Adaptive ensembles of autoencoders for unsupervised IoT network intrusion detection

Abstract

In recent years, neural networks-based autoencoders have gained popularity in problems of anomaly detection. Recent approaches have proposed ensembles of autoencoders to detect network intrusions. The computationally expensive ensembles of autoencoders make it challenging to be used for intrusion detection in networks of devices with lower resources, e.g., the Internet of Things, than in the cloud or data centers. To overcome this challenge, in this work, we propose, investigate and compare four methods to reduce the ensemble complexity through adaptive de-activations of autoencoders. These methods differ in their approach to select the autoencoders to de-activate (criteria-based or random) and differ when they conduct the de-activations (post-training or in-training). Extensive experiments on two recent, realistic IoT intrusion detection datasets validate the effectiveness of the proposed methods in achieving satisfactory detection performance at much lower training, re-training and inference time costs. The proposed methods shall enable scalable and efficient intrusion detection systems or services that could be deployed on-device or on-edge.

References

1. 1.

   Hou J, Qu L, Shi W (2019) A survey on internet of things security from data perspectives. Comput Netw 148:295–306

2. 2.

   Nisioti A, Mylonas A, Yoo PD, Katos V (2018) From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun Surv Tut. https://doi.org/10.1109/COMST.2018.2854724

3. 3.

   Mohaisen A, Kim J (2018) Securing the internet of things: a machine learning approach. www.cs.ucf.edu/~mohaisen/doc/icc18.pdf. [2018 IEEE ICC Tutorials]

4. 4.

   Habib MA, Ahmad M, Jabbar S, Ahmed SH, Rodrigues JJPC (2018) Speeding up the internet of things: Leaiot: a lightweight encryption algorithm toward low-latency communication for the internet of things. IEEE Cons Elect Mag 7(6):31–37. https://doi.org/10.1109/MCE.2018.2851722

5. 5.

   Grammatikis PIR, Sarigiannidis PG, Moscholios ID (2019) Securing the internet of things: challenges, threats and solutions. Intern Things 5:41–70

6. 6.

   Kaspersky (2018) Kaspersky lab ddos intelligence quarterly report: amplification attacks and old botnets make a comeback. https://www.kaspersky.com/about/press-releases/2018-amplification-attacks-and-old-botnets. Accessed 29 Oct 2018

7. 7.

   Restuccia F, D’Oro S, Melodia T (2018) Securing the internet of things in the age of machine learning and software-defined networking. IEEE IoT J 5(6):4829–4842. https://doi.org/10.1109/JIOT.2018.2846040

8. 8.

   Miettinen M, Sadeghi A (2018) Keynote: internet of things or threats? On building trust in IoT. In: International conference on hardware/software codesign and system synthesis, pp 1–9

9. 9.

   Sha K, Wei W, Yang TA, Wang Z, Shi W (2018) On security challenges and open issues in internet of things. Future Gener Comput Syst 83:326–337. https://doi.org/10.1016/j.future.2018.01.059

10. 10.

    Osborne C, Day Z The most interesting internet-connected vehicle hacks on record. https://www.zdnet.com/article/these-are-the-most-interesting-ways-to-hack-internet-connected-vehicles/

11. 11.

    Merzoug MA, Mostefaoui A, Kechout MH, Tamraoui S (2020) Deep learning for resource-limited devices. In: C. Li, A. Mostefaoui (eds.) Proceddings of the 16th ACM symposium on QoS and security for wireless and mobile networks. Alicante, pp 81–87. ACM . https://doi.org/10.1145/3416013.3426445

12. 12.

    Shasha S, Mahmoud M, Mannan M, Youssef A (2018) Playing with danger: a taxonomy and evaluation of threats to smart toys. IEEE IoT J. https://doi.org/10.1109/JIOT.2018.2877749

13. 13.

    Salameh HB, Derbas R, Aloqaily M, Boukerche A (2019) Secure routing in multi-hop iot-based cognitive radio networks under jamming attacks. In: Proceedings of the 22nd Int’l ACM conference on modeling, analysis and simulation of wireless and mobile systems. Miami Beach, pp 323–327. ACM . https://doi.org/10.1145/3345768.3355944

14. 14.

    Merzoug MA, Mostefaoui A, Benyahia A (2019) Smart iot notification system for efficient in-city parking. In: Proceedings of the 15th ACM international symposium on QoS and security for wireless and mobile networks, Q2SWinet 2019, Miami Beach, , pp 37–42. ACM . https://doi.org/10.1145/3345837.3355954

15. 15.

    Li J, Liang W, Xu W, Xu Z, Zhao J (2020) Maximizing the quality of user experience of using services in edge computing for delay-sensitive iot applications. In: Proceedings of the 23rd Int’l ACM conference on modeling, analysis and simulation of wireless and mobile systems, Alicante, pp 113–121. ACM. https://doi.org/10.1145/3416010.3423234

16. 16.

    Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Proceedings of the 25th annual NDSS 2018, San Diego, USA, Feb 18–21

17. 17.

    Canedo J, Skjellum A (2016) Using machine learning to secure iot systems. In: Proceedings of the 14th annual conference on privacy, security and trust (PST), pp 219–222. https://doi.org/10.1109/PST.2016.7906930

18. 18.

    Raza S, Wallgren L, Voigt T (2013) Svelte: real-time intrusion detection in the internet of things. Ad Hoc Netw 11(8):2661–2674

19. 19.

    Zhang B, Yu Y, Li J (2018) Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method. In: Proceedings of the 2018 IEEE international conference on communications workshops (ICC Workshops), pp 1–6. https://doi.org/10.1109/ICCW.2018.8403759

20. 20.

    Hinton GE, Zemel RS (1993) Autoencoders, minimum description length and helmholtz free energy. 6th Int’l Conference on Neural Information Processing Systems. NIPS’93. Morgan Kaufmann Publishers Inc., San Francisco, pp 3–10

21. 21.

    Sakurada M, Yairi T (2014) Anomaly detection using autoencoders with nonlinear dimensionality reduction. In: Proceedings of the 2nd workshop on machine learning for sensory data analysis, MLSDA’14, pp 4:4–4:11. ACM, New York

22. 22.

    Wei Q, Ren Y, Hou R, Shi B, Lo JY, Carin L (2018) Anomaly detection for medical images based on a one-class classification. In: Petrick N, Mori K (eds) Medical imaging 2018: computer-aided diagnosis, vol 10575. International society for optics and photonics, SPIE, pp 375–380

23. 23.

    Zhou C, Paffenroth RC (2017) Anomaly detection with robust deep autoencoders. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. KDD ’17. ACM, New York, pp 665–674

24. 24.

    Farahnakian F, Heikkonen J (2018) A deep auto-encoder based approach for intrusion detection system. In: Proceedings of the 2018 20th international conference on advanced communication technology (ICACT), pp 178–183 https://doi.org/10.23919/ICACT.2018.8323688

25. 25.

    Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22

26. 26.

    Almazrouei E, Gianini G, Mio C, Almoosa N, Damiani E (2019) Using autoencoders for radio signal denoising. In: Proceedings of the 15th ACM international symposium on QoS and security for wireless and mobile networks, Miami Beach, pp 11–17. ACM. https://doi.org/10.1145/3345837.3355949

27. 27.

    Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(56):1929–1958

28. 28.

    Huang G, Sun Y, Liu Z, Sedra D, Weinberger KQ (2016) Deep networks with stochastic depth. In: Leibe B, Matas J, Sebe N, Welling M (eds) Computer vision-ECCV 2016. Springer, Cham, pp 646–661

29. 29.

    Nõmm S, Bahṣi H (2018) Unsupervised anomaly based botnet detection in iot networks. In: Proceedings of the 2018 17th IEEE international conference on machine learning and application (ICMLA), pp 1048–1053. https://doi.org/10.1109/ICMLA.2018.00171