Evaluating Local Intrusion Detection in the Internet of Things

Security in the Internet of Things (IoT) is designed to ensure timely, reliable and fully operational network. The presence of a malicious device within the network can decrease the IoT applications' effective functionality by failing to transmit the data to the intended user. Intrusion detection systems (IDS) with anomaly detection classify IoT network activity based on what is defined as normal. In this paper we present the evaluation of local Binary Logistic Regression (BLR) detection models, found in mIDS, which monitor local IoT node activity to detect routing layer attacks, such as Selective Forward and Blackhole. The BLR detection models were evaluated in both a simulator and an IoT testbed platform. Overall, our results, both in the simulator and at the testbed, have shown that for each environment to be deployed, a customised BLR model should be created and more than one performance measure should be used. In the paper we propose the use of four performance metrics to fully capture the efficacy of classification methods. Besides Precision, Recall, and Accuracy, we have chosen to include the Matthews Correlation Coefficient in our evaluation set, since it provides a more normalized view and the quality of the BLR detection models.