Network Attack Classification with a Shallow Neural Network for Internet and Internet of Things (IoT) Traffic-Reference-Cited by-同舟云学术

Network Attack Classification with a Shallow Neural Network for Internet and Internet of Things (IoT) Traffic

Published:2024-08-21 Issue:16 Volume:13 Page:3318
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Ehmer Jörg¹^ORCID,Savaria Yvon¹^ORCID,Granado Bertrand²^ORCID,David Jean-Pierre¹^ORCID,Denoulet Julien²^ORCID

Affiliation:

1. Electrical Engineering Department, Ecole Polytechnique, Montréal, QC H3T 1J4, Canada

2. Campus Pierre et Marie Curie, Sorbonne Université, CNRS, LIP6, F-75005 Paris, France

Abstract

In recent years, there has been a tremendous increase in the use of connected devices as part of the so-called Internet of Things (IoT), both in private spaces and the industry. Integrated distributed systems have shown many benefits compared to isolated devices. However, exposing industrial infrastructure to the global Internet also generates security challenges that need to be addressed to benefit from tighter systems integration and reduced reaction times. Machine learning algorithms have demonstrated their capacity to detect sophisticated cyber attack patterns. However, they often consume significant amounts of memory, computing resources, and scarce energy. Furthermore, their training relies on the availability of datasets that accurately represent real-world data traffic subject to cyber attacks. Network attacks are relatively rare events, as is reflected in the distribution of typical training datasets. Such imbalanced datasets can bias the training of a neural network and prevent it from successfully detecting underrepresented attack samples, generally known as the problem of imbalanced learning. This paper presents a shallow neural network comprising only 110 ReLU-activated artificial neurons capable of detecting representative attacks observed on a communication network. To enable the training of such small neural networks, we propose an improved attack-sharing loss function to cope with imbalanced learning. We demonstrate that our proposed solution can detect network attacks with an F1 score above 99% for various attacks found in current intrusion detection system datasets, focusing on IoT device communication. We further show that our solution can reduce the false negative detection rate of our proposed shallow network and thus further improve network security while enabling processing at line rate in low-complexity network intrusion systems.

Funder

NSERC Kaloom-Intel-Noviflow Industrial Chair of Professor Savaria

Polytechnique Montreal

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-9292/13/16/3318/pdf

Reference30 articles.

1. Barberio, M., Colella, M., Figliola, A., and Battisti, A. (2024). The Corona Decade: The Transition to the Age of Hyper-Connectivity and the Fourth Industrial Revolution. Architecture and Design for Industry 4.0: Theory and Practice, Springer International Publishing.

2. Cyber threats: Taxonomy, impact, policies, and way forward;Malik;KSII Trans. Internet Inf. Syst.,2022

3. Systematic literature review on intrusion detection systems: Research trends, algorithms, methods, datasets, and limitations;Issa;J. Intell. Syst.,2024

4. Pereira, F., Burges, C., Bottou, L., and Weinberger, K. (2012). ImageNet Classification with Deep Convolutional Neural Networks. Proceedings of the Advances in Neural Information Processing Systems, Curran Associates, Inc.

5. Gu, J., Zhu, M., Zhou, Z., Zhang, F., Lin, Z., Zhang, Q., and Breternitz, M. (2014, January 25–26). Implementation and evaluation of deep neural networks (DNN) on mainstream heterogeneous systems. the Proceedings of the 5th Asia-Pacific Workshop on Systems, APSys’14, Beijing, China.