FOLLOWUS
1.School of Information Science and Engineering, Zhejiang Sci-Tech University, Hangzhou 310027, China
2.College of Information Science and Engineering, Jiaxing University, Jiaxing 314000, China
‡ Corresponding author
Received:02 July 2024,
Revised:09 December 2024,
Published:2025-06
Scan QR Code
Zhihui LI, Congyuan XU, Kun DENG, et al. A subspace-based few-shot intrusion detection system for the Internet of Things
Zhihui LI, Congyuan XU, Kun DENG, et al. A subspace-based few-shot intrusion detection system for the Internet of Things
基于深度学习的入侵检测系统依赖大量的训练样本才能达到令人满意的检测率。然而,在实际的物联网环境中,物联网设备种类多,攻击类型碎片化,导致训练样本数较小,这迫切需要研究者们开发小样本入侵检测系统。为此,本文提出基于子空间的小样本物联网入侵检测系统方法,来应对可学习样本不足的困境。该方法基于度量分类的思想来识别网络流量,对样本进行特征提取后,为每一个类别构造一个子空间,然后通过度量模块计算查询样本与子空间的距离,从而实现对恶意样本的检测。基于CICIoT2023数据集,构建了小样本物联网入侵检测数据集,并对所提方法进行评估。对于未知类别的检测,在5-way 1-shot(5类,每类仅1个标注样本)设置下检测准确率为93.52%,在5-way 5-shot设置下检测准确率为92.99%,在5-way 10-shot设置下检测准确率为93.65%。
Deep learning-based intrusion detection systems rely on numerous training samples to achieve satisfactory detection rates. However
in the real-world Internet of Things (IoT) environments
the diversity of IoT devices and the subsequent fragmentation of attack types result in a limited number of training samples
which urgently requires researchers to develop few-shot intrusion detection systems. In this study
we propose a subspace-based approach for few-shot IoT intrusion detection systems to cope with the dilemma of insufficient learnable samples. The method is based on the principle of classifying metrics to identify network traffic. After feature extraction of samples
a subspace is constructed for each category. Next
the distance between the query samples and the subspace is calculated by the metric module
thus detecting malicious samples. Subsequently
based on the CICIoT2023 dataset we construct a few-shot IoT intrusion detection dataset and evaluate the proposed method. For the detection of unknown categories
the detection accuracy is 93.52% in the 5-way 1-shot setting
92.99% in the 5-way 5-shot setting
and 93.65% in the 5-way 10-shot setting.
Alani MM , Awad AI , 2023 . An intelligent two-layer intrusion detection system for the Internet of Things . IEEE Trans Ind Inform , 19 ( 1 ): 683 - 692 . https://doi.org/10.1109/TII.2022.3192035 https://doi.org/10.1109/TII.2022.3192035
Chen D , Zhang FB , Zhang XP , 2023 . Heterogeneous IoT intrusion detection based on fusion word embedding deep transfer learning . IEEE Trans Ind Inform , 19 ( 8 ): 9183 - 9193 . https://doi.org/10.1109/TII.2022.3227640 https://doi.org/10.1109/TII.2022.3227640
Draper-Gil G , Lashkari AH , Mamun MSI , et al. , 2016 . Characterization of encrypted and VPN traffic using time-related features . Proc 2 nd Int Conf on Information Systems Security and Privacy , p. 407 - 414 . https://doi.org/10.5220/0005740704070414 https://doi.org/10.5220/0005740704070414
Du L , Gu ZQ , Wang Y , et al. , 2024 . A few-shot class-incremental learning method for network intrusion detection . IEEE Trans Netw Serv Manag , 21 ( 2 ): 2389 - 2401 . https://doi.org/10.1109/TNSM.2023.3332284 https://doi.org/10.1109/TNSM.2023.3332284
Duan GH , Lv HW , Wang HQ , et al. , 2023 . Application of a dynamic line graph neural network for intrusion detection with semisupervised learning . IEEE Trans Inform Foren Secur , 18 : 699 - 714 . https://doi.org/10.1109/TIFS.2022.3228493 https://doi.org/10.1109/TIFS.2022.3228493
Duan RX , Li D , Tong Q , et al. , 2021 . A survey of few-shot learning: an effective method for intrusion detection . Secur Commun Netw , 2021 ( 1 ): 4259629 . https://doi.org/10.1155/2021/4259629 https://doi.org/10.1155/2021/4259629
Feng TT , Qi Q , Wang JY , et al. , 2021 . Few-shot class-adaptive anomaly detection with model-agnostic meta-learning . IFIP Networking Conf , p. 1 - 9 .
Finn C , Abbeel P , Levine S , 2017 . Model-agnostic meta-learning for fast adaptation of deep networks . Proc 34 th Int Conf on Machine Learning , p. 1126 - 1135 .
Fouladi RF , Ermiş O , Anarim E , 2022 . A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN . Comput Netw , 214 : 109140 . https://doi.org/10.1016/j.comnet.2022.109140 https://doi.org/10.1016/j.comnet.2022.109140
He MS , Zhao XW , Wang XJ , 2024a . An efficient DDoS detection method based on packet grouping via online data flow processing . IEEE Trans Sustain Comput , 10 ( 2 ): 202 - 216 . https://doi.org/10.1109/TSUSC.2024.3409712 https://doi.org/10.1109/TSUSC.2024.3409712
He MS , Huang YM , Wang XL , et al. , 2024b . A lightweight and efficient IoT intrusion detection method based on feature grouping . IEEE Int Things J , 11 ( 2 ): 2935 - 2949 . https://doi.org/10.1109/JIOT.2023.3294259 https://doi.org/10.1109/JIOT.2023.3294259
Jamal MA , Qi GJ , 2019 . Task agnostic meta-learning for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 11711 - 11719 . https://doi.org/10.1109/CVPR.2019.01199 https://doi.org/10.1109/CVPR.2019.01199
Koch G , Zemel R , Salakhutdinov R , 2015 . Siamese neural networks for one-shot image recognition . Proc 32 nd Int Conf on Machine Learning , p. 1 - 30 .
Lu CM , Wang XF , Yang AM , et al. , 2023 . A few-shot-based model-agnostic meta-learning for intrusion detection in security of Internet of Things . IEEE Int Things J , 10 ( 24 ): 21309 - 21321 . https://doi.org/10.1109/JIOT.2023.3283408 https://doi.org/10.1109/JIOT.2023.3283408
Lu HM , Wang T , Xu X , et al. , 2022 . Cognitive memory-guided autoencoder for effective intrusion detection in Internet of Things . IEEE Trans Ind Inform , 18 ( 5 ): 3358 - 3366 . https://doi.org/10.1109/TII.2021.3102637 https://doi.org/10.1109/TII.2021.3102637
Makkar A , Garg S , Kumar N , et al. , 2021 . An efficient spam detection technique for IoT devices using machine learning . IEEE Trans Ind Inform , 17 ( 2 ): 903 - 912 . https://doi.org/10.1109/TII.2020.2968927 https://doi.org/10.1109/TII.2020.2968927
Mehedi ST , Anwar A , Rahman Z , et al. , 2023 . Dependable intrusion detection system for IoT: a deep transfer learning based approach . IEEE Trans Ind Inform , 19 ( 1 ): 1006 - 1017 . https://doi.org/10.1109/TII.2022.3164770 https://doi.org/10.1109/TII.2022.3164770
Neto ECP , Dadkhah S , Ferreira R , et al. , 2023 . CICIoT2023: a real-time dataset and benchmark for large-scale attacks in IoT environment . Sensors , 23 ( 13 ): 5941 . https://doi.org/10.3390/s23135941 https://doi.org/10.3390/s23135941
Nichol A , Achiam J , Schulman J , 2018 . On first-order meta-learning algorithms . https://arxiv.org/abs/1803.02999 https://arxiv.org/abs/1803.02999
Niu ZQ , Guo WJ , Xue JF , et al. , 2023 . A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA) . Comput Secur , 129 : 103190 . https://doi.org/10.1016/j.cose.2023.103190 https://doi.org/10.1016/j.cose.2023.103190
Ouyang YK , Li BB , Kong QL , et al. , 2021 . FS-IDS: a novel few-shot learning based intrusion detection system for SCADA networks . IEEE Int Conf on Communications , p. 1 - 6 . https://doi.org/10.1109/ICC42927.2021.9500667 https://doi.org/10.1109/ICC42927.2021.9500667
Schwartz E , Karlinsky L , Shtok J , et al. , 2018 . Δ -encoder: an effective sample synthesis method for few-shot object recognition . 32 nd Conf on Neural Information Processing Systems , p. 2850 - 2860 .
Shi ZX , Xing MY , Zhang J , et al. , 2023 . Few-shot network intrusion detection based on model-agnostic meta-learning with L2F method . IEEE Wireless Communications and Networking Conf , p. 1 - 6 . https://doi.org/10.1109/WCNC55385.2023.10118898 https://doi.org/10.1109/WCNC55385.2023.10118898
Simon C , Koniusz P , Nock R , et al. , 2020 . Adaptive subspaces for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 4135 - 4144 . https://doi.org/10.1109/CVPR42600.2020.00419 https://doi.org/10.1109/CVPR42600.2020.00419
Snell J , Swersky K , Zemel R , 2017 . Prototypical networks for few-shot learning . Proc 31 st Int Conf on Neural Information Processing Systems , p. 4080 - 4090 .
Sun HD , Wan L , Liu MY , et al. , 2023 . Few-shot network intrusion detection based on prototypical capsule network with attention mechanism . PLoS ONE , 18 ( 4 ): e0284632 . https://doi.org/10.1371/journal.pone.0284632 https://doi.org/10.1371/journal.pone.0284632
Sung F , Yang YX , Zhang L , et al. , 2018 . Learning to compare: relation network for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 1199 - 1208 . https://doi.org/10.1109/CVPR.2018.00131 https://doi.org/10.1109/CVPR.2018.00131
Thakkar A , Lohiya R , 2023 . Attack classification of imbalanced intrusion data for IoT network using ensemble-learning-based deep neural network . IEEE Int Things J , 10 ( 13 ): 11888 - 11895 . https://doi.org/10.1109/JIOT.2023.3244810 https://doi.org/10.1109/JIOT.2023.3244810
Vinyals O , Blundell C , Lillicrap T , et al. , 2016 . Matching networks for one shot learning . Proc 30 th Int Conf on Neural Information Processing Systems , p. 3637 - 3645 .
Wang QL , Wu BG , Zhu PF , et al. , 2020 . ECA-Net: efficient channel attention for deep convolutional neural networks . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 11531 - 11539 . https://doi.org/10.1109/CVPR42600.2020.01155 https://doi.org/10.1109/CVPR42600.2020.01155
Wang YH , Zhang ZY , Zhao KJ , et al. , 2024 . A few-shot learning based method for industrial Internet intrusion detection . Int J Inform Secur , 23 ( 5 ): 3241 - 3252 . https://doi.org/10.1007/s10207-024-00889-x https://doi.org/10.1007/s10207-024-00889-x
Wang YK , Xu CM , Liu C , et al. , 2020 . Instance credibility inference for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 12833 - 12842 . https://doi.org/10.1109/CVPR42600.2020.01285 https://doi.org/10.1109/CVPR42600.2020.01285
Wang YX , Girshick R , Hebert M , et al. , 2018 . Low-shot learning from imaginary data . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 7278 - 7286 . https://doi.org/10.1109/CVPR.2018.00760 https://doi.org/10.1109/CVPR.2018.00760
Wang ZM , Tian JY , Qin J , et al. , 2021 . A few-shot learning-based Siamese capsule network for intrusion detection with imbalanced training data . Comput Intell Neurosci , 2021 : 7126913 . https://doi.org/10.1155/2021/7126913 https://doi.org/10.1155/2021/7126913
Xu CY , Shen JZ , Du X , 2020 . A method of few-shot network intrusion detection based on meta-learning framework . IEEE Trans Inform Forens Secur , 15 : 3540 - 3552 . https://doi.org/10.1109/TIFS.2020.2991876 https://doi.org/10.1109/TIFS.2020.2991876
Xu H , Wang YJ , 2022 . A continual few-shot learning method via meta-learning for intrusion detection . IEEE 4 th Int Conf on Civil Aviation Safety and Information Technology , p. 1188 - 1194 . https://doi.org/10.1109/ICCASIT55263.2022.9986665 https://doi.org/10.1109/ICCASIT55263.2022.9986665
Yan Y , Yang Y , Gu YH , et al. , 2023 . A few-shot intrusion detection model for the Internet of Things . 3 rd Int Conf on Electronic Information Engineering and Computer Science , p. 531 - 537 . https://doi.org/10.1109/EIECS59936.2023.10435498 https://doi.org/10.1109/EIECS59936.2023.10435498
Yan Y , Yang Y , Shen F , et al. , 2024 . Meta learning-based few-shot intrusion detection for 5G-enabled industrial Internet . Compl Intell Syst , 10 ( 3 ): 4589 - 4608 . https://doi.org/10.1007/s40747-024-01388-1 https://doi.org/10.1007/s40747-024-01388-1
Publicity Resources
Related Articles
Related Author
Related Institution