Dimensionality reduction for detection of anomalies in the IoT traffic data

This paper concerns cybersecurity issues in one of the fastest growing fields of modern computer systems the Internet-of-Things (IoT). In this field, intrusion detection plays a significant role in allowing IoT systems' safe functioning and continuous operation. Visualizing the IoT data using dimensionality reduction allows for an easy and straightforward traffic analysis based on a graphical data representation, eligible for interpretation even by non-experts. We present a study on IoT network intrusion detection using three dimensionality reduction methods, namely, the Self-Organizing Map (SOM), the t-distributed Stochastic Neighbor Embedding (t-SNE), and the Neighborhood Retrieval Visualizer (NeRV). We show that applying them to the IoT traffic allows for reducing the original traffic feature space to a 2-D one, where anomalies may be noticed visually as outliers. The purpose of our study and its original contribution is conducting a comparative analysis of the t-SNE versus NeRV dimensionality reduction approaches in both: theoretical and empirical aspects. We notice and point out specific significant differences between these methods, which, as we claim, are responsible for their different performance in the IoT field, which is validated by our empirical study on real-world IoT traffic datasets. The results of our experimental research provide an interesting insight into the behavior of the investigated techniques and confirm their effectiveness and usability in IoT anomalies detection.