SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection
This work addresses the need for effective intrusion detection systems in IoT networks, offering a novel approach to identify unknown threats without labeled attack data, though it is incremental in combining existing techniques.
The paper tackles the problem of detecting unknown network intrusions in IoT environments by proposing SAFE, a self-supervised framework that converts tabular data into images for masked autoencoders, achieving up to 26.2% higher F1-score than state-of-the-art methods.
The proliferation of IoT devices has significantly increased network vulnerabilities, creating an urgent need for effective Intrusion Detection Systems (IDS). Machine Learning-based IDS (ML-IDS) offer advanced detection capabilities but rely on labeled attack data, which limits their ability to identify unknown threats. Self-Supervised Learning (SSL) presents a promising solution by using only normal data to detect patterns and anomalies. This paper introduces SAFE, a novel framework that transforms tabular network intrusion data into an image-like format, enabling Masked Autoencoders (MAEs) to learn robust representations of network behavior. The features extracted by the MAEs are then incorporated into a lightweight novelty detector, enhancing the effectiveness of anomaly detection. Experimental results demonstrate that SAFE outperforms the state-of-the-art anomaly detection method, Scale Learning-based Deep Anomaly Detection method (SLAD), by up to 26.2% and surpasses the state-of-the-art SSL-based network intrusion detection approach, Anomal-E, by up to 23.5% in F1-score.