通过多视图子空间学习增强物联网流量异常检测能力

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-01-16 DOI:10.1109/JIOT.2025.3530771

Fengyuan Nie;Weiwei Liu;Guangjie Liu;Bo Gao;Jianan Huang;Wen Tian;Chau Yuen

{"title":"通过多视图子空间学习增强物联网流量异常检测能力","authors":"Fengyuan Nie;Weiwei Liu;Guangjie Liu;Bo Gao;Jianan Huang;Wen Tian;Chau Yuen","doi":"10.1109/JIOT.2025.3530771","DOIUrl":null,"url":null,"abstract":"With the frequent occurrence of information security incidents within the Internet of Things (IoT) landscape, there has been an increasing emphasis on anomaly detection in IoT traffic. Recently, supervised machine learning techniques have shown significant potential on this topic. However, the intricate nature of IoT network environments has posed a challenge in acquiring sufficient labeled samples of abnormal traffic. In comparison to supervised learning, unsupervised learning has more lenient sample requirements. Researchers have proposed various unsupervised detection methods, yet limitations persist. First, unsupervised learning, lacking guidance from labeled information, necessitates a more diverse range of traffic perspectives for comprehensive information coverage. Second, despite efforts to extract multiview traffic features from various perspectives, existing methods struggle to integrate these features effectively, limiting interpretability and introducing redundancy and noise. Lastly, conventional unsupervised methods often rely heavily on manually crafted features, potentially leading to biased and limited representations. In this article, we propose an unsupervised IoT traffic anomaly detection method based on multiview subspace learning. Specifically, we first construct a multiview traffic representation, including a protocol field view and a payload semantic view. Subsequently, a multiview subspace learning algorithm is designed to project the different views of traffic onto a unified and low-rank subspace, optimized using the augmented lagrangian multiplier with alternating direction minimization (ALM-ADM) strategy. Finally, spectral clustering is employed to accomplish IoT traffic anomaly detection. We benchmark the proposed method on multiple IoT traffic datasets and diverse computational platforms. The experimental results demonstrate that the method outperforms other state-of-the-art approaches in terms of accuracy and computational efficiency.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 11","pages":"15911-15925"},"PeriodicalIF":8.9000,"publicationDate":"2025-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Empowering Anomaly Detection in IoT Traffic Through Multiview Subspace Learning\",\"authors\":\"Fengyuan Nie;Weiwei Liu;Guangjie Liu;Bo Gao;Jianan Huang;Wen Tian;Chau Yuen\",\"doi\":\"10.1109/JIOT.2025.3530771\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the frequent occurrence of information security incidents within the Internet of Things (IoT) landscape, there has been an increasing emphasis on anomaly detection in IoT traffic. Recently, supervised machine learning techniques have shown significant potential on this topic. However, the intricate nature of IoT network environments has posed a challenge in acquiring sufficient labeled samples of abnormal traffic. In comparison to supervised learning, unsupervised learning has more lenient sample requirements. Researchers have proposed various unsupervised detection methods, yet limitations persist. First, unsupervised learning, lacking guidance from labeled information, necessitates a more diverse range of traffic perspectives for comprehensive information coverage. Second, despite efforts to extract multiview traffic features from various perspectives, existing methods struggle to integrate these features effectively, limiting interpretability and introducing redundancy and noise. Lastly, conventional unsupervised methods often rely heavily on manually crafted features, potentially leading to biased and limited representations. In this article, we propose an unsupervised IoT traffic anomaly detection method based on multiview subspace learning. Specifically, we first construct a multiview traffic representation, including a protocol field view and a payload semantic view. Subsequently, a multiview subspace learning algorithm is designed to project the different views of traffic onto a unified and low-rank subspace, optimized using the augmented lagrangian multiplier with alternating direction minimization (ALM-ADM) strategy. Finally, spectral clustering is employed to accomplish IoT traffic anomaly detection. We benchmark the proposed method on multiple IoT traffic datasets and diverse computational platforms. The experimental results demonstrate that the method outperforms other state-of-the-art approaches in terms of accuracy and computational efficiency.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 11\",\"pages\":\"15911-15925\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-01-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10843674/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10843674/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着物联网（IoT）领域信息安全事件的频繁发生，物联网流量异常检测越来越受到重视。最近，监督式机器学习技术在这一主题上显示出了巨大的潜力。然而，物联网网络环境的复杂性对获取足够的异常流量标记样本提出了挑战。与有监督学习相比，无监督学习对样本的要求更宽松。研究人员提出了各种无监督检测方法，但局限性仍然存在。首先，无监督学习缺乏标签信息的指导，需要更多样化的交通视角来全面覆盖信息。其次，尽管努力从不同角度提取多视图交通特征，但现有方法难以有效地整合这些特征，限制了可解释性，并引入冗余和噪声。最后，传统的无监督方法通常严重依赖于手工制作的特征，可能导致有偏见和有限的表示。在本文中，我们提出了一种基于多视图子空间学习的无监督物联网流量异常检测方法。具体而言，我们首先构建了一个多视图流量表示，包括协议字段视图和有效负载语义视图。随后，设计了一种多视图子空间学习算法，将不同的交通视图投影到统一的低秩子空间上，并使用带交替方向最小化（ALM-ADM）策略的增广拉格朗日乘法器进行优化。最后，利用频谱聚类实现物联网流量异常检测。我们在多个物联网流量数据集和不同的计算平台上对所提出的方法进行了基准测试。实验结果表明，该方法在精度和计算效率方面优于其他最先进的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Empowering Anomaly Detection in IoT Traffic Through Multiview Subspace Learning

With the frequent occurrence of information security incidents within the Internet of Things (IoT) landscape, there has been an increasing emphasis on anomaly detection in IoT traffic. Recently, supervised machine learning techniques have shown significant potential on this topic. However, the intricate nature of IoT network environments has posed a challenge in acquiring sufficient labeled samples of abnormal traffic. In comparison to supervised learning, unsupervised learning has more lenient sample requirements. Researchers have proposed various unsupervised detection methods, yet limitations persist. First, unsupervised learning, lacking guidance from labeled information, necessitates a more diverse range of traffic perspectives for comprehensive information coverage. Second, despite efforts to extract multiview traffic features from various perspectives, existing methods struggle to integrate these features effectively, limiting interpretability and introducing redundancy and noise. Lastly, conventional unsupervised methods often rely heavily on manually crafted features, potentially leading to biased and limited representations. In this article, we propose an unsupervised IoT traffic anomaly detection method based on multiview subspace learning. Specifically, we first construct a multiview traffic representation, including a protocol field view and a payload semantic view. Subsequently, a multiview subspace learning algorithm is designed to project the different views of traffic onto a unified and low-rank subspace, optimized using the augmented lagrangian multiplier with alternating direction minimization (ALM-ADM) strategy. Finally, spectral clustering is employed to accomplish IoT traffic anomaly detection. We benchmark the proposed method on multiple IoT traffic datasets and diverse computational platforms. The experimental results demonstrate that the method outperforms other state-of-the-art approaches in terms of accuracy and computational efficiency.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.