Transfer Learning Approach to IDS on Cloud IoT Devices Using Optimized CNN

Data centralization can potentially increase Internet of Things (IoT) usage. The trend is to move IoT devices to a centralized server with higher memory capacity and a more robust management interface. Hence, a larger volume of data will be transmitted, resulting in more network security issues. Cloud IoT offers more advantages for deploying and managing IoT systems through minimizing response delays, optimal latency, and effective network load distribution. As a result, sophisticated network attack strategies are deployed to leverage the vulnerabilities in the extensive network space and exploit user information. Several attempts have been made to provide network intrusion detection systems (IDS) to the cloud IoT interface using machine learning and deep learning approaches on dedicated IDS datasets. This paper proposes a transfer learning IDS based on the Convolutional Neural Network (CNN) architecture that has shown excellent results on image classification. We use five pre-trained CNN models, including VGG16, VGG19, Inception, MobileNet, and EfficientNets, to train on two selected datasets: CIC-IDS2017 and CSE-CICIDS2018. Before the training, we carry out preprocessing, imbalance treatment, dimensionality reduction, and conversion of the feature vector into images suitable for the CNN architecture using Quantile Transformer. Three best-performing models (InceptionV3, MobileNetV3Small, and EfficientNetV2B0) are selected to develop an ensemble model called efficient-lightweight ensemble transfer learning (ELETL-IDS) using the model averaging approach. On evaluation, the findings show that the ELETL-IDS outperformed existing state-of-the-art proposals in all evaluation metrics, reaching 100% in accuracy, precision, recall, and F-score. We use Matthew's Correlation Coefficient (MCC) to validate this result and compared it to the AUC-ROC, which maintained an exact value of 0.9996. To this end, our proposed model is lightweight, efficient, and reliable enough to be deployed in cloud IoT systems for intrusion detection.