The dynamic characteristics of Internet of Things (IoT) systems create major challenges for threat detection systems that rely on machine learning models. Over time, shifts in the statistical distribution of data can lead to drastic performance degradation. This phenomenon is known as concept drift. When this problem occurs, traditional static systems require human intervention to manually retrain, leaving the network vulnerable in the meantime. In this paper, we propose an unsupervised system for online detection of anomalous traffic generated by malware-infected IoT devices. The proposed multi-tier system explicitly accounts for concept drift, automatically retraining only when necessary. We thoroughly tested the system by performing an extensive experimental evaluation using the real-world IoT-23 dataset, which includes network traffic generated by IoT devices as well as malicious network traffic generated by devices infected with different types of malware. We also compared our approach with other state-of-the-art work, and the results showed the remarkable performance achieved by the system using key metrics such as F1 score, accuracy, false positive rate and false negative rate.
Agate V., De Paola A., Drago S., Ferraro P., Lo Re G. (2024). Enhancing IoT Network Security with Concept Drift-Aware Unsupervised Threat Detection. In Proceedings - IEEE Symposium on Computers and Communications (pp. 1-6). Institute of Electrical and Electronics Engineers Inc. [10.1109/ISCC61673.2024.10733733].
Enhancing IoT Network Security with Concept Drift-Aware Unsupervised Threat Detection
Agate V.;De Paola A.;Drago S.;Ferraro P.
;Lo Re G.
2024-01-01
Abstract
The dynamic characteristics of Internet of Things (IoT) systems create major challenges for threat detection systems that rely on machine learning models. Over time, shifts in the statistical distribution of data can lead to drastic performance degradation. This phenomenon is known as concept drift. When this problem occurs, traditional static systems require human intervention to manually retrain, leaving the network vulnerable in the meantime. In this paper, we propose an unsupervised system for online detection of anomalous traffic generated by malware-infected IoT devices. The proposed multi-tier system explicitly accounts for concept drift, automatically retraining only when necessary. We thoroughly tested the system by performing an extensive experimental evaluation using the real-world IoT-23 dataset, which includes network traffic generated by IoT devices as well as malicious network traffic generated by devices infected with different types of malware. We also compared our approach with other state-of-the-art work, and the results showed the remarkable performance achieved by the system using key metrics such as F1 score, accuracy, false positive rate and false negative rate.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Enhancing_IoT_Network_Security_with_Concept_Drift-Aware_Unsupervised_Threat_Detection.pdf
Solo gestori archvio
Descrizione: paper + TOC
Tipologia:
Versione Editoriale
Dimensione
5.23 MB
Formato
Adobe PDF
|
5.23 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
0237.pdf
accesso aperto
Tipologia:
Pre-print
Dimensione
818.16 kB
Formato
Adobe PDF
|
818.16 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
