BIROn - Birkbeck Institutional Research Online

    DEMISe: interpretable deep extraction and mutual information selection techniques for IoT intrusion detection

    Parker, L. and Yoo, Paul and Asyhari, T. and Chermak, L. and Jhi, Y. and Taha, K. (2019) DEMISe: interpretable deep extraction and mutual information selection techniques for IoT intrusion detection. In: UNSPECIFIED (ed.) ARES '19 Proceedings of the 14th International Conference on Availability, Reliability and Security. ACM. ISBN 9781450371643.

    [img]
    Preview
    Text
    DEMISe combined v16 - Camera Ready v2.pdf - Author's Accepted Manuscript

    Download (908kB) | Preview

    Abstract

    Recent studies have proposed that traditional security technology – involving pattern-matching algorithms that check predefined pattern sets of intrusion signatures – should be replaced with sophisticated adaptive approaches that combine machine learning and behavioural analytics. However, machine learning is performance driven, and the high computational cost is incompatible with the limited computing power, memory capacity and energy resources of portable IoT-enabled devices. The convoluted nature of deep-structured machine learning means that such models also lack transparency and interpretability. The knowledge obtained by interpretable learners is critical in security software design. We therefore propose two novel models featuring a common Deep Extraction and Mutual Information Selection (DEMISe) element which extracts features using a deep-structured stacked autoencoder, prior to feature selection based on the amount of mutual information (MI) shared between each feature and the class label. An entropy-based tree wrapper is used to optimise the feature subsets identified by the DEMISe element, yielding the DEMISe with Tree Evaluation and Regression Detection (DETEReD) model. This affords ‘white box’ insight, and achieves a time to build of 603 seconds, a 99.07% detection rate, and 98.04% model accuracy. When tested against AWID, the best-referenced intrusion detection dataset, the new models achieved a test error comparable to or better than state-of-the-art machine-learning models, with a lower computational cost and higher levels of transparency and interpretability.

    Metadata

    Item Type: Book Section
    Additional Information: Canterbury, CA, United Kingdom — August 26 - 29, 2019
    School: Birkbeck Schools and Departments > School of Business, Economics & Informatics > Computer Science and Information Systems
    Depositing User: Paul Yoo
    Date Deposited: 17 Sep 2019 10:43
    Last Modified: 18 Sep 2019 12:47
    URI: http://eprints.bbk.ac.uk/id/eprint/28912

    Statistics

    Downloads
    Activity Overview
    27Downloads
    30Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item