Deep Learning via set of algorithms that ‘mimics the brain’ or more accurately is 'an algorithm that learns in layers’. Deep learning applications are best suited for IoT situations which involve large amounts of data and complex relationships between different parameters for Solving intuitive problems. I reckon going forward, IoT would need to go for Deep Learning at the last layer, reduce 'noise' data and ensure only relevant is present.
Can deep learning be applied to IoT Security dataset? Fellow researchers have already provided papers in support of deep learning above. I coming from a core security background would like to give few counter arguments so you can weigh options.
1. Is the dataset providing actual attack traffic data or it is just simulation data. Most of the times reliable data sets are not available in security. Companies are too afraid to provide actual security breach related data due to presence of personally identifiable information (PIO) and relevant company records.
Amazon on the other hand would have no issues in sharing its products sold and prices data (it can easily be scrapped from ebay, amazon and other websites)
2. When I plan to apply deep learning to amazon data vs IoT security data, Amazon is not trying to play adversary, it wants me to use data and predict some relevant information to help take decision to boost sales. Security breach data is different, its like an adversarial game between attack and defender. Attacker wants to keep his activity aligned along normal traffic pattern so that security tools don't raise red flags.
3. If I have well defined signatures for attacks like DDoS, Buffer Overflow, I don;t need learning techniques. False positives and negatives can prove too costly to be ignored in security so I would rather use a tool that predicts attacks correctly unless its a zero day kind of attack.
4. Security data can be encrypted e.g. ToR network, tunneled traffic between two IoT devices (my mobile phone connected to company network via VPN). No deep learning is useful if data is not in raw unencrypted format.