A deep learning approach combining autoencoder with supervised classifiers for IoT anomaly detection
209 viewsDOI:
https://doi.org/10.54939/1859-1043.j.mst.CSCE7.2023.98-110Keywords:
IoT; Autoencoder; Anomaly detection; Supervised learning.Abstract
Anomaly detection for IoT networks is a challenging issue due to the huge number of devices that connect to each other and generate huge amounts of data. In this study, we propose a model combining Autoencoder with classification algorithms to build an end-to-end architecture for processing, feature extraction and data classification. Autoencoder is used to extract valuable hidden features of the original data, while supervised learning algorithms such as Softmax, Random Forest, Decision Trees, XGBoost, etc. are used for training and testing on AE’s encoder output data. We then test our recommended models on nine recent devices in the NBaIoT dataset and evaluate their performance. According to the experimental results, the proposed model greatly improves the performance of IoT anomaly detection methods.
References
[1]. C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer (Long Beach Calif), vol. 50, no. 7, pp. 80–84, (2017), doi: 10.1109/MC.2017.201. DOI: https://doi.org/10.1109/MC.2017.201
[2]. M. Asam et al., “IoT malware detection architecture using a novel channel boosted and squeezed CNN,” Scientific Reports 2022 12:1, vol. 12, no. 1, pp. 1–12, (2022), DOI: 10.1038/s41598-022-18936-9. DOI: https://doi.org/10.1038/s41598-022-18936-9
[3]. S. Li, Q. Zhang, X. Wu, W. Han, and Z. Tian, “Attribution classification method of APT malware in IoT using machine learning techniques,” Secur. Commun. Netw., (2021), DOI: 10.1155/2021/9396141. DOI: https://doi.org/10.1155/2021/9396141
[4]. T. G. Palla and S. Tayeb, “Intelligent Mirai Malware Detection in IoT Devices,” IEEE World AI IoT Congress, AIIoT 2021, pp. 420–426, (2021), DOI: 10.1109/AIIOT52608.2021.9454215. DOI: https://doi.org/10.1109/AIIoT52608.2021.9454215
[5]. Y. Meidan et al., “N-baiot—network-based detection of iot botnet attacks using deep autoencoders,” IEEE Pervasive Comput, vol. 17, no. 3, pp. 12–22, (2018). DOI: https://doi.org/10.1109/MPRV.2018.03367731
[6]. S. Li, Y. Li, W. Han, X. Du, M. Guizani, and Z. Tian, “Malicious mining code detection based on ensemble learning in cloud computing environment,” Simul. Model. Pract. Theory, vol. 113, p. 102391, (2021), doi: 10.1016/j.simpat.2021.102391. DOI: https://doi.org/10.1016/j.simpat.2021.102391
[7]. J. Carrillo-Mondéjar, J. L. Martínez, and G. Suarez-Tangil, “Characterizing Linux-based malware: Findings and recent trends,” Futur. Gen. Comput. Syst., vol. 110, pp. 267–281, (2020), doi: 10.1016/j.future.2020.04.031. DOI: https://doi.org/10.1016/j.future.2020.04.031
[8]. G. Pang, C. Shen, L. Cao, A. H.-A. computing surveys (CSUR), and undefined 2021, “Deep learning for anomaly detection: A review,” dl.acm.org, vol. 54, no. 2, (2020), DOI: 10.1145/3439950. DOI: https://doi.org/10.1145/3439950
[9]. L. Vu, Q. U. Nguyen, D. N. Nguyen, D. T. Hoang, and E. Dutkiewicz, “Deep Transfer Learning for IoT Attack Detection,” IEEE Access, vol. 8, pp. 107335–107344, (2020), DOI: 10.1109/ACCESS.2020.3000476. DOI: https://doi.org/10.1109/ACCESS.2020.3000476
[10]. L. Vu, V. L. Cao, Q. U. Nguyen, D. N. Nguyen, D. T. Hoang, and E. Dutkiewicz, “Learning Latent Representation for IoT Anomaly Detection,” IEEE Trans Cybern, pp. 1–14, (2020), doi: 10.1109/tcyb.2020.3013416. DOI: https://doi.org/10.1109/TCYB.2020.3013416
[11]. H. N. Nguyen, V. C. Nguyen, N. N. Tran, and V. L. Cao, “Feature Representation of AutoEncoders for Unsupervised IoT Malware Detection,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13076 LNCS, pp. 272–290, (2021), DOI: 10.1007/978-3-030-91387-8_18/COVER. DOI: https://doi.org/10.1007/978-3-030-91387-8_18
[12]. H. N. Nguyen, N. N. Tran, T. H. Hoang, and V. L. Cao, “Denoising Latent Representation with SOMs for Unsupervised IoT Malware Detection,” SN Computer Science 2022 3:6, vol. 3, no. 6, pp. 1–15, (2022), DOI: 10.1007/S42979-022-01344-1. DOI: https://doi.org/10.1007/s42979-022-01344-1
[13]. I. Goodfellow, Y. Bengio, A. Courville, and Y. Bengio, “Deep learning”, vol. 1, no. 2. MIT press Cambridge, (2016).
[14]. V. L. Cao, M. Nicolau, and J. McDermott, “Learning Neural Representations for Network Anomaly Detection,” IEEE Trans Cybern, vol. 49, no. 8, pp. 3074–3087, (2019), DOI: 10.1109/TCYB.2018.2838668. DOI: https://doi.org/10.1109/TCYB.2018.2838668
[15]. A. Chatterjee and B. S. Ahmed, “IoT anomaly detection methods and applications: A survey,” Internet of Things, vol. 19, p. 100568, (2022), doi: 10.1016/J.IOT.2022.100568. DOI: https://doi.org/10.1016/j.iot.2022.100568
[16]. Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection,” (2018), DOI: 10.14722/ndss.2018.23204. DOI: https://doi.org/10.14722/ndss.2018.23204