Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FLARE: Feature-based Lightweight Aggregation for Robust Evaluation of IoT Intrusion Detection

Bradley Boswell, Seth Barrett, Swarnamugi Rajaganapathy, Gokila Dorai

TL;DR

This work tackles the vulnerability of IoT intrusion detection to sudden attack bursts by introducing FLARE, a feature-based lightweight aggregation that captures session-, flow-, and temporal-dynamics through time-based sliding windows. By applying PCA for compact feature extraction on a lab-created IoT dataset, FLARE provides a structured foundation that enhances the performance and efficiency of both supervised and end-to-end models. Across extensive experiments, FLARE improves detection accuracy, reduces training time, and maintains interpretability, demonstrating practical benefits for robust IoT IDS pipelines. The approach offers a pathway to scalable, time-aware intrusion detection in heterogeneous IoT environments with reduced computational overhead.

Abstract

The proliferation of Internet of Things (IoT) devices has expanded the attack surface, necessitating efficient intrusion detection systems (IDSs) for network protection. This paper presents FLARE, a feature-based lightweight aggregation for robust evaluation of IoT intrusion detection to address the challenges of securing IoT environments through feature aggregation techniques. FLARE utilizes a multilayered processing approach, incorporating session, flow, and time-based sliding-window data aggregation to analyze network behavior and capture vital features from IoT network traffic data. We perform extensive evaluations on IoT data generated from our laboratory experimental setup to assess the effectiveness of the proposed aggregation technique. To classify attacks in IoT IDS, we employ four supervised learning models and two deep learning models. We validate the performance of these models in terms of accuracy, precision, recall, and F1-score. Our results reveal that incorporating the FLARE aggregation technique as a foundational step in feature engineering, helps lay a structured representation, and enhances the performance of complex end-to-end models, making it a crucial step in IoT IDS pipeline. Our findings highlight the potential of FLARE as a valuable technique to improve performance and reduce computational costs of end-to-end IDS implementations, thereby fostering more robust IoT intrusion detection systems.

FLARE: Feature-based Lightweight Aggregation for Robust Evaluation of IoT Intrusion Detection

TL;DR

This work tackles the vulnerability of IoT intrusion detection to sudden attack bursts by introducing FLARE, a feature-based lightweight aggregation that captures session-, flow-, and temporal-dynamics through time-based sliding windows. By applying PCA for compact feature extraction on a lab-created IoT dataset, FLARE provides a structured foundation that enhances the performance and efficiency of both supervised and end-to-end models. Across extensive experiments, FLARE improves detection accuracy, reduces training time, and maintains interpretability, demonstrating practical benefits for robust IoT IDS pipelines. The approach offers a pathway to scalable, time-aware intrusion detection in heterogeneous IoT environments with reduced computational overhead.

Abstract

The proliferation of Internet of Things (IoT) devices has expanded the attack surface, necessitating efficient intrusion detection systems (IDSs) for network protection. This paper presents FLARE, a feature-based lightweight aggregation for robust evaluation of IoT intrusion detection to address the challenges of securing IoT environments through feature aggregation techniques. FLARE utilizes a multilayered processing approach, incorporating session, flow, and time-based sliding-window data aggregation to analyze network behavior and capture vital features from IoT network traffic data. We perform extensive evaluations on IoT data generated from our laboratory experimental setup to assess the effectiveness of the proposed aggregation technique. To classify attacks in IoT IDS, we employ four supervised learning models and two deep learning models. We validate the performance of these models in terms of accuracy, precision, recall, and F1-score. Our results reveal that incorporating the FLARE aggregation technique as a foundational step in feature engineering, helps lay a structured representation, and enhances the performance of complex end-to-end models, making it a crucial step in IoT IDS pipeline. Our findings highlight the potential of FLARE as a valuable technique to improve performance and reduce computational costs of end-to-end IDS implementations, thereby fostering more robust IoT intrusion detection systems.

Paper Structure

This paper contains 15 sections, 2 figures, 19 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methodology
  4. Dataset Creation
  5. Feature-based Lightweight Aggregation
  6. Feature Extraction
  7. Supervised Models for Attack Classification
  8. Experimental Evaluation
  9. Experiment 1: Determining Window Size
  10. Experiment 2: FLARE Performance on Supervised Models
  11. Binary Classification
  12. Multi-level Classification
  13. Experiment 3: FLARE Performance on End-to-End Models
  14. Conclusion
  15. Future Enhancement

Figures (2)

  • Figure 1: FLARE - IoT Intrusion Detection System
  • Figure 2: Packet_count_window