Related papers: An Efficient One-Class SVM for Anomaly Detection in the Internet of Things

An Efficient One-Class SVM for Anomaly Detection in the Internet of Things

URL: http://arxiv.org/abs/2104.11146v1
Date: Thu, 22 Apr 2021 15:59:56 GMT
Title: An Efficient One-Class SVM for Anomaly Detection in the Internet of Things
Authors: Kun Yang, Samory Kpotufe, Nick Feamster
Abstract summary: Insecure Internet of things (IoT) devices pose significant threats to critical infrastructure and the Internet at large. detecting anomalous behavior from these devices remains of critical importance. One-Class Support Vector Machines (OCSVM) are one of the state-of-the-art approaches for novelty detection.
Score: 25.78558553080511
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Insecure Internet of things (IoT) devices pose significant threats to critical infrastructure and the Internet at large; detecting anomalous behavior from these devices remains of critical importance, but fast, efficient, accurate anomaly detection (also called "novelty detection") for these classes of devices remains elusive. One-Class Support Vector Machines (OCSVM) are one of the state-of-the-art approaches for novelty detection (or anomaly detection) in machine learning, due to their flexibility in fitting complex nonlinear boundaries between {normal} and {novel} data. IoT devices in smart homes and cities and connected building infrastructure present a compelling use case for novelty detection with OCSVM due to the variety of devices, traffic patterns, and types of anomalies that can manifest in such environments. Much previous research has thus applied OCSVM to novelty detection for IoT. Unfortunately, conventional OCSVMs introduce significant memory requirements and are computationally expensive at prediction time as the size of the train set grows, requiring space and time that scales with the number of training points. These memory and computational constraints can be prohibitive in practical, real-world deployments, where large training sets are typically needed to develop accurate models when fitting complex decision boundaries. In this work, we extend so-called Nystr\"om and (Gaussian) Sketching approaches to OCSVM, by combining these methods with clustering and Gaussian mixture models to achieve significant speedups in prediction time and space in various IoT settings, without sacrificing detection accuracy.

Related papers

Real-time Threat Detection Strategies for Resource-constrained Devices [1.4815508281465273]
We present an end-to-end process designed to effectively address DNS-tunneling attacks in a router. We demonstrate that utilizing stateless features for training the ML model, along with features chosen to be independent of the network configuration, leads to highly accurate results. The deployment of this carefully crafted model, optimized for embedded devices across diverse environments, resulted in high DNS-tunneling attack detection with minimal latency.
arXiv Detail & Related papers (2024-03-22T10:02:54Z)
Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z)
Ensemble Learning based Anomaly Detection for IoT Cybersecurity via Bayesian Hyperparameters Sensitivity Analysis [2.3226893628361682]
Internet of Things (IoT) integrates more than billions of intelligent devices over the globe with the capability of communicating with other connected devices. Data collected by IoT contain a tremendous amount of information for anomaly detection. In this paper, we present a study on using ensemble machine learning methods for enhancing IoT cybersecurity via anomaly detection.
arXiv Detail & Related papers (2023-07-20T05:23:49Z)
Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic Monitoring of MUD Activity [1.294952045574009]
Anomaly-based detection methods are promising in finding new attacks. There are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively. In this paper, we use SDN to enforce and monitor the expected behaviors of each IoT device.
arXiv Detail & Related papers (2023-04-11T05:17:51Z)
Intrusion Detection in Internet of Things using Convolutional Neural Networks [4.718295605140562]
We propose a novel solution to the intrusion attacks against IoT devices using CNNs. The data is encoded as the convolutional operations to capture the patterns from the sensors data along time. The experimental results show significant improvement in both true positive rate and false positive rate compared to the baseline using LSTM.
arXiv Detail & Related papers (2022-11-18T07:27:07Z)
Evaluating Short-Term Forecasting of Multiple Time Series in IoT Environments [67.24598072875744]
Internet of Things (IoT) environments are monitored via a large number of IoT enabled sensing devices. To alleviate this issue, sensors are often configured to operate at relatively low sampling frequencies. This can hamper dramatically subsequent decision-making, such as forecasting.
arXiv Detail & Related papers (2022-06-15T19:46:59Z)
Adaptive Anomaly Detection for Internet of Things in Hierarchical Edge Computing: A Contextual-Bandit Approach [81.5261621619557]
We propose an adaptive anomaly detection scheme with hierarchical edge computing (HEC) We first construct multiple anomaly detection DNN models with increasing complexity, and associate each of them to a corresponding HEC layer. Then, we design an adaptive model selection scheme that is formulated as a contextual-bandit problem and solved by using a reinforcement learning policy network.
arXiv Detail & Related papers (2021-08-09T08:45:47Z)
TELESTO: A Graph Neural Network Model for Anomaly Classification in Cloud Services [77.454688257702]
Machine learning (ML) and artificial intelligence (AI) are applied on IT system operation and maintenance. One direction aims at the recognition of re-occurring anomaly types to enable remediation automation. We propose a method that is invariant to dimensionality changes of given data.
arXiv Detail & Related papers (2021-02-25T14:24:49Z)
Towards AIOps in Edge Computing Environments [60.27785717687999]
This paper describes the system design of an AIOps platform which is applicable in heterogeneous, distributed environments. It is feasible to collect metrics with a high frequency and simultaneously run specific anomaly detection algorithms directly on edge devices.
arXiv Detail & Related papers (2021-02-12T09:33:00Z)
Deep Anomaly Detection for Time-series Data in Industrial IoT: A Communication-Efficient On-device Federated Learning Approach [40.992167455141946]
This paper proposes a new communication-efficient on-device federated learning (FL)-based deep anomaly detection framework for sensing time-series data in IIoT. We first introduce a FL framework to enable decentralized edge devices to collaboratively train an anomaly detection model, which can improve its generalization ability. Second, we propose an Attention Mechanism-based Convolutional Neural Network-Long Short Term Memory (AMCNN-LSTM) model to accurately detect anomalies. Third, to adapt the proposed framework to the timeliness of industrial anomaly detection, we propose a gradient compression mechanism based on Top-textitk selection to
arXiv Detail & Related papers (2020-07-19T16:47:26Z)
Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.