Table 5.
Tabular Representation of Machine Learning Approaches.
| Author | Algorithm with Implementation Platform | Threats | Challenges | Performance Evaluation |
|---|---|---|---|---|
| Anthi et al. [14] | Naïve-Bayes Platform: Weka |
Network probing, scanning, Dos attacks-SYN, UDP flood attacks. | No clustering of similar devices, limited attacks covered. | scan attack: precision-97.7, recall-97.7, f-measure-97.7 SYN: precision-80.8, recall-68.8, f-measure-65.8 |
| Divyatmika et al. [11] | Clustering+ KNN(data classification) + MLP (misuse detection) + reinforcement(anomaly detetion) Platform: Weka |
Dos, probe, Remote-to-local(R2L), User-To-Root(U2R). | - | Accuracy: 99.95%(with reduced false alarms). |
| Pajouh et al. [12] | PCA + LDA (Feature selection),naïve bayes + CF-KNN (classification) | Dos, probe, Remote-to-local(R2L), User-To-Root(U2R) | Anomaly and intrusion detection at the application and support layer, considering different protocols of the network layer. | Accuracy: Probe Attack: 87.32, Dos Attack: 88.20, U2R-70.15, R2L-42 Detection rate: 84.86, False alarm rate-4.86 |
| Shahid et al. [82] | Random forest, Decision tree, ANN, KNN, GNB (Gaussian Naïve Bayes) | - | Integration of anomaly detection models with a software-defined networking environment. | Accuracy: RF-99.9%, DT-99.5%, SVM-99.3%, KNN-98.9%, ANN-98.6%, GNB-91.6% |
| Srinivasan et al. [83] | Random forest, MLP, SVM Platform: mininet |
Link fault identification. | Testing different ML algorithms. | Accuracy: 97% |
| [97] | Ensemble model (Decision tree + Naïve Bayes + ANN) Platforms and tools: NodeRed middleware, tcpdump, Bro-IDS, |
Analysis, backdoor, dos, exploit, fuzzers, generic, Reconnaissance, worms. | Considering other IoT protocols, concentrating on ore zero-day attacks. | Accuracy with DNS data source: 99.54%, Accuracy with HTTP data source: 98.97% |
| Canedo et al. [13] | ANN Platform: R(neural-net package). |
Invalid data entries. | Generating data entries by creating a testbed with more devices and sensors. | N/A |
| Ioannou et al. [85] | c-SVM platform: RMT tool(Run time monitoring tool). |
Routing layer attacks (sinkhole, blackhole, selective forward). | Placement of IDS in high-energy gateway nodes. | Accuracy: 100% (with the same topology) Accuracy = 81%(when the topology is changed) |
| Zhao et al. [86] | PCA (to reduce dimensions) + KNN (classification + Softmax regression (classification). | Dos, probe, Remote-to-local (R2L), User-To-Root (U2R) | Accuracy: 85.24% with 3 dimensions, 85.19% with 6 dimensions 84.406% with 10 dimensions. |
|
| Prabavathy et al. [87] | OS-ELM (online sequential extreme machine learning) Platform: MATLAB (R2013a). |
Dos, probe, Remote-to-local (R2L), User-To-Root (U2R). | More depth analysis of zero-day attacks is required. | Accuracy: 97.16% (forbinary classification) TPR (true positive rate): normal-98.63%, probe-84.2%, Dos-96.61%, U2R-53.81,R2L-71.87% (for multi class classification). |
| Hasan et al. [15] | LR, SVM, ANN, RF, DT Platform: python with Numpy, pandas, sci-kit learn. |
Dos, data type probing, malicious control, malicious control, malicious operation, scan, spying, wrong setup. | More robust algorithms are required, more attention is required for real-time detection. | Accuracy: LR-98.3% SVM-98.2% DT-99.4% RF-99.4% ANN-99.4% |