Abnormal Traffic Detection in the Internet of Things Based on Imbalanced Data

Abstract

Abstract: In order to deal with the problem of data category imbalance, which puts forward the low performance of the abnormal traffic detection model of the Internet of things, this paper proposes an abnormal traffic detection method based on category imbalance. Firstly, the Kmeans SMOTEENN algorithm based on MD (Mahalanobis distance) is used to generate noisefree data to effectively achieve balanced data sample distribution. Secondly, aiming at the low performance of the abnormal traffic detection model, a model combining the CNN (convolutional neural network) and the BiLSTM (Bidirectional long shortterm memory) is constructed. By extracting the local convolution features and key features of abnormal traffic. Finally, classification is performed through the fully connected layer and Softmax classifier. Experimental results show that compared with existing abnormal traffic detection methods, the proposed method achieved significant improvements in evaluation indicators such as accuracy, recall, precision and F1 value. The model can accurately identify abnormal behaviors in traffic with an accuracy rate as high as 99.43%.

Key words: IoT, abnormal traffic detection, deep learning, sampling algorithms, CNNBiLSTM

摘要： 为应对数据类别不平衡问题，导致物联网异常流量检测模型性能低下，提出一种基于不平衡数据的物联网异常流量检测方法.首先，采用基于马氏距离(Mahalanobis distance, MD)的Kmeans SMOTEENN算法生成无噪声的数据，以有效实现数据样本分布均衡.其次，针对异常流量检测模型性能低下，构建了卷积神经网络(convolutional neural network, CNN)和双向长短期记忆网络(bidirectional long shortterm memory, BiLSTM)相结合的模型，提取异常流量的局部卷积特征以及关键特征.最后，通过全连接层和分类器进行分类.实验结果显示，相较于现有异常流量检测方法，所提出的方法在准确率、召回率、精确率和F1值等评价指标上均取得显著提升.该模型能够准确识别流量中的异常行为，准确率高达99.43%.

关键词: 物联网, 异常流量, 深度学习, 采样算法, CNNBiLSTM

CLC Number:

TP309.1

张光华, 王子昱, 蔡明伟, . 基于不平衡数据的物联网异常流量检测[J]. 信息安全研究, 2024, 10(11): 1012-.

References

［1］Riad K, Huang Teng, Ke Lishan. A dynamic and hierarchical access control for IoT in multiauthority cloud storage［J］. Journal of Network and Computer Applications, 2020, 160: 102633［2］Maniriho P, Niyigaba E, Bizimana Z, et al. Anomalybased intrusion detection approach for IoT networks using machine learning［C］ Proc of Int Conf on Computer Engineering, Network, and Intelligent Multimedia. Piscataway, NJ: IEEE, 2020: 303308［3］Chaabouni N, Mosbah M, Zemmari A, et al. Network intrusion detection for IoT security based on learning techniques［J］. IEEE Communications Surveys & Tutorials, 2019, 21(3): 26712701 ［4］Raza S, Wallgren L, Voigt T. SVELTE: Realtime intrusion detection in the Internet of Things［J］. Ad Hoc Networks, 2013, 11(8): 26612674 ［5］Bertino E, Islam N. Botnets and Internet of things security［J］. Computer, 2017, 50(2): 7679［6］Ali A, Shamsuddin S M, Ralescu A L. Classification with class imbalance problem［J］. International Journal of Soft Computing and Its Applications, 2013, 5(3): 176204［7］Wilson D L. Asymptotic properties of nearest neighbor rules using edited data［J］. IEEE Trans on Systems, Man, and Cybernetics, 2007, 2(3): 408421［8］Chawla N V, Bowyer K W, Hall L O, et al. SMOTE: Synthetic minority oversampling technique［J］. Journal of Artificial Intelligence Research, 2002, 16: 321357［9］He H, Bai Y, Garcia E A, et al. ADASYN: Adaptive synthetic sampling approach for imbalanced learning［C］ Proc of IEEE Int Joint Conf on Neural Networks. Piscataway, NJ: IEEE, 2008: 13221328［10］Kwon D, Kim H, Kim J, et al. A survey of deep learningbased network anomaly detection［J］. Cluster Computing, 2019, 22: 949961 ［11］He Y, Mendis G J, Wei J. Realtime detectionof false data injection attacks in smart grid: A deep learningbased intelligent mechanism［J］. IEEE Trans on Smart Grid, 2017, 8(5): 25052516［12］Li D, Deng L, Lee M, et al. IoT data feature extraction and intrusion detection system for smart cities based on deep migration learning［J］. International Journal of Information Management, 2019, 49: 533545 ［13］Cordero C G, Hauke S, Mühlhuser M, et al. Analyzing flowbased anomaly intrusion detection using replicator neural networks［C］ Proc of the 14th Annual Conf on Privacy, Security and Trust. Piscataway, NJ: IEEE, 2016: 317324［14］杨晓文, 张健, 况立群, 等. 融合CNNBiGRU和注意力机制的网络入侵检测模型［J］. 信息安全研究, 2024, 10(3): 202208［15］LeCun Y, Bottou L, Bengio Y, et al. Gradientbased learning applied to document recognition［J］. Proceedings of the IEEE, 1998, 86(11): 22782324［16］Selvin S, Vinayakumar R, Gopalakrishnan E A, et al. Stock price prediction using LSTM, RNN and CNNsliding window model［C］ Proc of Int Conf on Advances in Computing, Communications and Informatics. Piscataway, NJ: IEEE, 2017: 16431647［17］Hochreiter S, Schmidhuber J. Long shorttermmemory［J］. Neural Computation, 1997, 9(8): 17351780 ［18］Wu Q, Guan F, Lv C, et al. Ultrashortterm multistep wind power forecasting based on CNNLSTM［J］. IET Renewable Power Generation, 2021, 15(5): 10191029 ［19］李泽一, 王攀. 基于代价敏感度的改进型K近邻异常流量检测算法［J］. 南京邮电大学学报:自然科学版, 2022, 42(2): 8592［20］李海涛, 王瑞敏, 董卫宇, 等. 一种基于GRU的半监督网络流量异常检测方法［J］. 计算机科学, 2023, 50(3): 380390［21］Choudhary S, Kesswani N. Analysis of KDDCup’99, NSLKDD and UNSWNB15 datasets using deep learning in IoT［J］. Procedia Computer Science, 2020, 167: 15611573［22］Mushtaq E, Zameer A, Khan A. A twostage stacked ensemble intrusion detection system using five base classifiers and MLP with optimal feature selection［J］. Microprocessors and Microsystems, 2022, 94: 104660［23］Tama B A, Comuzzi M, Rhee K H. TSEIDS: A twostage classifier ensemble for intelligent anomalybased intrusion detection system［J］. IEEE Access, 2019, 7: 9449794507［24］Manimurugan S, Majdi A, Mohmmed M, et al. Intrusion detection in networks using crow search optimization algorithm with adaptive neurofuzzy inference system［J］. Microprocessors and MicroSystems, 2020, 79: 10326

[1]	. A Poisoningresistant Verifiable Secure Federated Learning Scheme #br# in IoT Perception Environments#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 804-.
[2]	. Image Processing Model Watermarking Method Based on #br# Attention Mechanism and Passport Layer Embedding#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 849-.
[3]	. A Review of GPU Acceleration Technology for Deep Learning in Plaintext and Private Computing Environments [J]. Journal of Information Security Reserach, 2024, 10(7): 586-.
[4]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[5]	. An Automatic Vulnerability Classification Framework Based on BiGRU TextCNN [J]. Journal of Information Security Reserach, 2024, 10(5): 446-.
[6]	. Adversarial Attack Algorithm Based on Multimodel Scheduling Optimization#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(5): 403-.
[7]	. Research on Network Traffic Intrusion Detection Method Based on Denoising Diffusion Probability Model [J]. Journal of Information Security Reserach, 2024, 10(5): 421-.
[8]	. Research on Source Code Vulnerability Detection Based on BERT Model [J]. Journal of Information Security Reserach, 2024, 10(4): 294-.
[9]	. A Network Intrusion Detection Model Integrating CNN-BiGRU and Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(3): 202-.
[10]	. Malicious TLS Traffic Detection Based on Graph Representation#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(3): 209-.
[11]	. Malware Detection and Classification Based on GHM Visualization and Deep Learning [J]. Journal of Information Security Reserach, 2024, 10(3): 216-.
[12]	. Research on Location Attack Detection of VANET Based on Incremental Learning [J]. Journal of Information Security Reserach, 2024, 10(3): 277-.
[13]	. Zerotrust Dynamic Authentication to Resist APT Identity Compromise [J]. Journal of Information Security Reserach, 2024, 10(10): 928-.
[14]	. Distributed Authentication Model Under Power IoT Zero Trust Architecture [J]. Journal of Information Security Reserach, 2024, 10(1): 67-.
[15]	. Cyberbullying Detection Model Based on ELMoTextCNN [J]. Journal of Information Security Reserach, 2023, 9(9): 868-.