Adaptive ensembles of autoencoders for unsupervised IoT network intrusion detection


In recent years, neural networks-based autoencoders have gained popularity in problems of anomaly detection. Recent approaches have proposed ensembles of autoencoders to detect network intrusions. The computationally expensive ensembles of autoencoders make it challenging to be used for intrusion detection in networks of devices with lower resources, e.g., the Internet of Things, than in the cloud or data centers. To overcome this challenge, in this work, we propose, investigate and compare four methods to reduce the ensemble complexity through adaptive de-activations of autoencoders. These methods differ in their approach to select the autoencoders to de-activate (criteria-based or random) and differ when they conduct the de-activations (post-training or in-training). Extensive experiments on two recent, realistic IoT intrusion detection datasets validate the effectiveness of the proposed methods in achieving satisfactory detection performance at much lower training, re-training and inference time costs. The proposed methods shall enable scalable and efficient intrusion detection systems or services that could be deployed on-device or on-edge.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15


  1. 1.

    Hou J, Qu L, Shi W (2019) A survey on internet of things security from data perspectives. Comput Netw 148:295–306

    Article  Google Scholar 

  2. 2.

    Nisioti A, Mylonas A, Yoo PD, Katos V (2018) From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun Surv Tut.

    Article  Google Scholar 

  3. 3.

    Mohaisen A, Kim J (2018) Securing the internet of things: a machine learning approach. [2018 IEEE ICC Tutorials]

  4. 4.

    Habib MA, Ahmad M, Jabbar S, Ahmed SH, Rodrigues JJPC (2018) Speeding up the internet of things: Leaiot: a lightweight encryption algorithm toward low-latency communication for the internet of things. IEEE Cons Elect Mag 7(6):31–37.

    Article  Google Scholar 

  5. 5.

    Grammatikis PIR, Sarigiannidis PG, Moscholios ID (2019) Securing the internet of things: challenges, threats and solutions. Intern Things 5:41–70

    Article  Google Scholar 

  6. 6.

    Kaspersky (2018) Kaspersky lab ddos intelligence quarterly report: amplification attacks and old botnets make a comeback. Accessed 29 Oct 2018

  7. 7.

    Restuccia F, D’Oro S, Melodia T (2018) Securing the internet of things in the age of machine learning and software-defined networking. IEEE IoT J 5(6):4829–4842.

    Article  Google Scholar 

  8. 8.

    Miettinen M, Sadeghi A (2018) Keynote: internet of things or threats? On building trust in IoT. In: International conference on hardware/software codesign and system synthesis, pp 1–9

  9. 9.

    Sha K, Wei W, Yang TA, Wang Z, Shi W (2018) On security challenges and open issues in internet of things. Future Gener Comput Syst 83:326–337.

    Article  Google Scholar 

  10. 10.

    Osborne C, Day Z The most interesting internet-connected vehicle hacks on record.

  11. 11.

    Merzoug MA, Mostefaoui A, Kechout MH, Tamraoui S (2020) Deep learning for resource-limited devices. In: C. Li, A. Mostefaoui (eds.) Proceddings of the 16th ACM symposium on QoS and security for wireless and mobile networks. Alicante, pp 81–87. ACM .

  12. 12.

    Shasha S, Mahmoud M, Mannan M, Youssef A (2018) Playing with danger: a taxonomy and evaluation of threats to smart toys. IEEE IoT J.

    Article  Google Scholar 

  13. 13.

    Salameh HB, Derbas R, Aloqaily M, Boukerche A (2019) Secure routing in multi-hop iot-based cognitive radio networks under jamming attacks. In: Proceedings of the 22nd Int’l ACM conference on modeling, analysis and simulation of wireless and mobile systems. Miami Beach, pp 323–327. ACM .

  14. 14.

    Merzoug MA, Mostefaoui A, Benyahia A (2019) Smart iot notification system for efficient in-city parking. In: Proceedings of the 15th ACM international symposium on QoS and security for wireless and mobile networks, Q2SWinet 2019, Miami Beach, , pp 37–42. ACM .

  15. 15.

    Li J, Liang W, Xu W, Xu Z, Zhao J (2020) Maximizing the quality of user experience of using services in edge computing for delay-sensitive iot applications. In: Proceedings of the 23rd Int’l ACM conference on modeling, analysis and simulation of wireless and mobile systems, Alicante, pp 113–121. ACM.

  16. 16.

    Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Proceedings of the 25th annual NDSS 2018, San Diego, USA, Feb 18–21

  17. 17.

    Canedo J, Skjellum A (2016) Using machine learning to secure iot systems. In: Proceedings of the 14th annual conference on privacy, security and trust (PST), pp 219–222.

  18. 18.

    Raza S, Wallgren L, Voigt T (2013) Svelte: real-time intrusion detection in the internet of things. Ad Hoc Netw 11(8):2661–2674

    Article  Google Scholar 

  19. 19.

    Zhang B, Yu Y, Li J (2018) Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method. In: Proceedings of the 2018 IEEE international conference on communications workshops (ICC Workshops), pp 1–6.

  20. 20.

    Hinton GE, Zemel RS (1993) Autoencoders, minimum description length and helmholtz free energy. 6th Int’l Conference on Neural Information Processing Systems. NIPS’93. Morgan Kaufmann Publishers Inc., San Francisco, pp 3–10

  21. 21.

    Sakurada M, Yairi T (2014) Anomaly detection using autoencoders with nonlinear dimensionality reduction. In: Proceedings of the 2nd workshop on machine learning for sensory data analysis, MLSDA’14, pp 4:4–4:11. ACM, New York

  22. 22.

    Wei Q, Ren Y, Hou R, Shi B, Lo JY, Carin L (2018) Anomaly detection for medical images based on a one-class classification. In: Petrick N, Mori K (eds) Medical imaging 2018: computer-aided diagnosis, vol 10575. International society for optics and photonics, SPIE, pp 375–380

  23. 23.

    Zhou C, Paffenroth RC (2017) Anomaly detection with robust deep autoencoders. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. KDD ’17. ACM, New York, pp 665–674

  24. 24.

    Farahnakian F, Heikkonen J (2018) A deep auto-encoder based approach for intrusion detection system. In: Proceedings of the 2018 20th international conference on advanced communication technology (ICACT), pp 178–183

  25. 25.

    Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22

    Article  Google Scholar 

  26. 26.

    Almazrouei E, Gianini G, Mio C, Almoosa N, Damiani E (2019) Using autoencoders for radio signal denoising. In: Proceedings of the 15th ACM international symposium on QoS and security for wireless and mobile networks, Miami Beach, pp 11–17. ACM.

  27. 27.

    Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(56):1929–1958

    MathSciNet  MATH  Google Scholar 

  28. 28.

    Huang G, Sun Y, Liu Z, Sedra D, Weinberger KQ (2016) Deep networks with stochastic depth. In: Leibe B, Matas J, Sebe N, Welling M (eds) Computer vision-ECCV 2016. Springer, Cham, pp 646–661

    Google Scholar 

  29. 29.

    Nõmm S, Bahṣi H (2018) Unsupervised anomaly based botnet detection in iot networks. In: Proceedings of the 2018 17th IEEE international conference on machine learning and application (ICMLA), pp 1048–1053.

Download references

Author information



Corresponding author

Correspondence to Abdul Jabbar Siddiqui.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Siddiqui, A.J., Boukerche, A. Adaptive ensembles of autoencoders for unsupervised IoT network intrusion detection. Computing (2021).

Download citation


  • Intrusion detection
  • Anomaly detection
  • Autoencoders
  • Internet of things security
  • Security services

Mathematics Subject Classification

  • 68T07
  • 68M25
  • 68M11