A Feature-Ranking Framework for IoT Device Classification
8 Pages Posted: 3 Dec 2018
Date Written: November 8, 2018
IoT market is rapidly changing the cyber threat landscape. The challenges to security and privacy arise not only because IoT devices are large in number, but also because IoT devices are heterogeneous in type and functionality. Machine learning algorithms are attractive methods to solve various problems such as device identification, anomaly detection, and attack detection. Often, all available features extracted from network traffic are fed as input to train the models, which in practice is not regarded as the best approach. Associated with features are different kinds of cost, such as costs for obtaining the data, extracting and storing features, compute resources to run a model with high dimensional features, etc. Instead, if a smaller set of features could achieve performance close to that obtained with all features, that might help to reduce cost as well as to make better interpretation of results. In this work, we address the problem of selecting features extracted from IoT network traffic, based on the utility of a feature in achieving the goal of the machine learning models. We develop a unifying framework of fundamental statistical tests for ranking features. We specifically consider the use case of IoT device classification, and demonstrate the effectiveness of our framework by evaluating it using different classifiers on traffic obtained from real IoT devices.
Keywords: Classification, Feature Selection, Cyber Risk, Internet of Things (IoT)
JEL Classification: C10
Suggested Citation: Suggested Citation