Open Set Dandelion Network for IoT Intrusion Detection

IF 3.9 3区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Internet Technology Pub Date : 2024-01-09 DOI:10.1145/3639822
Jiashu Wu, Hao Dai, Kenneth B. Kent, Jerome Yen, Chengzhong Xu, Yang Wang
{"title":"Open Set Dandelion Network for IoT Intrusion Detection","authors":"Jiashu Wu, Hao Dai, Kenneth B. Kent, Jerome Yen, Chengzhong Xu, Yang Wang","doi":"10.1145/3639822","DOIUrl":null,"url":null,"abstract":"<p>As Internet of Things devices become widely used in the real world, it is crucial to protect them from malicious intrusions. However, the data scarcity of IoT limits the applicability of traditional intrusion detection methods, which are highly data-dependent. To address this, in this paper we propose the Open-Set Dandelion Network (OSDN) based on unsupervised heterogeneous domain adaptation in an open-set manner. The OSDN model performs intrusion knowledge transfer from the knowledge-rich source network intrusion domain to facilitate more accurate intrusion detection for the data-scarce target IoT intrusion domain. Under the open-set setting, it can also detect newly-emerged target domain intrusions that are not observed in the source domain. To achieve this, the OSDN model forms the source domain into a dandelion-like feature space in which each intrusion category is compactly grouped and different intrusion categories are separated, i.e., simultaneously emphasising inter-category separability and intra-category compactness. The dandelion-based target membership mechanism then forms the target dandelion. Then, the dandelion angular separation mechanism achieves better inter-category separability, and the dandelion embedding alignment mechanism further aligns both dandelions in a finer manner. To promote intra-category compactness, the discriminating sampled dandelion mechanism is used. Assisted by the intrusion classifier trained using both known and generated unknown intrusion knowledge, a semantic dandelion correction mechanism emphasises easily-confused categories and guides better inter-category separability. Holistically, these mechanisms form the OSDN model that effectively performs intrusion knowledge transfer to benefit IoT intrusion detection. Comprehensive experiments on several intrusion datasets verify the effectiveness of the OSDN model, outperforming three state-of-the-art baseline methods by \\(16.9\\% \\). The contribution of each OSDN constituting component, the stability and the efficiency of the OSDN model are also verified.</p>","PeriodicalId":50911,"journal":{"name":"ACM Transactions on Internet Technology","volume":"52 11 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3639822","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

As Internet of Things devices become widely used in the real world, it is crucial to protect them from malicious intrusions. However, the data scarcity of IoT limits the applicability of traditional intrusion detection methods, which are highly data-dependent. To address this, in this paper we propose the Open-Set Dandelion Network (OSDN) based on unsupervised heterogeneous domain adaptation in an open-set manner. The OSDN model performs intrusion knowledge transfer from the knowledge-rich source network intrusion domain to facilitate more accurate intrusion detection for the data-scarce target IoT intrusion domain. Under the open-set setting, it can also detect newly-emerged target domain intrusions that are not observed in the source domain. To achieve this, the OSDN model forms the source domain into a dandelion-like feature space in which each intrusion category is compactly grouped and different intrusion categories are separated, i.e., simultaneously emphasising inter-category separability and intra-category compactness. The dandelion-based target membership mechanism then forms the target dandelion. Then, the dandelion angular separation mechanism achieves better inter-category separability, and the dandelion embedding alignment mechanism further aligns both dandelions in a finer manner. To promote intra-category compactness, the discriminating sampled dandelion mechanism is used. Assisted by the intrusion classifier trained using both known and generated unknown intrusion knowledge, a semantic dandelion correction mechanism emphasises easily-confused categories and guides better inter-category separability. Holistically, these mechanisms form the OSDN model that effectively performs intrusion knowledge transfer to benefit IoT intrusion detection. Comprehensive experiments on several intrusion datasets verify the effectiveness of the OSDN model, outperforming three state-of-the-art baseline methods by \(16.9\% \). The contribution of each OSDN constituting component, the stability and the efficiency of the OSDN model are also verified.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
用于物联网入侵检测的开放集蒲公英网络
随着物联网设备在现实世界中的广泛应用,保护它们免遭恶意入侵至关重要。然而,物联网的数据稀缺性限制了高度依赖数据的传统入侵检测方法的适用性。针对这一问题,我们在本文中提出了基于开放集方式的无监督异构域适应的开放集蒲公英网络(OSDN)。OSDN 模型从知识丰富的源网络入侵域进行入侵知识转移,以促进对数据稀缺的目标物联网入侵域进行更准确的入侵检测。在开放集设置下,它还能检测到源域未观察到的新出现的目标域入侵。为此,OSDN 模型将源域形成一个类似蒲公英的特征空间,在这个空间中,每个入侵类别被紧凑分组,不同的入侵类别被分开,即同时强调类别间的可分离性和类别内的紧凑性。然后,基于蒲公英的目标成员机制形成目标蒲公英。然后,蒲公英角度分离机制实现更好的类别间分离性,而蒲公英嵌入对齐机制则进一步以更精细的方式对齐两个蒲公英。为了提高类别内的紧凑性,使用了辨别采样蒲公英机制。在使用已知和生成的未知入侵知识训练的入侵分类器的辅助下,语义蒲公英校正机制强调易混淆的类别,并引导更好的类别间分离。从整体上看,这些机制构成了 OSDN 模型,它能有效地进行入侵知识转移,从而有利于物联网入侵检测。在多个入侵数据集上的综合实验验证了OSDN模型的有效性,其性能优于三种最先进的基线方法(16.9%)。此外,还验证了构成OSDN模型的每个组件的贡献、OSDN模型的稳定性和效率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Internet Technology
ACM Transactions on Internet Technology 工程技术-计算机:软件工程
CiteScore
10.30
自引率
1.90%
发文量
137
审稿时长
>12 weeks
期刊介绍: ACM Transactions on Internet Technology (TOIT) brings together many computing disciplines including computer software engineering, computer programming languages, middleware, database management, security, knowledge discovery and data mining, networking and distributed systems, communications, performance and scalability etc. TOIT will cover the results and roles of the individual disciplines and the relationshipsamong them.
期刊最新文献
Interpersonal Communication Interconnection in Media Convergence Metaverse Using Reinforcement Learning and Error Models for Drone Precision Landing Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres RESP: A Recursive Clustering Approach for Edge Server Placement in Mobile Edge Computing OTI-IoT: A Blockchain-based Operational Threat Intelligence Framework for Multi-vector DDoS Attacks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1