ZigBee IoT Intrusion Detection System: A Hybrid Approach with Rule-based and Machine Learning Anomaly Detection

The Internet of Things (IoT) is an emerging technology with potential applications in different domains. However these IoT systems introduce new security risks and potentially open new attack vector never seen before. In this article, we show various methods to detect known attacks, as well as possible new types of attacks on ZigBee based IoT systems. To do so, we introduce a novel Intrusion Detection System (IDS) with hybrid approach by combining the human-crafted rule-based and machine learning-based anomaly detection. Rule-based approach is used to provide accurate detection mechanism for known attacks, but the rule-based approach introduces complexity in defining precise rules for accurate detection. Therefore, machine learning approach is specifically used to create a complex model of normal behaviour that is used for anomaly detection. This paper outlines the IDS implementation that cover various types of detection methods both to detect known attacks, as well as potential new type of attacks in the ZigBee IoT systems.