ADAPTIVE IOT THREAT INTELLIGENCE: A MACHINE LEARNING FRAMEWORK FOR DYNAMIC ATTACK PATTERN RECOGNITION

Abstract

The proliferation of Internet of Things (IoT) devices has resulted in a landscape of unprecedented security challenges. With rapidly increasing levels of threats, traditional security approaches fall short of meeting the unique challenges exerted by these IoT environments. The goal of this research is to evaluate the effectiveness of various machine learning models in attack pattern recognition while establishing a performance benchmark for adaptive threat detection. A dataset consisting of 48,003 network flow records encompassing 25 features was collected from Kaggle to implement three machine learning algorithms: Random Forest, XGBoost, and LightGBM, and compare their performance. The comparison involved an assessment of the accuracy of an attack detection model depending on the class of the targeted attack and an assessment of each functional feature of the model.XGBoost was the best model, which achieved an overall accuracy of 90%, while Random Forest and LightGBM had lower performances at 81% and 50%, respectively. Additionally, based on the feature importance analysis, duration, connection status, and Byte-related metrics were found to be the most important indicators for attack detection, while the feature duration had consistent importance across all models.  This work shows a better performance of gradient boosting approaches on IoT threat detection problems, particularly in handling class imbalance challenges. The results provide insights into the optimization of feature selection in resource-constrained IoT environments and raise awareness for new studies on minority attack class detection and model optimization with IoT-specific constraints.