Learning Latent Representation with Limited Labels for IoT Anomaly Detection
DOI:
https://doi.org/10.54654/isj.v3i20.986Keywords:
AutoEncoder, semi-supervised, latent representation, IoT, malware detectionTóm tắt
Abstract— Malware detection is a critical challenge in the current era, especially for IoT devices. Previous studies have applied analytic techniques to reduce data size and extract valuable information. However, most of these studies count on a considerable quantity of outliers to perform anomaly detection. In this paper, we propose an enhanced method (named FeaWAD*) that improves the data encoding strategy based on the FeaWAD network [1]. These models require only a small fraction of anomalies for training. We evaluate the FeaWAD* method on the N-BaIoT dataset with various test scenarios for detecting known attacks as well as unknown future attacks. The experimental results demonstrate that the FeaWAD* method outperforms the original model FeaWAD and other popular anomaly detection methods such as Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine. We also measure the time-based effectiveness of the model to assess its practical applicability.
Downloads
References
Y. Zhou, X. Song, Y. Zhang, F. Liu, C. Zhu, and L. Liu, “Feature Encoding with AutoEncoders for Weakly-supervised Anomaly Detection,” IEEE Trans Neural Netw Learn Syst, vol. 33, no. 6, pp. 2454–2465, May 2021, doi: 10.1109/TNNLS.2021.3086137.
A. E. Omolara et al., “The internet of things security: A survey encompassing unexplored areas and new insights,” Comput Secur, vol. 112, p. 102494, Jan. 2022, doi: 10.1016/J.COSE.2021.102494.
D. T. Son, N. T. K. Tram, and P. M. Hieu, “Deep Learning Techniques to Detect Botnet,” Journal of Science and Technology on Information security, vol. 1, no. 15, pp. 85–91, Jun. 2022, doi: 10.54654/ISJ.V1I15.846.
N. Hung, Đ. Mai, N. T.-J. of S. and T. on, and undefined 2023, “Network attack classification framework based on Autoencoder model and online stream analysis technology,” isj.vn, Accessed: Sep. 26, 2023. [Online]. Available: https://isj.vn/index.php/journal_STIS/article/view/938
J. Liu et al., “Deep anomaly detection in packet payload,” Neurocomputing, vol. 485, pp. 205–218, May 2022, doi: 10.1016/J.NEUCOM.2021.01.146.
C. Qiu, T. Pfrommer, M. Kloft, S. Mandt, and M. Rudolph, “Neural Transformation Learning for Deep Anomaly Detection Beyond Images.” PMLR, pp. 8703–8714, Jul. 01, 2021. Accessed: Sep. 14, 2023. [Online]. Available: https://proceedings.mlr.press/v139/qiu21a.html
V. L. Cao, M. Nicolau, and J. McDermott, “Learning Neural Representations for Network Anomaly Detection,” IEEE Trans Cybern, vol. 49, no. 8, pp. 3074–3087, Aug. 2019, doi: 10.1109/TCYB.2018.2838668.
H. N. Nguyen, N. N. Tran, T. H. Hoang, and V. L. Cao, “Denoising Latent Representation with SOMs for Unsupervised IoT Malware Detection,” SN Computer Science 2022 3:6, vol. 3, no. 6, pp. 1–15, Sep. 2022, doi: 10.1007/S42979-022-01344-1.
G. Pang, C. Shen, and A. Van Den Hengel, “Deep anomaly detection with deviation networks,” Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 353–362, Jul. 2019, doi: 10.1145/3292500.3330871.
L. Ruff et al., “DEEP SEMI-SUPERVISED ANOMALY DETECTION,” in 8th International Conference on Learning Representations, ICLR 2020, 2020.
T. Shenkar and L. Wolf, “ANOMALY DETECTION FOR TABULAR DATA WITH INTERNAL CONTRASTIVE LEARNING,” in ICLR 2022 - 10th International Conference on Learning Representations, 2022.
N. T. Dung, N. V. Quân, and N. V. Hùng, “Application of deep learning model in network reconnaissance attack detection,” Journal of Science and Technology on Information security, vol. 2, no. 16, pp. 60–72, Feb. 2022, doi: 10.54654/ISJ.V1I16.922.
B. Zong et al., “Deep autoencoding Gaussian mixture model for unsupervised anomaly detection,” in 6th International Conference on Learning Representations, ICLR 2018 - Conference Track Proceedings, 2018.
G. Pang, L. Chen, L. Cao, and H. Liu, “Learning representations of ultrahigh-dimensional data for random distance-based outlier detection,” Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 2041–2050, Jul. 2018, doi: 10.1145/3219819.3220042.
C. Zhou and R. C. Paffenroth, “Anomaly detection with robust deep autoencoders,” Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, vol. Part F129685, pp. 665–674, Aug. 2017, doi: 10.1145/3097983.3098052.
H. Xu et al., “Unsupervised Anomaly Detection via Variational Auto-Encoder for Seasonal KPIs in Web Applications,” The Web Conference 2018 - Proceedings of the World Wide Web Conference, WWW 2018, pp. 187–196, Apr. 2018, doi: 10.1145/3178876.3185996.
M. A. Siddiqui, R. Wright, A. Fern, A. Theriault, T. G. Dietterich, and D. W. Archer, “Feedback-guided anomaly discovery via online optimization,” Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 2200–2209, Jul. 2018, doi: 10.1145/3219819.3220083.
L. Ruff et al., “Deep one-class classification,” in 35th International Conference on Machine Learning, ICML 2018, 2018.
Y. Meidan et al., “N-baiot—network-based detection of iot botnet attacks using deep autoencoders,” IEEE Pervasive Comput, vol. 17, no. 3, pp. 12–22, 2018.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).