Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices
Machine Learning based anomaly detection ap-proaches have long training and validation cycles. With IoT devices rapidly proliferating, training anomaly models on a per device basis is impractical. This work explores the "transfer-ability"of a pre-trained autoencoder model across devices of...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English English |
Published: |
Hindawi Limited
2022
|
Subjects: | |
Online Access: | https://eprints.ums.edu.my/id/eprint/34207/2/Transfer%20learning%20auto-encoder%20neural%20networks%20for%20anomaly%20detection%20of%20DDoS%20generating%20IoT%20devices.ABSTRACT.pdf https://eprints.ums.edu.my/id/eprint/34207/1/Transfer%20Learning%20Auto-Encoder%20Neural%20Networks%20for%20Anomaly%20Detection%20of%20DDoS%20Generating%20IoT%20Devices.pdf |
_version_ | 1796911552658407424 |
---|---|
author | Unsub Shafiq Muhammad Khuram Shahza Muhammad Anwar Mohd Nor Qaisar Shaheen Muhammad Shiraz Abdullah Gani |
author_facet | Unsub Shafiq Muhammad Khuram Shahza Muhammad Anwar Mohd Nor Qaisar Shaheen Muhammad Shiraz Abdullah Gani |
author_sort | Unsub Shafiq |
collection | UMS |
description | Machine Learning based anomaly detection ap-proaches have long training and validation cycles. With IoT devices rapidly proliferating, training anomaly models on a per device basis is impractical. This work explores the "transfer-ability"of a pre-trained autoencoder model across devices of similar and different nature. We hypothesized that devices of similar nature would have similar high level feature character-istics represented by the initial layers of the autoencoder, while the more distinct features are captured by the innermost layer of the neural network. In our experiments, the centre-most layers of autoencoder models were re-trained with limited new data belonging to a different device. Datasets of seven Mirai infected and nine Bashlite infected IoT devices were used; each dataset also included benign records representing un-infected behaviour. We observed that the model's detection accuracy improved by an average of 9.52% for Mirai and 44.59% for Bashlite. The highest performance improvement of 26.68% and 73.00% was observed when the anomaly model of Ecobee thermostat was tested on other devices before and after transfer learning for Mirai and Bashlite respectively. Additionally, transfer learning took 47.31% and 58.27% less time for Mirai and Bashlite respectively. We further trialed the efficacy of the autoencoder based anomaly model on flow based records of network traffic using the CIC-IDS2017 dataset. It was observed that the model performed best when distinct outliers in the dataset were present, whereas the model failed to perform decently in cases where the malicious activity did not cause significant deviation in network traffic's footprint. |
first_indexed | 2024-03-06T03:20:21Z |
format | Article |
id | ums.eprints-34207 |
institution | Universiti Malaysia Sabah |
language | English English |
last_indexed | 2024-03-06T03:20:21Z |
publishDate | 2022 |
publisher | Hindawi Limited |
record_format | dspace |
spelling | ums.eprints-342072022-09-26T00:42:07Z https://eprints.ums.edu.my/id/eprint/34207/ Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices Unsub Shafiq Muhammad Khuram Shahza Muhammad Anwar Mohd Nor Qaisar Shaheen Muhammad Shiraz Abdullah Gani QA76.75-76.765 Computer software Machine Learning based anomaly detection ap-proaches have long training and validation cycles. With IoT devices rapidly proliferating, training anomaly models on a per device basis is impractical. This work explores the "transfer-ability"of a pre-trained autoencoder model across devices of similar and different nature. We hypothesized that devices of similar nature would have similar high level feature character-istics represented by the initial layers of the autoencoder, while the more distinct features are captured by the innermost layer of the neural network. In our experiments, the centre-most layers of autoencoder models were re-trained with limited new data belonging to a different device. Datasets of seven Mirai infected and nine Bashlite infected IoT devices were used; each dataset also included benign records representing un-infected behaviour. We observed that the model's detection accuracy improved by an average of 9.52% for Mirai and 44.59% for Bashlite. The highest performance improvement of 26.68% and 73.00% was observed when the anomaly model of Ecobee thermostat was tested on other devices before and after transfer learning for Mirai and Bashlite respectively. Additionally, transfer learning took 47.31% and 58.27% less time for Mirai and Bashlite respectively. We further trialed the efficacy of the autoencoder based anomaly model on flow based records of network traffic using the CIC-IDS2017 dataset. It was observed that the model performed best when distinct outliers in the dataset were present, whereas the model failed to perform decently in cases where the malicious activity did not cause significant deviation in network traffic's footprint. Hindawi Limited 2022-05-09 Article PeerReviewed text en https://eprints.ums.edu.my/id/eprint/34207/2/Transfer%20learning%20auto-encoder%20neural%20networks%20for%20anomaly%20detection%20of%20DDoS%20generating%20IoT%20devices.ABSTRACT.pdf text en https://eprints.ums.edu.my/id/eprint/34207/1/Transfer%20Learning%20Auto-Encoder%20Neural%20Networks%20for%20Anomaly%20Detection%20of%20DDoS%20Generating%20IoT%20Devices.pdf Unsub Shafiq and Muhammad Khuram Shahza and Muhammad Anwar Mohd Nor and Qaisar Shaheen and Muhammad Shiraz and Abdullah Gani (2022) Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices. Security and Communication Networks, 2022. p. 1. ISSN 1939-0114 (P-ISSN) , 1939-0122 (E-ISSN) https://www.hindawi.com/journals/scn/2022/8221351/ https://doi.org/10.1155/2022/8221351 https://doi.org/10.1155/2022/8221351 |
spellingShingle | QA76.75-76.765 Computer software Unsub Shafiq Muhammad Khuram Shahza Muhammad Anwar Mohd Nor Qaisar Shaheen Muhammad Shiraz Abdullah Gani Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices |
title | Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices |
title_full | Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices |
title_fullStr | Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices |
title_full_unstemmed | Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices |
title_short | Transfer learning auto-encoder neural networks for anomaly detection of DDoS generating IoT devices |
title_sort | transfer learning auto encoder neural networks for anomaly detection of ddos generating iot devices |
topic | QA76.75-76.765 Computer software |
url | https://eprints.ums.edu.my/id/eprint/34207/2/Transfer%20learning%20auto-encoder%20neural%20networks%20for%20anomaly%20detection%20of%20DDoS%20generating%20IoT%20devices.ABSTRACT.pdf https://eprints.ums.edu.my/id/eprint/34207/1/Transfer%20Learning%20Auto-Encoder%20Neural%20Networks%20for%20Anomaly%20Detection%20of%20DDoS%20Generating%20IoT%20Devices.pdf |
work_keys_str_mv | AT unsubshafiq transferlearningautoencoderneuralnetworksforanomalydetectionofddosgeneratingiotdevices AT muhammadkhuramshahza transferlearningautoencoderneuralnetworksforanomalydetectionofddosgeneratingiotdevices AT muhammadanwarmohdnor transferlearningautoencoderneuralnetworksforanomalydetectionofddosgeneratingiotdevices AT qaisarshaheen transferlearningautoencoderneuralnetworksforanomalydetectionofddosgeneratingiotdevices AT muhammadshiraz transferlearningautoencoderneuralnetworksforanomalydetectionofddosgeneratingiotdevices AT abdullahgani transferlearningautoencoderneuralnetworksforanomalydetectionofddosgeneratingiotdevices |