This chapter presents an in-depth study on the application of decision tree-based classifiers for the detection of malware in internet of things (IoT) environments. With the burgeoning expansion of IoT devices, the threat landscape has grown increasingly complex, making traditional security measures insufficient. This study proposes an innovative approach using decision tree algorithms to address the growing concern of IoT malware. The research methodology encompasses a comprehensive analysis of IoT vulnerabilities, focusing on malware threats and the development of a decision tree-based classifier. The classifier is empirically validated using the MaleVis dataset, a rich source of real-world IoT malware data. Performance metrics such as precision, recall, specificity, F1-score, accuracy, and processing time are meticulously evaluated to determine the efficacy of the model.
TopIntroduction
The concept of intrusion in the context of computer security refers to attempts to breach security protocols by compromising a system's integrity. In response to this pervasive threat, a variety of tools and techniques, including advanced detection systems, have been developed to fortify networks and systems against such intrusions. Intrusion detection, as delineated in extant literature (Chiba, 2019; Irshad, 2020; Omar, 2022; Irshad, 2019; Chaudry, 2020), entails the classification of data activity into normative or intrusive categories to pinpoint undesirable activities. An intrusion detection system (IDS) primarily functions to detect and thwart intrusion attempts, originating either externally or internally, within a monitored network. Predominantly, IDS utilizes two detection methodologies: misuse detection, which identifies intrusions using known attack signatures, and anomaly detection, which hinges on deviations from established normal behavior models (Guezzaz, 2021; Omar, 2023).
Despite the efficacy of IDSs, they are not devoid of limitations, particularly in areas such as real-time detection, alarm generation, and data accuracy, which occasionally culminate in less than optimal detection results. This ongoing challenge underscores the continued relevance and dynamism of intrusion detection as a research field. Recent explorations in this domain have centered around the integration of machine learning (ML) methodologies to bolster intrusion detection capabilities and reinforce overall computer security. Several scholarly investigations (Fernandes, 2019; Kheraisat, 2019; Omar, 2021) have focused on the application of ML techniques to improve data quality and training, thereby augmenting the performance of intrusion detection systems. Decision trees, a prevalent ML tool for classification, test individual features independently and assign classifications following each branch split, as corroborated by studies employing algorithms like ID3 and C4.5 (Cavos, 2019; Jeong, 2016).
However, the structured nature of data collection often poses a challenge, necessitating preprocessing for unstructured data before analysis. The selection of relevant features is critical in minimizing computational costs associated with modeling and enhancing the predictive model's performance (Masdarri, 2020; Alazzam, 2020).