AI-based intrusion detection systems (IDS) have shown promise in detecting attacks on IoT systems. In this work, we explore the use of foundation models to detect and identify attacks, with a specific focus on RPL-based IoT networks. We study multiple attack types, attack variations, and network configurations, and provide insights into the performance of foundation models for attack identification. Specifically, we fine-tune the MOMENT foundation model for multi-class attack identification. Our evaluation is based on a dataset containing RPL-related statistics collected under normal operation and under Blackhole, DIS flooding, Worst Parent, and Local Repair attacks, generated in a Cooja simulation environment. The initial results are promising. The approach achieves attack-detection performance comparable to state-of-the-art methods, while also demonstrating strong performance in distinguishing between different attack types.

翻译：基于人工智能的入侵检测系统（IDS）在检测物联网系统攻击方面展现出潜力。本研究探索利用基础模型检测与识别攻击，并重点关注基于RPL的物联网网络。我们研究了多种攻击类型、攻击变体及网络配置，为基础模型在攻击识别中的性能提供了见解。具体而言，我们对MOMENT基础模型进行微调以实现多类别攻击识别。评估基于在Cooja仿真环境下收集的包含正常操作及黑洞攻击、DIS泛洪攻击、最差父节点攻击和本地修复攻击下RPL相关统计信息的数据集。初步结果令人振奋：该方法在攻击检测性能上可与现有最优方法媲美，同时在区分不同攻击类型方面也表现出强劲性能。