A SEL for attack detection in IoT/IIoT networks

Intrusion detection systems (IDSs) that continuously monitor data flow and take swift action when attacks are identified safeguard networks. Conventional IDS exhibit limitations, such as reduced detection rates and increased computational complexity, attributed to the redundancy and substantial correlation of network data. Ensemble learning (EL) is effective for detecting network attacks. Nonetheless, network traffic data and memory space requirements are typically significant. Therefore, deploying the EL approach on Internet-of-Things (IoT) devices with limited memory is challenging. In this paper, we use feature importance (FI), a filter-based feature selection technique for feature dimensionality reduction, to reduce the feature dimensions of an IoT/IIoT network traffic dataset. We also employ lightweight stacking ensemble learning (SEL) to appropriately identify network traffic records and analyse the reduced features after applying FI to the dataset. Extensive experiments use the Edge-IIoTset dataset containing IoT and IIoT network records. We show that FI reduces the storage space needed to store comprehensive network traffic data by 86.9%, leading to a significant decrease in training and testing time. Regarding accuracy, precision, recall, training and test time, our classifier that utilised the eight best dataset features recorded 87.37%, 90.65%, 77.73%, 80.88%, 16.18 s and 0.10 s for its overall performance. Despite the reduced features, our proposed SEL classifier shows insignificant accuracy compromise. Finally, we pioneered the explanation of SEL by using a decision tree to analyse its performance gain against single learners.