Using Autoencoders for Anomaly Detection and Transfer Learning in IoT
Open Access
- 15 July 2021
- Vol. 10 (7), 88
- https://doi.org/10.3390/computers10070088
Abstract
With the development of Internet of Things (IoT) technologies, more and more smart devices are connected to the Internet. Since these devices were designed for better connections with each other, very limited security mechanisms have been considered. It would be costly to develop separate security mechanisms for the diverse behaviors in different devices. Given new and changing devices and attacks, it would be helpful if the characteristics of diverse device types could be dynamically learned for better protection. In this paper, we propose a machine learning approach to device type identification through network traffic analysis for anomaly detection in IoT. Firstly, the characteristics of different device types are learned from their generated network packets using supervised learning methods. Secondly, by learning important features from selected device types, we further compare the effects of unsupervised learning methods including One-class SVM, Isolation forest, and autoencoders for dimensionality reduction. Finally, we evaluate the performance of anomaly detection by transfer learning with autoencoders. In our experiments on real data in the target factory, the best performance of device type identification can be achieved by XGBoost with an accuracy of 97.6%. When adopting autoencoders for learning features from the network packets in Modbus TCP protocol, the best F1 score of 98.36% can be achieved. Comparable performance of anomaly detection can be achieved when using autoencoders for transfer learning from the reference dataset in the literature to our target site. This shows the potential of the proposed approach for automatic anomaly detection in smart factories. Further investigation is needed to verify the proposed approach using different types of devices in different IoT environments.Keywords
Funding Information
- Ministry of Science and Technology, Taiwan (MOST109-2221-E-027-090)
- National Applied Research Laboratories, Taiwan (NARL- ISIM-109-002, Artificial Intelligence Oriented for Cyber Security Technology Collaboration Project (1/4))
This publication has 15 references indexed in Scilit:
- Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT datasetFuture Generation Computer Systems, 2019
- Attack and anomaly detection in IoT sensors in IoT sites using machine learning approachesInternet of Things, 2019
- Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of ThingsIEEE Internet of Things Journal, 2019
- A PUF-based unified identity verification framework for secure IoT hardware via device authenticationWorld Wide Web, 2019
- Time is of the Essence: Machine Learning-Based Intrusion Detection in Industrial Time Series DataPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Distributed attack detection scheme using deep learning approach for Internet of ThingsFuture Generation Computer Systems, 2018
- IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoTPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- Theoretical Foundations and Algorithms for Outlier EnsemblesACM SIGKDD Explorations Newsletter, 2015
- Isolation ForestPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Estimating the Support of a High-Dimensional DistributionNeural Computation, 2001