A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT

Kaliyaperumal, Prabu; Periyasamy, Sudhakar; Thirumalaisamy, Manikandan; Balusamy, Balamurugan; Benedetto, Francesco

doi:10.3390/fi16070253

Future Internet

2024

DOI: 10.3390/fi16070253

|View full text |Cite

A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT

Prabu Kaliyaperumal,

Sudhakar Periyasamy,

Manikandan Thirumalaisamy

et al.

Abstract: The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to network defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, infiltration, and Heartbleed. This study focuses on leveraging unsupervised learning for training detection models to counter these threats effectively. The proposed method utilizes basic autoencoder… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Unsupervised Anomaly Detection and Explanation in Network Traffic with Transformers

Kummerow,

Abrha,

Eisenbach

et al. 2024

Electronics

View full text Add to dashboard Cite

Deep learning-based autoencoders represent a promising technology for use in network-based attack detection systems. They offer significant benefits in managing unknown network traces or novel attack signatures. Specifically, in the context of critical infrastructures, such as power supply systems, AI-based intrusion detection systems must meet stringent requirements concerning model accuracy and trustworthiness. For the intrusion response, the activation of suitable countermeasures can greatly benefit from additional transparency information (e.g., attack causes). Transformers represent the state of the art for learning from sequential data and provide important model insights through the widespread use of attention mechanisms. This paper introduces a two-stage transformer-based autoencoder for learning meaningful information from network traffic at the packet and sequence level. Based on this, we present a sequential attention weight perturbation method to explain benign and malicious network packets. We evaluate our method against benchmark models and expert-based explanations using the CIC-IDS-2017 benchmark dataset. The results show promising results in terms of detecting and explaining FTP and SSH brute-force attacks, highly outperforming the results of the benchmark model.

show abstract

Unsupervised Anomaly Detection and Explanation in Network Traffic with Transformers

Kummerow,

Abrha,

Eisenbach

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

EM-AUC: A Novel Algorithm for Evaluating Anomaly Based Network Intrusion Detection Systems

Bai,

Fossaceca

2024

Sensors

View full text Add to dashboard Cite

Effective network intrusion detection using anomaly scores from unsupervised machine learning models depends on the performance of the models. Although unsupervised models do not require labels during the training and testing phases, the assessment of their performance metrics during the evaluation phase still requires comparing anomaly scores against labels. In real-world scenarios, the absence of labels in massive network datasets makes it infeasible to calculate performance metrics. Therefore, it is valuable to develop an algorithm that calculates robust performance metrics without using labels. In this paper, we propose a novel algorithm, Expectation Maximization-Area Under the Curve (EM-AUC), to derive the Area Under the ROC Curve (AUC-ROC) and the Area Under the Precision-Recall Curve (AUC-PR) by treating the unavailable labels as missing data and replacing them through their posterior probabilities. This algorithm was applied to two network intrusion datasets, yielding robust results. To the best of our knowledge, this is the first time AUC-ROC and AUC-PR, derived without labels, have been used to evaluate network intrusion detection systems. The EM-AUC algorithm enables model training, testing, and performance evaluation to proceed without comprehensive labels, offering a cost-effective and scalable solution for selecting the most effective models for network intrusion detection.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT

Cited by 2 publications

References 35 publications

Unsupervised Anomaly Detection and Explanation in Network Traffic with Transformers

Unsupervised Anomaly Detection and Explanation in Network Traffic with Transformers

EM-AUC: A Novel Algorithm for Evaluating Anomaly Based Network Intrusion Detection Systems

Contact Info

Product

Resources

About