Paper Number
ICIS2025-2698
Paper Type
Short
Abstract
As organizations integrate Internet of Things (IoT) networks into core operations, they face escalating risks from novel attacks that evade traditional closed-set intrusion detection. We study an Extreme Value Machine (EVM) for open-set recognition using Extreme Value Theory to model tail distances and reject out-of-distribution traffic. Our primary evaluation on the Kitsune dataset, using a 100,000-sample subset, shows the EVM achieving near-perfect unknown recall (0.9998), substantially exceeding baselines. To confirm generalizability, subsequent validation on the IoT-23 dataset yielded a robust mean unknown recall of 0.6555 across four malware scenarios, while maintaining stable false positive rates on known classes. Results support EVM’s practical utility for improving IS security quality and resilience by reliably detecting unforeseen threats in dynamic IoT environments.
Recommended Citation
Safari, Ali and Kim, Dan J., "Enhancing IoT Security and Information Systems Resilience: An Extreme Value Machine Approach" (2025). ICIS 2025 Proceedings. 22.
https://aisel.aisnet.org/icis2025/cyb_security/cyb_security/22
Enhancing IoT Security and Information Systems Resilience: An Extreme Value Machine Approach
As organizations integrate Internet of Things (IoT) networks into core operations, they face escalating risks from novel attacks that evade traditional closed-set intrusion detection. We study an Extreme Value Machine (EVM) for open-set recognition using Extreme Value Theory to model tail distances and reject out-of-distribution traffic. Our primary evaluation on the Kitsune dataset, using a 100,000-sample subset, shows the EVM achieving near-perfect unknown recall (0.9998), substantially exceeding baselines. To confirm generalizability, subsequent validation on the IoT-23 dataset yielded a robust mean unknown recall of 0.6555 across four malware scenarios, while maintaining stable false positive rates on known classes. Results support EVM’s practical utility for improving IS security quality and resilience by reliably detecting unforeseen threats in dynamic IoT environments.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
09-Cybersecurity