Nguyen, Huu Noi and Nguyen, Van Cuong and Tran, Nguyen Ngoc and Cao, Van Loi (2021) Feature Representation of AutoEncoders for Unsupervised IoT Malware Detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13076. pp. 272-290. ISSN 0302-9743
NBaIoT_SOM_AE_FDSE_2021 (18).pdf - Accepted Version
Download (2MB) | Preview
Abstract
The feature representation of AutoEncoders (AEs) has been widely used for unsupervised learning, particularly in cybersecurity domain, and demonstrated promising performance. However, deeply investigations of the feature learner for the task of IoT attack detection in unsupervised learning have not been carried out yet. In this paper, we study the feature representation of AEs in combination with a subsequent clustering-based technique like Self-Organizing Maps (SOM) for unsupervised learning IoT attack detection. This aims to get insight into the characteristics of the AE learners in the tasks of unsupervised IoT detection such as identifying unknown/new IoT attacks and transfer learning. To highlight the behavior of AE-based learners, a feature reduction like Principle Component Analysis (PCA) is used to construct a feature space for facilitating SOM. The proposed models are investigated and assessed extensively by a number of experiments and analyses on the NBaIoT dataset. The experimental results highly suggest that AEs should be used for transferring models as training data is highly un-balanced and includes IoT attacks being similar to Benign. If the training data seems to be balanced, and contains IoT attacks being significantly deviated from Benign, the feature reduction like PCA is more preferable. © 2021, Springer Nature Switzerland AG.
Item Type: | Article |
---|---|
Divisions: | Faculties > Faculty of Information Technology |
Identification Number: | 10.1007/978-3-030-91387-8_18 |
Uncontrolled Keywords: | Anomaly detection; Feature extraction; Internet of things; Malware; Principal component analysis; Self organizing maps; Unsupervised learning, Anomaly detection; Attack detection; Auto encoders; Feature representation; Features reductions; IoT anomaly detection; IoT malware; Principle components analysis; Training data; Transfer learning, Conformal mapping |
URI: | http://eprints.lqdtu.edu.vn/id/eprint/10259 |