CTWA: a novel incremental deep learning-based intrusion detection method for the Internet of Things

Class incremental learning aims to learn new courses in an incremental manner without forgetting the categories previously learned. A novel incremental Internet of Things (IoT) intrusion detection method CTWA based on Convolutional Autoencoder (CAE) and Temporal Convolutional Network (TCN) is proposed to address the issues of insufficient generalization ability, high computational resources, and redundant features in class incremental learning. This method first completes the training of the CAE-TCN module, extracts and concatenates local features of data samples through CAE and TCN, and then initializes the incremental learning module. Residual modules are added to the CAE to improve the training effect of the model and avoid gradient vanishing problems. The CAE-TCN module shares lower-level feature representations through task-specific layers in incremental learning module. It distinguishes between old and new tasks using Gaussian distribution, and applies Weight alignment (WA) techniques between task heads to ensure that learning the new task does not result in forgetting the knowledge of the old tasks. Ultimately, the outputs of both new and old tasks are weighted and fused to ensure the optimal classification result. Additionally, a loss function combining cross-entropy loss and label smoothing loss is used to enhance the model’s performance. We conducted experiments on two datasets. The experimental results on CICIoT2023 dataset demonstrate that the proposed model excels in terms of accuracy, precision, recall, and F1-Score, achieving 0.9643, 0.9659, 0.9643, and 0.9645, respectively. With 40 training epochs, the model’s runtime is 789.58 s, which is higher than most comparison models, but the accuracy is significantly improved. The proposed method can effectively distinguishes between different known and unknown types of attacks, highlighting its potential applications in the field of cybersecurity.