Malware Traffic Classification Using Domain Adaptation and Ladder Network for Secure Industrial Internet of Things

Ning, Jinhui; Gui, Guan; Wang, Yu; Yang, Jie; Adebisi, Bamidele; Ci, Song; Gacanin, Haris; Adachi, Fumiyuki

doi:10.1109/jiot.2021.3131981

Cited by 36 publications

(14 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hu et al, [36] proposed a deep subdomain adaptation network with attention mechanism (DSAN-AT), which utilised the local MMD to boost the prediction accuracy and an attention mechanism to prevent overly long convergence time. To circumvent the labour-intensive dataset collection process, Ning et al, [37] proposed a knowledge transfer (KT) ConvLaddernet to work under a semi-supervised setting, i.e., transfer knowledge from a small-scale source domain to facilitate intrusion detection of the target domain. Although previous DA-based methods have been applied to perform intrusion detection, they failed to jointly consider the implicit categorical and explicit distance semantics during knowledge transfer, which may hinder their effectiveness.…”

Section: Domain Adaptation-based Intrusion Detectionmentioning

confidence: 99%

“…Note that when used as source II domain, the amount of data is 1/6 − 1/2 of the amount of source NI data to reflect the reality that IoT intrusion data is scarcer than network intrusion data. Besides, under the semi-supervised setting, we follow [1], [34], [37] to vary the n T L : n T U ratio among 1 : 2, 1 : 10 and 1 : 50, i.e., the amount of unlabelled target II data is much higher than the amount of labelled target II data. Each record in the dataset is represented using 46 features.…”

Section: A Dataset and Setupmentioning

confidence: 99%

“…To verify the effectiveness of methods under varied n T L : n T U ratios, especially under the extreme case where the amount of unlabelled target II domain data is significantly higher than the amount of labelled target II domain instances, 6 tasks are randomly selected with the n T L : n T U ratio varied between 1 : 2 and 1 : 50. Following [1], [34], [37], the 1 : 50 case is sufficient to represent an extremely label-scarce scenario. As shown in Table II and III, the JSTN outperforms all baseline methods by a large margin.…”

Section: B Performance Evaluationmentioning

confidence: 99%

See 2 more Smart Citations

Joint Semantic Transfer Network for IoT Intrusion Detection

Wang

Xie

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

In this paper, we propose a Joint Semantic Transfer Network (JSTN) towards effective intrusion detection for large-scale scarcely labelled IoT domain. As a multi-source heterogeneous domain adaptation (MS-HDA) method, the JSTN integrates a knowledge rich network intrusion (NI) domain and another small-scale IoT intrusion (II) domain as source domains, and preserves intrinsic semantic properties to assist target II domain intrusion detection. The JSTN jointly transfers the following three semantics to learn a domain-invariant and discriminative feature representation. The scenario semantic endows source NI and II domain with characteristics from each other to ease the knowledge transfer process via a confused domain discriminator and categorical distribution knowledge preservation. It also reduces the source-target discrepancy to make the shared feature space domain-invariant. Meanwhile, the weighted implicit semantic transfer boosts discriminability via a fine-grained knowledge preservation, which transfers the source categorical distribution to the target domain. The source-target divergence guides the importance weighting during knowledge preservation to reflect the degree of knowledge learning. Additionally, the hierarchical explicit semantic alignment performs centroid-level and representative-level alignment with the help of a geometric similarity-aware pseudo-label refiner, which exploits the value of unlabelled target II domain and explicitly aligns feature representations from a global and local perspective in a concentrated manner. Comprehensive experiments on various tasks verify the superiority of the JSTN against state-of-the-art comparing methods, on average a 10.3% of accuracy boost is achieved. The statistical soundness of each constituting component and the computational efficiency are also verified.

show abstract

Section: Domain Adaptation-based Intrusion Detectionmentioning

confidence: 99%

Section: A Dataset and Setupmentioning

confidence: 99%

Section: B Performance Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

Joint Semantic Transfer Network for IoT Intrusion Detection

Wang

Xie

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

show abstract

“…Especially after the emergence of deep learning, it no longer relies on manual extraction of traffic characteristics, which saves a lot of manpower and material resources and has strong scalability. e traffic recognition technology based on deep learning will be the focus and mainstream of future research, such as [23,24]. e development of adversarial machine learning provides opportunities for traffic obfuscation technology.…”

Section: Related Workmentioning

confidence: 99%

Network Traffic Obfuscation against Traffic Classification

Liu

Shi³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, tremendous progress has been made in network traffic classification and its use has become ubiquitous in many emerging applications, such as Internet censorship in many countries and ISP traffic engineering. However, the traffic analysis of intermediaries brings the risk of privacy disclosure to users. This paper presents a network traffic obfuscation technology to resist traffic classification. It deceives the machine learning and deep learning models by generating adversarial samples. The adversarial samples generation algorithm includes a white-box attack algorithm based on fuzzy strategy and a black-box attack algorithm based on smote data enhancement. Experiments based on the ISCXTor2016 public data set show that the MIM algorithm has the best performance in white-box attacks, and the obfuscation success rate of DNN and LSTM models is 90%. In the black-box attack, the obfuscation effect of LSTM is the best, while CNN has stronger robustness.

show abstract

“…By achieving domaininvariant alignment, the transferred intrusion knowledge can facilitate more accurate IID. For instance, Ning [5] presented a Laddernet-based DA solution to improve the intrusion classification accuracy and secure the industrial IoT infrastructures. Hu [6] studied a deep subdomain adaptation network with attention mechanism and focused on distribution alignment between domains via local maximum mean discrepancy.…”

Section: Introductionmentioning

confidence: 99%

Heterogeneous Domain Adaptation for IoT Intrusion Detection: A Geometric Graph Alignment Approach

Wu¹,

Hao²,

Wang³

et al. 2023

Preprint

View full text Add to dashboard Cite

Data scarcity hinders the usability of datadependent algorithms when tackling IoT intrusion detection (IID). To address this, we utilise the data rich network intrusion detection (NID) domain to facilitate more accurate intrusion detection for IID domains. In this paper, a Geometric Graph Alignment (GGA) approach is leveraged to mask the geometric heterogeneities between domains for better intrusion knowledge transfer. Specifically, each intrusion domain is formulated as a graph where vertices and edges represent intrusion categories and category-wise interrelationships, respectively. The overall shape is preserved via a confused discriminator incapable to identify adjacency matrices between different intrusion domain graphs. A rotation avoidance mechanism and a centre point matching mechanism is used to avoid graph misalignment due to rotation and symmetry, respectively. Besides, categorywise semantic knowledge is transferred to act as vertex-level alignment. To exploit the target data, a pseudo-label election mechanism that jointly considers network prediction, geometric property and neighbourhood information is used to produce finegrained pseudo-label assignment. Upon aligning the intrusion graphs geometrically from different granularities, the transferred intrusion knowledge can boost IID performance. Comprehensive experiments on several intrusion datasets demonstrate state-ofthe-art performance of the GGA approach and validate the usefulness of GGA constituting components.

show abstract

Malware Traffic Classification Using Domain Adaptation and Ladder Network for Secure Industrial Internet of Things

Cited by 36 publications

References 40 publications

Joint Semantic Transfer Network for IoT Intrusion Detection

Joint Semantic Transfer Network for IoT Intrusion Detection

Network Traffic Obfuscation against Traffic Classification

Heterogeneous Domain Adaptation for IoT Intrusion Detection: A Geometric Graph Alignment Approach

Contact Info

Product

Resources

About