Hybrid intrusion detection in IoT devices: a deep learning approach using Kitsune and quantized autoencoder

Abstract

Internet of things (IoT) has been transforming the way to connect and communicate in smart homes, healthcare, and businesses so fast and rapidly around the world. But this growth has complicated security, because IoT devices are more likely to be hacked as they’re smaller, without even regular security practices, and under attack by more sophisticated threats. Traditional intrusion detection systems (IDS) are not functioning well in IoT environments as they are computationally expensive and struggle to accommodate the heterogeneous nature of IoT networks. This paper introduces a cross-domain intrusion detection based on adaptive adversarial training using Kitsune and quantized autoencoders (QAE) for anomaly detection and classification. The model is capable of capturing different attacking techniques, such as distributed denial of service (DDoS), Mirai botnet attacks, address resolution protocol (ARP) spoofing, and data exfiltration, by leveraging the reconstruction error generated by Kitsune autoencoders. The degree-based classification enables the system to dynamically categorize anomalies according to their severity, rendering the model exceptionally adaptive to various attacks. The anomalies are also classified into different types of attacks (normal, suspicious, and malicious) based on binarized error values. The approach achieves a high accuracy with an F1 score of 85.9% and supports real-time characterization to increase security in IoT scenarios.