Enhancing IoT network security with concept drift-aware unsupervised threat detection

The dynamic characteristics of Internet of Things (IoT) systems create major challenges for threat detection systems that rely on machine learning models. Over time, shifts in the statistical distribution of data can lead to drastic performance degradation. This phenomenon is known as concept drift. When this problem occurs, traditional static systems require human intervention to manually retrain, leaving the network vulnerable in the meantime. In this paper, we propose an unsupervised system for online detection of anomalous traffic generated by malware-infected IoT devices. The proposed multi-tier system explicitly accounts for concept drift, automatically retraining only when necessary. We thoroughly tested the system by performing an extensive experimental evaluation using the real-world IoT-23 dataset, which includes network traffic generated by IoT devices as well as malicious network traffic generated by devices infected with different types of malware. We also compared our approach with other state-of-the-art work, and the results showed the remarkable performance achieved by the system using key metrics such as F1 score, accuracy, false positive rate and false negative rate.