Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset

The rapid growth of Internet of Things (IoT) is expected to add billions of IoT devices connected to the Internet. These devices represent a vast attack surface for cyberattacks. For example, these IoT devices can be infected with botnets to enable Distributed Denial of Service (DDoS) attacks. Signature-based intrusion detection systems are traditional countermeasures for such attacks. However, these methods rely on human experts and are time-consuming in terms of updates and may not exhaust all attack types especially zero-day attacks. Deep learning has shown some promise in intrusion detection. This paper shows that it is possible to use generative deep learning methods like Adversarial Autoencoders (AAE) and Bidirectional Generative Adversarial Networks (BiGAN) to detect intruders based on an analysis of the network data. The recently posted full IoT-23 dataset based on Somfy door lock, Philips Hue and Amazon Echo devices was used to train generative deep learning models to detect a variety of attacks like DDoS, and various botnets like Mirai, Okiruk and Torii. Over 1.8 million network flows were used to train the various models. The resulting generative models outperform traditional machine learning techniques like Random Forests. Both AAE and BiGAN-based models were able to achieve an F1-Score of 0.99. A BiGAN to detect unknown attacks was also trained to detect novel zero-day attacks with an F1-Score from 0.85 to 1.