IoT Data from IoT-23, NSL-KDD, and TON_IoT

As the Internet of Things (IoT) continues to evolve, securing IoT networks and devices remains a continuing challenge.The deployment of IoT applications makes protection more challenging with the increased attack surfaces as well as the vulnerable and resource-constrained devices. Anomaly detection is a crucial procedure in protecting IoT. A promising way to perform anomaly detection on IoT is through the use of machine learning algorithms. There is a lack in the literature to identify the optimal (with regard to both effectiveness and efficiency) anomaly detection models for IoT. To fill the gap, this work thoroughly investigated the effectiveness and efficiency of XGBoost in IoT anomaly detection and compared it with the well-known learning models, Support Vector Machines (SVM) and Deep Convolutional Neural Networks (DCNN). Identifying the optimal anomaly detection models for IoT is highly challenging due to diverse IoT applications and dynamic IoT networking environments. It is of vital importance to evaluate the ML powered anomaly detection models using multiple datasets collected from different environments. We utilized three well-known datasets to benchmark the aforementioned machine learning methods, namely, IoT-23, NSL_KDD, and TON_IoT. Our results show that XGBoost outperformed both SVM and DCNN achieving accuracies up to 99.98%. Moreover, XGBoost proved to be the most computationally efficient method where the model performed 717.75 times faster than SVM and significantly faster than DCNN in terms of training times. The research results have been further confirmed by using our real-world IoT data collected from an IoT testbed consisting of physical devices that we recently built. Our evaluation of the anomaly detection models using the real-world data proves that XGBoost can be used to efficiently and accurately detect anomalies in real-world IoT applications.