The number of Internet of Things (IoT) devices being deployed into networks is growing at a phenomenal level, which makes IoT networks more vulnerable in the wireless medium. Advanced Persistent Threat (APT) is malicious to most of the network facilities and the available attack data for training the machine learning-based Intrusion Detection System (IDS) is limited when compared to the normal traffic. Therefore, it is quite challenging to enhance the detection performance in order to mitigate the influence of APT. Therefore, Prior Knowledge Input (PKI) models are proposed and tested using the SCVIC-APT- 2021 dataset. To obtain prior knowledge, the proposed PKI model pre-classifies the original dataset with unsupervised clustering method. Then, the obtained prior knowledge is incorporated into the supervised model to decrease training complexity and assist the supervised model in determining the optimal mapping between the raw data and true labels. The experimental findings indicate that the PKI model outperforms the supervised baseline, with the best macro average F1-score of 81.37%, which is 10.47% higher than the baseline.
翻译:在网络中部署的“物”装置的互联网数量正在急剧增加,这使无线介质中的IoT网络更加脆弱。高级持久性威胁(APT)对大多数网络设施是恶意的,而与正常交通相比,用于培训机器学习入侵探测系统(IDS)的现有攻击数据有限。因此,提高探测性能以减少APT的影响是相当困难的。因此,利用SCVIC-APT-2021数据集,建议并测试事先知识输入(PKI)模型。为了获得先前的知识,拟议的PKI模型预先将原始数据集分类,采用不受监督的集群方法。随后,将先前获得的知识纳入监督的模型,以减少培训复杂性,并协助受监督模型确定原始数据和真实标签的最佳绘图。实验结果显示,PKI模型超越了受监督的基线,而最好的宏观平均F1-37%是81.47%,比基线高出10.47%。