Abstract
Intrusion detection systems play an important role in preventing security threats and protecting networks from attacks. However, with the emergence of unknown attacks and imbalanced samples, traditional machine learning methods suffer from lower detection rates and higher false positive rates. We propose a novel intrusion detection model that combines an improved conditional variational AutoEncoder (ICVAE) with a deep neural network (DNN), namely ICVAE-DNN. ICVAE is used to learn and explore potential sparse representations between network data features and classes. The trained ICVAE decoder generates new attack samples according to the specified intrusion categories to balance the training data and increase the diversity of training samples, thereby improving the detection rate of the imbalanced attacks. The trained ICVAE encoder is not only used to automatically reduce data dimension, but also to initialize the weight of DNN hidden layers, so that DNN can easily achieve global optimization through back propagation and fine tuning. The NSL-KDD and UNSW-NB15 datasets are used to evaluate the performance of the ICVAE-DNN. The ICVAE-DNN is superior to the three well-known oversampling methods in data augmentation. Moreover, the ICVAE-DNN outperforms six well-known models in detection performance, and is more effective in detecting minority attacks and unknown attacks. In addition, the ICVAE-DNN also shows better overall accuracy, detection rate and false positive rate than the nine state-of-the-art intrusion detection methods.
Highlights
In recent years, with the rapid development of cloud computing, LoRa, NB-IoT, 5G communication and artificial intelligence technologies, the internet of things (IoT) technology has ushered in a boom-like development, and hundreds of millions of devices are connected to the Internet of Things.because many IoT nodes collect and store large amounts of user privacy data, IoT systems have become an ideal target for cyber attackers, and attacks on the Internet of Things are increasing [1,2].Gemalto’s IoT security report shows that more than half of companies still can’t find out whether they have suffered IoT vulnerability attacks
true positive (TP) and true negative (TN) indicate that the attack and normal records are correctly classified, respectively; false positive (FP) represents a normal record that is incorrectly predicted as an attack; false negative (FN) represents an attack record that is incorrectly classified as a normal record
In order to demonstrate the superiority of improved conditional variational AutoEncoder (ICVAE)-deep neural network (DNN) in oversampling technology, three classification models are constructed based on three oversampling methods, namely random over sampler (ROS)-DNN, SMOTE-DNN and ADASYN-DNN
Summary
Gemalto’s IoT security report shows that more than half of companies still can’t find out whether they have suffered IoT vulnerability attacks. The popularity of IoT technology and the intelligence of devices have brought great convenience to people, but the use of new technologies and intelligent devices has brought new security and privacy risks. The encoder network with parameters φ learns an efficient compression of the data into this lower-dimensional space, which maps data X into a continuous latent variable Z. The decoder network with parameters θ uses the latent variable to generate data, which maps Z to a reconstructed data X. We use deep neural networks to construct the encoder and decoder with parameters θ and φ, respectively. Available online: https://safenet.gemalto.com/iot-2018/iot-security (accessed on 14 May 2019).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
