Enhancing collaborative intrusion detection via disagreement-based semi-supervised learning in IoT environments

Collaborative intrusion detection systems (CIDSs) are developing to improve the detection performance of a single detector in Internet of Things (IoT) networks, through exchanging and sharing data. For anomaly detection, machine learning is an important and essential tool to help identify the deviation between current events and pre-built profile.

For a traditional supervised learning classifier, there is a need to provide training examples with ground-truth labels in advance. However, labeled instances are quite limited in real-world IoT scenarios, while unlabeled data/instances are widely available. This is because data labeling is a very expensive process that requires huge human efforts and knowledge inputs.

To mitigate this issue, the use of semi-supervised learning algorithms is a promising solution, which can leverage unlabeled data to label data automatically without human intervention. In this work, we focus on semi-supervised learning and design DAS-CIDS, by applying disagreement-based semi-supervised learning algorithm for CIDSs.

In the evaluation, we investigate the performance of DAS-CIDS using both datasets and in real IoT network environments, in the aspects of both detection performance and false alarm reduction. The experimental results show that as compared with traditional supervised classifiers, our approach is more effective in detecting intrusions and reducing false alarms by automatically leveraging unlabeled data.