TY - JOUR
T1 - Enhancing collaborative intrusion detection via disagreement-based semi-supervised learning in IoT environments
AU - Li, Wenjuan
AU - Meng, Weizhi
AU - Au, Man Ho
N1 - Funding Information:
This work was supported by National Natural Science Foundation of China (No. 61802077 ), and partially supported by H2020-SU-ICT-03-2018: CyberSec4Europe .
Publisher Copyright:
© 2020 Elsevier Ltd
PY - 2020/7/1
Y1 - 2020/7/1
N2 - Collaborative intrusion detection systems (CIDSs) are developing to improve the detection performance of a single detector in Internet of Things (IoT) networks, through exchanging and sharing data. For anomaly detection, machine learning is an important and essential tool to help identify the deviation between current events and pre-built profile. For a traditional supervised learning classifier, there is a need to provide training examples with ground-truth labels in advance. However, labeled instances are quite limited in real-world IoT scenarios, while unlabeled data/instances are widely available. This is because data labeling is a very expensive process that requires huge human efforts and knowledge inputs. To mitigate this issue, the use of semi-supervised learning algorithms is a promising solution, which can leverage unlabeled data to label data automatically without human intervention. In this work, we focus on semi-supervised learning and design DAS-CIDS, by applying disagreement-based semi-supervised learning algorithm for CIDSs. In the evaluation, we investigate the performance of DAS-CIDS using both datasets and in real IoT network environments, in the aspects of both detection performance and false alarm reduction. The experimental results show that as compared with traditional supervised classifiers, our approach is more effective in detecting intrusions and reducing false alarms by automatically leveraging unlabeled data.
AB - Collaborative intrusion detection systems (CIDSs) are developing to improve the detection performance of a single detector in Internet of Things (IoT) networks, through exchanging and sharing data. For anomaly detection, machine learning is an important and essential tool to help identify the deviation between current events and pre-built profile. For a traditional supervised learning classifier, there is a need to provide training examples with ground-truth labels in advance. However, labeled instances are quite limited in real-world IoT scenarios, while unlabeled data/instances are widely available. This is because data labeling is a very expensive process that requires huge human efforts and knowledge inputs. To mitigate this issue, the use of semi-supervised learning algorithms is a promising solution, which can leverage unlabeled data to label data automatically without human intervention. In this work, we focus on semi-supervised learning and design DAS-CIDS, by applying disagreement-based semi-supervised learning algorithm for CIDSs. In the evaluation, we investigate the performance of DAS-CIDS using both datasets and in real IoT network environments, in the aspects of both detection performance and false alarm reduction. The experimental results show that as compared with traditional supervised classifiers, our approach is more effective in detecting intrusions and reducing false alarms by automatically leveraging unlabeled data.
KW - Collaborative intrusion detection
KW - Detection performance
KW - False alarm reduction
KW - Internet of things
KW - Semi-supervised learning
UR - http://www.scopus.com/inward/record.url?scp=85082972759&partnerID=8YFLogxK
U2 - 10.1016/j.jnca.2020.102631
DO - 10.1016/j.jnca.2020.102631
M3 - Journal article
AN - SCOPUS:85082972759
SN - 1084-8045
VL - 161
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
M1 - 102631
ER -