he Internet of Things (IoT) is experiencing a strong growth in both industrial and consumer scenarios. At the same time, the devices taking part in delivering IoT services—usually characterized by limited hardware and software resources—are more and more targeted by cyberattacks. This calls for designing and evaluating new approaches for protecting IoT systems, which are challenged by the limited computational capabilities of devices and by the scarce availability of reliable datasets. In line with this need, in this paper we compare three state-of-the-art machine-learning models used for Anomaly Detection based on autoencoders, i.e. shallow Autoencoder, Deep Autoencoder (DAE), and Ensemble of Autoencoders (viz. KitNET). In addition, we evaluate the robustness of such solutions when Data Poisoning Attack (DPA) occurs, to assess the detection performance when the benign traffic used for learning the legitimate behavior of devices is mixed to malicious traffic. The evaluation relies on the public Kitsune Network Attack Dataset. Results reveal that the models do not differ in performance when trained with unpoisoned benign traffic, reaching (at 1% FPR) an F1 score of ≈ 97%. However, when DPA occurs, DAE proves to be the more robust in detection, showing more than 50% of F1 Score with 10% poisoning. Instead, the other models show strong performance drops (down to ≈ 20% F1 Score) by injecting only 0.5% of the malicious traffic.

Data Poisoning Attacks against Autoencoder-based Anomaly Detection Models: a Robustness Analysis / Bovenzi, Giampaolo; Foggia, Alessio; Santella, Salvatore; Testa, Alessandro; Persico, Valerio; Pescape, Antonio. - (2022), pp. 5427-5432. [10.1109/ICC45855.2022.9838942]

Data Poisoning Attacks against Autoencoder-based Anomaly Detection Models: a Robustness Analysis

Bovenzi, Giampaolo;Persico, Valerio;Pescape, Antonio
2022

Abstract

he Internet of Things (IoT) is experiencing a strong growth in both industrial and consumer scenarios. At the same time, the devices taking part in delivering IoT services—usually characterized by limited hardware and software resources—are more and more targeted by cyberattacks. This calls for designing and evaluating new approaches for protecting IoT systems, which are challenged by the limited computational capabilities of devices and by the scarce availability of reliable datasets. In line with this need, in this paper we compare three state-of-the-art machine-learning models used for Anomaly Detection based on autoencoders, i.e. shallow Autoencoder, Deep Autoencoder (DAE), and Ensemble of Autoencoders (viz. KitNET). In addition, we evaluate the robustness of such solutions when Data Poisoning Attack (DPA) occurs, to assess the detection performance when the benign traffic used for learning the legitimate behavior of devices is mixed to malicious traffic. The evaluation relies on the public Kitsune Network Attack Dataset. Results reveal that the models do not differ in performance when trained with unpoisoned benign traffic, reaching (at 1% FPR) an F1 score of ≈ 97%. However, when DPA occurs, DAE proves to be the more robust in detection, showing more than 50% of F1 Score with 10% poisoning. Instead, the other models show strong performance drops (down to ≈ 20% F1 Score) by injecting only 0.5% of the malicious traffic.
2022
978-1-5386-8347-7
Data Poisoning Attacks against Autoencoder-based Anomaly Detection Models: a Robustness Analysis / Bovenzi, Giampaolo; Foggia, Alessio; Santella, Salvatore; Testa, Alessandro; Persico, Valerio; Pescape, Antonio. - (2022), pp. 5427-5432. [10.1109/ICC45855.2022.9838942]
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/915662
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 7
social impact