{"title":"面向边缘设备恶意流量检测的网络流量轻量级表示学习","authors":"Kumar Anurupam , Karthick Seshadri","doi":"10.1016/j.jisa.2025.104186","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid increase in the number of connected devices in the Internet of Things (IoT) environment, their exposure to threats has increased significantly. The attackers can launch sophisticated attacks on these networks more frequently due to the ease of availability of computing facilities. The devices in the IoT network have limited computational power, storage capacity, and hardware capability, making it challenging to secure them using traditional approaches. Over the years, many machine learning and deep learning-based approaches have been proposed to classify the traffic flowing through the edge devices, but the models have their limitations, such as slow detection of the attacks because of the limited computational power of these devices, thereby rendering parameter-heavy models infeasible to be run on such devices. To overcome this, we propose a structure learning algorithm to create a model whose structure learning is done using correlation analysis and PCA, then is optimized using parent divorcing and Sequential least squares programming, thereby creating a model that exhibits high performance despite being lean with respect to the number of parameters. The chosen features’ relevance for each attack is also validated via qualitative mapping and domain logic. The generated model, evaluated using UNSW-NB15 and TON-IoT datasets, outperformed several state-of-the-art models to classify malicious traffic, especially in terms of inference time and model size. Despite its resource efficiency, it shows comparable results in terms of accuracy, recall, precision, and F1 score with other baseline models.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104186"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Lightweight representation learning for network traffic towards malicious traffic detection in edge devices\",\"authors\":\"Kumar Anurupam , Karthick Seshadri\",\"doi\":\"10.1016/j.jisa.2025.104186\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With the rapid increase in the number of connected devices in the Internet of Things (IoT) environment, their exposure to threats has increased significantly. The attackers can launch sophisticated attacks on these networks more frequently due to the ease of availability of computing facilities. The devices in the IoT network have limited computational power, storage capacity, and hardware capability, making it challenging to secure them using traditional approaches. Over the years, many machine learning and deep learning-based approaches have been proposed to classify the traffic flowing through the edge devices, but the models have their limitations, such as slow detection of the attacks because of the limited computational power of these devices, thereby rendering parameter-heavy models infeasible to be run on such devices. To overcome this, we propose a structure learning algorithm to create a model whose structure learning is done using correlation analysis and PCA, then is optimized using parent divorcing and Sequential least squares programming, thereby creating a model that exhibits high performance despite being lean with respect to the number of parameters. The chosen features’ relevance for each attack is also validated via qualitative mapping and domain logic. The generated model, evaluated using UNSW-NB15 and TON-IoT datasets, outperformed several state-of-the-art models to classify malicious traffic, especially in terms of inference time and model size. Despite its resource efficiency, it shows comparable results in terms of accuracy, recall, precision, and F1 score with other baseline models.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"93 \",\"pages\":\"Article 104186\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-08-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625002236\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002236","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Lightweight representation learning for network traffic towards malicious traffic detection in edge devices
With the rapid increase in the number of connected devices in the Internet of Things (IoT) environment, their exposure to threats has increased significantly. The attackers can launch sophisticated attacks on these networks more frequently due to the ease of availability of computing facilities. The devices in the IoT network have limited computational power, storage capacity, and hardware capability, making it challenging to secure them using traditional approaches. Over the years, many machine learning and deep learning-based approaches have been proposed to classify the traffic flowing through the edge devices, but the models have their limitations, such as slow detection of the attacks because of the limited computational power of these devices, thereby rendering parameter-heavy models infeasible to be run on such devices. To overcome this, we propose a structure learning algorithm to create a model whose structure learning is done using correlation analysis and PCA, then is optimized using parent divorcing and Sequential least squares programming, thereby creating a model that exhibits high performance despite being lean with respect to the number of parameters. The chosen features’ relevance for each attack is also validated via qualitative mapping and domain logic. The generated model, evaluated using UNSW-NB15 and TON-IoT datasets, outperformed several state-of-the-art models to classify malicious traffic, especially in terms of inference time and model size. Despite its resource efficiency, it shows comparable results in terms of accuracy, recall, precision, and F1 score with other baseline models.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.