did not suffer any underfitting or overfitting with the reduced feature space. The proposed deep learning based IoT intrusion detection framework is suitable for FoG layer deployment and can scale well with effective use of sub-divided dataset.