A Joint Reconstruction-Triplet Loss Autoencoder Approach Towards Unseen Attack Detection in IoV Networks
Julia Boone, Tolunay Seyfi, Fatemeh Afghah
TL;DR
This work addresses unseen attack detection in IoV networks by learning normal traffic patterns from benign data with an unsupervised autoencoder. It introduces a joint reconstruction and triplet-margin loss $L = lambda_TML * L_TML + lambda_REC * L_REC$ to diversify the benign latent space and improve zero-day generalization, validated on two IoT datasets that reflect modern IoV traffic. The method achieves high benign accuracy (around 99%) and strong anomaly detection across unseen attacks (approximately 97%–100%), with transfer learning enabling cross-domain deployment. These results indicate that unsupervised, contrastive-leaning representations, coupled with sequence-based autoencoding, can robustly detect novel network attacks in safety-critical IoV systems without requiring labeled attack data.
Abstract
Internet of Vehicles (IoV) systems, while offering significant advancements in transportation efficiency and safety, introduce substantial security vulnerabilities due to their highly interconnected nature. These dynamic systems produce massive amounts of data between vehicles, infrastructure, and cloud services and present a highly distributed framework with a wide attack surface. In considering network-centered attacks on IoV systems, attacks such as Denial-of-Service (DoS) can prohibit the communication of essential physical traffic safety information between system elements, illustrating that the security concerns for these systems go beyond the traditional confidentiality, integrity, and availability concerns of enterprise systems. Given the complexity and volume of data generated by IoV systems, traditional security mechanisms are often inadequate for accurately detecting sophisticated and evolving cyberattacks. Here, we present an unsupervised autoencoder method trained entirely on benign network data for the purpose of unseen attack detection in IoV networks. We leverage a weighted combination of reconstruction and triplet margin loss to guide the autoencoder training and develop a diverse representation of the benign training set. We conduct extensive experiments on recent network intrusion datasets from two different application domains, industrial IoT and home IoT, that represent the modern IoV task. We show that our method performs robustly for all unseen attack types, with roughly 99% accuracy on benign data and between 97% and 100% performance on anomaly data. We extend these results to show that our model is adaptable through the use of transfer learning, achieving similarly high results while leveraging domain features from one domain to another.