Intrusion Detection in IoT Data Streams based onEMNCD with Concept Drift

Abstract With the widespread application of smart devices, the security of IoT systems faces entirely new challenges. The IoT data stream operates in a non-stationary, dynamic environment, making it prone to concept drift. This paper focuses on addressing the issue of concept drift in data streams, with a key emphasis on introducing an innovative drift detection method—Ensemble of Multiple Non-parametric Concept Drift detectors, abbreviated as EMNCD. This approach employs ensemble learning of three non-parametric statistical methods: Kolmogorov-Smirnov test, Wilcoxon rank sum test, and Mann-Kendall test. It accurately detects concept drift by comparing the distributions of samples within a sliding window. Through this integration, precise localization of drift points is achieved, enhancing the reliability of detection. Experimental results demonstrate that, when compared to other classical methods, the EMNCD approach exhibits significantly superior performance across artificial datasets. Simultaneously, to enhance the robustness of data stream processing, we introduce an online data anomaly detection method based on the Isolation Forest. Furthermore, we propose a drift adaptation model named WOA-XGBoost. This model employs XGBoost as a base learner, dynamically updates the model using drift points detected by EMNCD, and fine-tunes parameters through the WOA. Through real-world applications on the Edge-IIoTset intrusion dataset, we delve into the impact of concept drift on intrusion detection. In summary, this paper centers around the EMNCD method, introducing innovative drift detection, anomaly detection, and drift adaptation approaches to address concept drift in data streams and enhance security in IoT systems. It offers a series of practical and viable solutions.