Abstract
The feature representation of AutoEncoders (AEs) has been widely used for unsupervised learning, particularly in cybersecurity domain, and demonstrated promising performance. However, deeply investigations of the feature learner for the task of IoT attack detection in unsupervised learning have not been carried out yet. In this paper, we study the feature representation of AEs in combination with a subsequent clustering-based technique like Self-Organizing Maps (SOM) for unsupervised learning IoT attack detection. This aims to get insight into the characteristics of the AE learners in the tasks of unsupervised IoT detection such as identifying unknown/new IoT attacks and transfer learning. To highlight the behavior of AE-based learners, a feature reduction like Principle Component Analysis (PCA) is used to construct a feature space for facilitating SOM. The proposed models are investigated and assessed extensively by a number of experiments and analyses on the NBaIoT dataset. The experimental results highly suggest that AEs should be used for transferring models as training data is highly un-balanced and includes IoT attacks being similar to Benign. If the training data seems to be balanced, and contains IoT attacks being significantly deviated from Benign, the feature reduction like PCA is more preferable.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abomhara, M., Køien, G.M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mob. 65–88 (2015)
Bourlard, H., Kamp, Y.: Auto-association by multilayer perceptrons and singular value decomposition. Biol. Cybern. 291–294 (1988). https://doi.org/10.1007/BF00332918
Bui, T.C., Cao, V.L., Hoang, M., Nguyen, Q.U.: A clustering-based shrink autoencoder for detecting anomalies in intrusion detection systems. In: 2019 11th International Conference on Knowledge and Systems Engineering (KSE), pp. 1–5. IEEE (2019)
Cao, V.L., Nicolau, M., McDermott, J.: A hybrid autoencoder and density estimation model for anomaly detection. In: Handl, J., Hart, E., Lewis, P.R., López-Ibáñez, M., Ochoa, G., Paechter, B. (eds.) PPSN 2016. LNCS, vol. 9921, pp. 717–726. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45823-6_67
Cao, V.L., Nicolau, M., McDermott, J.: Learning neural representations for network anomaly detection. IEEE Trans. Cybern. 49(8), 3074–3087 (2018)
Colombini, G.G., de Abreu, I.B.M., Cerri, R.: A self-organizing map-based method for multi-label classification. In: 2017 International Joint Conference on Neural Networks (IJCNN), pp. 4291–4298. IEEE (2017)
Dastjerdi, A.V., Buyya, R.: Fog computing: helping the internet of things realize its potential. Computer 49(8), 112–116 (2016)
Erfani, S.M., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn. 58, 121–134 (2016)
Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016)
Hawkins, S., He, H., Williams, G., Baxter, R.: Outlier detection using replicator neural networks. In: Kambayashi, Y., Winiwarter, W., Arikawa, M. (eds.) DaWaK 2002. LNCS, vol. 2454, pp. 170–180. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46145-0_17
Hinton, G.E., Zemel, R.S.: Autoencoders, minimum description length, and Helmholtz free energy. Adv. Neural. Inf. Process. Syst. 6, 3–10 (1994)
Japkowicz, N., Myers, C., Gluck, M., et al.: A novelty detection approach to classification. In: IJCAI, vol. 1, pp. 518–523. Citeseer (1995)
Jolliffe, I.: Principal component analysis. Encycl. Stat. Behav. Sci. 30(3), 487 (2002)
Jordan, M.I., Mitchell, T.M.: Machine learning: trends, perspectives, and prospects. Science 349(6245), 255–260 (2015)
Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990)
Kohonen, T.: Essentials of the self-organizing map. Neural Netw. 37, 52–65 (2013)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Meidan, Y., et al.: N-baiot–network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17(3), 12–22 (2018)
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018)
Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: Dïot: a federated self-learning anomaly detection system for IoT. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 756–767. IEEE (2019)
Nguyen, V.Q., Nguyen, V.H., Le-Khac, N.-A., Cao, V.L.: Clustering-based deep autoencoders for network anomaly detection. In: Dang, T.K., Küng, J., Takizawa, M., Chung, T.M. (eds.) FDSE 2020. LNCS, vol. 12466, pp. 290–303. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63924-2_17
Pang, G., Shen, C., Cao, L., Hengel, A.V.D.: Deep learning for anomaly detection: a review. ACM Comput. Surv. (CSUR) 54(2), 1–38 (2021)
Rauber, A.: LabelSOM: on the labeling of self-organizing maps. In: IJCNN 1999. International Joint Conference on Neural Networks. Proceedings (Cat. No. 99CH36339), vol. 5, pp. 3527–3532. IEEE (1999)
Ray, S., Jin, Y., Raychowdhury, A.: The changing computing paradigm with internet of things: a tutorial introduction. IEEE Design Test 33(2), 76–96 (2016)
Song, C., Liu, F., Huang, Y., Wang, L., Tan, T.: Auto-encoder based data clustering. In: Ruiz-Shulcloper, J., Sanniti di Baja, G. (eds.) CIARP 2013. LNCS, vol. 8258, pp. 117–124. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41822-8_15
Tian, J., Azarian, M.H., Pecht, M.: Anomaly detection using self-organizing maps-based k-nearest neighbor algorithm. In: PHM Society European Conference, vol. 2 (2014)
Tsai, C.W., Lai, C.F., Chiang, M.C., Yang, L.T.: Data mining for internet of things: a survey. IEEE Commun. Surv. Tutor. 16(1), 77–97 (2013)
Vu, L., Cao, V.L., Nguyen, Q.U., Nguyen, D.N., Hoang, D.T., Dutkiewicz, E.: Learning latent distribution for distinguishing network traffic in intrusion detection system. In: ICC 2019–2019 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2019)
Vu, L., Nguyen, Q.U., Nguyen, D.N., Hoang, D.T., Dutkiewicz, E.: Deep transfer learning for IoT attack detection. IEEE Access 8, 107335–107344 (2020)
Wold, S., Esbensen, K., Geladi, P.: Principal component analysis. Chemom. Intell. Lab. Syst. 2(1–3), 37–52 (1987)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Nguyen, H.N., Nguyen, V.C., Tran, N.N., Cao, V.L. (2021). Feature Representation of AutoEncoders for Unsupervised IoT Malware Detection. In: Dang, T.K., Küng, J., Chung, T.M., Takizawa, M. (eds) Future Data and Security Engineering. FDSE 2021. Lecture Notes in Computer Science(), vol 13076. Springer, Cham. https://doi.org/10.1007/978-3-030-91387-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-91387-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91386-1
Online ISBN: 978-3-030-91387-8
eBook Packages: Computer ScienceComputer Science (R0)