The rapid expansion of Internet of Things (IoT) deployments across diverse sectors has significantly enhanced operational efficiency, yet concurrently elevated cybersecurity vulnerabilities due to increased exposure to cyber threats. Given the limitations of traditional signature-based Anomaly Detection Systems (ADS) in identifying emerging and zero-day threats, this study investigates the effectiveness of two unsupervised anomaly detection techniques, Isolation Forest (IF) and One-Class Support Vector Machine (OC-SVM), using the TON_IoT thermostat dataset. A comprehensive evaluation was performed based on standard metrics (accuracy, precision, recall, and F1-score) alongside critical resource utilization metrics such as inference time, model size, and peak RAM usage. Experimental results revealed that IF consistently outperformed OC-SVM, achieving higher detection accuracy, superior precision, and recall, along with a significantly better F1-score. Furthermore, Isolation Forest demonstrated a markedly superior computational footprint, making it more suitable for deployment on resource-constrained IoT edge devices. These findings underscore Isolation Forest's robustness in high-dimensional and imbalanced IoT environments and highlight its practical viability for real-time anomaly detection.
翻译:物联网(IoT)在各领域的快速部署显著提升了运营效率,但同时也因面临更多网络威胁而加剧了网络安全漏洞。鉴于传统基于特征的异常检测系统(ADS)在识别新兴和零日威胁方面的局限性,本研究利用TON_IoT恒温器数据集,探究了两种无监督异常检测技术——孤立森林(IF)和单类支持向量机(OC-SVM)的有效性。我们基于标准指标(准确率、精确率、召回率和F1分数)以及关键资源使用指标(如推理时间、模型大小和峰值RAM使用量)进行了全面评估。实验结果表明,IF始终优于OC-SVM,实现了更高的检测准确率、更优的精确率和召回率,以及显著更好的F1分数。此外,孤立森林展现出明显更优的计算资源占用,使其更适合部署在资源受限的物联网边缘设备上。这些发现凸显了孤立森林在高维且不平衡的物联网环境中的鲁棒性,并强调了其在实时异常检测中的实际可行性。
相关内容
微信扫码咨询专知VIP会员