A Device-Centric and Temporal Learning Framework for Malicious IoT Traffic Detection

The rapid increase of Internet of Things (IoT) devices has introduced substantial security risks, necessitating robust security solutions to detect malicious traffic. In this paper, we propose a machine-learning solution to identify malicious IoT traffic while adhering to the constraints of the IoT environment. Our solution segments network packets into time windows and groups them by source IP. This approach enables the extraction of statistical, behavioral, and entropy-based features that preserve important temporal and device-level characteristics. To address data imbalance, we employ synthetic oversampling (SMOTE), followed by a suite of standard classification models (such as k-nearest Neighbors and Random Forest) calibrated via a sigmoid function to refine probabilistic predictions. Our pipeline is evaluated on Edge-IIoTset, a comprehensive dataset encompassing traffic from multiple IoT devices and 14 different attacks. Results indicate that k-Nearest Neighbors outperforms alternative classifiers, achieving an F1 score of up to 0.8696 and demonstrating high robustness to complex traffic patterns. These findings highlight the effectiveness of time-segmented, IP-based feature aggregation and underline the importance of calibrated classifiers in enhancing IoT network security.