Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2022 Aug 4;22(15):5822.
doi: 10.3390/s22155822.

Towards an Effective Intrusion Detection Model Using Focal Loss Variational Autoencoder for Internet of Things (IoT)

Shapla Khanam  1 Ismail Ahmedy  1   2 Mohd Yamani Idna Idris  1   2 Mohamed Hisham Jaward  3
Affiliations

Towards an Effective Intrusion Detection Model Using Focal Loss Variational Autoencoder for Internet of Things (IoT)

Shapla Khanam et al. Sensors (Basel). .

Abstract

As the range of security attacks increases across diverse network applications, intrusion detection systems are of central interest. Such detection systems are more crucial for the Internet of Things (IoT) due to the voluminous and sensitive data it produces. However, the real-world network produces imbalanced traffic including different and unknown attack types. Due to this imbalanced nature of network traffic, the traditional learning-based detection techniques suffer from lower overall detection performance, higher false-positive rate, and lower minority-class attack detection rates. To address the issue, we propose a novel deep generative-based model called Class-wise Focal Loss Variational AutoEncoder (CFLVAE) which overcomes the data imbalance problem by generating new samples for minority attack classes. Furthermore, we design an effective and cost-sensitive objective function called Class-wise Focal Loss (CFL) to train the traditional Variational AutoEncoder (VAE). The CFL objective function focuses on different minority class samples and scrutinizes high-level feature representation of observed data. This leads the VAE to generate more realistic, diverse, and quality intrusion data to create a well-balanced intrusion dataset. The balanced dataset results in improving the intrusion detection accuracy of learning-based classifiers. Therefore, a Deep Neural Network (DNN) classifier with a unique architecture is then trained using the balanced intrusion dataset to enhance the detection performance. Moreover, we utilize a challenging and highly imbalanced intrusion dataset called NSL-KDD to conduct an extensive experiment with the proposed model. The results demonstrate that the proposed CFLVAE with DNN (CFLVAE-DNN) model obtains promising performance in generating realistic new intrusion data samples and achieves superior intrusion detection performance. Additionally, the proposed CFLVAE-DNN model outperforms several state-of-the-art data generation and traditional intrusion detection methods. Specifically, the CFLVAE-DNN achieves 88.08% overall intrusion detection accuracy and 3.77% false positive rate. More significantly, it obtains the highest low-frequency attack detection rates for U2R (79.25%) and R2L (67.5%) against all the state-of-the-art algorithms.

Keywords: Class-wise Focal Loss; Deep Neural Network; Internet of Things; Variational AutoEncoder; data imbalance; intrusion detection.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest. The founding sponsors had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript, and in the decision to publish the results.

Figures

Figure 1
Figure 1
Variational AutoEncoder with CE loss.
Figure 2
Figure 2
Class-wise Focal Loss Variational AutoEncoder (CFLVAE).
Figure 3
Figure 3
Proposed CFLVAE-DNN Framework.
Figure 4
Figure 4
The effects of the training procedure of the CFLVAE and the DNN models. (a) CFLVAE loss; (b) DNN loss; (c) DNN accuracy.
Figure 5
Figure 5
NSL-KDD dataset. (a) Imbalanced original records; (b) Generated records; (c) Balanced dataset.
Figure 6
Figure 6
The intrusion detection performance (in %) of our proposed CFLVAE-DNN model. (a) Overall performance; (b) Class-wise detection rates.
Figure 7
Figure 7
AUC-ROC curve on NSL-KDD test datasets. (a) AUC-ROC curve on the KDDTest+; (b) AUC-ROC curve on the KDDTest-21.
Figure 8
Figure 8
The intrusion detection performance (in %) on different number of hidden layers used in DNN model for KDDTest+ dataset. (a) Overall performance; (b) Class-wise detection rates.
Figure 9
Figure 9
The result of intrusion detection performance with different Gamma (γ) values of Class-wise Focal Loss.
Figure 10
Figure 10
Comparison of (a) Overall detection rates and (b) Class-wise detection performance of data generation techniques on the KDDTest+ dataset (in %).
Figure 11
Figure 11
Comparison of (a) Overall detection rates and (b) Class-wise detection performance of data generation techniques on the KDDTest-21 dataset (in %).
Figure 12
Figure 12
Comparison of (a) Overall performance and (b) Class-wise detection rates of learning-based classifiers on the NSL-KDD (KDDTest+) dataset (in %).
Figure 13
Figure 13
Comparison of (a) Overall performance and (b) Class-wise detection rates of learning-based classifiers on the NSL-KDD (KDDTest-21) dataset (in %).
See this image and copyright information in PMC

Similar articles

See all similar articles

Cited by

References

    1. Alaba F.A., Othman M., Hashem I.A.T., Alotaibi F. Internet of Things security: A survey. J. Netw. Comput. Appl. 2017;88:10–28. doi: 10.1016/j.jnca.2017.04.002. - DOI
    1. Khanam S., Ahmedy I.B., Idris M.Y.I., Jaward M.H., Sabri A.Q.B.M. A survey of security challenges, attacks taxonomy and advanced countermeasures in the internet of things. IEEE Access. 2020;8:219709–219743. doi: 10.1109/ACCESS.2020.3037359. - DOI
    1. Kovacs E. Flaws in Smart City Systems Can Allow Hackers to Cause Panic. [(accessed on 22 September 2021)]. Available online: https://www.securityweek.com/flaws-smart-city-systems-can-allow-hackers-....
    1. Vinayakumar R., Soman K., Poornachandran P. Evaluating effectiveness of shallow and deep networks to intrusion detection system; Proceedings of the 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI); Udupi, India. 13–16 September 2017; pp. 1282–1289.
    1. Vinayakumar R., Alazab M., Soman K., Poornachandran P., Al-Nemrat A., Venkatraman S. Deep learning approach for intelligent intrusion detection system. IEEE Access. 2019;7:41525–41550. doi: 10.1109/ACCESS.2019.2895334. - DOI