Fusion-based anomaly detection system using modified isolation forest for internet of things

In recent years, advanced threat and zero day attacks are increasing significantly, but the traditional network intrusion detection system based on feature filtering or based on a well known signature has some drawbacks. Accordingly, there is a need for security solutions that are suitable for IoT environment. A network intrusion detection system (NIDS) is a solution that examines network traffic and alerts system administrators if there are security breaches. In this paper, a fusion-based anomaly detection using modified isolation forest for Internet of Things (IoT) is proposed. The proposed NIDS has been evaluated using three benchmark datasets(UNSW-NB15, NLS-KDD and KDDCUP99) in terms of F-score, accuracy and detection rate. Results show that the suggested approach reduces the run time by 28.80% for UNSW-NB15 in the training model and achieves 97.2%, 97.4% accuracy and detection rate respectively. Moreover, M-iForest outperforms other NIDS techniques that are selected from state-of-the-art relevant research found in the literature. © 2022, The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature.