Machine learning is increasingly used for intrusion detection in IoT networks. This paper explores the effectiveness of using individual packet features (IPF), which are attributes extracted from a single network packet, such as timing, size, and source-destination information. Through literature review and experiments, we identify the limitations of IPF, showing they can produce misleadingly high detection rates. Our findings emphasize the need for approaches that consider packet interactions for robust intrusion detection. Additionally, we demonstrate that models based on IPF often fail to generalize across datasets, compromising their reliability in diverse IoT environments.

翻译：机器学习越来越多地被用于物联网网络中的入侵检测。本文探讨了使用单个数据包特征（IPF）的有效性，这些特征是从单个网络数据包中提取的属性，例如时间、大小和源-目的信息。通过文献综述和实验，我们识别出IPF的局限性，表明它们可能产生具有误导性的高检测率。我们的发现强调了需要采用考虑数据包交互的方法来实现稳健的入侵检测。此外，我们证明了基于IPF的模型通常难以在不同数据集间进行泛化，这损害了它们在多样化物联网环境中的可靠性。