Few-Shot Learning for Discovering Anomalous Behaviors in Edge Networks

Intrusion Detection Systems (IDSs) have a great interest these days to discover complex attack events and protect the critical infrastructures of the Internet of Things (IoT) networks. Existing IDSs based on shallow and deep network architectures demand high computational resources and high volumes of data to establish an adaptive detection engine that discovers new families of attacks from the edge of IoT networks. However, attackers exploit network gateways at the edge using new attacking scenarios (i.e., zero-day attacks), such as ransomware and Distributed Denial of Service (DDoS) attacks. This paper proposes new IDS based on Few-Shot Deep Learning, named CNN-IDS, which can automatically identify zero-day attacks from the edge of a network and protect its IoT systems. The proposed system comprises two-methodological stages: 1) a filtered Information Gain method is to select themost useful features fromnetwork data, and 2) one-dimensional Convolutional Neural Network (CNN) algorithm is to recognize new attack types from a network s edge. The proposed model is trained and validated using two datasets of theUNSW-NB15 and Bot-IoT. The experimental results showed that it enhances about a 3% detection rate and around a 3% 4% falsepositive rate with the UNSW-NB15 dataset and about an 8% detection rate using the BoT-IoT dataset.