Contrastive Learning Over Random Fourier Features for IoT Network Intrusion Detection

Abstract

IoT networks connect dispersed and heterogeneous devices with high economic impact, making them an important cybersecurity target. The changing nature of cybersecurity attacks requires intrusion detectors with the ability to detect new attacks. Our proposed model is a network intrusion detector created specifically for the needs of IoT networks with the aim of detecting previously unseen attacks. It is based on a shallow neural network architecture following a novel contrastive learning scheme. In this scheme, both the network features and the labels are projected into a common representation (embedding) space where a similarity score is defined. The labels act as a prototype for each type of traffic in embedding space, and classification is based on the proximity of samples to these class prototypes. The dimensionality and structure of the embedding space are critical. In this work, we explore the advantages of having an embedding space with expanded dimensionality using a kernel approximation technique (Random Fourier Features) that is integrated and learned within the neural network. To avoid overfitting, we investigate the importance of various regularization techniques (L2 and contractive). The resulting model is tested against three network intrusion detection datasets to assess its ability to detect known and unknown attacks (zero-shot learning). The experimental results show a higher ability of the proposed model to detect unknown attacks than similar models and alternative machine learning models, in the literature.