Analysis of deep learning models for network anomaly detection in Internet of Things

Introduction: The article discusses the problem of choosing deep learning models for detecting anomalies in Internet of Things (IoT) network traffic. This problem is associated with the necessity to analyze a large number of security events in order to identify the abnormal behavior of smart devices. A powerful technology for analyzing such data is machine learning and, in particular, deep learning. Purpose: Development of recommendations for the selection of deep learning models for anomaly detection in IoT network traffic. Results: The main results of the research are comparative analysis of deep learning models, and recommendations on the use of deep learning models for anomaly detection in IoT network traffic. Multilayer perceptron, convolutional neural network, recurrent neural network, long short-term memory, gated recurrent units, and combined convolutional-recurrent neural network were considered the basic deep learning models. Additionally, the authors analyzed the following traditional machine learning models: naive Bayesian classifier, support vector machines, logistic regression, k-nearest neighbors, boosting, and random forest. The following metrics were used as indicators of anomaly detection efficiency: accuracy, precision, recall, and F-measure, as well as the time spent on training the model. The constructed models demonstrated a higher accuracy rate for anomaly detection in large heterogeneous traffic typical for IoT, as compared to conventional machine learning methods. The authors found that with an increase in the number of neural network layers, the completeness of detecting anomalous connections rises. This has a positive effect on the recognition of unknown anomalies, but increases the number of false positives. In some cases, preparing traditional machine learning models takes less time. This is due to the fact that the application of deep learning methods requires more resources and computing power. Practical relevance: The results obtained can be used to build systems for network anomaly detection in Internet of Things traffic.

Download Full-text

Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study

Applied Sciences ◽

10.3390/app8122663 ◽

2018 ◽

Vol 8 (12) ◽

pp. 2663 ◽

Cited By ~ 11

Author(s):

Davy Preuveneers ◽

Vera Rimmer ◽

Ilias Tsingenopoulos ◽

Jan Spooren ◽

Wouter Joosen ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Intrusion Detection ◽

Anomaly Detection ◽

Training Data ◽

Learning Models ◽

Traditional System ◽

Blockchain Technology ◽

Malicious Behavior ◽

Machine Learning Models

The adoption of machine learning and deep learning is on the rise in the cybersecurity domain where these AI methods help strengthen traditional system monitoring and threat detection solutions. However, adversaries too are becoming more effective in concealing malicious behavior amongst large amounts of benign behavior data. To address the increasing time-to-detection of these stealthy attacks, interconnected and federated learning systems can improve the detection of malicious behavior by joining forces and pooling together monitoring data. The major challenge that we address in this work is that in a federated learning setup, an adversary has many more opportunities to poison one of the local machine learning models with malicious training samples, thereby influencing the outcome of the federated learning and evading detection. We present a solution where contributing parties in federated learning can be held accountable and have their model updates audited. We describe a permissioned blockchain-based federated learning method where incremental updates to an anomaly detection machine learning model are chained together on the distributed ledger. By integrating federated learning with blockchain technology, our solution supports the auditing of machine learning models without the necessity to centralize the training data. Experiments with a realistic intrusion detection use case and an autoencoder for anomaly detection illustrate that the increased complexity caused by blockchain technology has a limited performance impact on the federated learning, varying between 5 and 15%, while providing full transparency over the distributed training process of the neural network. Furthermore, our blockchain-based federated learning solution can be generalized and applied to more sophisticated neural network architectures and other use cases.

Download Full-text

Statistical and machine learning models for classification of human wear and delivery days in accelerometry data

10.1101/2020.12.31.424867 ◽

2021 ◽

Author(s):

Ryan Moore ◽

Kristin R. Archer ◽

Leena Choi

Keyword(s):

Neural Network ◽

Machine Learning ◽

Logistic Regression ◽

Random Forest ◽

Human Activity ◽

Recurrent Neural Network ◽

Learning Models ◽

Learning Context ◽

Machine Learning Models

AbstractPurposeAccelerometers are increasingly utilized in healthcare research to assess human activity. Accelerometry data are often collected by mailing accelerometers to participants, who wear the accelerometers to collect data on their activity. The devices are then mailed back to the laboratory for analysis. We develop models to classify days in accelerometry data as activity from actual human wear or the delivery process. These models can be used to automate the cleaning of accelerometry datasets that are adulterated with activity from delivery.MethodsFor the classification of delivery days in accelerometry data, we developed statistical and machine learning models in a supervised learning context using a large human activity and delivery labeled accelerometry dataset. We extracted several features, which were included to develop random forest, logistic regression, mixed effects regression, and multilayer perceptron models, while convolutional neural network, recurrent neural network, and hybrid convolutional recurrent neural network models were developed without feature extraction. Model performances were assessed using Monte Carlo cross-validation.ResultsWe found that a hybrid convolutional recurrent neural network performed best in the classification task with an F1 score of 0.960 but simpler models such as logistic regression and random forest also had excellent performance with F1 scores of 0.951 and 0.957, respectively.ConclusionThe models developed in this study can be used to classify days in accelerometry data as either human or delivery activity. An analyst can weigh the larger computational cost and greater performance of the convolutional recurrent neural network against the faster but slightly less powerful random forest or logistic regression. The best performing models for classification of delivery data are publicly available on the open source R package, PhysicalActivity.

Download Full-text

Comparing the prediction performance of a Deep Learning Neural Network model with conventional machine learning models in landslide susceptibility assessment

CATENA ◽

10.1016/j.catena.2019.104426 ◽

2020 ◽

Vol 188 ◽

pp. 104426 ◽

Cited By ~ 14

Author(s):

Dieu Tien Bui ◽

Paraskevas Tsangaratos ◽

Viet-Tien Nguyen ◽

Ngo Van Liem ◽

Phan Trong Trinh

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Prediction Performance ◽

Susceptibility Assessment ◽

Learning Models ◽

Landslide Susceptibility Assessment ◽

Conventional Machine ◽

Deep Learning Neural Network ◽

Machine Learning Models

Download Full-text

Machine Learning with ROOT/TMVA

EPJ Web of Conferences ◽

10.1051/epjconf/202024506019 ◽

2020 ◽

Vol 245 ◽

pp. 06019

Author(s):

Kim Albertsson ◽

Sitong An ◽

Sergei Gleyzer ◽

Lorenzo Moneta ◽

Joana Niermann ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Large Scale ◽

Learning Tools ◽

Learning Models ◽

New Developments ◽

Training Time ◽

Future Developments ◽

Machine Learning Models

ROOT provides, through TMVA, machine learning tools for data analysis at HEP experiments and beyond. We present recently included features in TMVA and the strategy for future developments in the diversified machine learning landscape. Focus is put on fast machine learning inference, which enables analysts to deploy their machine learning models rapidly on large scale datasets. The new developments are paired with newly designed C++ and Python interfaces supporting modern C++ paradigms and full interoperability in the Python ecosystem. We present as well a new deep learning implementation for convolutional neural network using the cuDNN library for GPU. We show benchmarking results in term of training time and inference time, when comparing with other machine learning libraries such as Keras/Tensorflow.

Download Full-text

A Deep Learning Approach with Feature Derivation and Selection for Overdue Repayment Forecasting

Applied Sciences ◽

10.3390/app10238491 ◽

2020 ◽

Vol 10 (23) ◽

pp. 8491

Author(s):

Bin Liu ◽

Zhexi Zhang ◽

Junchi Yan ◽

Ning Zhang ◽

Hongyuan Zha ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Short Term Memory ◽

Critical Time ◽

Learning Approach ◽

Learning Models ◽

Comparison Results ◽

Online Lending ◽

Machine Learning Models

Risk control has always been a major challenge in finance. Overdue repayment is a frequently encountered discreditable behavior in online lending. Motivated by the powerful capabilities of deep neural networks, we propose a fusion deep learning approach, namely AD-MBLSTM, based on the deep neural network (DNN), multi-layer bi-directional long short-term memory (LSTM) (BiLSTM) and the attention mechanism for overdue repayment behavior forecasting according to historical repayment records. Furthermore, we present a novel feature derivation and selection method for the procedure of data preprocessing. Visualization and interpretability improvement work is also implemented to explore the critical time points and causes of overdue repayment behavior. In addition, we present a new dataset originating from a practical application scenario in online lending. We evaluate our proposed framework on the dataset and compare the performance with various general machine learning models and neural network models. Comparison results and the ablation study demonstrate that our proposed model outperforms many effective general machine learning models by a large margin, and each indispensable sub-component takes an active role.

Download Full-text

A Comprehensive Analysis of Machine Learning Models for Real Time Anomaly Detection in Internet of Things

International Journal of Computer Sciences and Engineering ◽

10.26438/ijcse/v6i11.932937 ◽

2018 ◽

Vol 6 (11) ◽

pp. 932-937

Author(s):

S.L. Sanjith ◽

E George Dharma Prakash Raj

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Anomaly Detection ◽

Real Time ◽

Comprehensive Analysis ◽

Learning Models ◽

Machine Learning Models

Download Full-text

Detailed Analysis of Top 10 AI- Deep Learning Neural Networks in Intrusion Detection for Internet of Things

10.21203/rs.3.rs-459229/v1 ◽

2021 ◽

Author(s):

Kanimozhi V ◽

T. Prem Jacob

Keyword(s):

Neural Network ◽

Artificial Intelligence ◽

Neural Networks ◽

Deep Learning ◽

Internet Of Things ◽

Intrusion Detection ◽

Anomaly Detection ◽

Network Models ◽

Learning Models ◽

Neural Network Models

Abstract Although there exist various strategies for IoT Intrusion Detection, this research article sheds light on the aspect of how the application of top 10 Artificial Intelligence - Deep Learning Models can be useful for both supervised and unsupervised learning related to the IoT network traffic data. It pictures the detailed comparative analysis for IoT Anomaly Detection on sensible IoT gadgets that are instrumental in detecting IoT anomalies by the usage of the latest dataset IoT-23. Many strategies are being developed for securing the IoT networks, but still, development can be mandated. IoT security can be improved by the usage of various deep learning methods. This exploration has examined the top 10 deep-learning techniques, as the realistic IoT-23 dataset for improving the security execution of IoT network traffic. We built up various neural network models for identifying 5 kinds of IoT attack classes such as Mirai, Denial of Service (DoS), Scan, Man in the Middle attack (MITM-ARP), and Normal records. These attacks can be detected by using a "softmax" function of multiclass classification in deep-learning neural network models. This research was implemented in the Anaconda3 environment with different packages such as Pandas, NumPy, Scipy, Scikit-learn, TensorFlow 2.2, Matplotlib, and Seaborn. The utilization of AI-deep learning models embraced various domains like healthcare, banking and finance, findings and scientific researches, and the business organizations along with the concepts like the Internet of Things. We found that the top 10 deep-learning models are capable of increasing the accuracy; minimize the loss functions and the execution time for building that specific model. It contributes a major significance to IoT anomaly detection by using emerging technologies Artificial Intelligence and Deep Learning Neural Networks. Hence the alleviation of assaults that happen on an IoT organization will be effective. Among the top 10 neural networks, Convolutional neural networks, Multilayer perceptron, and Generative Adversarial Networks (GANs) output the highest accuracy scores of 0.996317, 0.996157, and 0.995829 with minimized loss function and less time pertain to the execution. This article added to completely grasp the quirks of irregularity identification of IoT anomalies. Henceforth, this research analysis depicts the implementations of the Top 10 AI-deep learning models, which come in handy that assist you to perceive different neural network models and IoT anomaly detection better.

Download Full-text

Machine Learning-Based Malicious X.509 Certificates’ Detection

Applied Sciences ◽

10.3390/app11052164 ◽

2021 ◽

Vol 11 (5) ◽

pp. 2164

Author(s):

Jiaxin Li ◽

Zhaoxin Zhang ◽

Changyong Guo

Keyword(s):

Machine Learning ◽

Deep Learning ◽

Ensemble Learning ◽

Traffic Analysis ◽

Learning Models ◽

Detection Model ◽

Analysis Tools ◽

Average Accuracy ◽

Machine Learning Models

X.509 certificates play an important role in encrypting the transmission of data on both sides under HTTPS. With the popularization of X.509 certificates, more and more criminals leverage certificates to prevent their communications from being exposed by malicious traffic analysis tools. Phishing sites and malware are good examples. Those X.509 certificates found in phishing sites or malware are called malicious X.509 certificates. This paper applies different machine learning models, including classical machine learning models, ensemble learning models, and deep learning models, to distinguish between malicious certificates and benign certificates with Verification for Extraction (VFE). The VFE is a system we design and implement for obtaining plentiful characteristics of certificates. The result shows that ensemble learning models are the most stable and efficient models with an average accuracy of 95.9%, which outperforms many previous works. In addition, we obtain an SVM-based detection model with an accuracy of 98.2%, which is the highest accuracy. The outcome indicates the VFE is capable of capturing essential and crucial characteristics of malicious X.509 certificates.

Download Full-text

Anomaly Detection Using Deep Neural Network for IoT Architecture

Applied Sciences ◽

10.3390/app11157050 ◽

2021 ◽

Vol 11 (15) ◽

pp. 7050

Author(s):

Zeeshan Ahmad ◽

Adnan Shahid Khan ◽

Kashif Nisar ◽

Iram Haider ◽

Rosilah Hassan ◽

...

Keyword(s):

Neural Network ◽

Deep Learning ◽

Anomaly Detection ◽

Deep Neural Network ◽

Detection System ◽

Traffic Monitoring ◽

Detection Accuracy ◽

Learning Models ◽

Prime Concern ◽

Entry Points

The revolutionary idea of the internet of things (IoT) architecture has gained enormous popularity over the last decade, resulting in an exponential growth in the IoT networks, connected devices, and the data processed therein. Since IoT devices generate and exchange sensitive data over the traditional internet, security has become a prime concern due to the generation of zero-day cyberattacks. A network-based intrusion detection system (NIDS) can provide the much-needed efficient security solution to the IoT network by protecting the network entry points through constant network traffic monitoring. Recent NIDS have a high false alarm rate (FAR) in detecting the anomalies, including the novel and zero-day anomalies. This paper proposes an efficient anomaly detection mechanism using mutual information (MI), considering a deep neural network (DNN) for an IoT network. A comparative analysis of different deep-learning models such as DNN, Convolutional Neural Network, Recurrent Neural Network, and its different variants, such as Gated Recurrent Unit and Long Short-term Memory is performed considering the IoT-Botnet 2020 dataset. Experimental results show the improvement of 0.57–2.6% in terms of the model’s accuracy, while at the same time reducing the FAR by 0.23–7.98% to show the effectiveness of the DNN-based NIDS model compared to the well-known deep learning models. It was also observed that using only the 16–35 best numerical features selected using MI instead of 80 features of the dataset result in almost negligible degradation in the model’s performance but helped in decreasing the overall model’s complexity. In addition, the overall accuracy of the DL-based models is further improved by almost 0.99–3.45% in terms of the detection accuracy considering only the top five categorical and numerical features.

Download Full-text

Validating Deep Neural Networks for Online Decoding of Motor Imagery Movements from EEG Signals

Sensors ◽

10.3390/s19010210 ◽

2019 ◽

Vol 19 (1) ◽

pp. 210 ◽

Cited By ~ 32

Author(s):

Zied Tayeb ◽

Juri Fedjaev ◽

Nejla Ghaboosi ◽

Christoph Richter ◽

Lukas Everding ◽

...

Keyword(s):

Neural Network ◽

Machine Learning ◽

Deep Learning ◽

Convolutional Neural Network ◽

Motor Imagery ◽

Classification Performance ◽

Feature Engineering ◽

Learning Models ◽

Eeg Signals ◽

Learning Methods

Non-invasive, electroencephalography (EEG)-based brain-computer interfaces (BCIs) on motor imagery movements translate the subject’s motor intention into control signals through classifying the EEG patterns caused by different imagination tasks, e.g., hand movements. This type of BCI has been widely studied and used as an alternative mode of communication and environmental control for disabled patients, such as those suffering from a brainstem stroke or a spinal cord injury (SCI). Notwithstanding the success of traditional machine learning methods in classifying EEG signals, these methods still rely on hand-crafted features. The extraction of such features is a difficult task due to the high non-stationarity of EEG signals, which is a major cause by the stagnating progress in classification performance. Remarkable advances in deep learning methods allow end-to-end learning without any feature engineering, which could benefit BCI motor imagery applications. We developed three deep learning models: (1) A long short-term memory (LSTM); (2) a spectrogram-based convolutional neural network model (CNN); and (3) a recurrent convolutional neural network (RCNN), for decoding motor imagery movements directly from raw EEG signals without (any manual) feature engineering. Results were evaluated on our own publicly available, EEG data collected from 20 subjects and on an existing dataset known as 2b EEG dataset from “BCI Competition IV”. Overall, better classification performance was achieved with deep learning models compared to state-of-the art machine learning techniques, which could chart a route ahead for developing new robust techniques for EEG signal decoding. We underpin this point by demonstrating the successful real-time control of a robotic arm using our CNN based BCI.

Download Full-text