Department of Computer Architecture, Universitat Politècnica de Catalunya, 08034 Barcelona, Spain.
Sensors (Basel). 2022 Jul 27;22(15):5621. doi: 10.3390/s22155621.
Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require balanced datasets with large amounts of labeled data; however, there is a lack of such large collections in IoT networks. This paper proposes an efficient intrusion detection framework based on transfer learning (TL), knowledge transfer, and model refinement, for the effective detection of zero-day attacks. The framework is tailored to 5G IoT scenarios with unbalanced and scarce labeled datasets. The TL model is based on convolutional neural networks (CNNs). The framework was evaluated to detect a wide range of zero-day attacks. To this end, three specialized datasets were created. Experimental results show that the proposed TL-based framework achieves high accuracy and low false prediction rate (). The proposed solution has better detection rates for the different families of known and zero-day attacks than any previous DL-based IDS. These results demonstrate that TL is effective in the detection of cyberattacks in IoT environments.
物联网 (IoT) 中的网络攻击呈指数级增长,尤其是由 IoT 网络安全漏洞引发的零日攻击。传统的入侵检测系统 (IDS) 采用机器学习 (ML),尤其是深度学习 (DL),来提高对网络攻击的检测能力。基于 DL 的 IDS 需要具有大量标记数据的平衡数据集;然而,IoT 网络中缺乏这样的大型数据集。本文提出了一种基于迁移学习 (TL)、知识迁移和模型细化的高效入侵检测框架,用于有效检测零日攻击。该框架针对具有不平衡和稀缺标记数据集的 5G IoT 场景进行了定制。TL 模型基于卷积神经网络 (CNNs)。该框架用于检测广泛的零日攻击。为此,创建了三个专门的数据集。实验结果表明,基于 TL 的框架实现了高准确率和低误报率()。与任何以前基于 DL 的 IDS 相比,所提出的解决方案对不同类型的已知和零日攻击具有更好的检测率。这些结果表明,TL 在检测 IoT 环境中的网络攻击方面非常有效。
