Similar articles

Abstract: Deep learning-based intrusion detection systems rely on numerous training samples to achieve satisfactory detection rates. However, in the real-world internet of Things (IoT) environments, the diversity of IoT devices and the subsequent fragmentation of attack types result in a limited number of training samples, which urgently requires researchers to develop few-shot intrusion detection systems. In this study, we propose a subspace-based approach for few-shot IoT intrusion detection systems to cope with the dilemma of insufficient learnable samples. The method is based on the principle of classifying metrics to identify network traffic. After feature extraction of samples, a subspace is constructed for each category. Next, the distance between the query samples and the subspace is calculated by the metric module, thus detecting malicious samples. Subsequently, based on the CICIoT2023 dataset we construct a few-shot IoT intrusion detection dataset and evaluate the proposed method. For the detection of unknown categories, the detection accuracy is 93.52% in the 5-way 1-shot setting, 92.99% in the 5-way 5-shot setting, and 93.65% in the 5-way 10-shot setting.

基于子空间的小样本物联网入侵检测系统

[1]Alani MM, Awad AI, 2023. An intelligent two-layer intrusion detection system for the Internet of Things. IEEE Trans Ind Inform, 19(1):683-692.

[2]Chen D, Zhang FB, Zhang XP, 2023. Heterogeneous IoT intrusion detection based on fusion word embedding deep transfer learning. IEEE Trans Ind Inform, 19(8):9183-9193.

[3]Draper-Gil G, Lashkari AH, Mamun MSI, et al., 2016. Characterization of encrypted and VPN traffic using time-related features. Proc 2^nd Int Conf on Information Systems Security and Privacy, p.407-414.

[4]Du L, Gu ZQ, Wang Y, et al., 2024. A few-shot class-incremental learning method for network intrusion detection. IEEE Trans Netw Serv Manag, 21(2):2389-2401.

[5]Duan GH, Lv HW, Wang HQ, et al., 2023. Application of a dynamic line graph neural network for intrusion detection with semisupervised learning. IEEE Trans Inform Foren Secur, 18:699-714.

[6]Duan RX, Li D, Tong Q, et al., 2021. A survey of few-shot learning: an effective method for intrusion detection. Secur Commun Netw, 2021(1): 4259629.

[7]Feng TT, Qi Q, Wang JY, et al., 2021. Few-shot class-adaptive anomaly detection with model-agnostic meta-learning. IFIP Networking Conf, p.1-9.

[8]Finn C, Abbeel P, Levine S, 2017. Model-agnostic meta-learning for fast adaptation of deep networks. Proc 34^th Int Conf on Machine Learning, p.1126-1135.

[9]Fouladi RF, Ermiş O, Anarim E, 2022. A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN. Comput Netw, 214: 109140.

[10]He MS, Zhao XW, Wang XJ, 2024a. An efficient DDoS detection method based on packet grouping via online data flow processing. IEEE Trans Sustain Comput, 10(2):202-216.

[11]He MS, Huang YM, Wang XL, et al., 2024b. A lightweight and efficient IoT intrusion detection method based on feature grouping. IEEE Int Things J, 11(2):2935-2949.

[12]Jamal MA, Qi GJ, 2019. Task agnostic meta-learning for few-shot learning. IEEE/CVF Conf on Computer Vision and Pattern Recognition, p.11711-11719.

[13]Koch G, Zemel R, Salakhutdinov R, 2015. Siamese neural networks for one-shot image recognition. Proc 32^nd Int Conf on Machine Learning, p.1-30.

[14]Lu CM, Wang XF, Yang AM, et al., 2023. A few-shot-based model-agnostic meta-learning for intrusion detection in security of Internet of Things. IEEE Int Things J, 10(24):21309-21321.

[15]Lu HM, Wang T, Xu X, et al., 2022. Cognitive memory-guided autoencoder for effective intrusion detection in Internet of Things. IEEE Trans Ind Inform, 18(5):3358-3366.

[16]Makkar A, Garg S, Kumar N, et al., 2021. An efficient spam detection technique for IoT devices using machine learning. IEEE Trans Ind Inform, 17(2):903-912.

[17]Mehedi ST, Anwar A, Rahman Z, et al., 2023. Dependable intrusion detection system for IoT: a deep transfer learning based approach. IEEE Trans Ind Inform, 19(1):1006-1017.

[18]Neto ECP, Dadkhah S, Ferreira R, et al., 2023. CICIoT2023: a real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors, 23(13):5941.

[19]Nichol A, Achiam J, Schulman J, 2018. On first-order meta-learning algorithms. https://arxiv.org/abs/1803.02999

[20]Niu ZQ, Guo WJ, Xue JF, et al., 2023. A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA). Comput Secur, 129: 103190.

[21]Ouyang YK, Li BB, Kong QL, et al., 2021. FS-IDS: a novel few-shot learning based intrusion detection system for SCADA networks. IEEE Int Conf on Communications, p.1-6.

[22]Schwartz E, Karlinsky L, Shtok J, et al., 2018. Δ-encoder: an effective sample synthesis method for few-shot object recognition. 32^nd Conf on Neural Information Processing Systems, p.2850-2860.

[23]Shi ZX, Xing MY, Zhang J, et al., 2023. Few-shot network intrusion detection based on model-agnostic meta-learning with L2F method. IEEE Wireless Communications and Networking Conf, p.1-6.

[24]Simon C, Koniusz P, Nock R, et al., 2020. Adaptive subspaces for few-shot learning. IEEE/CVF Conf on Computer Vision and Pattern Recognition, p.4135-4144.

[25]Snell J, Swersky K, Zemel R, 2017. Prototypical networks for few-shot learning. Proc 31^st Int Conf on Neural Information Processing Systems, p.4080-4090.

[26]Sun HD, Wan L, Liu MY, et al., 2023. Few-shot network intrusion detection based on prototypical capsule network with attention mechanism. PLoS ONE, 18(4): e0284632.

[27]Sung F, Yang YX, Zhang L, et al., 2018. Learning to compare: relation network for few-shot learning. IEEE/CVF Conf on Computer Vision and Pattern Recognition, p.1199-1208.

[28]Thakkar A, Lohiya R, 2023. Attack classification of imbalanced intrusion data for IoT network using ensemble-learning-based deep neural network. IEEE Int Things J, 10(13):11888-11895.

[29]Vinyals O, Blundell C, Lillicrap T, et al., 2016. Matching networks for one shot learning. Proc 30^th Int Conf on Neural Information Processing Systems, p.3637-3645.

[30]Wang QL, Wu BG, Zhu PF, et al., 2020. ECA-Net: efficient channel attention for deep convolutional neural networks. IEEE/CVF Conf on Computer Vision and Pattern Recognition, p.11531-11539.

[31]Wang YH, Zhang ZY, Zhao KJ, et al., 2024. A few-shot learning based method for industrial Internet intrusion detection. Int J Inform Secur, 23(5):3241-3252.

[32]Wang YK, Xu CM, Liu C, et al., 2020. Instance credibility inference for few-shot learning. IEEE/CVF Conf on Computer Vision and Pattern Recognition, p.12833-12842.

[33]Wang YX, Girshick R, Hebert M, et al., 2018. Low-shot learning from imaginary data. IEEE/CVF Conf on Computer Vision and Pattern Recognition, p.7278-7286.

[34]Wang ZM, Tian JY, Qin J, et al., 2021. A few-shot learning-based Siamese capsule network for intrusion detection with imbalanced training data. Comput Intell Neurosci, 2021: 7126913.

[35]Xu CY, Shen JZ, Du X, 2020. A method of few-shot network intrusion detection based on meta-learning framework. IEEE Trans Inform Forens Secur, 15:3540-3552.

[36]Xu H, Wang YJ, 2022. A continual few-shot learning method via meta-learning for intrusion detection. IEEE 4^th Int Conf on Civil Aviation Safety and Information Technology, p.1188-1194.

[37]Yan Y, Yang Y, Gu YH, et al., 2023. A few-shot intrusion detection model for the Internet of Things. 3^rd Int Conf on Electronic Information Engineering and Computer Science, p.531-537.

[38]Yan Y, Yang Y, Shen F, et al., 2024. Meta learning-based few-shot intrusion detection for 5G-enabled industrial Internet. Compl Intell Syst, 10(3):4589-4608.