Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

KAN-LSTM: Benchmarking Kolmogorov-Arnold Networks for Cyber Security Threat Detection in IoT Networks

Mohammed Hassanin

Abstract

By utilising their adaptive activation functions, Kolmogorov-Arnold Networks (KANs) can be applied in a novel way for the diverse machine learning tasks, including cyber threat detection. KANs substitute conventional linear weights with spline-parametrized univariate functions, which allows them to learn activation patterns dynamically, inspired by the Kolmogorov-Arnold representation theorem. In a network traffic data, we show that KANs perform better than traditional Multi-Layer Perceptrons (MLPs), yielding more accurate results with a significantly less number of learnable parameters. We also propose KAN-LSTM model to combine advantages of spatial and temporal encoding. The suggested methodology highlights the potential of KANs as an effective tool in detecting cyber threats and offers up new directions for adaptive defensive models. Lastly, we conducted experiments on three main dataset, UNSW-NB15, NSL-KDD, and CICID2017, as well as we developed a new dataset combined from IOT-BOT, NSL-KDD, and CICID2017 to present a stable, unbiased, large-scale dataset with diverse traffic patterns. The results show the superiority of KAN-LSTM and then KAN models over the traditional deep learning models. The source code is available at GitHub repository

KAN-LSTM: Benchmarking Kolmogorov-Arnold Networks for Cyber Security Threat Detection in IoT Networks

Abstract

By utilising their adaptive activation functions, Kolmogorov-Arnold Networks (KANs) can be applied in a novel way for the diverse machine learning tasks, including cyber threat detection. KANs substitute conventional linear weights with spline-parametrized univariate functions, which allows them to learn activation patterns dynamically, inspired by the Kolmogorov-Arnold representation theorem. In a network traffic data, we show that KANs perform better than traditional Multi-Layer Perceptrons (MLPs), yielding more accurate results with a significantly less number of learnable parameters. We also propose KAN-LSTM model to combine advantages of spatial and temporal encoding. The suggested methodology highlights the potential of KANs as an effective tool in detecting cyber threats and offers up new directions for adaptive defensive models. Lastly, we conducted experiments on three main dataset, UNSW-NB15, NSL-KDD, and CICID2017, as well as we developed a new dataset combined from IOT-BOT, NSL-KDD, and CICID2017 to present a stable, unbiased, large-scale dataset with diverse traffic patterns. The results show the superiority of KAN-LSTM and then KAN models over the traditional deep learning models. The source code is available at GitHub repository

Paper Structure

This paper contains 24 sections, 14 equations, 3 figures, 2 tables.

Table of Contents

  1. Introduction
  2. THEORETICAL FORMULATION
  3. Multi-Layer Perceptrons (MLPs)
  4. Kolmogorov-Arnold Networks (KANs)
  5. Related Works
  6. Method
  7. Convolutional Neural Network (CNN)
  8. LSTM Encoder
  9. KAN
  10. Loss Function
  11. Experiments
  12. Results
  13. Experimental Setup
  14. Datasets
  15. Baselines
  16. ...and 9 more sections

Figures (3)

  • Figure 1: Visual explanation for MLPs and KANs.
  • Figure 2: Visual explanation for KAN-LSTM architecture. It is composed of two layers of CNN, followed by one layer of LSTM, and finally one KAN layer. This after the stages of pre-processing.
  • Figure 3: Visual performance comparison of deep learning models for threat detection across four benchmark datasets (UNSW-NB15, NSL-KDD, CICIDS2017, and Tri-IDS) using grouped bar charts, radar charts, and heatmaps. These figures illustrate the superiority of KAN-LSTM over all the other methods. The criteria of accuracy, precision, recall, and F1 score across datasets are used to show the power of the proposed methods and then KANs, accrodingly.