Deep Autoencoder-Based Integrated Model for Anomaly Detection and Efficient Feature Extraction in IoT Networks
Author:
Alaghbari Khaled A.1, Lim Heng-Siong1, Saad Mohamad Hanif Md2, Yong Yik Seng1
Affiliation:
1. Faculty of Engineering and Technology, Multimedia University (MMU), Melaka 75450, Malaysia 2. Department of Mechanical & Manufacturing Engineering, Faculty of Engineering & Built Environment, Universiti Kebangsaan Malaysia (UKM), Bangi 43600, Malaysia
Abstract
The intrusion detection system (IDS) is a promising technology for ensuring security against cyber-attacks in internet-of-things networks. In conventional IDS, anomaly detection and feature extraction are performed by two different models. In this paper, we propose a new integrated model based on deep autoencoder (AE) for anomaly detection and feature extraction. Firstly, AE is trained based on normal network traffic and used later to detect anomalies. Then, the trained AE model is employed again to extract useful low-dimensional features for anomalous data without the need for a feature extraction training stage, which is required by other methods such as principal components analysis (PCA) and linear discriminant analysis (LDA). After that, the extracted features are used by a machine learning (ML) or deep learning (DL) classifier to determine the type of attack (multi-classification). The performance of the proposed unified approach was evaluated on real IoT datasets called N-BaIoT and MQTTset, which contain normal and malicious network traffics. The proposed AE was compared with other popular anomaly detection techniques such as one-class support vector machine (OC-SVM) and isolation forest (iForest), in terms of performance metrics (accuracy, precision, recall, and F1-score), and execution time. AE was found to identify attacks better than OC-SVM and iForest with fast detection time. The proposed feature extraction method aims to reduce the computation complexity while maintaining the performance metrics of the multi-classifier models as much as possible compared to their counterparts. We tested the model with different ML/DL classifiers such as decision tree, random forest, deep neural network (DNN), conventional neural network (CNN), and hybrid CNN with long short-term memory (LSTM). The experiment results showed the capability of the proposed model to simultaneously detect anomalous events and reduce the dimensionality of the data.
Funder
Multimedia University
Subject
Electrical and Electronic Engineering,Engineering (miscellaneous),Computer Science (miscellaneous)
Reference27 articles.
1. Cruz, A.R.S.A., Gomes, R.L., and Fernandez, M.P. (2021, January 14–16). An Intelligent Mechanism to Detect Cyberattacks of Mirai Botnet in IoT Networks. Proceedings of the 2021 17th International Conference on Distributed Computing in Sensor Systems (DCOSS), Pafos, Cyprus. 2. Marzano, A., Alexander, D., Fonseca, O., Fazzion, E., Hoepers, C., Jessen, K.S., Chaves, M.H., Cunha, I., Guedes, D., and Meira, W. (2018, January 25–28). The evolution of Bashlite and Mirai IoT botnets. Proceedings of the 2018 IEEE Symposium on Computers and Communications (ISCC), Natal, Brazil. 3. (2022, October 01). Mira Botnet Source Code. Available online: https://github.com/jgamblin/Mirai-Source-Code. 4. Complex event processing for physical and cyber security in datacenters—Recent progress, challenges and recommendations;Alaghbari;J. Cloud Comp.,2022 5. CNN-LSTM: Hybrid Deep Neural Network for Network Intrusion Detection System;Halbouni;IEEE Access,2022
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|