Skip to main content

Table 3 Detection methodology characteristics for IoT IDS

From: A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges

Detection Methodology



Statistics based: analyzes the network traffic using complex statistical algorithms to process the information.

Bhuyan, et al. (Bhuyan et al., 2014)

• Needs a large amount of knowledge of statistics

• Simple but less accurate

• Real-time

Pattern-based: identifies the characters, forms, and patterns in the data.

Liao, et al. (Liao et al., 2013a)

Riesen and Bunke (Riesen et al., 2008)

• Easy to implement

• A hash function could be used for identification.

Rule-based: uses an attack “signature” to detect a potential attack on the suspicious network traffic.

Hall, et al. (Hall et al., 2009)

• The computational cost of rule-based systems could be very high because rules need pattern matching.

• It is very hard to estimate what actions are going to occur and when

• It requires a large number of rules for determining all possible attacks.

• The low false-positive rate

• High detection rate

State-based: examines a stream of events to identify any possible attack.

Kenkre, et al. (Kenkre et al., 2015)

• Probabilistic, self-training

• Low false positive rate.

Heuristic-based: identifies any abnormal activity that is out of the ordinary activity.

Abbasi, et al. (Abbasi et al., 2014)

Butun, et al. (Butun et al., 2014)

• It needs knowledge and experience

• Experimental and evolutionary learning