DEMISe: Interpretable Deep Extraction and Mutual Information Selection techniques for IoT intrusion detection

Luke R. Parker, Paul D. Yoo, Taufiq A. Asyhari, Lounis Chermak, Yoonchan Jhi, Kamal Taha

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

30 Citations (Scopus)

Abstract

Recent studies have proposed that traditional security technology – involving pattern-matching algorithms that check predefined pattern sets of intrusion signatures – should be replaced with sophisticated adaptive approaches that combine machine learning and behavioural analytics. However, machine learning is performance driven, and the high computational cost is incompatible with the limited computing power, memory capacity and energy resources of portable IoT-enabled devices. The convoluted nature of deep-structured machine learning means that such models also lack transparency and interpretability. The knowledge obtained by interpretable learners is critical in security software design. We therefore propose two novel models featuring a common Deep Extraction and Mutual Information Selection (DEMISe) element which extracts features using a deep-structured stacked autoencoder, prior to feature selection based on the amount of mutual information (MI) shared between each feature and the class label. An entropy-based tree wrapper is used to optimise the feature subsets identified by the DEMISe element, yielding the DEMISe with Tree Evaluation and Regression Detection (DETEReD) model. This affords ‘white box’ insight, and achieves a time to build of 603 seconds, a 99.07% detection rate, and 98.04% model accuracy. When tested against AWID, the best-referenced intrusion detection dataset, the new models achieved a test error comparable to or better than state-of-the-art machine-learning models, with a lower computational cost and higher levels of transparency and interpretability.

Original languageEnglish
Title of host publicationARES 2019 - 14th International Conference on Availability, Reliability and Security
EditorsSteven Furnell, Vasilis Katos
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Number of pages10
ISBN (Electronic)9781450371643
DOIs
Publication statusPublished - 2019
Externally publishedYes
EventInternational Workshop on Location Privacy 2019 - Canterbury, United Kingdom
Duration: 26 Aug 201929 Aug 2019
Conference number: 1st
https://dl.acm.org/doi/proceedings/10.1145/3339252 (Proceedings)
https://2019.ares-conference.eu/index.html#:~:text=The%2014th%20International%20Conference%20on,co%2Dlocated%20with%20ARES%202019! (Website)

Conference

ConferenceInternational Workshop on Location Privacy 2019
Abbreviated titleLPW 2019
Country/TerritoryUnited Kingdom
CityCanterbury
Period26/08/1929/08/19
Internet address

Keywords

  • Deep learning
  • Feature engineering
  • IoT
  • Lightweight intrusion detection
  • Mutual information
  • Security mobility applications
  • Security of resource constrained devices
  • White-box modelling

Cite this