A Hierarchical Hybrid Intrusion Detection Approach in IoT Scenarios

Internet of Things (IoT) fosters unprecedented network heterogeneity and dynamicity, thus increasing the variety and the amount of related vulnerabilities. Hence, traditional security approaches fall short, also in terms of resulting scalability and privacy. In this paper we propose H2ID, a two-stage hierarchical Network Intrusion Detection approach. H2ID performs (i) anomaly detection via a novel lightweight solution based on a MultiModal Deep AutoEncoder (M2-DAE), and (ii) attack classification, using soft-output classifiers. We validate our proposal using the recently-released Bot-IoT dataset, inferring among four relevant categories of attack (DDoS, DoS, Scan, and Theft) and unknown attacks. Results show gains of the proposed M2-DAE in the case of simple anomaly detection (up to -40% false-positive rate when compared with several baselines at same true positive rate) and for H2ID as a whole when compared to the best-performing misuse detector approach (up to ≈ +5% F1 score). Besides the performance advantages, our system is suitable for distributed and privacy-preserving deployments while limiting re-training necessities, in line with the high efficiency as well as the flexibility required in IoT scenarios.