ToN_IoT: The Role of Heterogeneity and the Need for Standardization of Features and Attack Types in IoT Network Intrusion Data Sets

The Internet of Things (IoT) is reshaping our connected world as the number of lightweight devices connected to the Internet is rapidly growing. Therefore, high-quality research on intrusion detection in the IoT domain is essential. To this end, network intrusion data sets are fundamental, as many attack detection strategies have to be trained and evaluated using such data sets. In this article, we introduce the description, statistical analysis, and machine learning evaluation of the novel ToN_IoT data set. A comparison to other recent IoT data sets shows the importance of heterogeneity within these data sets, and how differences between data sets may have a huge impact on detection performance. In a cross-training experiment, we show that the inclusion of different data collection methods and a large diversity of the monitored features are of crucial importance for IoT network intrusion data sets to be useful for the industry. We also explain that the practical application of IoT data sets in operational environments requires the standardization of feature descriptions and cyberattack classes. This can only be achieved with a joint effort from the research community.