Skip to main content

Table 3 Detection methodology characteristics for IoT IDS

From: A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges

Detection Methodology Examples Characteristics
Statistics based: analyzes the network traffic using complex statistical algorithms to process the information. Bhuyan, et al. (Bhuyan et al., 2014) • Needs a large amount of knowledge of statistics
• Simple but less accurate
• Real-time
Pattern-based: identifies the characters, forms, and patterns in the data. Liao, et al. (Liao et al., 2013a)
Riesen and Bunke (Riesen et al., 2008)
• Easy to implement
• A hash function could be used for identification.
Rule-based: uses an attack “signature” to detect a potential attack on the suspicious network traffic. Hall, et al. (Hall et al., 2009) • The computational cost of rule-based systems could be very high because rules need pattern matching.
• It is very hard to estimate what actions are going to occur and when
• It requires a large number of rules for determining all possible attacks.
• The low false-positive rate
• High detection rate
State-based: examines a stream of events to identify any possible attack. Kenkre, et al. (Kenkre et al., 2015) • Probabilistic, self-training
• Low false positive rate.
Heuristic-based: identifies any abnormal activity that is out of the ordinary activity. Abbasi, et al. (Abbasi et al., 2014)
Butun, et al. (Butun et al., 2014)
• It needs knowledge and experience
• Experimental and evolutionary learning