PDF(Pubmed)
Abstract:
The increasing usage of interconnected devices within the Internet of Things (IoT) and Industrial IoT (IIoT) has significantly enhanced efficiency and utility in both personal and industrial settings but also heightened cybersecurity vulnerabilities, particularly through IoT malware. This paper explores the use of one-class classification, a method of unsupervised learning, which is especially suitable for unlabeled data, dynamic environments, and malware detection, which is a form of anomaly detection. We introduce the TF-IDF method for transforming nominal features into numerical formats that avoid information loss and manage dimensionality effectively, which is crucial for enhancing pattern recognition when combined with n-grams. Furthermore, we compare the performance of multi-class vs. one-class classification models, including Isolation Forest and deep autoencoder, that are trained with both benign and malicious NetFlow samples vs. trained exclusively on benign NetFlow samples. We achieve 100% recall with precision rates above 80% and 90% across various test datasets using one-class classification. These models show the adaptability of unsupervised learning, especially one-class classification, to the evolving malware threats in the IoT domain, offering insights into enhancing IoT security frameworks and suggesting directions for future research in this critical area.
摘要:
物联网(IoT)和工业物联网(IIoT)中互连设备的使用不断增加,显着提高了个人和工业环境中的效率和实用性,但也加剧了网络安全漏洞。特别是通过物联网恶意软件。本文探讨了一类分类的使用,一种无监督学习的方法,这特别适用于未标记的数据,动态环境,和恶意软件检测,这是异常检测的一种形式。我们介绍了TF-IDF方法,用于将标称特征转换为避免信息丢失并有效管理维度的数值格式,当与n-gram结合时,这对于增强模式识别至关重要。此外,我们比较了多类别与一类分类模型,包括隔离森林和深度自动编码器,使用良性和恶意NetFlow样本与只对良性NetFlow样本进行训练。我们使用单类分类在各种测试数据集上实现了100%的召回率,准确率高于80%和90%。这些模型显示了无监督学习的适应性,尤其是一类分类,物联网领域不断演变的恶意软件威胁,提供有关增强物联网安全框架的见解,并为这一关键领域的未来研究提出方向。
