Implementing Lightweight IoT-IDS on Raspberry Pi Using Correlation-Based Feature Selection and Its Performance Evaluation

  • Yan Naung SoeEmail author
  • Yaokai Feng
  • Paulus Insap Santosa
  • Rudy Hartanto
  • Kouichi Sakurai
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 926)


The application of many IoT devices is making our world more convenient and efficient. However, it also makes a large number of cyber-attacks possible because most IoT devices have very limited resources and cannot perform ordinary intrusion detection systems. How to implement efficient and lightweight IDS in IoT environments is a critically important and challenging task. Several detection systems have been implemented on Raspberry Pi, but most of them are signature-based and only allow limited rules. In this study, a lightweight IDS based on machine learning is implemented on a Raspberry Pi. To make the system lightweight, a correlation-based feature selection algorithm is applied to significantly reduce the number of features and a lightweight classifier is utilized. The performance of our system is examined in detail and the experimental result indicates that our system is lightweight and has a much higher detection speed with almost no sacrifice of detection accuracy.



The authors are grateful for the financial support provided by AUN/SEED-Net Project (JICA). This research is also partially supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST), JSPS KAKENHI Grant Numbers JP17K00187 and JP16K00132.


  1. 1.
    Andra, U.: Network Security in the Age of Hyperconnectivity_ Pervasive, Proactive, and Persistent Protection is Essential to Thwart Cyberattacks.
  2. 2.
    Ashari, A., Paryudi, I., Min, A.: Performance comparison between Naïve Bayes, decision tree and k-nearest neighbor in searching alternative design in an energy simulation tool. Int. J. Adv. Comput. Sci. Appl. 4, 33–39 (2013)Google Scholar
  3. 3.
    Cervantes, C., Poplade, D., Nogueira, M., Santos, A.: Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for internet of things. In: Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, pp. 606–611 (2015)Google Scholar
  4. 4.
    Dhanabal, L., Shantharajah, S.P.: A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4, 446–452 (2015)Google Scholar
  5. 5.
    Feng, Y., Akiyama, H., Lu, L., Sakurai, K.: Feature selection for machine learning-based early detection of distributed cyber attacks. In: The IEEE Cyber Science and Technology Congress (CyberSciTech), CyberSciTech 2018, pp. 173–180 (2018)Google Scholar
  6. 6.
    Feng, Y., Hori, Y., Sakurai, K., Takeuchi, J.: A behavior-based method for detecting distributed scan attacks in darknets. J. Inf. Process. (JIP) 21(3), 527–538 (2013)Google Scholar
  7. 7.
    Fu, Y., Yan, Z., Cao, J., Koné, O., Cao, X.: An automata based intrusion detection method for internet of things. Mob. Inf. Syst. 2017, 6–10 (2017)Google Scholar
  8. 8.
    Guo, Z., Harris, I.G., Jiang, Y., Tsaur, L.F.: An efficient approach to prevent battery exhaustion attack on BLE-based mesh networks. In: 2017 International Conference on Computing, Networking and Communications, ICNC 2017, pp. 1–5 (2017)Google Scholar
  9. 9.
    Hall, M.A.: Correlation-Based Feature Selection for Machine Learning. Department of Computer Science, The University of Waikato (1999)Google Scholar
  10. 10.
    Kaspersky Lab: Amount of Malware Targeting Smart Devices more than Doubled in 2017 (2017).
  11. 11.
    Kohavi, R., John, G.: Wrappers for feature subset selection. Artif. Intell. Spec. Issue Relevance 97(1–2), 273–324 (1996)zbMATHGoogle Scholar
  12. 12.
    Kohavi, R., Sommerfield, D.: Feature subset selection using the wrapper method: overfitting and dynamic search space topology. In: The First International Conference on Knowledge Discovery and Data Mining (1995)Google Scholar
  13. 13.
    Kuhn, M., Johnson, K.: An introduction to feature selection. In: Applied Predictive Modeling, pp. 487–519 (2013)Google Scholar
  14. 14.
    Kumar, R., Sharma, D.: HyINT: signature-anomaly intrusion detection system. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7 (2018)Google Scholar
  15. 15.
    Kyaw, A.K., Chen, Y., Joseph, J.: Pi-IDS: evaluation of open-source intrusion detection systems on Raspberry Pi 2. In: 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015, pp. 165–170 (2016)Google Scholar
  16. 16.
    Witten, I.H., Frank, E.: Data mining: practical machine learning tools and techniques. In: Library of Congress Cataloging-in-Publication Data (2005)Google Scholar
  17. 17.
    Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015, pp. 25–31 (2017)Google Scholar
  18. 18.
    Moustafa, M., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Proceedings of 2015 Military Communications and Information Systems Conference, MilCIS 2015 (2015)Google Scholar
  19. 19.
    Pacheco, J., Zhu, X., Badr, Y., Hariri, S.: Enabling risk management for smart infrastructures with an anomaly behavior analysis intrusion detection system. In: Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017, pp. 324–328 (2017)Google Scholar
  20. 20.
    Sforzin, A., Marmol, A.G., Conti, M., Bohli, J.M.: RPiDS: Raspberry Pi IDS - a fruitful intrusion detection system for IoT. In: 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress, pp. 440–448 (2016)Google Scholar
  21. 21.
    Cardoso, D.S., Lopes, R.F., Teles, A.S., Magalhaes, F.B.V.: Real-time DDoS detection based on complex event processing for IoT. In: Proceedings - ACM/IEEE International Conference on Internet of Things Design and Implementation, IoTDI 2018, pp. 273–274 (2018)Google Scholar
  22. 22.
    Bay, S.D., Kibler, D., Pazzani, M.J., Smyth, P.: The UCI KDD archive of large data sets for data mining research and experimentation. SIGKDD Explor. 2, 81 (2000)CrossRefGoogle Scholar
  23. 23.
    Sperling, T.L., Caldas Filho, F.L., Sousa, R.T., Martins, L.M., Rocha, R.L.: Tracking intruders in IoT networks by means of DNS traffic analysis. In: 2017 Workshop on Communication Networks and Power Systems (WCNPS), pp. 1–4 (2017)Google Scholar
  24. 24.
    Zena, M.H., Gillies, D.F.: A review of feature selection and feature extraction methods applied on microarray data. Adv. Bioinform. 2015, 198363, 1–13 (2015)Google Scholar
  25. 25.
    Zitta, T., Neruda, M., Vojtech, L.: The security of RFID readers with IDS/IPS solution using Raspberry Pi’. In: 2017 18th International Carpathian Control Conference, ICCC 2017, pp. 316–320 (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Yan Naung Soe
    • 1
    • 2
    Email author
  • Yaokai Feng
    • 2
  • Paulus Insap Santosa
    • 1
  • Rudy Hartanto
    • 1
  • Kouichi Sakurai
    • 2
  1. 1.Universitas Gadjah MadaYogyakartaIndonesia
  2. 2.Kyushu UniversityFukuokaJapan

Personalised recommendations