Classic security methods become less effective against the Internet of Things (IoT) cyber-attacks, such as cryptography. An urgent need for real-time and lightweight detection of cyber-attacks is needed to secure IoT networks. This demand is achieved by a reliable and efficient intrusion detection system (IDS) that can meet IoT environments' high scalability and dynamicity.

Herein, we analyzed the traffic and features of commonly used and recently published datasets for IoT networks. Furthermore, we proposed an ensemble feature selection method. Also, we studied the effects of traffic heterogeneity levels and time-window size on several classification methods to justify the detection model selection. Regarding the BotNet-IoT dataset, we noticed that few features play a critical role in IDS performance, and larger time-windows were slightly better than the shorter time-windows. Furthermore, we found that PCA classifier performance was significantly affected by traffic heterogeneity. On the other hand, the Boosted Tree showed the best and the most stable performance among all the considered classification methods.

传统的安全方法在抵御诸如密码术之类的物联网（IoT）网络攻击时变得不太有效。为了确保物联网网络的安全，迫切需要实时，轻量级地检测网络攻击。可靠，高效的入侵检测系统（IDS）可以满足IoT环境的高可扩展性和动态性，从而满足了这一需求。

在本文中，我们分析了物联网网络的常用数据集和最近发布的数据集的流量和功能。此外，我们提出了一种整体特征选择方法。此外，我们研究了流量异质性级别和时间窗口大小对几种分类方法的影响，以证明检测模型的选择合理。关于BotNet-IoT数据集，我们注意到很少有功能对IDS性能起关键作用，并且较大的时间窗口比较短的时间窗口要好。此外，我们发现PCA分类器的性能受到流量异质性的显着影响。另一方面，Boosted Tree在所有考虑的分类方法中表现出最佳和最稳定的性能。