This article covers the issues of constructing tools for detecting network attacks targeting devices in IoT clouds. The detection is performed within the framework of cloud infrastructure, which receives data flows that are limited in size and content, and characterize the current network interaction of the analyzed IoT devices. The detection is based on the construction of training models and uses machine learning methods, such as AdaBoostClassifier, RandomForestClassifier, MultinomialNB, etc. The proposed combined multi-aspect approach to attack detection relies on session-based spaces, host-based spaces, and other spaces of features extracted from incoming traffic. An attack-specific ensemble of various machine learning methods is applied to improve the detection quality indicators. The performed experiments have confirmed the correctness of the constructed models and their effectiveness, expressed in terms of the precision, recall, and f1-measure indicators for each analyzed type of attack, using a series of existing samples of benign and attacking traffic.
Keywords: IoT; attack detection; cloud; network security.