Abstract

Traditional network detection methods are no longer effective in detecting breaks due to the rapid growth of encrypted IoT traffic. This article proposes an innovative unsupervised anomaly detection technique that uses flow-based data from encrypted network traffic and a hybrid model of Variational Autoencoder (VAE) and Isolation Forest. The proposed approach is thoroughly tested on the CICIoT2023 dataset, which provides a wide range of encrypted IoT traffic scenarios and is trained only on benign traffic that simulates real new attack situations. Our approach aims to apply generalization across many dangers, unlike previous research that usually concentrate on detecting a particular attack type. Its wide application is demonstrated by its ability to accurately identify four main attack categories: DDoS HTTP Flood, Browser Hijacking, Backdoor Malware, and SQL Injection. With an F1-score of 0.55 and an AUC of 0.8947 for anomaly detection, the hybrid VAE + Isolation Forest model exceeds the standard models used by the prior research, according to the results. The approach is flexible, trustworthy, and totally unsupervised for use in real-time encrypted applications. The following will be expanded in further research to include session-based adaptive learning and multi-class attack classification.

Authors

N. Sukanya, S. Raja
Rathinam College of Arts and Science, India

Keywords

Isolation Forest, Auto Encoder, Anomaly Detection, Variational Autoencoder