Using deep learning to detecting abnormal behavior in internet of things

The development of the internet of things (IoT) has increased exponentially, creating a rapid pace of changes and enabling it to become more and more embedded in daily life. This is often achieved through integration: IoT is being integrated into billions of intelligent objects, commonly labeled “things,” from which the service collects various forms of data regarding both these “things” themselves as well as their environment. While IoT and IoT-powered decices can provide invaluable services in various fields, unauthorized access and inadvertent modification are potential issues of tremendous concern. In this paper, we present a process for resolving such IoT issues using adapted long short-term memory (LSTM) recurrent neural networks (RNN). With this method, we utilize specialized deep learning (DL) methods to detect abnormal and/or suspect behavior in IoT systems. LSTM RNNs are adopted in order to construct a high-accuracy model capable of detecting suspicious behavior based on a dataset of IoT sensors readings. The model is evaluated using the Intel Labs dataset as a test domain, performing four different tests, and using three criteria: F1, Accuracy, and time. The results obtained here demonstrate that the LSTM RNN model we create is capable of detecting abnormal behavior in IoT systems with high accuracy

An uncertainty-managing batch relevance-based approach to network anomaly detection

The main aim in network anomaly detection is effectively spotting hostile events within the traffic pattern associated to network operations, by distinguishing them from normal activities. This can be only accomplished by acquiring the a-priori knowledge about any kind of hostile behavior that can potentially affect the network (that is quite impossible for practical reasons) or, more easily, by building a model that is general enough to describe the normal network behavior and detect the violations from it. Earlier detection frameworks were only able to distinguish already known phenomena within traffic data by using pre-trained models based on matching specific events on pre-classified chains of traffic patterns. Alternatively, more recent statistics-based approaches were able to detect outliers respect to a statistic idealization of normal network behavior. Clearly, while the former approach is not able to detect previously unknown phenomena (zero-day attacks) the latter one has limited effectiveness since it cannot be aware of anomalous behaviors that do not generate significant changes in traffic volumes. Machine learning allows the development of adaptive, non-parametric detection strategies that are based on "understanding" the network dynamics by acquiring through a proper training phase a more precise knowledge about normal or anomalous phenomena in order to classify and handle in a more effective way any kind of behavior that can be observed on the network. Accordingly, we present a new anomaly detection strategy based on supervised machine learning, and more precisely on a batch relevance-based fuzzyfied learning algorithm, known as U-BRAIN, aiming at understanding through inductive inference the specific laws and rules governing normal or abnormal network traffic, in order to reliably model its operating dynamics. The inferred rules can be applied in real time on online network traffic. This proposal appears to be promising both in terms of identification accuracy and robustness/flexibility when coping with uncertainty in the detection/classification process, as verified through extensive evaluation experiments