Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Strengthening Network Intrusion Detection in IoT Environments with Self-Supervised Learning and Few Shot Learning

Safa Ben Atitallah, Maha Driss, Wadii Boulila, Anis Koubaa

TL;DR

The paper tackles IoT intrusion detection under severe label scarcity and class imbalance by integrating self-supervised learning (Deep InfoMax) for rich feature extraction, a prototypical network for robust few-shot embeddings, and a Random Forest classifier for final decision-making. This DIM-ProtoNetRF pipeline enables effective detection of emerging attacks using only a small labeled subset (20%), demonstrated on two IoT malware datasets (MaleVis and WSN-DS) with high accuracies (~98.6% and ~99.6%). Ablation studies confirm the critical roles of both the DIM feature extractor and the RF classifier in achieving strong performance. The approach offers practical impact for real-world IoT security, providing adaptability to new threats with limited labeled data and potential for real-time deployment across diverse IoT environments.

Abstract

The Internet of Things (IoT) has been introduced as a breakthrough technology that integrates intelligence into everyday objects, enabling high levels of connectivity between them. As the IoT networks grow and expand, they become more susceptible to cybersecurity attacks. A significant challenge in current intrusion detection systems for IoT includes handling imbalanced datasets where labeled data are scarce, particularly for new and rare types of cyber attacks. Existing literature often fails to detect such underrepresented attack classes. This paper introduces a novel intrusion detection approach designed to address these challenges. By integrating Self Supervised Learning (SSL), Few Shot Learning (FSL), and Random Forest (RF), our approach excels in learning from limited and imbalanced data and enhancing detection capabilities. The approach starts with a Deep Infomax model trained to extract key features from the dataset. These features are then fed into a prototypical network to generate discriminate embedding. Subsequently, an RF classifier is employed to detect and classify potential malware, including a range of attacks that are frequently observed in IoT networks. The proposed approach was evaluated through two different datasets, MaleVis and WSN-DS, which demonstrate its superior performance with accuracies of 98.60% and 99.56%, precisions of 98.79% and 99.56%, recalls of 98.60% and 99.56%, and F1-scores of 98.63% and 99.56%, respectively.

Strengthening Network Intrusion Detection in IoT Environments with Self-Supervised Learning and Few Shot Learning

TL;DR

The paper tackles IoT intrusion detection under severe label scarcity and class imbalance by integrating self-supervised learning (Deep InfoMax) for rich feature extraction, a prototypical network for robust few-shot embeddings, and a Random Forest classifier for final decision-making. This DIM-ProtoNetRF pipeline enables effective detection of emerging attacks using only a small labeled subset (20%), demonstrated on two IoT malware datasets (MaleVis and WSN-DS) with high accuracies (~98.6% and ~99.6%). Ablation studies confirm the critical roles of both the DIM feature extractor and the RF classifier in achieving strong performance. The approach offers practical impact for real-world IoT security, providing adaptability to new threats with limited labeled data and potential for real-time deployment across diverse IoT environments.

Abstract

The Internet of Things (IoT) has been introduced as a breakthrough technology that integrates intelligence into everyday objects, enabling high levels of connectivity between them. As the IoT networks grow and expand, they become more susceptible to cybersecurity attacks. A significant challenge in current intrusion detection systems for IoT includes handling imbalanced datasets where labeled data are scarce, particularly for new and rare types of cyber attacks. Existing literature often fails to detect such underrepresented attack classes. This paper introduces a novel intrusion detection approach designed to address these challenges. By integrating Self Supervised Learning (SSL), Few Shot Learning (FSL), and Random Forest (RF), our approach excels in learning from limited and imbalanced data and enhancing detection capabilities. The approach starts with a Deep Infomax model trained to extract key features from the dataset. These features are then fed into a prototypical network to generate discriminate embedding. Subsequently, an RF classifier is employed to detect and classify potential malware, including a range of attacks that are frequently observed in IoT networks. The proposed approach was evaluated through two different datasets, MaleVis and WSN-DS, which demonstrate its superior performance with accuracies of 98.60% and 99.56%, precisions of 98.79% and 99.56%, recalls of 98.60% and 99.56%, and F1-scores of 98.63% and 99.56%, respectively.
Paper Structure (16 sections, 3 equations, 6 figures, 4 tables)

This paper contains 16 sections, 3 equations, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Background
  4. Self Supervised Learning
  5. Few Sot Learning
  6. Proposed Approach
  7. Phase1: Self-Supervised Training of Deep InfoMax
  8. Phase2: Integrating DIM with Prototypical Network
  9. Phase 3: Classification with Random Forest
  10. Experiments
  11. Experimental Setup
  12. Datasets
  13. Performance Evaluation
  14. Ablation Study
  15. Discussion
  16. ...and 1 more sections

Figures (6)

  • Figure 1: General overview of the proposed approach integrating SSL, FSL, and RF for intrusion detection classification.
  • Figure 2: The architecture of the proposed DIM-based ProtoNet
  • Figure 3: Normalized confusion matrix within the MaleVis dataset following the proposed approach
  • Figure 4: Visualization of the embedding learned by the DIM-ProtoNetRF using the Malvi dataset.
  • Figure 5: Normalized confusion matrix of the WSN-DS dataset
  • ...and 1 more figures