Investigating the security issues of IoT devices using machine learning techniques

The integration of the Internet of Things (IoT) across various sectors has notably increased vulnerability to sophisticated multilayer attacks, compromising multiple security layers and leading to significant breaches, including data loss, personal information theft, and financial losses. The existing research on multilayer IoT attacks faces gaps in real-world applicability due to reliance on outdated datasets and limited focus on adaptive, dynamic approaches to address multilayer vulnerabilities. Additionally, the complete reliance on automated processes without integrating human expertise in feature selection and weighting processes may affect the reliability of detection models. This thesis proposes a novel Semi-Automated Intrusion Detection System (SAIDS), integrating efficient feature selection, feature weighting, normalisation, visualisation, and human-machine interaction to enhance the detection and identification of multilayer attacks, thereby improving mitigation strategies.

This research contributes significantly to IoT security by highlighting the SAIDS framework’s ability to efficiently detect and classify multilayer attacks in machine learning models optimising the computational process and extracting most significant features extracted out of dataset. By incorporating human expertise into the optimised feature analysis process, the proposed system enhances the reliability of detection models through binary (attack/no-attack) and multiclass classifications (UDP, ICMP, HTTP flood, MITM, TCP SYN, XSS, SQL injection, and Password cracking), thereby showing a potential for developing a robust foundation for future research in dynamic and adaptive security measures for IoT environments. These findings not only validate the practical applicability of SAIDS in real-world scenarios but also propose a standard framework for future IoT security enhancements using machine learning methods.

The SAIDS framework was evaluated using the Edge-IIoTset dataset, a recent IoT dataset. Additionally, it was evaluated on a dataset collected from the Cooja simulation platform running on the Contiki Operating System for simulated UDP flood attacks, as well as on real IoT devices, specifically an ARP poisoning attack on the Xiaomi Redmi Note 9S. Through this evaluation, the framework identified 13 significant features from the Edge-IIoTset dataset and seven significant features from the simulated environment dataset for the detection and classification of IoT multilayer attacks. The research employs various machine learning models, with a focus on K-Nearest Neighbours (KNN), which outperformed other classifiers in terms of accuracy, precision, recall, and F1-score in binary classification and multiclass classification. It achieved a high accuracy rate of 99% in detecting normal traffic, TCP SYN, and ICMP flood, 97% in XSS, and 94% in HTTP flood, SQL injection, and password cracking attacks.