As the Internet of Things (IoT) is becoming increasingly popular, we have experienced more security breaches that are associated with the connection of vulnerable IoT devices. Therefore, it is crucial to employ intrusion detection techniques to mitigate attacks that exploit IoT security vulnerabilities. However, due to the limited capabilities of IoT devices and the specific protocols used, conventional intrusion detection mechanisms may not work well for IoT environments. In this paper, we propose a novel intrusion detection model that uses machine learning to effectively detect cyber-attacks and anomalies in resource-constraint IoT networks. Through a set of optimizations including removal of multicollinearity, sampling, and dimensionality reduction, our model can identify the most important features to detect intrusions using much fewer training data and less training time. Extensive experiments were performed on the CICIDS2017 and NSL-KDD datasets respectively to evaluate the proposed approach. The experimental results on two popular datasets show that our model has a high detection rate and a low false alarm rate. It outperforms existing models in multiple performance metrics and is consistent in classifying major cyber-attacks, respectively. Most importantly, unlike traditional resource-intensive intrusion detection systems, the proposed model is lightweight and can be deployed on IoT nodes with limited power and storage capabilities.

随着物联网 (IoT) 变得越来越流行，我们遇到了更多与易受攻击的物联网设备连接相关的安全漏洞。因此，采用入侵检测技术来缓解利用物联网安全漏洞的攻击至关重要。然而，由于物联网设备的功能有限和使用的特定协议，传统的入侵检测机制可能不适用于物联网环境。在本文中，我们提出了一种新颖的入侵检测模型，该模型使用机器学习来有效检测资源受限物联网网络中的网络攻击和异常。通过一系列优化，包括去除多重共线性、采样和降维，我们的模型可以使用更少的训练数据和更少的训练时间来识别最重要的特征来检测入侵。分别在 CICIDS2017 和 NSL-KDD 数据集上进行了大量实验以评估所提出的方法。在两个流行数据集上的实验结果表明，我们的模型具有高检测率和低误报率。它在多个性能指标上优于现有模型，并且在分别对主要网络攻击进行分类方面保持一致。最重要的是，与传统的资源密集型入侵检测系统不同，所提出的模型是轻量级的，可以部署在功率和存储能力有限的物联网节点上。在两个流行数据集上的实验结果表明，我们的模型具有高检测率和低误报率。它在多个性能指标上优于现有模型，并且在分别对主要网络攻击进行分类方面保持一致。最重要的是，与传统的资源密集型入侵检测系统不同，所提出的模型是轻量级的，可以部署在功率和存储能力有限的物联网节点上。在两个流行数据集上的实验结果表明，我们的模型具有高检测率和低误报率。它在多个性能指标上优于现有模型，并且在分别对主要网络攻击进行分类方面保持一致。最重要的是，与传统的资源密集型入侵检测系统不同，所提出的模型是轻量级的，可以部署在功率和存储能力有限的物联网节点上。