A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT

Kaliyaperumal, Prabu; Periyasamy, Sudhakar; Thirumalaisamy, Manikandan; Balusamy, Balamurugan; Benedetto, Francesco

A Novel Hybrid Unsupervised Learning Approach for Enhanced Cybersecurity in the IoT

Prabu Kaliyaperumal (), Sudhakar Periyasamy, Manikandan Thirumalaisamy, Balamurugan Balusamy and Francesco Benedetto ()
Additional contact information
Prabu Kaliyaperumal: School of Computer Science and Engineering, Galgotias University, Dankaur 203201, India
Sudhakar Periyasamy: School of Computer Science and Engineering, Galgotias University, Dankaur 203201, India
Manikandan Thirumalaisamy: Department of CSBS, Rajalakshmi Engineering College, Tamil Nadu 602105, India
Balamurugan Balusamy: Associate Dean-Students, Shiv Nadar University, Delhi-NCR Campus, Noida 201305, India
Francesco Benedetto: Signal Processing for TLC and Economics, University of Roma Tre, 00154 Rome, Italy

Future Internet, 2024, vol. 16, issue 7, 1-29

Abstract: The proliferation of IoT services has spurred a surge in network attacks, heightening cybersecurity concerns. Essential to network defense, intrusion detection and prevention systems (IDPSs) identify malicious activities, including denial of service (DoS), distributed denial of service (DDoS), botnet, brute force, infiltration, and Heartbleed. This study focuses on leveraging unsupervised learning for training detection models to counter these threats effectively. The proposed method utilizes basic autoencoders (bAEs) for dimensionality reduction and encompasses a three-stage detection model: one-class support vector machine (OCSVM) and deep autoencoder (dAE) attack detection, complemented by density-based spatial clustering of applications with noise (DBSCAN) for attack clustering. Accurately delineated clusters aid in mapping attack tactics. The MITRE ATT&CK framework establishes a “Cyber Threat Repository”, cataloging attacks and tactics, enabling immediate response based on priority. Leveraging preprocessed and unlabeled normal network traffic data, this approach enables the identification of novel attacks while mitigating the impact of imbalanced training data on model performance. The autoencoder method utilizes reconstruction error, OCSVM employs a kernel function to establish a hyperplane for anomaly detection, while DBSCAN employs a density-based approach to identify clusters, manage noise, accommodate diverse shapes, automatically determining cluster count, ensuring scalability, and minimizing false positives and false negatives. Evaluated on standard datasets such as CIC-IDS2017 and CSECIC-IDS2018, the proposed model outperforms existing state of art methods. Our approach achieves accuracies exceeding 98% for the two datasets, thus confirming its efficacy and effectiveness for application in efficient intrusion detection systems.

Keywords: autoencoder; DBSCAN; support vector machine; unsupervised learning; cloud security (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/16/7/253/pdf (application/pdf)
https://www.mdpi.com/1999-5903/16/7/253/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:16:y:2024:i:7:p:253-:d:1437506

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().