Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices

Unsub Shafiq and Muhammad Khuram Shahza and Muhammad Anwar Mohd Nor and Qaisar Shaheen and Muhammad Shiraz and Abdullah Gani (2022) Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices. Security and Communication Networks, 2022. p. 1. ISSN 1939-0114 (P-ISSN) , 1939-0122 (E-ISSN)

	Text Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices.ABSTRACT.pdf Download (59kB)
	Text Transfer Learning Auto-Encoder Neural Networks for Anomaly Detection of DDoS Generating IoT Devices.pdf Restricted to Registered users only Download (869kB) \| Request a copy

URL: https://www.hindawi.com/journals/scn/2022/8221351/

Abstract

Machine Learning based anomaly detection ap-proaches have long training and validation cycles. With IoT devices rapidly proliferating, training anomaly models on a per device basis is impractical. This work explores the "transfer-ability"of a pre-trained autoencoder model across devices of similar and different nature. We hypothesized that devices of similar nature would have similar high level feature character-istics represented by the initial layers of the autoencoder, while the more distinct features are captured by the innermost layer of the neural network. In our experiments, the centre-most layers of autoencoder models were re-trained with limited new data belonging to a different device. Datasets of seven Mirai infected and nine Bashlite infected IoT devices were used; each dataset also included benign records representing un-infected behaviour. We observed that the model's detection accuracy improved by an average of 9.52% for Mirai and 44.59% for Bashlite. The highest performance improvement of 26.68% and 73.00% was observed when the anomaly model of Ecobee thermostat was tested on other devices before and after transfer learning for Mirai and Bashlite respectively. Additionally, transfer learning took 47.31% and 58.27% less time for Mirai and Bashlite respectively. We further trialed the efficacy of the autoencoder based anomaly model on flow based records of network traffic using the CIC-IDS2017 dataset. It was observed that the model performed best when distinct outliers in the dataset were present, whereas the model failed to perform decently in cases where the malicious activity did not cause significant deviation in network traffic's footprint.

Item Type:	Article
Keyword:	Machine learning , IoT , DDoS
Subjects:	Q Science > QA Mathematics > QA1-939 Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science > QA76.75-76.765 Computer software
Department:	FACULTY > Faculty of Computing and Informatics
Depositing User:	DG MASNIAH AHMAD -
Date Deposited:	26 Sep 2022 08:42
Last Modified:	26 Sep 2022 08:42
URI:	https://eprints.ums.edu.my/id/eprint/34207

Actions (login required)

View Item