Skip to main content
SpringerLink
Log in

Denoising Latent Representation with SOMs for Unsupervised IoT Malware Detection

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

The autoencoder-based latent representations have been widely developed for unsupervised learning in cyber-security domain, and has shown remarkable performance. Our previous work has introduced a hybrid autoencoders (AEs) and self-organizing maps (SOMs) for unsupervised IoT malware detection. However, the paper has only examined the characteristics of the latent representation of ordinary AEs in comparison to that of principle component analysis (PCA) on various IoT malware scenarios. This paper extends the work by employing denoising AEs (DAEs) to enhance the generalization ability of latent representations as well as optimizing hyper-parameters of SOMs to improve the hybrid performance. Particularly, this aims to further examine the characteristics of AE-based structure models (i.e., DAE) for identifying unknown/new IoT attacks and transfer learning. Our model is evaluated and analyzed extensively in comparison with PCA and AEs by a number of experiments on the NBaIoT dataset. The experimental results demonstrate that the latent representation of DAEs is often superior to that of AEs and PCAs in the task of identifying IoT malware.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. https://github.com/hyperopt/hyperopt.

  2. https://keras.io/.

  3. https://scikit-learn.org/.

  4. https://github.com/JustGlowing/minisom.

  5. https://archive.ics.uci.edu/ml/datasets/detection_of_IoT_botnet_attacks_N_BaIoT.

References

  1. Dastjerdi AV, Buyya R. Fog computing: helping the internet of things realize its potential. Computer. 2016;49(8):112–6.

    Article  Google Scholar 

  2. Ray S, Jin Y, Raychowdhury A. The changing computing paradigm with internet of things: a tutorial introduction. IEEE Design Test. 2016;33(2):76–96.

    Article  Google Scholar 

  3. Abomhara M, Køien GM. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J Cyber Secur Mobil. 2015;65–88.

  4. Kolias C, Kambourakis G, Stavrou A, Voas J. Ddos in the iot: Mirai and other botnets. Computer. 2017;50(7):80–4.

    Article  Google Scholar 

  5. Tsai C-W, Lai C-F, Chiang M-C, Yang LT. Data mining for internet of things: a survey. IEEE Commun Surv Tutor. 2013;16(1):77–97.

    Article  Google Scholar 

  6. Jordan MI, Mitchell TM. Machine learning: trends, perspectives, and prospects. Science. 2015;349(6245):255–60.

    Article  MathSciNet  MATH  Google Scholar 

  7. Dinh PV, Shone N, Dung PH, Shi Q, Hung NV, Ngoc TN. Behaviour-aware malware classification: Dynamic feature selection. In: 2019 11th international conference on knowledge and systems engineering (KSE). IEEE; 2019. p. 1–5.

  8. Hung NV, Dung PN, Ngoc TN, Phai VD, Shi Q. Malware detection based on directed multi-edge dataflow graph representation and convolutional neural network. In: the 11th KSE. IEEE; 2019. p. 1–5.

  9. Vu L, Cao VL, Nguyen QU, Nguyen DN, Hoang DT, Dutkiewicz E. Learning latent distribution for distinguishing network traffic in intrusion detection system. In: ICC 2019-2019 IEEE international conference on communications (ICC). IEEE; 2019. p. 1–6.

  10. Vu L, Nguyen QU, Nguyen DN, Hoang DT, Dutkiewicz E. Deep transfer learning for iot attack detection. IEEE Access. 2020;8:107335–44.

    Article  Google Scholar 

  11. Nguyen TD, Marchal S, Miettinen M, Fereidooni H, Asokan N, Sadeghi A-R. Dïot: a federated self-learning anomaly detection system for iot. In: 2019 IEEE 39th international conference on distributed computing systems (ICDCS). IEEE; 2019. p. 756–67.

  12. Cao VL, Nicolau M, McDermott J. Learning neural representations for network anomaly detection. IEEE Trans Cybern. 2018;49(8):3074–87.

    Article  Google Scholar 

  13. Pang G, Shen C, Cao L, Hengel AVD. Deep learning for anomaly detection: a review. ACM Comput Surv (CSUR). 2021;54(2):1–38.

    Article  Google Scholar 

  14. Erfani SM, Rajasegarar S, Karunasekera S, Leckie C. High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning. Pattern Recogn. 2016;58:121–34.

    Article  Google Scholar 

  15. Nguyen VQ, Nguyen VH, Le-Khac N-A, Cao VL. Clustering-based deep autoencoders for network anomaly detection. In: Proc of FDSE. Springer; 2020. p. 290–303.

  16. Nguyen HN, Nguyen VC, Tran NN, Cao VL. Feature representation of autoencoders for unsupervised iot malware detection. In: Future data and security engineering. Cham: Springer; 2021. p. 272–90.

  17. Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y. N-baiot-network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 2018;17(3):12–22.

    Article  Google Scholar 

  18. Cao VL, Nicolau M, McDermott J. A hybrid autoencoder and density estimation model for anomaly detection. In: International conference on parallel problem solving from nature. Springer; 2016. p. 717–26.

  19. Bui TC, Cao VL, Hoang M, Nguyen QU. A clustering-based shrink autoencoder for detecting anomalies in intrusion detection systems. In: Proc of KSE. IEEE; 2019. p. 1–5.

  20. Hawkins S, He H, Williams G, Baxter R. Outlier detection using replicator neural networks. In: International conference on data warehousing and knowledge discovery. Springer; 2002. p. 170–80.

  21. Song C, Liu F, Huang Y, Wang L, Tan T. Auto-encoder based data clustering. In: Iberoamerican congress on pattern recognition. Springer; 2013. p. 117–24.

  22. Colombini GG, de Abreu IBM, Cerri R. A self-organizing map-based method for multi-label classification. In: 2017 international joint conference on neural networks (IJCNN). IEEE; 2017. p. 4291–98.

  23. Rauber A. Labelsom: on the labeling of self-organizing maps. In: IJCNN’99. international joint conference on neural networks. Proceedings (Cat. No. 99CH36339), vol 5. IEEE; 1999. p. 3527–32.

  24. Tian J, Azarian MH, Pecht M. Anomaly detection using self-organizing maps-based k-nearest neighbor algorithm. In: PHM society European conference, vol 2. 2014.

  25. Ferles C, Papanikolaou Y, Naidoo KJ. Denoising autoencoder self-organizing map (dasom). Neural Netw. 2018;105:112–31.

    Article  Google Scholar 

  26. Wickramasinghe CS, Amarasinghe K, Manic M. Deep self-organizing maps for unsupervised image classification. IEEE Trans Ind Inf. 2019;15(11):5837–45.

    Article  Google Scholar 

  27. Bourlard H, Kamp Y. Auto-association by multilayer perceptrons and singular value decomposition. Biol Cybern. 1988;59(4):291–4.

    Article  MathSciNet  MATH  Google Scholar 

  28. Hinton GE, Zemel RS. Autoencoders, minimum description length, and Helmholtz free energy. Adv Neural Inf Process Syst. 1994;6:3–10.

    Google Scholar 

  29. Goodfellow I, Bengio Y, Courville A. Deep learning. Cambridge: MIT Press; 2016.

    MATH  Google Scholar 

  30. Vincent P, Larochelle H, Lajoie I, Bengio Y, Manzagol P-A, Bottou L. Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. JMLR. 2010;11(12).

  31. Wold S, Esbensen K, Geladi P. Principal component analysis. Chemom Intell Lab Syst. 1987;2(1–3):37–52.

    Article  Google Scholar 

  32. Jolliffe I. Principal component analysis. Encycl Stat Behav Sci. 2002;30(3):487.

    MathSciNet  MATH  Google Scholar 

  33. Schölkopf B, Smola A, Müller K-R. Kernel principal component analysis. In: International conference on artificial neural networks. Springer; 1997. p. 583–88.

  34. Zou H, Hastie T, Tibshirani R. Sparse principal component analysis. J Comput Graph Stat. 2006;15(2):265–86.

    Article  MathSciNet  Google Scholar 

  35. Candès EJ, Li X, Ma Y, Wright J. Robust principal component analysis? J ACM (JACM). 2011;58(3):1–37.

    Article  MathSciNet  MATH  Google Scholar 

  36. Kohonen T. The self-organizing map. Proc IEEE. 1990;78(9):1464–80.

    Article  Google Scholar 

  37. Kohonen T. Essentials of the self-organizing map. Neural Netw. 2013;37:52–65.

    Article  Google Scholar 

  38. Weiss K, Khoshgoftaar TM, Wang D. A survey of transfer learning. J Big Data. 2016;3(1):1–40.

    Article  Google Scholar 

  39. Bergstra J, Bardenet R, Bengio Y, Kégl B. Algorithms for hyper-parameter optimization, vol 24 (2011).

  40. Yu T, Zhu H. Hyper-parameter optimization: a review of algorithms and applications. 2020. arXiv:2003.05689.

  41. Bergstra J, Yamins D, Cox D. Making a science of model search: hyperparameter optimization in hundreds of dimensions for vision architectures. In: ICML. PMLR; 2013. p. 115–23.

  42. Mirsky Y, Doitshman T, Elovici Y, Shabtai A. Kitsune: an ensemble of autoencoders for online network intrusion detection. 2018. arXiv:1802.09089.

Download references

Author information

Authors and Affiliations

  1. Le Quy Don Technical University, 236 Hoang Quoc Viet, Ha Noi, 10000, Viet Nam

    Huu Noi Nguyen, Nguyen Ngoc Tran, Tuan Hao Hoang & Van Loi Cao

Authors
  1. Huu Noi Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nguyen Ngoc Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tuan Hao Hoang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Van Loi Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Van Loi Cao.

Ethics declarations

Conflict of Interest

The authors declare that they have no conflict of interest.

Code Availability

https://github.com/ladin157/AE-SOM-IoT-AD.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Future Data and Security Engineering 2021” guest edited by Tran Khanh Dang.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nguyen, H.N., Tran, N.N., Hoang, T.H. et al. Denoising Latent Representation with SOMs for Unsupervised IoT Malware Detection. SN COMPUT. SCI. 3, 474 (2022). https://doi.org/10.1007/s42979-022-01344-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-022-01344-1

Keywords

Search

Navigation