Abstract
The autoencoder-based latent representations have been widely developed for unsupervised learning in cyber-security domain, and has shown remarkable performance. Our previous work has introduced a hybrid autoencoders (AEs) and self-organizing maps (SOMs) for unsupervised IoT malware detection. However, the paper has only examined the characteristics of the latent representation of ordinary AEs in comparison to that of principle component analysis (PCA) on various IoT malware scenarios. This paper extends the work by employing denoising AEs (DAEs) to enhance the generalization ability of latent representations as well as optimizing hyper-parameters of SOMs to improve the hybrid performance. Particularly, this aims to further examine the characteristics of AE-based structure models (i.e., DAE) for identifying unknown/new IoT attacks and transfer learning. Our model is evaluated and analyzed extensively in comparison with PCA and AEs by a number of experiments on the NBaIoT dataset. The experimental results demonstrate that the latent representation of DAEs is often superior to that of AEs and PCAs in the task of identifying IoT malware.
Similar content being viewed by others
References
Dastjerdi AV, Buyya R. Fog computing: helping the internet of things realize its potential. Computer. 2016;49(8):112–6.
Ray S, Jin Y, Raychowdhury A. The changing computing paradigm with internet of things: a tutorial introduction. IEEE Design Test. 2016;33(2):76–96.
Abomhara M, Køien GM. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J Cyber Secur Mobil. 2015;65–88.
Kolias C, Kambourakis G, Stavrou A, Voas J. Ddos in the iot: Mirai and other botnets. Computer. 2017;50(7):80–4.
Tsai C-W, Lai C-F, Chiang M-C, Yang LT. Data mining for internet of things: a survey. IEEE Commun Surv Tutor. 2013;16(1):77–97.
Jordan MI, Mitchell TM. Machine learning: trends, perspectives, and prospects. Science. 2015;349(6245):255–60.
Dinh PV, Shone N, Dung PH, Shi Q, Hung NV, Ngoc TN. Behaviour-aware malware classification: Dynamic feature selection. In: 2019 11th international conference on knowledge and systems engineering (KSE). IEEE; 2019. p. 1–5.
Hung NV, Dung PN, Ngoc TN, Phai VD, Shi Q. Malware detection based on directed multi-edge dataflow graph representation and convolutional neural network. In: the 11th KSE. IEEE; 2019. p. 1–5.
Vu L, Cao VL, Nguyen QU, Nguyen DN, Hoang DT, Dutkiewicz E. Learning latent distribution for distinguishing network traffic in intrusion detection system. In: ICC 2019-2019 IEEE international conference on communications (ICC). IEEE; 2019. p. 1–6.
Vu L, Nguyen QU, Nguyen DN, Hoang DT, Dutkiewicz E. Deep transfer learning for iot attack detection. IEEE Access. 2020;8:107335–44.
Nguyen TD, Marchal S, Miettinen M, Fereidooni H, Asokan N, Sadeghi A-R. Dïot: a federated self-learning anomaly detection system for iot. In: 2019 IEEE 39th international conference on distributed computing systems (ICDCS). IEEE; 2019. p. 756–67.
Cao VL, Nicolau M, McDermott J. Learning neural representations for network anomaly detection. IEEE Trans Cybern. 2018;49(8):3074–87.
Pang G, Shen C, Cao L, Hengel AVD. Deep learning for anomaly detection: a review. ACM Comput Surv (CSUR). 2021;54(2):1–38.
Erfani SM, Rajasegarar S, Karunasekera S, Leckie C. High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning. Pattern Recogn. 2016;58:121–34.
Nguyen VQ, Nguyen VH, Le-Khac N-A, Cao VL. Clustering-based deep autoencoders for network anomaly detection. In: Proc of FDSE. Springer; 2020. p. 290–303.
Nguyen HN, Nguyen VC, Tran NN, Cao VL. Feature representation of autoencoders for unsupervised iot malware detection. In: Future data and security engineering. Cham: Springer; 2021. p. 272–90.
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y. N-baiot-network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 2018;17(3):12–22.
Cao VL, Nicolau M, McDermott J. A hybrid autoencoder and density estimation model for anomaly detection. In: International conference on parallel problem solving from nature. Springer; 2016. p. 717–26.
Bui TC, Cao VL, Hoang M, Nguyen QU. A clustering-based shrink autoencoder for detecting anomalies in intrusion detection systems. In: Proc of KSE. IEEE; 2019. p. 1–5.
Hawkins S, He H, Williams G, Baxter R. Outlier detection using replicator neural networks. In: International conference on data warehousing and knowledge discovery. Springer; 2002. p. 170–80.
Song C, Liu F, Huang Y, Wang L, Tan T. Auto-encoder based data clustering. In: Iberoamerican congress on pattern recognition. Springer; 2013. p. 117–24.
Colombini GG, de Abreu IBM, Cerri R. A self-organizing map-based method for multi-label classification. In: 2017 international joint conference on neural networks (IJCNN). IEEE; 2017. p. 4291–98.
Rauber A. Labelsom: on the labeling of self-organizing maps. In: IJCNN’99. international joint conference on neural networks. Proceedings (Cat. No. 99CH36339), vol 5. IEEE; 1999. p. 3527–32.
Tian J, Azarian MH, Pecht M. Anomaly detection using self-organizing maps-based k-nearest neighbor algorithm. In: PHM society European conference, vol 2. 2014.
Ferles C, Papanikolaou Y, Naidoo KJ. Denoising autoencoder self-organizing map (dasom). Neural Netw. 2018;105:112–31.
Wickramasinghe CS, Amarasinghe K, Manic M. Deep self-organizing maps for unsupervised image classification. IEEE Trans Ind Inf. 2019;15(11):5837–45.
Bourlard H, Kamp Y. Auto-association by multilayer perceptrons and singular value decomposition. Biol Cybern. 1988;59(4):291–4.
Hinton GE, Zemel RS. Autoencoders, minimum description length, and Helmholtz free energy. Adv Neural Inf Process Syst. 1994;6:3–10.
Goodfellow I, Bengio Y, Courville A. Deep learning. Cambridge: MIT Press; 2016.
Vincent P, Larochelle H, Lajoie I, Bengio Y, Manzagol P-A, Bottou L. Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. JMLR. 2010;11(12).
Wold S, Esbensen K, Geladi P. Principal component analysis. Chemom Intell Lab Syst. 1987;2(1–3):37–52.
Jolliffe I. Principal component analysis. Encycl Stat Behav Sci. 2002;30(3):487.
Schölkopf B, Smola A, Müller K-R. Kernel principal component analysis. In: International conference on artificial neural networks. Springer; 1997. p. 583–88.
Zou H, Hastie T, Tibshirani R. Sparse principal component analysis. J Comput Graph Stat. 2006;15(2):265–86.
Candès EJ, Li X, Ma Y, Wright J. Robust principal component analysis? J ACM (JACM). 2011;58(3):1–37.
Kohonen T. The self-organizing map. Proc IEEE. 1990;78(9):1464–80.
Kohonen T. Essentials of the self-organizing map. Neural Netw. 2013;37:52–65.
Weiss K, Khoshgoftaar TM, Wang D. A survey of transfer learning. J Big Data. 2016;3(1):1–40.
Bergstra J, Bardenet R, Bengio Y, Kégl B. Algorithms for hyper-parameter optimization, vol 24 (2011).
Yu T, Zhu H. Hyper-parameter optimization: a review of algorithms and applications. 2020. arXiv:2003.05689.
Bergstra J, Yamins D, Cox D. Making a science of model search: hyperparameter optimization in hundreds of dimensions for vision architectures. In: ICML. PMLR; 2013. p. 115–23.
Mirsky Y, Doitshman T, Elovici Y, Shabtai A. Kitsune: an ensemble of autoencoders for online network intrusion detection. 2018. arXiv:1802.09089.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare that they have no conflict of interest.
Code Availability
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the topical collection “Future Data and Security Engineering 2021” guest edited by Tran Khanh Dang.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Nguyen, H.N., Tran, N.N., Hoang, T.H. et al. Denoising Latent Representation with SOMs for Unsupervised IoT Malware Detection. SN COMPUT. SCI. 3, 474 (2022). https://doi.org/10.1007/s42979-022-01344-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s42979-022-01344-1