Clustering model for the first line of defense in IDS for IoT

The Internet of Things (IoT) applications are prone to security attacks due to their distributed nature. Intrusion detection systems are the prominent security devices used to protect IoT devices in the network. There have been various kinds of intrusion detection systems designed especially for IoT networks. Still, each faces some challenges like high false rate, failure to detect unknown threats, failure to provide accurate results in real-time monitoring, etc. IoT networks generate huge amounts of data with varying traffic having noise and it is not always possible to label them as normal or malicious. Moreover, traditional signature-based IDS detects only predefined attacks and fails to detect zero-day attacks. In such scenarios, signature-based IDS for IoT are not successful and thus there is a need to use unsupervised learning algorithms of clustering and other machine learning models to detect anomalies in IoT networks. This paper therefore compares various clustering methods and selects the best clustering method that can be used with a machine learning model to enhance the accuracy of the intrusion detection system for IoT networks. The unsupervised clustering algorithm is used for identifying the outliers in IoT device behavior and traffic indicating any security threat. The machine learning algorithms with clustering algorithms help in the detection of known and unknown threats using behavior profiling and clustering techniques. This research evaluates three clustering techniques DBSCAN, K-Means, and Agglomerative Clustering in the context of IoT IDS. It uses metrics such as accuracy, precision, recall, and false positive rate. Experimental results show that DBSCAN clustering proves to be beneficial in detecting threats, reduces false rates, and helps in real-time IoT threat detection when compared to other clustering algorithms methods. These findings lay the importance of DBSCAN-based clustering in IDS helps to enhance security in complex IoT networks. This outcome shall be used to come up with a real-time hybrid model to enhance the precision of IDS in IoT networks.