Constrained Twin Variational Auto-Encoder for Intrusion Detection in IoT Systems

Intrusion detection systems (IDSs) play a critical role in protecting billions of IoT devices from malicious attacks. However, the IDSs for IoT devices face inherent challenges of IoT systems, including the heterogeneity of IoT data/devices, the high dimensionality of training data, and the imbalanc...

Full description

Saved in:
Bibliographic Details
Published inIEEE internet of things journal Vol. 11; no. 8; pp. 14789 - 14803
Main Authors Dinh, Phai Vu, Nguyen, Quang Uy, Hoang, Dinh Thai, Nguyen, Diep N., Bao, Son Pham, Dutkiewicz, Eryk
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 15.04.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Intrusion detection systems (IDSs) play a critical role in protecting billions of IoT devices from malicious attacks. However, the IDSs for IoT devices face inherent challenges of IoT systems, including the heterogeneity of IoT data/devices, the high dimensionality of training data, and the imbalanced data. Moreover, the deployment of IDSs on IoT systems is challenging, and sometimes impossible, due to the limited resources, such as memory/storage and computing capability of typical IoT devices. To tackle these challenges, this article proposes a novel deep neural network/architecture called constrained twin variational auto-encoder (CTVAE) that can feed classifiers of IDSs with more separable/distinguishable and lower dimensional representation data. Additionally, in comparison to the state-of-the-art neural networks used in IDSs, CTVAE requires less memory/storage and computing power, hence making it more suitable for IoT IDS systems. Extensive experiments with the 11 most popular IoT botnet data sets show that CTVAE can boost around 1% in terms of accuracy and Fscore in detection attack compared to the state-of-the-art machine learning and representation learning methods, whilst the running time for attack detection is lower than <inline-formula> <tex-math notation="LaTeX">2E{\mathrm{ -}}6 </tex-math></inline-formula> s and the model size is lower than 1 MB. We also further investigate various characteristics of CTVAE in the latent space and in the reconstruction representation to demonstrate its efficacy compared with current well-known methods.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2023.3344842