Dimensionality reduction with deep learning classification for botnet detection in the Internet of Things

As the concept of Internet of Things (IoT) becomes dominant in today's lives, manufacturers are rapidly developing IoT devices with primarily focusing on the efficiency and reducing overall cost of their products. However, security issues remain with less or no attention making these devices vulnerable to attackers. One crucial security issue in IoT environments is the intrusion of malicious users. Due to the diversity of IoT devices, previous methods for Intrusion Detection Systems (IDS) do not perform well or efficient in these environments. Furthermore, decreasing the processing power and real-time detection of intrusion in IoT devices require reducing different dimensions of data and preserving the most critical features for detection. Therefore, new machine learning models and feature reduction solutions are being developed to address the problem of intrusion and anomaly detection in IoT-based devices. In this article, after a thorough investigation of previous machine learning methods and datasets for intrusion detection in IoT, an efficient and straightforward feature selection technique, the Fisher's score, is used to remove the unnecessary features. Next, an auto-encoder model and a deep neural network are proposed for binary and multi-class classifications. For performance evaluation, data from several IoT devices are used from the N-BaIoT dataset, one of the most specific datasets for IoT. Simulation results, reported separately for each device, are compared with other methods, in terms of accuracy, precision, recall and F1-score. These results show that using the Fisher's score leads to more accuracy especially for binary classification. Moreover, using the proposed auto-encoder, an accuracy of 99% is achieved for all five devices according to the desired criteria, which is higher than the previous compared methods.