Conference proceeding
Fast, Lightweight IoT Anomaly Detection Using Feature Pruning and PCA
37TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, pp 133-138
01 Jan 2022
Abstract
Anomaly detection is a method for identifying malware and other anomalies such as memory leaks on computing hosts and, more recently, Internet of Things (IoT) devices. Due to its lightweight resource use and efficacy, anomaly detection is a promising method to detect malware on small, resource-constrained hosts. Using Principal Component Analysis (PCA) to reduce the features, and hence the dimensionality of the anomaly detector, is common during the feature engineering process of classic machine learning methods, such as Support Vector Machines (SVM). However, as Neural Networks (NN) became more popular, many presumed that using PCA prior to using the data to train and deploy the model was unnecessary. In this work, we show that there is a significant advantage to using PCA for both SVM and NN-based anomaly detection. Doing so improves the performance and efficacy of malware detection models, and reduces the amount of data that needs to be stored on the device for on-device anomaly detection, thus making it useful for resource-constrained IoT devices. We also show that while pruning low-variance features may be an intuitive way to simplify a model, it is less effective than PCA to improve model training and deployment performance as well as model efficacy to detect malware.
Metrics
Details
- Title
- Fast, Lightweight IoT Anomaly Detection Using Feature Pruning and PCA
- Creators
- John Carter - Drexel UniversitySpiros Mancoridis - Drexel UniversityErick Galinkin - Drexel UniversityACM
- Publication Details
- 37TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, pp 133-138
- Publisher
- Assoc Computing Machinery
- Number of pages
- 6
- Grant note
- Auerbach Berger Chair of Cyber-security
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Web of Science ID
- WOS:000946564100017
- Scopus ID
- 2-s2.0-85130371712
- Other Identifier
- 991020598760904721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Web of Science research areas
- Computer Science, Interdisciplinary Applications
- Computer Science, Theory & Methods