Go to DBLP homepageA Variant and Flow-Level AutoML Method for IoT Malicious Traffic Detection
Abstract: The Internet of Things (IoT) involves communication and data exchange between a wide range of devices, often with security implications. Compared to Internet, IoT is costly to detect malicious traffic due to its complex protocols, resource limitations and variety of new attacks and attack variants. Automatic machine learning (AutoML) eliminates model selection and hyperparameter optimisation, which can reduce human dependency and address these issues. However, AutoML still cannot extract and represent features from raw data based on a specific problem. Manual feature extraction and representation will greatly affect the accuracy of the model and still rely on professional domain knowledge. Automated feature engineering in AutoML requires universal and efficient feature extraction and representation. This paper proposes a variant and flow-level AutoML (VFA) for IoT malicious traffic detection. VFA has added a binary representation of comprehensive content features based on the packet. The packet representation allows AutoML to automatically learn important features from a normalised aligned structure without guidance. Variant of exclusive OR (vXOR) enables data aggregation, allowing VFA to focus on the content features in the flow and the inherent connections between packets. VFA can strategically adjust monitoring priorities by adjusting parameters, allowing it to respond flexibly to different resource constraints or specific attack. We have evaluated VFA on a real-world dataset, IoT-23. We believe that the complete data-to-label VFA can be extended to other areas in the future.
External IDs:dblp:conf/cscwd/GaoZWWFYJ25
Loading