Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets
The security of Internet of Things (IoT) and Industrial Internet of Things (IIoT) systems has been significantly enhanced through the integration of effective intrusion detection systems (IDSs). Machine learning (ML) has emerged as a highly efficient approach for designing cyber-attack detection sys...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10937697/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850203861023719424 |
|---|---|
| author | Shereen Ismail Salah Dandan Ala'a Qushou |
| author_facet | Shereen Ismail Salah Dandan Ala'a Qushou |
| author_sort | Shereen Ismail |
| collection | DOAJ |
| description | The security of Internet of Things (IoT) and Industrial Internet of Things (IIoT) systems has been significantly enhanced through the integration of effective intrusion detection systems (IDSs). Machine learning (ML) has emerged as a highly efficient approach for designing cyber-attack detection systems to improve the security. This study reviewed recent advancements in the literature utilizing the TON_IoT, WUSTL-IIoT-2021, and Edge-IIoTset datasets. A comprehensive performance analysis of various supervised ML classification techniques was conducted to identify lightweight models suitable for deployment in resource-constrained IoT and IIoT environments. The performance of Decision Tree (DT), Random Forest (RF), and three ensemble techniques: Bagging, Stacking, and LightGBM (LGBM), was evaluated. The TON_IoT, WUSTL-IIOT-2021, and Edge-IIoTset imbalanced datasets, representing three distinct IIoT environments and encompassing numerous samples of different attack types, were used. The impact of imbalanced class distributions on model performance was analyzed. The imbalanced datasets were customized for training and testing ML models, with feature selection performed using Mutual Information (MI). Model performance was assessed using several metrics: Precision, Recall, Micro-F1, Model Size, and Training Time. Furthermore, a cross-dataset transfer learning approach was applied to evaluate how models trained on the TON_IoT dataset generalize when tested on the WUSTL-IIoT-2021 dataset, demonstrating the ability of the models to generalize across datasets with common features and attack labels. For real-time intrusion detection and network traffic analysis, we set up an experiment to deploy the trained ML models in a live network environment. The experiment provided real-time insights into CPU usage, memory consumption, and network activity, with predictions continuously logged for monitoring and further analysis. |
| format | Article |
| id | doaj-art-ab0ce5aae11c437d8f468e5d2fe37ee6 |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-ab0ce5aae11c437d8f468e5d2fe37ee62025-08-20T02:11:25ZengIEEEIEEE Access2169-35362025-01-0113734687348510.1109/ACCESS.2025.355408310937697Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset DatasetsShereen Ismail0https://orcid.org/0000-0001-8580-1648Salah Dandan1Ala'a Qushou2Merit Network Inc., Ann Arbor, MI, USASchool of Electrical Engineering and Computer Science, University of North Dakota, Grand Forks, ND, USADepartment of Computer Engineering, University of Jordan, Amman, JordanThe security of Internet of Things (IoT) and Industrial Internet of Things (IIoT) systems has been significantly enhanced through the integration of effective intrusion detection systems (IDSs). Machine learning (ML) has emerged as a highly efficient approach for designing cyber-attack detection systems to improve the security. This study reviewed recent advancements in the literature utilizing the TON_IoT, WUSTL-IIoT-2021, and Edge-IIoTset datasets. A comprehensive performance analysis of various supervised ML classification techniques was conducted to identify lightweight models suitable for deployment in resource-constrained IoT and IIoT environments. The performance of Decision Tree (DT), Random Forest (RF), and three ensemble techniques: Bagging, Stacking, and LightGBM (LGBM), was evaluated. The TON_IoT, WUSTL-IIOT-2021, and Edge-IIoTset imbalanced datasets, representing three distinct IIoT environments and encompassing numerous samples of different attack types, were used. The impact of imbalanced class distributions on model performance was analyzed. The imbalanced datasets were customized for training and testing ML models, with feature selection performed using Mutual Information (MI). Model performance was assessed using several metrics: Precision, Recall, Micro-F1, Model Size, and Training Time. Furthermore, a cross-dataset transfer learning approach was applied to evaluate how models trained on the TON_IoT dataset generalize when tested on the WUSTL-IIoT-2021 dataset, demonstrating the ability of the models to generalize across datasets with common features and attack labels. For real-time intrusion detection and network traffic analysis, we set up an experiment to deploy the trained ML models in a live network environment. The experiment provided real-time insights into CPU usage, memory consumption, and network activity, with predictions continuously logged for monitoring and further analysis.https://ieeexplore.ieee.org/document/10937697/Internet of ThingsIndustrial Internet of Thingssecuritycyber-attacksintrusion detectionmachine learning |
| spellingShingle | Shereen Ismail Salah Dandan Ala'a Qushou Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets IEEE Access Internet of Things Industrial Internet of Things security cyber-attacks intrusion detection machine learning |
| title | Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets |
| title_full | Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets |
| title_fullStr | Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets |
| title_full_unstemmed | Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets |
| title_short | Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets |
| title_sort | intrusion detection in iot and iiot comparing lightweight machine learning techniques using ton iot wustl iiot 2021 and edgeiiotset datasets |
| topic | Internet of Things Industrial Internet of Things security cyber-attacks intrusion detection machine learning |
| url | https://ieeexplore.ieee.org/document/10937697/ |
| work_keys_str_mv | AT shereenismail intrusiondetectioniniotandiiotcomparinglightweightmachinelearningtechniquesusingtoniotwustliiot2021andedgeiiotsetdatasets AT salahdandan intrusiondetectioniniotandiiotcomparinglightweightmachinelearningtechniquesusingtoniotwustliiot2021andedgeiiotsetdatasets AT alaaqushou intrusiondetectioniniotandiiotcomparinglightweightmachinelearningtechniquesusingtoniotwustliiot2021andedgeiiotsetdatasets |