Lightweight representation learning for network traffic towards malicious traffic detection in edge devices

IF 3.7 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Kumar Anurupam , Karthick Seshadri
{"title":"Lightweight representation learning for network traffic towards malicious traffic detection in edge devices","authors":"Kumar Anurupam ,&nbsp;Karthick Seshadri","doi":"10.1016/j.jisa.2025.104186","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid increase in the number of connected devices in the Internet of Things (IoT) environment, their exposure to threats has increased significantly. The attackers can launch sophisticated attacks on these networks more frequently due to the ease of availability of computing facilities. The devices in the IoT network have limited computational power, storage capacity, and hardware capability, making it challenging to secure them using traditional approaches. Over the years, many machine learning and deep learning-based approaches have been proposed to classify the traffic flowing through the edge devices, but the models have their limitations, such as slow detection of the attacks because of the limited computational power of these devices, thereby rendering parameter-heavy models infeasible to be run on such devices. To overcome this, we propose a structure learning algorithm to create a model whose structure learning is done using correlation analysis and PCA, then is optimized using parent divorcing and Sequential least squares programming, thereby creating a model that exhibits high performance despite being lean with respect to the number of parameters. The chosen features’ relevance for each attack is also validated via qualitative mapping and domain logic. The generated model, evaluated using UNSW-NB15 and TON-IoT datasets, outperformed several state-of-the-art models to classify malicious traffic, especially in terms of inference time and model size. Despite its resource efficiency, it shows comparable results in terms of accuracy, recall, precision, and F1 score with other baseline models.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104186"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002236","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

With the rapid increase in the number of connected devices in the Internet of Things (IoT) environment, their exposure to threats has increased significantly. The attackers can launch sophisticated attacks on these networks more frequently due to the ease of availability of computing facilities. The devices in the IoT network have limited computational power, storage capacity, and hardware capability, making it challenging to secure them using traditional approaches. Over the years, many machine learning and deep learning-based approaches have been proposed to classify the traffic flowing through the edge devices, but the models have their limitations, such as slow detection of the attacks because of the limited computational power of these devices, thereby rendering parameter-heavy models infeasible to be run on such devices. To overcome this, we propose a structure learning algorithm to create a model whose structure learning is done using correlation analysis and PCA, then is optimized using parent divorcing and Sequential least squares programming, thereby creating a model that exhibits high performance despite being lean with respect to the number of parameters. The chosen features’ relevance for each attack is also validated via qualitative mapping and domain logic. The generated model, evaluated using UNSW-NB15 and TON-IoT datasets, outperformed several state-of-the-art models to classify malicious traffic, especially in terms of inference time and model size. Despite its resource efficiency, it shows comparable results in terms of accuracy, recall, precision, and F1 score with other baseline models.

Abstract Image

面向边缘设备恶意流量检测的网络流量轻量级表示学习
随着物联网(IoT)环境中连接设备数量的快速增加,其面临的威胁也显著增加。由于计算设施的易用性,攻击者可以更频繁地对这些网络发动复杂的攻击。物联网网络中的设备具有有限的计算能力,存储容量和硬件能力,因此使用传统方法保护它们具有挑战性。多年来,人们提出了许多基于机器学习和深度学习的方法来对流经边缘设备的流量进行分类,但这些模型有其局限性,例如由于这些设备的计算能力有限,对攻击的检测速度较慢,从而使得重参数模型无法在此类设备上运行。为了克服这一点,我们提出了一种结构学习算法来创建一个模型,该模型的结构学习是使用相关分析和PCA完成的,然后使用父母离婚和顺序最小二乘规划进行优化,从而创建一个模型,尽管在参数数量方面很精简,但仍表现出高性能。所选择的特征与每个攻击的相关性也通过定性映射和领域逻辑进行验证。使用UNSW-NB15和TON-IoT数据集对生成的模型进行了评估,在对恶意流量进行分类方面优于几种最先进的模型,特别是在推理时间和模型大小方面。尽管它的资源效率很高,但它在准确性、召回率、精度和F1分数方面的结果与其他基线模型相当。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信