Study of Network IDS in IoT devices

As connected objects become the norm for quality of life, network intrusion detection is more critical than ever. Over the past decades, several different datasets have been developed to tackle this security challenge. Among them, CIC-IDS2017, one of the most recent IDS datasets, has become a popular choice. Its benefit is the availability of raw data in PCAP files as well as flow-based features in CSV files. In this paper, we study IDS for IoT devices. The objective is to optimize the detection model to be compatible on a device with limited resources. To do so, we propose a methodology to improve the reliability and processing speed of flow-based IDS data. By applying it to CIC-IDS2017 dataset, we highlight serious flaws at several levels and propose a new feature extraction tool named LycoSTand used to generate a corrected version of the dataset called LYCOS-IDS2017. The performance comparison between the original and the corrected datasets shows significant performances increases for all evaluated machine learning algorithms with simpler and more efficient ML models. We carry out a runtime analysis showing that the feature extraction is the bottleneck in flow-based IDS. The experimentation with our solution removing the bottleneck proves that the whole intrusion detection system can be executed on a resource-constrained device. To conclude this paper, a discussion presents the difficulty to compare fairly the performance of the two datasets, identifies other non reliable datasets and finally, highlights limitations of supervised ML approaches. © 2023, The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd.