MACAE: memory module-assisted convolutional autoencoder for intrusion detection in IoT networks: MACAE: memory module-assisted convolutional autoencoder

The rapid expansion of the Internet of Things (IoT) has facilitated the interconnection of numerous ubiquitous and heterogeneous devices within networks. Intrusion detection system (IDS) is crucial for ensuring the security of the IoT, particularly in detecting unknown attacks. Most existing studies are based on supervised IDSs, requiring the labor-intensive labeling of large amounts of data. Thus, it is essential to implement unsupervised IDSs that do not rely on prior knowledge of cyberattacks and eliminate the need for labeling. However, such IDSs may suffer from a high false alarm rate (FAR). This study presents a Memory Module-assisted Convolutional Autoencoder-based (MACAE) model for unsupervised intrusion detection in IoT networks. Specifically, we convert raw network traffic data into images, avoiding manually designing features in large-scale samples. A Convolutional Neural Network (CNN) is then employed to learn spatial structure for representation, capturing high-dimensional features. Subsequently, a memory module is integrated into the latent space of Autoencoder to enhance the model’s ability to remember prototypical normal patterns, thereby mitigating the issue of a high FAR. Experiments were conducted using a real smart grid dataset, and results show that MACAE achieves the lowest FAR of 0.0511, which is a 90.80%, 89.92%, and 83.92% reduction compared to the unsupervised methods DAGMM, VAE, and Deep SVDD, respectively. Furthermore, the proposed method has been verified to have good generalization, adaptability, and unknown attack detection capability for the CICIDS2017 and MedBIoT datasets.