IEEE Access (Jan 2022)
Anomaly Detection Based on CNN and Regularization Techniques Against Zero-Day Attacks in IoT Networks
Abstract
The fast expansion of the Internet of Things (IoT) in the technology and communication industries necessitates a continuously updated cyber-security mechanism to keep protecting the systems’ users from any possible attack that might target their data and privacy. Botnets pose a severe risk to the IoT, they use malicious nodes in order to compromise other nodes inside the network to launch several types of attacks causing service disruption. Examples of these attacks are Denial of Service (DoS), Distributed Denial of Service (DDoS), Service Scan, and OS Fingerprint. DoS and DDoS attacks are the most severe attacks in IoT launched from Botnets. Where the Botnet commands previously compromised single or multiple nodes in the network to launch network traffic towards a specific node or service. This leads to computational, power, or network bandwidth draining, which causes specific services to shutdown or behave unexpectedly. In this paper, we aim to verify the detection approach reliability when it encounters an attack that it was not trained on before. Therefore, we evaluate the performance of Convolutional Neural Networks (CNN) classifier in order to detect the malicious attack traffic especially the attacks that never reported before in the network i.e. Zero-Day attacks. Different regularization techniques i.e. L1 and L2 have been used to address the problem of overfitting and to control the complexity of the classifier. The experimental results show that using the regularization methods gives a higher performance in all the evaluation metrics compared to the standard CNN model. In addition, the enhanced CNN technique improves the capability of IDSs in detection of unseen intrusion events.
Keywords
