TY - JOUR
T1 - Correlation between Deep Neural Network Hidden Layer and Intrusion Detection Performance in IoT Intrusion Detection System
AU - Han, Hyojoon
AU - Kim, Hyukho
AU - Kim, Yangwoo
N1 - Publisher Copyright:
© 2022 by the authors.
PY - 2022/10
Y1 - 2022/10
N2 - As the Internet of Things (IoT) continues to grow, a vast amount of data is generated. The IoT environment is quite sensitive to security challenges because personal information may be leaked or sensor data may be manipulated, which could cause accidents. Because traditional intrusion detection system (IDS) studies are often designed to work well on datasets, it is unknown whether they would work well in a changing network environment. In addition, IDSs for protecting IoT environments have been studied, but their performance was verified using datasets unrelated to the IoT, so it is not known whether the performance would be effective in an IoT environment. In this study, we propose an intrusion detection hyperparameter control system (ID-HyConSys) that automates the IDS using proximal policy optimization (PPO) to solve these problems and reliably protect the IoT environment. ID-HyConSys consists of an intrusion detection module consisting of a deep neural network (DNN) feature extractor that extracts efficient features from a changing network environment, a k-means cluster that clusters the extracted data, and a PPO agent that automates the IDS through learning and control. Through experimentation, it was confirmed that the hidden layer configuration, the number of feature extractions by the DNN feature extractor, and the number of clusters in the k-means cluster significantly affected the intrusion detection performance. The PPO directly controls these hyperparameters and determines the optimized value itself. The performance of ID-HyConSys was evaluated using the CICIDS2017 and MQTTset datasets. An F1-score of 0.9707 on CICIDS2017 and an F1-score of 0.9973 on the MQTTset were obtained. Finally, we merged the two datasets and obtained an F1-score of 0.9901. The superiority of the ID-HyConSys proposed in this study was confirmed because ID-HyConSys showed high performance on each dataset and, at the same time, very high performance on complex merged datasets. ID-HyConSys is expected to protect the IoT environment more quickly and safely by automatically learning network changes and adjusting the intrusion detection module accordingly.
AB - As the Internet of Things (IoT) continues to grow, a vast amount of data is generated. The IoT environment is quite sensitive to security challenges because personal information may be leaked or sensor data may be manipulated, which could cause accidents. Because traditional intrusion detection system (IDS) studies are often designed to work well on datasets, it is unknown whether they would work well in a changing network environment. In addition, IDSs for protecting IoT environments have been studied, but their performance was verified using datasets unrelated to the IoT, so it is not known whether the performance would be effective in an IoT environment. In this study, we propose an intrusion detection hyperparameter control system (ID-HyConSys) that automates the IDS using proximal policy optimization (PPO) to solve these problems and reliably protect the IoT environment. ID-HyConSys consists of an intrusion detection module consisting of a deep neural network (DNN) feature extractor that extracts efficient features from a changing network environment, a k-means cluster that clusters the extracted data, and a PPO agent that automates the IDS through learning and control. Through experimentation, it was confirmed that the hidden layer configuration, the number of feature extractions by the DNN feature extractor, and the number of clusters in the k-means cluster significantly affected the intrusion detection performance. The PPO directly controls these hyperparameters and determines the optimized value itself. The performance of ID-HyConSys was evaluated using the CICIDS2017 and MQTTset datasets. An F1-score of 0.9707 on CICIDS2017 and an F1-score of 0.9973 on the MQTTset were obtained. Finally, we merged the two datasets and obtained an F1-score of 0.9901. The superiority of the ID-HyConSys proposed in this study was confirmed because ID-HyConSys showed high performance on each dataset and, at the same time, very high performance on complex merged datasets. ID-HyConSys is expected to protect the IoT environment more quickly and safely by automatically learning network changes and adjusting the intrusion detection module accordingly.
KW - CICIDS2017
KW - deep learning (DL)
KW - deep neural network (DNN)
KW - Internet of Things (IoT)
KW - k-means
KW - MQTTset
KW - network intrusion detection system (NIDS)
KW - proximal policy optimization (PPO)
UR - http://www.scopus.com/inward/record.url?scp=85140891143&partnerID=8YFLogxK
U2 - 10.3390/sym14102077
DO - 10.3390/sym14102077
M3 - Article
AN - SCOPUS:85140891143
SN - 2073-8994
VL - 14
JO - Symmetry
JF - Symmetry
IS - 10
M1 - 2077
ER -