Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - ADCL
T2 - Toward an Adaptive Network Intrusion Detection System Using Collaborative Learning in IoT Networks
AU - Ma, Zuchao
AU - Liu, Liang
AU - Meng, Weizhi
AU - Luo, Xiapu
AU - Wang, Lisong
AU - Li, Wenjuan
PY - 2023/7/15
Y1 - 2023/7/15
N2 - With the widespread of cyber attacks, network intrusion detection system (NIDS) is becoming an important and essential tool to protect Internet of Things (IoT) environments. However, it is well known that the NIDS performance depends heavily on the effectiveness of the detection model, which can be influenced significantly by the learning mechanism and the available training data. Many existing studies try to mitigate the above challenges, but few of them consider the adaptability and the cost of deploying an NIDS, the integrity of the learning process, the capacity of model based on concrete traffic samples at the same time. To fill this gap and improve the detection performance, we propose a collaborative learning-based detection framework called ADCL, which can mitigate the limitations on the knowledge of a single model by leveraging multiple models trained in similar environments and detecting intrusions in a collaborative manner. Our evaluation results indicate that ADCL can provide better performance compared with a single model on detecting various attacks in IoT networks. Specifically, ADCL improves F-score by up to 80% for adaptability, 42% in mitigating the reliance on learning integrity, 85% for model capacity. Furthermore, the detection results of ADCL guide those single models to update and increase the F-score by 15%.
AB - With the widespread of cyber attacks, network intrusion detection system (NIDS) is becoming an important and essential tool to protect Internet of Things (IoT) environments. However, it is well known that the NIDS performance depends heavily on the effectiveness of the detection model, which can be influenced significantly by the learning mechanism and the available training data. Many existing studies try to mitigate the above challenges, but few of them consider the adaptability and the cost of deploying an NIDS, the integrity of the learning process, the capacity of model based on concrete traffic samples at the same time. To fill this gap and improve the detection performance, we propose a collaborative learning-based detection framework called ADCL, which can mitigate the limitations on the knowledge of a single model by leveraging multiple models trained in similar environments and detecting intrusions in a collaborative manner. Our evaluation results indicate that ADCL can provide better performance compared with a single model on detecting various attacks in IoT networks. Specifically, ADCL improves F-score by up to 80% for adaptability, 42% in mitigating the reliance on learning integrity, 85% for model capacity. Furthermore, the detection results of ADCL guide those single models to update and increase the F-score by 15%.
U2 - 10.1109/JIOT.2023.3248259
DO - 10.1109/JIOT.2023.3248259
M3 - Journal article
VL - 10
SP - 12521
EP - 12536
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
SN - 2327-4662
IS - 14
ER -