An Efficient One-Class SVM for Novelty Detection in IoT

Download PDF

Kun Yang, Samory Kpotufe, Nick Feamster

Published: 15 Nov 2022, Last Modified: 28 Feb 2023Accepted by TMLREveryoneRevisionsBibTeX
Abstract: One-Class Support Vector Machines (OCSVM) are a common approach for novelty detection, due to their flexibility in fitting complex nonlinear boundaries between {normal} and {novel} data. Novelty detection is important in the Internet of Things (``IoT'') due to the threats these devices can present, and OCSVM often performs well in these environments due to the variety of devices, traffic patterns, and anomalies that IoT devices present. Unfortunately, conventional OCSVMs can introduce prohibitive memory and computational overhead at detection time. This work designs, implements and evaluates an efficient OCSVM for such practical settings. We extend Nystr\"om and (Gaussian) Sketching approaches to OCSVM, combining these methods with clustering and Gaussian mixture models to achieve 15-30x speedup in prediction time and 30-40x reduction in memory requirements without sacrificing detection accuracy. Here, the very nature of IoT devices is crucial: they tend to admit few modes of \emph{normal} operation, allowing for efficient pattern compression.
Submission Length: Long submission (more than 12 pages of main content)
Changes Since Last Submission: We thank all Editors and Reviewers for their time and careful comments on our paper again. According to the comments and suggestions, we have updated our paper to obtain the camera-ready revision. Firstly, we double-checked the paper and corrected all the typos and errors in the previous version of our paper. Moreover, to address the reviewers' concerns about the widespread utility of OCSVM in network anomaly detection, we have added 4-5 citations in the related work section, along with the following sentence to clarify: "OCSVM remains a common technique for performing anomaly detection in IoT, having been used in a variety of contexts, including sensor networks Rajasegarar et al. (2010), intrusion detection of system calls Heller et al. (2003), network intrusion detection Zhang et al. (2015), and anomaly detection in wireless sensor networks Zhang et al. (2009)."
Assigned Action Editor: ~Jinwoo_Shin1
License: Creative Commons Attribution 4.0 International (CC BY 4.0)
Submission Number: 322