Learning Latent Distribution for Distinguishing Network Traffic in Intrusion Detection System

Vu, Ly; Cao, Van Loi; Nguyen, Quang Uy; Nguyen, Diep N.; Hoang, Dinh Thai; Dutkiewicz, Eryk

doi:10.1109/icc.2019.8762015

Cited by 26 publications

(23 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The popular traditional machine learning algorithms for IoT attack detection are Decision tree (C4.5), Support Vector Machine (SVM), K-Nearest Neighbour, Bayes Classifier, Neural Networks [8], [24]. Recently, the deep learning approach is widely used and achieved high performance in detecting cyberattacks [3], [9], [15]- [17]. Among, deep learning approaches, AE-based models project the original data to a new latent representation space to improve the accuracy in detection tasks [3], [15], [16].…”

Section: Related Workmentioning

confidence: 99%

“…Recently, the deep learning approach is widely used and achieved high performance in detecting cyberattacks [3], [9], [15]- [17]. Among, deep learning approaches, AE-based models project the original data to a new latent representation space to improve the accuracy in detection tasks [3], [15], [16]. Nevertheless, to train a good machine learning model for detecting IoT attacks, it is usually required to label a huge volume of training data as normal or attack [24].…”

Section: Related Workmentioning

confidence: 99%

“…This subsection describes the structure and the training process of an AutoEncoder (AE) that is fundamental for our DTL model. The reason we develop the TL models based on AE is that these models are proved as the most effective deep neural network for IoT attack detection [2], [3], [15], [16]. Additionally, to prove the effectiveness of the proposed model, we will compare our proposed model with the previous DTL techniques that are also based on AE.…”

Section: B Autoencodersmentioning

confidence: 99%

“…The same configuration is used for all AE-based models in our experiments. This configuration is based on the AE-based models for detecting network attacks in the literature [2], [3], [15], [16]. As we integrate the SE loss term to MMD-AE, the number of neurons in the bottleneck layer is equal to the number of classes in the IoT dataset, i.e., 2 neurons in this paper.…”

Section: Hyper-parameters Settingmentioning

confidence: 99%

“…In the predicting/online phase, these models are used to detect attacks in the incoming traffic. Thanks to the capability to automatically and progressively learn useful information/features from col-lected data, machine-learning based methods can early detect various IoT attacks [3], [9], [15]- [17].…”

mentioning

confidence: 99%

See 4 more Smart Citations

Deep Transfer Learning for IoT Attack Detection

Nguyen

et al. 2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

The digital revolution has substantially changed our lives in which Internet-of-Things (IoT) plays a prominent role. The rapid development of IoT to most corners of life, however, leads to various emerging cybersecurity threats. Therefore, detecting and preventing potential attacks in IoT networks have recently attracted paramount interest from both academia and industry. Among various attack detection approaches, machine learning-based methods, especially deep learning, have demonstrated great potential thanks to their early detecting capability. However, these machine learning techniques only work well when a huge volume of data from IoT devices with label information can be collected. Nevertheless, the labeling process is usually time consuming and expensive, thus, it may not be able to adapt with quick evolving IoT attacks in reality. In this paper, we propose a novel deep transfer learning (DTL) method that allows to learn from data collected from multiple IoT devices in which not all of them are labeled. Specifically, we develop a DTL model based on two AutoEncoders (AEs). The first AE (AE 1) is trained on the source datasets (source domains) in the supervised mode using the label information and the second AE (AE 2) is trained on the target datasets (target domains) in an unsupervised manner without label information. The transfer learning process attempts to force the latent representation (the bottleneck layer) of AE 2 similarly to the latent representation of AE 1. After that, the latent representation of AE 2 is used to detect attacks in the incoming samples in the target domain. We carry out intensive experiments on nine recent IoT datasets to evaluate the performance of the proposed model. The experimental results demonstrate that the proposed DTL model significantly improves the accuracy in detecting IoT attacks compared to the baseline deep learning technique and two recent DTL approaches. INDEX TERMS Deep transfer learning, IoT, cyberattack detection, AutoEncoder. I. INTRODUCTION T HE Internet-of-Things (IoT) refers to connected devices, sensors, an actuators used in vehicles, electronic appliances, buildings, and structures. As the sensors, data storage, and the Internet become cheaper, faster, and more integrated together, IoT devices will find more and more applications [1] (e.g., in smart buildings, smart city, intelligent transportation systems, and healthcare). The rapid development of IoT to most corners of life, however, leads to various emerging cybersecurity threats. This is because IoT devices are often limited in computing capability and energy, making them particularly vulnerable to adversaries. IoT devices are more exposed to and unfortunately more difficult to be protected from cyber attacks than computers [2], [3]. Consequently, detecting attacks to protect IoT devices from malicious behaviors is critical to broadening the applications of IoT [4]-[7].

show abstract