IoTPacketPatrol

Project Structure
Univariate Plots of Select Features from Dataset
Model Analysis Results of Input Network

What it does

IoT PacketPatrol is a ML-based approach to identifying malicious network traffic for IoT devices, complete with a comprehensive analytics dashboard. Users can enter network data or select one of the preloaded datasets on the live demo page that will then be analyzed by the PacketPatrol model and classified into appropriate attack categories.

How we built it

The selected Kaggle dataset was used to train a scikit-learn MultiOutputClassifier model, which applied a logistic regression model to the multi-label classification problem of identifying the categories and subcategories of a malicious network. The MultiOutputClassifier trained three logistic regression models as independent classifiers for the three output labels: attack identification, attack category, and attack subcategory.

The datasets and trained models were stored in MongoDB's Atlas Database, with a FastAPI layer built on top of the database with a handful of endpoints that allow the user to query the models stored in the database. The live demo page is linked to an endpoint that allows the user to use the trained model to make predictions on inference data. The other endpoints can be found at https://iotpacketpatrol.onrender.com/docs, and are integrated with a client-side UI that is deployed with Render, a cloud PaaS for deploying web apps.

Challenges we ran into

A big challenge for this project was that the dataset was extremely imbalanced with the majority of network data being collected from botnet attacks. The model would tend to skew towards classifying an input network as an attack, regardless of whether it was benign or not. This challenge was addressed by adjusting scikit-learn's model parameters during training so that weights would be adjusted appropriately based on class frequencies.