A convolutional autoencoder architecture for robust network intrusion detection in embedded systems

Security threats are becoming an increasingly relevant concern in cyber–physical systems. Cyber attacks on these systems are not only common today but also increasingly sophisticated and constantly evolving. One way to secure the system against such threats is by using intrusion detection systems (I...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Journal of systems architecture Ročník 156; s. 103283
Hlavní autoři: Borgioli, Niccolò, Aromolo, Federico, Thi Xuan Phan, Linh, Buttazzo, Giorgio
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier B.V 01.11.2024
Témata:
Artificial neural networks
Autoencoder
Explainable AI
Intrusion detection
Poisoning robustness
Unsupervised learning
Explainable AI
Autoencoder
Poisoning robustness
Intrusion detection
Unsupervised learning
Artificial neural networks
ISSN:1383-7621
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Security threats are becoming an increasingly relevant concern in cyber–physical systems. Cyber attacks on these systems are not only common today but also increasingly sophisticated and constantly evolving. One way to secure the system against such threats is by using intrusion detection systems (IDSs) to detect suspicious or abnormal activities characteristic of potential attacks. State-of-the-art IDSs exploit both signature-based and anomaly-based strategies to detect network threats. However, existing solutions mainly focus on the analysis of statically defined features of the traffic flow, making them potentially less effective against new attacks that cannot be properly captured by analyzing such features. This paper presents an anomaly-based IDS approach that leverages unsupervised neural models to learn the expected network traffic, enabling the detection of unknown novel attacks (as well as previously-known ones). The proposed solution uses an autoencoder to reconstruct the received packets and detect malicious packets based on the reconstruction error. A careful optimization of the model architecture allowed improving detection accuracy while reducing detection time. The proposed solution has been implemented on a real embedded platform, showing that it can support modern high-performance communication interfaces, while significantly outperforming existing approaches in both detection accuracy, inference time, generalization capability, and robustness to poisoning (which is commonly ignored by state-of-the-art IDSs). Finally, a novel mechanism has been developed to explain the detection performed by the proposed IDS through an analysis of the reconstruction error.
ISSN:1383-7621
DOI:10.1016/j.sysarc.2024.103283