Table of Contents
Fetching ...

A Transfer Learning Framework for Anomaly Detection in Multivariate IoT Traffic Data

Mahshid Rezakhani, Tolunay Seyfi, Fatemeh Afghah

TL;DR

The paper tackles anomaly detection in multivariate IoT time-series under label scarcity and concept drift. It introduces CTAL-VAE, a Contrastive Target-Adaptive LSTM-VAE that uses domain-specific adaptors and a contrastive triplet loss to enable cross-domain transfer without labeled data, followed by few-shot fine-tuning on the target domain. The approach is validated on WUSTL-IIOT-2021 (source) and ACI-IoT-2023 (target), achieving about $90\%$ accuracy and the highest MCC and sensitivity among baselines, demonstrating strong cross-domain generalization under limited target data. The work advances practical IoT security by enabling robust, scalable anomaly detection with minimal labeling and rapid adaptation to new environments.

Abstract

In recent years, rapid technological advancements and expanded Internet access have led to a significant rise in anomalies within network traffic and time-series data. Prompt detection of these irregularities is crucial for ensuring service quality, preventing financial losses, and maintaining robust security standards. While machine learning algorithms have shown promise in achieving high accuracy for anomaly detection, their performance is often constrained by the specific conditions of their training data. A persistent challenge in this domain is the scarcity of labeled data for anomaly detection in time-series datasets. This limitation hampers the training efficacy of both traditional machine learning and advanced deep learning models. To address this, unsupervised transfer learning emerges as a viable solution, leveraging unlabeled data from a source domain to identify anomalies in an unlabeled target domain. However, many existing approaches still depend on a small amount of labeled data from the target domain. To overcome these constraints, we propose a transfer learning-based model for anomaly detection in multivariate time-series datasets. Unlike conventional methods, our approach does not require labeled data in either the source or target domains. Empirical evaluations on novel intrusion detection datasets demonstrate that our model outperforms existing techniques in accurately identifying anomalies within an entirely unlabeled target domain.

A Transfer Learning Framework for Anomaly Detection in Multivariate IoT Traffic Data

TL;DR

The paper tackles anomaly detection in multivariate IoT time-series under label scarcity and concept drift. It introduces CTAL-VAE, a Contrastive Target-Adaptive LSTM-VAE that uses domain-specific adaptors and a contrastive triplet loss to enable cross-domain transfer without labeled data, followed by few-shot fine-tuning on the target domain. The approach is validated on WUSTL-IIOT-2021 (source) and ACI-IoT-2023 (target), achieving about accuracy and the highest MCC and sensitivity among baselines, demonstrating strong cross-domain generalization under limited target data. The work advances practical IoT security by enabling robust, scalable anomaly detection with minimal labeling and rapid adaptation to new environments.

Abstract

In recent years, rapid technological advancements and expanded Internet access have led to a significant rise in anomalies within network traffic and time-series data. Prompt detection of these irregularities is crucial for ensuring service quality, preventing financial losses, and maintaining robust security standards. While machine learning algorithms have shown promise in achieving high accuracy for anomaly detection, their performance is often constrained by the specific conditions of their training data. A persistent challenge in this domain is the scarcity of labeled data for anomaly detection in time-series datasets. This limitation hampers the training efficacy of both traditional machine learning and advanced deep learning models. To address this, unsupervised transfer learning emerges as a viable solution, leveraging unlabeled data from a source domain to identify anomalies in an unlabeled target domain. However, many existing approaches still depend on a small amount of labeled data from the target domain. To overcome these constraints, we propose a transfer learning-based model for anomaly detection in multivariate time-series datasets. Unlike conventional methods, our approach does not require labeled data in either the source or target domains. Empirical evaluations on novel intrusion detection datasets demonstrate that our model outperforms existing techniques in accurately identifying anomalies within an entirely unlabeled target domain.
Paper Structure (22 sections, 16 equations, 3 figures, 2 tables)