IJCNC 04

LIGHTWEIGHT IDS-BASED FEATURE SELECTION ALGORITHM

FOR CYBER-PHYSICAL SYSTEMS & IOE DEVICES

Sunil Kaushik1, Akashdeep Bhardwaj2, Saud Aljaloud3 and Naif Alsharabi3

1Indus Towers, Gurgaon 122001, Haryana, India

2Centre for Cybersecurity, School of Computer Science, UPES, Dehradun 248007, India

3College of Computer Science and Engineering, University of Hail, Hail 81451, Saudi Arabia

ABSTRACT

The quick spread of Internet connections has instigated the revolutionary age of Cyber-Physical Systems (CPS) and Internet of Everything (IoE) devices. The IOE and CPS devices are the cornerstone of Industry 4.0. which is centred on Machine-to-Machine (M2M) communication. IoE and CPS devices are used in hostile environments and have limited computing and energy resources. Criticality and dependence of the Internet have exposed IoE and CPS systems to cyber-attacks. Thus, to prevent any damage, these systems require a competent and lightweight intrusion detection system (IDS). The current research recommends a novel IDS built upon a new feature selection algorithm which can identify entropy reducing and highly statistical reliable features from a dataset. The proposed feature selection technique showed significant improvements in performance measures for several classifiers. Proposed IDS with the IOTID20 dataset demonstrated that the accuracy and performance metrics exceeded 99%. The trustworthiness of the proposed IDS is further supported by its constant efficacy on the NSLKDD dataset. The proposed IDS is found to be competitive with all previous studies in all performance areas. Thus, proposed IDS on novel and innovative feature selection techniques can protect the digital ecosystem and IoE landscapes from cyber-attacks to bolster Industry 4.0.

KEYWORDS

Smart Devices, Threat Intelligence, IoT Vulnerabilities, Intelligent Intrusion Detection, Connected Systems, Feature Selection, IoE Security

1 INTRODUCTION

Industry 4.0 rely heavily on the Internet of Things (IoT), connecting devices and systems in ways that make daily operations smoother and more efficient [1]. Cybersecurity concerns grow with increasing devices [2,3], which may put data, accessibility, and system performance at risk. These threats have a likelihood of having detrimental impacts on everyday digital lives in addition to enterprises, with effects on both safety and the economy [4,5]. IoT devices, such as industrial equipment to intelligent sensors, are vulnerable to threats like malware, DDoS, and unauthorized access since these devices often run on basic operating systems with very little computational capacity [6.7]. Because these devices are so interconnected, a single breach can ripple across entire networks [8]. Additionally, the complication is strengthened through varied arrangements of connected and wireless communication techniques used by embedded systems with internet access. [9,10].

To mitigate the growing cybersecurity risks associated with resource-constrained IoT and IoE environments, enterprises increasingly rely on Intrusion Detection Systems (IDS) as a critical defensive mechanism. IDS enables the detection of unauthorized and anomalous activities, including zero-day attacks [11,12] , by analyzing deviations in network behaviour [13]. However, due to the limited computational and storage capabilities of many IoE devices, deploying conventional IDS remains challenging, thereby necessitating lightweight and adaptive intrusion detection solutions [14,15]. Considering soaring cyberattacks and the compounding inexplicability of Internet of Everything (IoE) devices, an IDS that can efficiently defend IoT systems whilst consuming the restricted processing resources and storage is required. [6] Suggest that the IDS system can be made lightweight if it has the right feature selection technique, which not only requires lesser computation to analyse but also differentiates between attacks and normal traffic, in other words, requires a lesser training time. Further [60] maintains that the computation time signifies the computational complexity and utilization of computational resources [58]. The proposed MIRCHI framework critically chooses attributes based on the statistical tools such as Chi-square (CHI) and information theory-based tool Mutual Information (MI), such that features and the label share, in addition to the predicted distribution of a feature within a class. This study is different from the other studies because of the following reasons

• Most existing studies perform feature selection using standard libraries or by fusing multiple methods in separate iterations, increasing computational cost. The MIRCHI algorithm combines these procedures in a single pass by traversing the dataset only once and uses resources more efficiently.

• Additionally, MIRCHI removes redundant or correlated features, and the most relevant features are retained. This optimized feature set improves both efficiency and accuracy in any attack classification.

The study is organized into five sections following the introduction. Section 2 analyses related work and showcases the nitty-gritties of feature selection and classification algorithms. Section 3 proposes a new algorithm called MIRCHI. Section 4 gives details of the datasets, methodology, and experimental setup. Section 5 evaluates the results and compares them with other recent studies and concludes with directions for future research.

2. RELATED WORK

In recent years, considerable hard work has been put into addressing cybersecurity challenges in IoT environments. Several studies have used ML and DL techniques for IoT security, and few have analytically studied feature selection to improve attack classification. Li et al. [16] proposed an AE-RF approach to remove irrelevant and redundant features, achieving evaluation on the CICIDS2017 dataset. Lu and Tian [17] used autoencoders to select optimal features, while Safaldin et al. [18] achieved 96% accuracy with a GWO-based filter on NSLKDD and 98% using simple correlation on UNSWNB15.

Liu and Du [25] employed a genetic algorithm for feature selection, showing high accuracy but with high computational cost and long training time. Mushtaq et al. [26] used AE-based techniques, achieving 89% accuracy, though AE methods are computationally heavy [27]. Kumar and Subba [28] applied PCA on the ADFA-WD dataset (accuracy 91%), while Bhayo et al. [29] reported 98% using statistical methods. PCAbased methods on NSLKDD [30] yielded lower accuracy, and GXGBoost with Fisher-score/genetic methods [31] achieved 99%, but with heavy computation [27]. MOEFS-based selection [32] reached 96% on CICIDS2017, and PCA+SVM [33] obtained 96% on NSLKDD.

Ensemble methods without feature selection reached 77% [34], while hybrid AE-Isolation Forest [35] achieved 81% in ~1150 ms. ADASYN+RENN [36] and ADASYN+DL [37] achieved 86% and 89%, respectively. Chi-square + Bi-LSTM [38] yielded 97% in 156 ms. Information-theory models [39] achieved >99% on IoTID20 and NSLKDD but required 156 ms. Deep learning ensembles [40,41] ranged from 86.2% [42] to 90%, with heavy computation. XAI+RF [43] reached 98% in 34,000 ms, PCA+Bat Optimization [44] 99%, CNN+GRU [45] 98% in 98 ms, and CNN [46] 99.72%. Random Forest feature selection with KNN [47] achieved 98% but took >40,000 ms. Overall, although high accuracies are reported (up to 99.72%), many methods are found to be computationally heavy, stressing the need for lightweight, efficient feature selection and IDS frameworks for IoT and IoE environments.

State-of-the-art studies indicate that challenges related to high dimensionality and feature redundancy continue to be dominant. Recent studies establish that removing redundant features can increase accuracy but require high training time and computational power[48,49]. Many of these machine learning-based IDS interpret deviations from normal patterns as anomalies but are afflicted with misclassification because of redundant features [51,52,53]. These studies stress improvements in cybersecurity for complex IoE and CPS environments. For example, HIDIM [54] throws ordered dependencies and class imbalance in network intrusion detection, improving accuracy and reducing false positives. Blockchain-aided digital twin offloading and privacy-preserving mechanisms [55–56] ensure secure computation and efficient resource use in space-air-ground networks. CALRA [57] provide anonymous, leakage resilient authentication for vehicular crowdsensing. Federated learning incentives for AIoT [59], low-latency UAV communication [60], and the energy-efficient, low-latency EALLR routing model for mobile edge computing [61] demonstrate further innovations in secure, efficient, and optimized IoT systems.

Table 1 summarizes studies using various feature selection techniques. Analysis shows that few recent works validated IDS on IoT-specific datasets. Neural network-based methods [11,24,30,31] require high computational power due to many nodes, while wrapper-based algorithms [24,30] suffer from low convergence and local optima [12]. Filter-based methods [26,28,29] struggle with outliers and nonlinear feature relationships. In contrast, information-centric and statistical techniques [21] are lightweight, efficient, and identify relevant features with minimal computation and training time. Hence, the following gaps were found in the research:

• There are fewer studies around Information Theory and Simple Statistical Techniques to identify the features.

• The increasing attack surface area and inherent complexities require IDS that are less computationintensive and hence lightweight.

 • Very few existing studies are around highly accurate, agile, and lightweight IDS for IoT as well as normal networks.

Table 1. Analysis of recent studies on IDS