A Few-Shot-Based Model-Agnostic Meta-Learning for Intrusion Detection in Security of Internet of Things

Abstract

Currently, the effective technologies used to protect the security of the Internet of Things include blockchain and intrusion detection systems. The traditional IoT intrusion detection systems based on supervised learning usually requires a large amount of data for training, with high costs, and most of them can only work in several specific types of attacks. Faced with the variability of current IoT attack methods and the complexity of the network environment, they are usually unable to play a role in a short time. Especially in dealing with new security problems such as Zero-day attacks, which have a small number of learnable samples. Therefore, this paper proposed an IoT intrusion detection model to deal with the situation where learnable samples are insufficient. The model adopts the idea of meta-learning and divides the training process into two layers based on model-agnostic meta-learning. Its purpose is to train a relatively general model using the malicious network flow data of various known attack modes. To this end, a few-shot IoT intrusion detection dataset, FSIDS-IoT, is constructed based on five datasets, namely CIC-DDoS2019, CIC-IDS2017, CSE-CIC-IDS2018, NSL-KDD, and UNSW-NB15. Experiments show that our proposed approach, using only a few gradient steps and a small amount of training data from the new attack type, can perform well to protect cyber security. In the test of identifying unknown attacks, the optimal accuracy under the 5-way 1-shot setting reached 78.26%, 90.09% under the 5-way 5-shot setting, and 92.19% under the 5-way 10-shot setting.