Abstract
In recent years, neural networks-based autoencoders have gained popularity in problems of anomaly detection. Recent approaches have proposed ensembles of autoencoders to detect network intrusions. The computationally expensive ensembles of autoencoders make it challenging to be used for intrusion detection in networks of devices with lower resources, e.g., the Internet of Things, than in the cloud or data centers. To overcome this challenge, in this work, we propose, investigate and compare four methods to reduce the ensemble complexity through adaptive de-activations of autoencoders. These methods differ in their approach to select the autoencoders to de-activate (criteria-based or random) and differ when they conduct the de-activations (post-training or in-training). Extensive experiments on two recent, realistic IoT intrusion detection datasets validate the effectiveness of the proposed methods in achieving satisfactory detection performance at much lower training, re-training and inference time costs. The proposed methods shall enable scalable and efficient intrusion detection systems or services that could be deployed on-device or on-edge.
Similar content being viewed by others
References
Hou J, Qu L, Shi W (2019) A survey on internet of things security from data perspectives. Comput Netw 148:295–306
Nisioti A, Mylonas A, Yoo PD, Katos V (2018) From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun Surv Tut. https://doi.org/10.1109/COMST.2018.2854724
Mohaisen A, Kim J (2018) Securing the internet of things: a machine learning approach. www.cs.ucf.edu/~mohaisen/doc/icc18.pdf. [2018 IEEE ICC Tutorials]
Habib MA, Ahmad M, Jabbar S, Ahmed SH, Rodrigues JJPC (2018) Speeding up the internet of things: Leaiot: a lightweight encryption algorithm toward low-latency communication for the internet of things. IEEE Cons Elect Mag 7(6):31–37. https://doi.org/10.1109/MCE.2018.2851722
Grammatikis PIR, Sarigiannidis PG, Moscholios ID (2019) Securing the internet of things: challenges, threats and solutions. Intern Things 5:41–70
Kaspersky (2018) Kaspersky lab ddos intelligence quarterly report: amplification attacks and old botnets make a comeback. https://www.kaspersky.com/about/press-releases/2018-amplification-attacks-and-old-botnets. Accessed 29 Oct 2018
Restuccia F, D’Oro S, Melodia T (2018) Securing the internet of things in the age of machine learning and software-defined networking. IEEE IoT J 5(6):4829–4842. https://doi.org/10.1109/JIOT.2018.2846040
Miettinen M, Sadeghi A (2018) Keynote: internet of things or threats? On building trust in IoT. In: International conference on hardware/software codesign and system synthesis, pp 1–9
Sha K, Wei W, Yang TA, Wang Z, Shi W (2018) On security challenges and open issues in internet of things. Future Gener Comput Syst 83:326–337. https://doi.org/10.1016/j.future.2018.01.059
Osborne C, Day Z The most interesting internet-connected vehicle hacks on record. https://www.zdnet.com/article/these-are-the-most-interesting-ways-to-hack-internet-connected-vehicles/
Merzoug MA, Mostefaoui A, Kechout MH, Tamraoui S (2020) Deep learning for resource-limited devices. In: C. Li, A. Mostefaoui (eds.) Proceddings of the 16th ACM symposium on QoS and security for wireless and mobile networks. Alicante, pp 81–87. ACM . https://doi.org/10.1145/3416013.3426445
Shasha S, Mahmoud M, Mannan M, Youssef A (2018) Playing with danger: a taxonomy and evaluation of threats to smart toys. IEEE IoT J. https://doi.org/10.1109/JIOT.2018.2877749
Salameh HB, Derbas R, Aloqaily M, Boukerche A (2019) Secure routing in multi-hop iot-based cognitive radio networks under jamming attacks. In: Proceedings of the 22nd Int’l ACM conference on modeling, analysis and simulation of wireless and mobile systems. Miami Beach, pp 323–327. ACM . https://doi.org/10.1145/3345768.3355944
Merzoug MA, Mostefaoui A, Benyahia A (2019) Smart iot notification system for efficient in-city parking. In: Proceedings of the 15th ACM international symposium on QoS and security for wireless and mobile networks, Q2SWinet 2019, Miami Beach, , pp 37–42. ACM . https://doi.org/10.1145/3345837.3355954
Li J, Liang W, Xu W, Xu Z, Zhao J (2020) Maximizing the quality of user experience of using services in edge computing for delay-sensitive iot applications. In: Proceedings of the 23rd Int’l ACM conference on modeling, analysis and simulation of wireless and mobile systems, Alicante, pp 113–121. ACM. https://doi.org/10.1145/3416010.3423234
Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. In: Proceedings of the 25th annual NDSS 2018, San Diego, USA, Feb 18–21
Canedo J, Skjellum A (2016) Using machine learning to secure iot systems. In: Proceedings of the 14th annual conference on privacy, security and trust (PST), pp 219–222. https://doi.org/10.1109/PST.2016.7906930
Raza S, Wallgren L, Voigt T (2013) Svelte: real-time intrusion detection in the internet of things. Ad Hoc Netw 11(8):2661–2674
Zhang B, Yu Y, Li J (2018) Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method. In: Proceedings of the 2018 IEEE international conference on communications workshops (ICC Workshops), pp 1–6. https://doi.org/10.1109/ICCW.2018.8403759
Hinton GE, Zemel RS (1993) Autoencoders, minimum description length and helmholtz free energy. 6th Int’l Conference on Neural Information Processing Systems. NIPS’93. Morgan Kaufmann Publishers Inc., San Francisco, pp 3–10
Sakurada M, Yairi T (2014) Anomaly detection using autoencoders with nonlinear dimensionality reduction. In: Proceedings of the 2nd workshop on machine learning for sensory data analysis, MLSDA’14, pp 4:4–4:11. ACM, New York
Wei Q, Ren Y, Hou R, Shi B, Lo JY, Carin L (2018) Anomaly detection for medical images based on a one-class classification. In: Petrick N, Mori K (eds) Medical imaging 2018: computer-aided diagnosis, vol 10575. International society for optics and photonics, SPIE, pp 375–380
Zhou C, Paffenroth RC (2017) Anomaly detection with robust deep autoencoders. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. KDD ’17. ACM, New York, pp 665–674
Farahnakian F, Heikkonen J (2018) A deep auto-encoder based approach for intrusion detection system. In: Proceedings of the 2018 20th international conference on advanced communication technology (ICACT), pp 178–183 https://doi.org/10.23919/ICACT.2018.8323688
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22
Almazrouei E, Gianini G, Mio C, Almoosa N, Damiani E (2019) Using autoencoders for radio signal denoising. In: Proceedings of the 15th ACM international symposium on QoS and security for wireless and mobile networks, Miami Beach, pp 11–17. ACM. https://doi.org/10.1145/3345837.3355949
Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(56):1929–1958
Huang G, Sun Y, Liu Z, Sedra D, Weinberger KQ (2016) Deep networks with stochastic depth. In: Leibe B, Matas J, Sebe N, Welling M (eds) Computer vision-ECCV 2016. Springer, Cham, pp 646–661
Nõmm S, Bahṣi H (2018) Unsupervised anomaly based botnet detection in iot networks. In: Proceedings of the 2018 17th IEEE international conference on machine learning and application (ICMLA), pp 1048–1053. https://doi.org/10.1109/ICMLA.2018.00171
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Siddiqui, A.J., Boukerche, A. Adaptive ensembles of autoencoders for unsupervised IoT network intrusion detection. Computing 103, 1209–1232 (2021). https://doi.org/10.1007/s00607-021-00912-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-021-00912-2