Metric Learning-based Few-Shot Malicious Node Detection for IoT Backhaul/Fronthaul Networks

The development of backhaul/fronthaul networks can enable low latency and high reliability, but nodes in future networks like Internet of Things (IoT) can conduct malicious activities like flooding attack and DDoS attack, which can decrease QoS of smart backhaul/fronthaul network. Timely detection of malicious nodes in future networks is significant for low-latency backhaul/fronthaul networks. However, conventional supervised learning-based detection models require abundant malicious training samples, while capturing adequate malicious samples can not meet the requirement of timely detection. In this paper, we propose a novel few-shot malicious node detection system for improving QoS of IoT backhaul/fronthaul network, which can detect malicious nodes with unknown malicious activities through a limited number of network traffic samples. In our proposed system, we first design a fresh IoT traffic sample processing approach, which integrates normal activity samples and known malicious activity samples to generate training pairs. Then, we design a metric learning-based malicious node detection model training method, which employs a contrastive loss over distance metric to distinguish between similar and dissimilar pairs of samples. Besides, the trained model can detect nodes with unknown malicious activities by comparing real-time samples with few-shot samples of malicious nodes. Finally, the proposed system is evaluated on a real-world IoT network dataset named N-BaIoT. The exhaustive experiment results show that our model can achieve an average accuracy around 97.67 % when detecting malicious nodes with unknown malicious activities, which is comparable to state-of-the-art supervised learning models while our model only needs 5-shot samples of malicious node.