An Asynchronous Distributed Deep Learning Based Intrusion Detection System for IoT Devices
Download as PPTX, PDF2 likes224 views
The document presents an asynchronous distributed deep learning-based intrusion detection system for IoT devices, focusing on improving the detection of malicious network flow while addressing security challenges. It describes the proposed method using an autoencoder for detecting anomalies in network data, implementing asynchronous parameter updates to enhance efficiency without sacrificing accuracy. Experimental results indicate high performance metrics, advocating for future improvements in the system's scalability and theoretical foundations.
An Asynchronous Distributed Deep Learning Based Intrusion Detection System for IoT Devices
- 1. AN ASYNCHRONOUS DISTRIBUTED DEEP LEARNING BASED INTRUSION DETECTION SYSTEM FOR IOT DEVICES PU TIAN ADVISOR: DR. WEIXIAN LIAO DEPARTMENT OF COMPUTER AND INFORMATION SCIENCES TOWSON UNIVERSITY 5/29/2019
- 2. Background • Internet of Things (IoTs). • The connection of a wider range of everyday physical devices, such as smart watch/phone and different sensors. • To collect a wider range of real-time data. • Security issue. • IoT Intrusion Detection System.
- 3. Design Goals Effective • Identification of malicious network flow from complicated protocols. Efficient • Detection in a timely manner.
- 4. Existing IDS Models Knowledge Based Method: • To establish exact rules for intrusion behaviors. • Pros: Accurate and fast. • Cons: (1) Vulnerable to new attacks. (2) Time-consuming to create rules manually.
- 5. Existing IDS Models Machine Learning(ML) Method: • Build model with labeled/unlabeled training data. • Pros: Improved adaptability. • Cons: (1) Computation resource consuming . (2) Large data transmission for single-node training.
- 6. General Federated Learning Model Synchronous Model Distributed nodes collect and train local data independently. The central server fetches and aggregates parameters after all agents’ local updates are received.
- 7. General Federated Learning Model • Pros: Reduced data transmission over the network. • Cons: Performance problem of the slowest client.
- 8. Design Target Asynchronous Federated Learning Model Distributed nodes send their local parameter update requests to the server. The central server aggregates immediately and sends updated parameters back.
- 10. Challenges Existing Solutions for Staleness Problem • Delayed Gradient Approximation Compensation. • Update Weight Adjustment. • Communication Optimization.
- 11. Proposed Method Neural Network • Capacity of learning nonlinear complex patterns.
- 12. Autoencoder(AE) • Description: A NN used to learn to represent itself as close as possible. • Encoder: Map(encode) input to the latent layer, denoted by 𝓏. • Decoder: Reconstruct the input by mapping 𝓏 to the output layer. Proposed Method
- 13. Proposed Method Autoencoder(AE) • Loss function: To measure the discrepancy between the input 𝑥 𝑖 and its reconstruction 𝑥 𝑖 . • Root Mean Squared Error (RMSE) RMSE = ∑ 𝑖=1 𝑛 (𝑥 𝑖− 𝑥 𝑖)2 𝑛 For training: To minimize the RMSE value in order to reconstruct original input. For execution(detection): A smaller value indicates a higher possibility of similarity to the training instances.
- 14. Proposed Method Intrusion Detection with AE 𝑋 𝑖+1 = {𝑥1, 𝑥1, 𝑥1, … … … , 𝑥 𝑛} Case 1: 𝑅𝑀𝑆𝐸 < 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 → 𝑋 𝑖+1 is GOOD. Case 2: 𝑅𝑀𝑆𝐸 > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 → 𝑋 𝑖+1 is BAD. 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 = 0.45
- 15. Proposed Method Asynchronous Parameter Update • The gradient descent delay compensation method based on the approximation for the delayed value. * • Originally proposed for image classification with ResNet and adopted for AE in IDS scenario. *Zheng, Shuxin, Qi Meng, Taifeng Wang, Wei Chen, Nenghai Yu, Zhi-Ming Ma, and Tie-Yan Liu. "Asynchronous stochastic gradient descent with delay compensation." In Proceedings of the 34th International Conference on Machine Learning-Volume 70, pp. 4120-4129. JMLR. org, 2017.
- 16. Experiments Dataset • CICIDS2017 : Normal and common attacks ranging from 9 a.m., Monday, July 3, 2017 to 5 p.m. on Friday July 7, 2017, for a total of 5 days. • Training Data: 100,000 normal data instances randomly chosen from Monday dataset. • Testing Data: 200,000 normal as well as abnormal data(DDoS) instances extracted . Experiment Setup • Server and Clients: One parameter server and four clients. • Input Data Dimension: 77 features. • Hidden Layer: 75% of the input layer dimension, 55 in this case. • Parameter Update Method: 50 iterations for local updates and then a request for a global parameter aggregation (20 iterations of global updates).
- 17. Experiments Training Errors over Aggregation Epochs
- 18. Experiments Metrics • True Positive (TP): Attack data correctly classified as an attack. • False Positive (FP): Normal data incorrectly classified as an attack. • True Negative (TN): Normal data correctly classified as normal. • False Negative (FN): Attack data incorrectly classified as normal. • Accuracy = 𝑇𝑃+𝑇𝑁 𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁 • Precision = 𝑇𝑃 𝑇𝑃+𝐹𝑃 • Recall = 𝑇𝑃 𝑇𝑃+𝐹𝑁 • F-Score = 2 × 𝑃𝑟𝑒𝑠𝑖𝑜𝑛 × 𝑅𝑒𝑐𝑎𝑙𝑙 𝑃𝑟𝑒𝑠𝑖𝑜𝑛+ 𝑅𝑒𝑐𝑎𝑙𝑙
- 19. Experiments Results Metrics Parameter Update Method Accuracy Precision Recall F-Score Synchronous 98.495% 99.994% 92.539% 96.097% Asynchronous 98.489% 99.992% 92.503% 96.068%
- 20. Conclusion Deep learning network (Autoencoder) for intrusion detection. Asynchronous parameter update for efficiency with accuracy guaranteed. Test with relatively new dataset.
- 21. Future Work Optimize asynchronous parameter update mechanism for large scale distributed IDS network. Test more attack types. Give a full theoretical analysis for the convergence of Autoencoder in asynchronous parameter update scenario.
- 22. Thank You !