Intrusion Detection in IoT Network Traffic Using Markov Model

The rapid development of IoT-related technology accelerates the increase in network traffic volume. Hence, network traffic monitoring and analysis are more challenging than before in terms of possible malicious acts due to the immense traffic volume. Being a crucial measure to identify malicious network traffic that might enter a private network, an intrusion detection algorithm has always been an ongoing research topic, owing to its importance in cybersecurity. In this work, we aim to enhance cybersecurity in industrial IoT by performing intrusion detection on the generated network traffic. Therefore, we present a lightweight intrusion detection algorithm based on the Markov model, taking advantage of the source and destination payload lengths, and connection states defined in Zeek logs. We are able to detect intrusive network traffic with high accuracy, using the empirical probability law and Hellinger distance. The pattern similarities between the normal traffic and the cyberattack traffic are the key to our detection method. Lastly, the algorithm is evaluated with ToN_IoT public datasets, followed by an analysis of the experimental results.