TS-IDS: Traffic-aware self-supervised learning for IoT Network Intrusion Detection

With recent advances in the Internet of Things (IoT) technology, more people can have instant and easy access to the IoT network of vast and diverse interconnected devices (e.g., surveillance cameras, motion sensors, or smart watches). This trend leads to a significant increase in the frequency and complexity of cyber attacks in the IoT network. Further, these attacks inflict severe financial and privacy damages to individuals and evince the need to develop a more effective and robust network intrusion detection system (NIDS). Network Intrusion Detection (NID) aims to identify the attacks in the networked devices, which is an essential task to protect and maintain Cyber Security. Although recent Machine Learning-based methods have developed and provided more efficient non-human intervention solutions to this problem, these methods still have some unsolved issues. One of the main limitations of existing solutions is that most focus on extracting the features at the flow level independently and ignore their interactions in the network, which impacts the detection performance. To address this problem, in this paper, we propose a Traffic-aware Self-supervised learning for IoT Network Intrusion Detection System, namely TS-IDS, which aims to capture the flow relationships between the network entities. Our approach leverages both node and edge features for improved performance. Additionally, we incorporate auxiliary property-based self-supervised learning (SSL) to enhance the graph representation, even in the absence of labelled data. We conducted experiments on two real-world datasets, NF-ToN-IoT and NF-BoT-IoT. We compared the proposed model with state-of-the-art baseline models to demonstrate the potential of our proposed framework. (c) 2023 Elsevier B.V. All rights reserved.