Table 3.
Summary of Internet of Things (IoT)-Based IDS Systems.
| Ref. | Protocol | IDS Method | Methodology | Attacks Mitigated | Results and Potential Improvements |
|---|---|---|---|---|---|
| [85] | FogComp-IDS | OS-ELM | Used Fog Computing | Cyber | -False Positive Result (FPR) very low, 25% Faster detection rate -Next step prediction is required to react proactively to the attacks |
| [86] | KMA and CBA | KMA with Hash values CBA with path matrix |
Technology utilized 6LoWPAN | Routing (Sinkhole and Selective forwarding) |
KMA 50% to 80% True Positive Result (TPR) CBA 76% to 96% TPR -In depth comparative analysis -Only covering few attacks |
| [87] | DLM-SLA-IDS | Anomaly-Based |
Dataset UNSW-NB 15 Detection Model -Merged DLM and SLA Algorithm -DLM is Deep auto-encoders -SLA is SVM |
General coverage for all attacks | -Proposed method better than other PCA-based and ML methods -Require more accuracy and low FPR rate |
| [88] | LWIDS | Supervised Machine learning-based approach |
-Lightweight detection -Used Machine learning based SVM |
DoS | Proven that: Good packet arrival rate and SVM based classifier is good for detection Lacks security parameters policy |
| [89] | Three-LIDS | Three layered IDS | -Reporting Normal behavior of nodes -Detect malicious packet -Attack detection |
DoS, MITM, reconnaissance and replay |
Accuracy -Reporting: 96.2% -Malicious Packet: 90% -Attack Detection: 98% Lacks real time implementation |
| [90] | ML-IDS | Machine Learning Based method | Common Protocols Analysis used for SCADA IIOT devices |
Backdoor, Command and SQL injection | Capable of handling new attacks like Backdoor, Command, SQL injection Require hybrid model for better performance |
| [92] | MD-CPS | Behavior Rule Specification-based |
Unmanned Aerial Vehicle | Zero-day attacks | High detection and prediction Lacks comparative analysis of other methods and datasets |
| [93] | BRIoT | -Behavior Rule Specification-based -For Mission Critical Cyber Physical System -Exploited UAV |
-Unmanned Aerial Vehicle -For Mission Critical Cyber Physical Systems |
Zero-day attacks | BRIoT outperformed its predecessor BRUIDS Require more analysis for FPR, FNR viz-a-viz memory, overheads etc |
| [94] | InBGG | -InBGG Bayesian-based approach -Gaussian-based |
-Feature selection mechanism -Utilized datasets KDDCup’99, KYOTO 2006+, ISCX |
Cyber attacks |
InBGG Accuracy KDDCup’99: 84.06% Kyoto 2006+: 88.13% ISCX: 91.82 InBGG FPR KDDCup’99: 16.02% Kyoto 2006+: 13.39% ISCX: 8.37% Require experimentation with more datasets |
| [96] | GLRT | Generalized likelihood ratio test | Three points disturbances detection i.e., unicast packet uplink, downlink and broadcast |
Battery Exhaustion and Relay attacks | -Negligible false alarm -Slight missed detection probability Not good where subgroup of IoT devices are under attack |
| [97] | OBSCR | Access Control technique using ontology reasoning |
-Analytical vulnerability analysis -Utilized smart meter -Context Inference Rules |
Generally, covers all major attacks and Memory dump, Port access Data sniffing, Software Protocol, ZigBee |
Proposed system results a. 87.5% b. 91.1% c. 92.5% d. 86.1% e. 78.4% f. 91.5% More detailed analysis of power system and their vulnerabilities |
| [98] | SeArch | Network-based ID (NID) | NID system for SDN-based Cloud IoT |
Cyber attacks | Detections: 95.5% Overheads: 8.5% to 15% Requirement to improve overheads to make IDS power efficient |