Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks

Rao Naveed Bin Rais; Osman Khalid; Jazib e. Nazar; Muhammad Usman Shahid Khan

doi:10.1007/978-3-031-33743-7_27

Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks

Rao Naveed Bin Rais
, Osman Khalid
, Jazib e. Nazar
, Muhammad Usman Shahid Khan

College of Engineering and Information Technology

COMSATS University Islamabad

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

In the past few years, numerous machine learning techniques have been employed in IoT networks to develop Intrusion Detection Systems (IDS) that differentiate abnormal activities caused by malicious intruders from the typical network behavior. Due to the large volume of data produced by IoT devices, it is challenging to perform real-time classification of data to find any abnormal patterns. Single classifier-based approaches are considered to be simple and straightforward but may not be able to capture all the relevant information in the data, leading to suboptimal performance. To overcome the weaknesses of single classifiers, it is often beneficial to use an ensemble of classifiers, such as a random forest or a gradient-boosted trees model, which can capture a wider range of patterns in the data and lead to improved performance. However, ensemble models can be computationally expensive to train especially when using large numbers of base classifiers making it difficult to scale the models to large datasets, such as of IoT. This paper presents a detailed empirical analysis of the comparative performance of single classifier versus ensemble models for intrusion detection in IoT networks by utilizing two benchmark datasets in the Internet of Things: NSL-KDD and UNSW-NB15. It has been observed that under certain conditions, the performance of single classifier-based IDS surpasses the ensemble stacking approaches. Moreover, training/testing dataset selection has a major impact on overall validation and testing performance of the models. Based on the empirical observations, we use a novel method known as ensemble stacking approach that outperforms the baselines for the selected datasets. The research provides a detailed insight into the impact of various classifiers and dataset features on the performance of IDS in IoT environments.

Original language	English
Title of host publication	Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23)
Editors	Kevin Daimi, Abeer Al Sadoon
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	329-344
Number of pages	16
ISBN (Print)	9783031337420
DOIs	https://doi.org/10.1007/978-3-031-33743-7_27
State	Published - 2023
Event	1st International Conference on Advances in Computing Research, ACR’23 - Orlando, United States Duration: 8 May 2023 → 10 May 2023

Publication series

Name	Lecture Notes in Networks and Systems
Volume	700 LNNS
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	1st International Conference on Advances in Computing Research, ACR’23
Country/Territory	United States
City	Orlando
Period	8/05/23 → 10/05/23

Keywords

Ensemble Learning
Internet of Things
Intrusion Detection
Machine Learning
Single Classifiers

Access to Document

10.1007/978-3-031-33743-7_27

Cite this

Rais, R. N. B., Khalid, O., Nazar, J. E., & Khan, M. U. S. (2023). Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks. In K. Daimi, & A. Al Sadoon (Eds.), Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23) (pp. 329-344). (Lecture Notes in Networks and Systems; Vol. 700 LNNS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-33743-7_27

Rais, Rao Naveed Bin ; Khalid, Osman ; Nazar, Jazib e. et al. / Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks. Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23). editor / Kevin Daimi ; Abeer Al Sadoon. Springer Science and Business Media Deutschland GmbH, 2023. pp. 329-344 (Lecture Notes in Networks and Systems).

@inproceedings{5aad7395dae74b4ba14922406d2a71e3,

title = "Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks",

abstract = "In the past few years, numerous machine learning techniques have been employed in IoT networks to develop Intrusion Detection Systems (IDS) that differentiate abnormal activities caused by malicious intruders from the typical network behavior. Due to the large volume of data produced by IoT devices, it is challenging to perform real-time classification of data to find any abnormal patterns. Single classifier-based approaches are considered to be simple and straightforward but may not be able to capture all the relevant information in the data, leading to suboptimal performance. To overcome the weaknesses of single classifiers, it is often beneficial to use an ensemble of classifiers, such as a random forest or a gradient-boosted trees model, which can capture a wider range of patterns in the data and lead to improved performance. However, ensemble models can be computationally expensive to train especially when using large numbers of base classifiers making it difficult to scale the models to large datasets, such as of IoT. This paper presents a detailed empirical analysis of the comparative performance of single classifier versus ensemble models for intrusion detection in IoT networks by utilizing two benchmark datasets in the Internet of Things: NSL-KDD and UNSW-NB15. It has been observed that under certain conditions, the performance of single classifier-based IDS surpasses the ensemble stacking approaches. Moreover, training/testing dataset selection has a major impact on overall validation and testing performance of the models. Based on the empirical observations, we use a novel method known as ensemble stacking approach that outperforms the baselines for the selected datasets. The research provides a detailed insight into the impact of various classifiers and dataset features on the performance of IDS in IoT environments.",

keywords = "Ensemble Learning, Internet of Things, Intrusion Detection, Machine Learning, Single Classifiers",

author = "Rais, \{Rao Naveed Bin\} and Osman Khalid and Nazar, \{Jazib e.\} and Khan, \{Muhammad Usman Shahid\}",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 1st International Conference on Advances in Computing Research, ACR{\textquoteright}23 ; Conference date: 08-05-2023 Through 10-05-2023",

year = "2023",

doi = "10.1007/978-3-031-33743-7\_27",

language = "English",

isbn = "9783031337420",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "329--344",

editor = "Kevin Daimi and \{Al Sadoon\}, Abeer",

booktitle = "Proceedings of the 2023 International Conference on Advances in Computing Research (ACR{\textquoteright}23)",

address = "Germany",

}

Rais, RNB, Khalid, O, Nazar, JE & Khan, MUS 2023, Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks. in K Daimi & A Al Sadoon (eds), Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23). Lecture Notes in Networks and Systems, vol. 700 LNNS, Springer Science and Business Media Deutschland GmbH, pp. 329-344, 1st International Conference on Advances in Computing Research, ACR’23, Orlando, United States, 8/05/23. https://doi.org/10.1007/978-3-031-33743-7_27

Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks. / Rais, Rao Naveed Bin; Khalid, Osman; Nazar, Jazib e. et al.
Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23). ed. / Kevin Daimi; Abeer Al Sadoon. Springer Science and Business Media Deutschland GmbH, 2023. p. 329-344 (Lecture Notes in Networks and Systems; Vol. 700 LNNS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks

AU - Rais, Rao Naveed Bin

AU - Khalid, Osman

AU - Nazar, Jazib e.

AU - Khan, Muhammad Usman Shahid

PY - 2023

Y1 - 2023

N2 - In the past few years, numerous machine learning techniques have been employed in IoT networks to develop Intrusion Detection Systems (IDS) that differentiate abnormal activities caused by malicious intruders from the typical network behavior. Due to the large volume of data produced by IoT devices, it is challenging to perform real-time classification of data to find any abnormal patterns. Single classifier-based approaches are considered to be simple and straightforward but may not be able to capture all the relevant information in the data, leading to suboptimal performance. To overcome the weaknesses of single classifiers, it is often beneficial to use an ensemble of classifiers, such as a random forest or a gradient-boosted trees model, which can capture a wider range of patterns in the data and lead to improved performance. However, ensemble models can be computationally expensive to train especially when using large numbers of base classifiers making it difficult to scale the models to large datasets, such as of IoT. This paper presents a detailed empirical analysis of the comparative performance of single classifier versus ensemble models for intrusion detection in IoT networks by utilizing two benchmark datasets in the Internet of Things: NSL-KDD and UNSW-NB15. It has been observed that under certain conditions, the performance of single classifier-based IDS surpasses the ensemble stacking approaches. Moreover, training/testing dataset selection has a major impact on overall validation and testing performance of the models. Based on the empirical observations, we use a novel method known as ensemble stacking approach that outperforms the baselines for the selected datasets. The research provides a detailed insight into the impact of various classifiers and dataset features on the performance of IDS in IoT environments.

AB - In the past few years, numerous machine learning techniques have been employed in IoT networks to develop Intrusion Detection Systems (IDS) that differentiate abnormal activities caused by malicious intruders from the typical network behavior. Due to the large volume of data produced by IoT devices, it is challenging to perform real-time classification of data to find any abnormal patterns. Single classifier-based approaches are considered to be simple and straightforward but may not be able to capture all the relevant information in the data, leading to suboptimal performance. To overcome the weaknesses of single classifiers, it is often beneficial to use an ensemble of classifiers, such as a random forest or a gradient-boosted trees model, which can capture a wider range of patterns in the data and lead to improved performance. However, ensemble models can be computationally expensive to train especially when using large numbers of base classifiers making it difficult to scale the models to large datasets, such as of IoT. This paper presents a detailed empirical analysis of the comparative performance of single classifier versus ensemble models for intrusion detection in IoT networks by utilizing two benchmark datasets in the Internet of Things: NSL-KDD and UNSW-NB15. It has been observed that under certain conditions, the performance of single classifier-based IDS surpasses the ensemble stacking approaches. Moreover, training/testing dataset selection has a major impact on overall validation and testing performance of the models. Based on the empirical observations, we use a novel method known as ensemble stacking approach that outperforms the baselines for the selected datasets. The research provides a detailed insight into the impact of various classifiers and dataset features on the performance of IDS in IoT environments.

KW - Ensemble Learning

KW - Internet of Things

KW - Intrusion Detection

KW - Machine Learning

KW - Single Classifiers

UR - https://www.scopus.com/pages/publications/85163307409

U2 - 10.1007/978-3-031-33743-7_27

DO - 10.1007/978-3-031-33743-7_27

M3 - Conference contribution

AN - SCOPUS:85163307409

SN - 9783031337420

T3 - Lecture Notes in Networks and Systems

SP - 329

EP - 344

BT - Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23)

A2 - Daimi, Kevin

A2 - Al Sadoon, Abeer

PB - Springer Science and Business Media Deutschland GmbH

T2 - 1st International Conference on Advances in Computing Research, ACR’23

Y2 - 8 May 2023 through 10 May 2023

ER -

Rais RNB, Khalid O, Nazar JE, Khan MUS. Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks. In Daimi K, Al Sadoon A, editors, Proceedings of the 2023 International Conference on Advances in Computing Research (ACR’23). Springer Science and Business Media Deutschland GmbH. 2023. p. 329-344. (Lecture Notes in Networks and Systems). doi: 10.1007/978-3-031-33743-7_27

Analysis of Intrusion Detection Using Ensemble Stacking-Based Machine Learning Techniques in IoT Networks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this