{"title":"Robust hierarchical anomaly detection using feature impact in IoT networks","authors":"Joohong Rheey, Hyunggon Park","doi":"10.1016/j.icte.2025.02.009","DOIUrl":null,"url":null,"abstract":"<div><div>Security threats in Internet of Things (IoT) networks increased, but the lack of labeled data and limited resources hinder intrusion detection system design for IoT networks. We propose a robust hierarchical anomaly detection method based on a variational autoencoder for IoT networks. Our proposed approach includes a shallow detection stage for obvious outliers with an in-depth detection stage that explicitly measures the impact of individual features on latent representations using Shapley values, enhancing the ability to detect adversarial attacks without adversarial training. Simulations confirm the effectiveness against adversarial attacks, with almost 100% detection rates for NSL-KDD and CIC-IDS2017 datasets.</div></div>","PeriodicalId":48526,"journal":{"name":"ICT Express","volume":"11 2","pages":"Pages 358-363"},"PeriodicalIF":4.1000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICT Express","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2405959525000268","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Security threats in Internet of Things (IoT) networks increased, but the lack of labeled data and limited resources hinder intrusion detection system design for IoT networks. We propose a robust hierarchical anomaly detection method based on a variational autoencoder for IoT networks. Our proposed approach includes a shallow detection stage for obvious outliers with an in-depth detection stage that explicitly measures the impact of individual features on latent representations using Shapley values, enhancing the ability to detect adversarial attacks without adversarial training. Simulations confirm the effectiveness against adversarial attacks, with almost 100% detection rates for NSL-KDD and CIC-IDS2017 datasets.
期刊介绍:
The ICT Express journal published by the Korean Institute of Communications and Information Sciences (KICS) is an international, peer-reviewed research publication covering all aspects of information and communication technology. The journal aims to publish research that helps advance the theoretical and practical understanding of ICT convergence, platform technologies, communication networks, and device technologies. The technology advancement in information and communication technology (ICT) sector enables portable devices to be always connected while supporting high data rate, resulting in the recent popularity of smartphones that have a considerable impact in economic and social development.