Sustaining the Effectiveness of IoT-Driven Intrusion Detection over
Time: Defeating Concept and Data Drifts
Abstract
This paper addresses the challenge of sustaining the intrusion detection
effectiveness of machine learning-based intrusion detection systems in
the Internet of Things (IoT) in the presence of concept and data drifts.
Data drift is a phenomenon which embodies the change that happens in the
relationships among the independent features, which is mainly due to
changes in the data quality over time. Concept drift is a phenomenon
which depicts the change in the relationships between input and output
data in the machine learning model over time. To address data drifts, we
first propose a series of data preparation steps that help improve the
quality of the data and avoid inconsistencies. To counter concept
drifts, we capitalize on an online deep neural network model that relies
on an ensemble of varying depth neural networks that cooperate and
compete together to enable the model to steadily learn and adapt as new
data come, thus allowing for stable and long-lasting learning.
Experiments conducted on a real-world IoT-based intrusion detection
dataset, designed to address concept and data drifts, suggest that our
solution stabilizes the performance of the intrusion detection on both
the training and testing data compared to the static deep neural network
model, which is widely used for intrusion detection.