DeepDetect: An innovative hybrid deep learning framework for anomaly detection in IoT networks

The presence of threats and anomalies in the Internet of Things infrastructure is a rising concern. Attacks, such as Denial of Service, User to Root, Probing, and Malicious operations can lead to the failure of an Internet of Things system. Traditional machine learning methods rely entirely on feature engineering availability to determine which data features will be considered by the model and contribute to its training and classification and “dimensionality” reduction techniques to find the most optimal correlation between data points that influence the outcome. The performance of the model mostly depends on the features that are used. This reliance on feature engineering and its effects on the model performance has been demonstrated from the perspective of the Internet of Things intrusion detection system. Unfortunately, given the risks associated with the Internet of Things intrusion, feature selection considerations are quite complicated due to the subjective complexity. Each feature has its benefits and drawbacks depending on which features are selected. Deep structured learning is a subcategory of machine learning. It realizes features inevitably out of raw data as it has a deep structure that contains multiple hidden layers. However, deep learning models such as recurrent neural networks can capture arbitrary-length dependencies, which are difficult to handle and train. However, it is suffering from exploiting and vanishing gradient problems. On the other hand, the log-cosh conditional variational Autoencoder ignores the detection of the multiple class classification problem, and it has a high level of false alarms and a not high detection accuracy. Moreover, the Autoencoder ignores to detect multi-class classification. Furthermore, there is evidence that a single convolutional neural network cannot fully exploit the rich information in network traffic. To deal with the challenges, this research proposed a novel approach for network anomaly detection. The proposed model consists of multiple convolutional neural networks, gate-recurrent units, and a bi-directional-long-short-term memory network. The proposed model employs multiple convolution neural networks to grasp spatial features from the spatial dimension through network traffic. Furthermore, gate recurrent units overwhelm the problem of gradient disappearing- and effectively capture the correlation between the features. In addition, the bi-directional-long short-term memory network approach was used. This layer benefits from preserving the historical context for a long time and extracting temporal features from backward and forward network traffic data. The proposed hybrid model improves network traffic’s accuracy and detection rate while lowering the false positive rate. The proposed model is evaluated and tested on the intrusion detection benchmark NSL-KDD dataset. Our proposed model outperforms other methods, as evidenced by the experimental results. The overall accuracy of the proposed model for multi-class classification is 99.31% and binary-class classification is 99.12%.