{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:43:21Z","timestamp":1775745801425,"version":"3.50.1"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031081460","type":"print"},{"value":"9783031081477","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,6,15]],"date-time":"2022-06-15T00:00:00Z","timestamp":1655251200000},"content-version":"vor","delay-in-days":165,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQIN), adapted to the intrusion detection context. The most reliable performance was achieved by LightGBM. Nonetheless, iForest displayed good anomaly detection results and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.<\/jats:p>","DOI":"10.1007\/978-3-031-08147-7_13","type":"book-chapter","created":{"date-parts":[[2022,6,14]],"date-time":"2022-06-14T16:43:08Z","timestamp":1655224988000},"page":"191-207","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":34,"title":["A Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4968-3653","authenticated-orcid":false,"given":"Jo\u00e3o","family":"Vitorino","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2356-3706","authenticated-orcid":false,"given":"Rui","family":"Andrade","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2519-9859","authenticated-orcid":false,"given":"Isabel","family":"Pra\u00e7a","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0779-3480","authenticated-orcid":false,"given":"Orlando","family":"Sousa","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8075-531X","authenticated-orcid":false,"given":"Eva","family":"Maia","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,6,15]]},"reference":[{"issue":"1","key":"13_CR1","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1109\/COMST.2019.2953364","volume":"22","author":"I Butun","year":"2020","unstructured":"Butun, I., Osterberg, P., Song, H.: Security of the Internet of Things: vulnerabilities, attacks, and countermeasures. IEEE Commun. Surv. Tutorials 22(1), 616\u2013644 (2020). https:\/\/doi.org\/10.1109\/COMST.2019.2953364","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"11","key":"13_CR2","doi-asserted-by":"publisher","first-page":"4724","DOI":"10.1109\/TII.2018.2852491","volume":"14","author":"E Sisinni","year":"2018","unstructured":"Sisinni, E., Saifullah, A., Han, S., Jennehag, U., Gidlund, M.: Industrial internet of things: challenges, opportunities, and directions. IEEE Trans. Ind. Inform. 14(11), 4724\u20134734 (2018). https:\/\/doi.org\/10.1109\/TII.2018.2852491","journal-title":"IEEE Trans. Ind. Inform."},{"issue":"3","key":"13_CR3","doi-asserted-by":"publisher","first-page":"2702","DOI":"10.1109\/COMST.2019.2910750","volume":"21","author":"N Neshenko","year":"2019","unstructured":"Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G., Ghani, N.: Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Commun. Surv. Tutorials 21(3), 2702\u20132733 (2019). https:\/\/doi.org\/10.1109\/COMST.2019.2910750","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"13_CR4","doi-asserted-by":"publisher","first-page":"94880","DOI":"10.1109\/ACCESS.2020.2993363","volume":"8","author":"E Al-Masri","year":"2020","unstructured":"Al-Masri, E., et al.: Investigating Messaging Protocols for the Internet of Things (IoT). IEEE Access 8, 94880\u201394911 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2993363","journal-title":"IEEE Access"},{"key":"13_CR5","doi-asserted-by":"publisher","unstructured":"Srivastava, A., Gupta, S., Quamara, M., Chaudhary, P., Aski, V.J.: Future IoT-enabled threats and vulnerabilities: state of the art, challenges, and future prospects. Int. J. Commun. Syst. 33(12) (2020). https:\/\/doi.org\/10.1002\/dac.4443","DOI":"10.1002\/dac.4443"},{"key":"13_CR6","doi-asserted-by":"publisher","unstructured":"Panchal, A.C., Khadse, V.M., Mahalle, P.N.: Security issues in IIoT: a comprehensive survey of attacks on IIoT and its countermeasures. In: Proceedings of the 2018 IEEE Global Conference on Wireless Computing Networking, GCWCN 2018, pp. 124\u2013130 (2019). https:\/\/doi.org\/10.1109\/GCWCN.2018.8668630","DOI":"10.1109\/GCWCN.2018.8668630"},{"key":"13_CR7","doi-asserted-by":"publisher","unstructured":"Tahsien, S.M., Karimipour, H., Spachos, P.: Machine learning based solutions for security of Internet of Things (IoT): a survey. J. Netw. Comput. Appl. 161 (2020). https:\/\/doi.org\/10.1016\/j.jnca.2020.102630","DOI":"10.1016\/j.jnca.2020.102630"},{"issue":"3","key":"13_CR8","doi-asserted-by":"publisher","first-page":"2671","DOI":"10.1109\/COMST.2019.2896380","volume":"21","author":"N Chaabouni","year":"2019","unstructured":"Chaabouni, N., Mosbah, M., Zemmari, A., Sauvignac, C., Faruki, P.: Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutorials 21(3), 2671\u20132701 (2019). https:\/\/doi.org\/10.1109\/COMST.2019.2896380","journal-title":"IEEE Commun. Surv. Tutorials"},{"issue":"4","key":"13_CR9","doi-asserted-by":"publisher","first-page":"6822","DOI":"10.1109\/JIOT.2019.2912022","volume":"6","author":"M Zolanvari","year":"2019","unstructured":"Zolanvari, M., Teixeira, M.A., Gupta, L., Khan, K.M., Jain, R.: Machine learning-based network vulnerability analysis of industrial Internet of Things. IEEE Internet Things J. 6(4), 6822\u20136834 (2019). https:\/\/doi.org\/10.1109\/JIOT.2019.2912022","journal-title":"IEEE Internet Things J."},{"key":"13_CR10","doi-asserted-by":"publisher","first-page":"42450","DOI":"10.1109\/ACCESS.2019.2907965","volume":"7","author":"SU Jan","year":"2019","unstructured":"Jan, S.U., Ahmed, S., Shakhov, V., Koo, I.: Toward a lightweight intrusion detection system for the Internet of Things. IEEE Access 7, 42450\u201342471 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2907965","journal-title":"IEEE Access"},{"key":"13_CR11","doi-asserted-by":"publisher","unstructured":"Bakhtiar, F.A., Pramukantoro, E.S., Nihri, H.: A lightweight IDS based on j48 algorithm for detecting DoS attacks on IoT middleware. In: 2019 IEEE 1st Global Conference on Life Science Technology LifeTech 2019, pp. 41\u201342 (2019). https:\/\/doi.org\/10.1109\/LifeTech.2019.8884057","DOI":"10.1109\/LifeTech.2019.8884057"},{"issue":"4","key":"13_CR12","doi-asserted-by":"publisher","first-page":"2287","DOI":"10.1007\/s11277-019-06986-8","volume":"111","author":"A Verma","year":"2019","unstructured":"Verma, A., Ranga, V.: Machine learning based intrusion detection systems for IoT applications. Wirel. Pers. Commun. 111(4), 2287\u20132310 (2019). https:\/\/doi.org\/10.1007\/s11277-019-06986-8","journal-title":"Wirel. Pers. Commun."},{"issue":"5","key":"13_CR13","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/MNET.001.1800479","volume":"33","author":"H Yao","year":"2019","unstructured":"Yao, H., Gao, P., Zhang, P., Wang, J., Jiang, C., Lu, L.: Hybrid intrusion detection system for edge-based IIoT relying on machine-learning-aided detection. IEEE Netw. 33(5), 75\u201381 (2019). https:\/\/doi.org\/10.1109\/MNET.001.1800479","journal-title":"IEEE Netw."},{"issue":"8","key":"13_CR14","doi-asserted-by":"publisher","first-page":"6882","DOI":"10.1109\/JIOT.2020.2970501","volume":"7","author":"M Eskandari","year":"2020","unstructured":"Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7(8), 6882\u20136897 (2020). https:\/\/doi.org\/10.1109\/JIOT.2020.2970501","journal-title":"IEEE Internet Things J."},{"key":"13_CR15","doi-asserted-by":"publisher","unstructured":"Gu, T., Abhishek, A., Fu, H., Zhang, H., Basu, D., Mohapatra, P.: Towards learning-automation IoT attack detection through reinforcement learning. In: 21st IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2020, pp. 88\u201397 (2020). https:\/\/doi.org\/10.1109\/WoWMoM49955.2020.00029","DOI":"10.1109\/WoWMoM49955.2020.00029"},{"key":"13_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2019.112963","volume":"141","author":"M Lopez-Martin","year":"2020","unstructured":"Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.: Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst. Appl. 141, 112963 (2020). https:\/\/doi.org\/10.1016\/j.eswa.2019.112963","journal-title":"Expert Syst. Appl."},{"key":"13_CR17","doi-asserted-by":"publisher","unstructured":"Garcia, S., Parmisano, A., Erquiaga, M.J.: IoT-23: a labeled dataset with malicious and benign IoT network traffic (2020). https:\/\/doi.org\/10.5281\/ZENODO.4743746","DOI":"10.5281\/ZENODO.4743746"},{"issue":"1","key":"13_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-019-0038-7","volume":"2","author":"A Khraisat","year":"2019","unstructured":"Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1\u201322 (2019). https:\/\/doi.org\/10.1186\/s42400-019-0038-7","journal-title":"Cybersecurity"},{"key":"13_CR19","doi-asserted-by":"publisher","unstructured":"Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. 9(20) (2019). https:\/\/doi.org\/10.3390\/app9204396","DOI":"10.3390\/app9204396"},{"issue":"4","key":"13_CR20","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/5254.708428","volume":"13","author":"MA Hearst","year":"1998","unstructured":"Hearst, M.A., Dumais, S.T., Osuna, E., Platt, J., Scholkopf, B.: Support vector machines. IEEE Intell. Syst. their Appl. 13(4), 18\u201328 (1998). https:\/\/doi.org\/10.1109\/5254.708428","journal-title":"IEEE Intell. Syst. their Appl."},{"key":"13_CR21","doi-asserted-by":"publisher","unstructured":"Chen, T., Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, vol. 13\u201317-August, pp. 785\u2013794 (2016). https:\/\/doi.org\/10.1145\/2939672.2939785","DOI":"10.1145\/2939672.2939785"},{"key":"13_CR22","unstructured":"Ke, G., et al.: LightGBM: a highly efficient gradient boosting decision tree. Adv. Neural Inf. Process. Syst. 2017, 3147\u20133155 (2017)"},{"key":"13_CR23","doi-asserted-by":"publisher","unstructured":"Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation forest. In: IEEE International Conference on Data Mining, pp. 413\u2013422 (2008). https:\/\/doi.org\/10.1109\/ICDM.2008.17","DOI":"10.1109\/ICDM.2008.17"},{"key":"13_CR24","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1145\/342009.335388","volume":"29","author":"M Breunig","year":"2000","unstructured":"Breunig, M., Kriegel, H.-P., Ng, R., Sander, J.: LOF: identifying density-based local outliers. ACM SIGMOD Rec. 29, 93\u2013104 (2000). https:\/\/doi.org\/10.1145\/342009.335388","journal-title":"ACM SIGMOD Rec."},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Van Hasselt, H., Guez, A., Silver, D.: Deep reinforcement learning with double Q-learning. In: Thirtieth AAAI Conference on Artificial Intelligence, pp. 2094\u20132100 (2016)","DOI":"10.1609\/aaai.v30i1.10295"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-08147-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,8]],"date-time":"2023-02-08T06:03:30Z","timestamp":1675836210000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-08147-7_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031081460","9783031081477"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-08147-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"15 June 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Paris","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2021.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"62","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}