NBcoded: network attack classifiers based on Encoder and Naive Bayes model for resource limited devices

TL;DR

This paper introduces NBcoded, a lightweight attack classification system optimized for resource-limited devices like IoT, combining encoder noise reduction with Naive Bayes classifiers to balance accuracy and efficiency.

Contribution

The work presents a novel low-resource attack classifier, NBcoded, that effectively combines encoding and Naive Bayes models, outperforming some state-of-the-art classifiers in resource usage.

Findings

NBcoded reduces training time and disk usage significantly.

It outperforms other models in resource efficiency.

Achieves competitive accuracy and F1-score (~ 2% less than top classifiers).

Abstract

In the recent years, cybersecurity has gained high relevance, converting the detection of attacks or intrusions into a key task. In fact, a small breach in a system, application, or network, can cause huge damage for the companies. However, when this attack detection encounters the Artificial Intelligence paradigm, it can be addressed using high-quality classifiers which often need high resource demands in terms of computation or memory usage. This situation has a high impact when the attack classifiers need to be used with limited resourced devices or without overloading the performance of the devices, as it happens for example in IoT devices, or in industrial systems. For overcoming this issue, NBcoded, a novel light attack classification tool is proposed in this work. NBcoded works in a pipeline combining the removal of noisy data properties of the encoders with the low resources and timing consuming obtained by the Naive Bayes classifier. This work compares three different NBcoded implementations based on three different Naive Bayes likelihood distribution assumptions (Gaussian, Complement and Bernoulli). Then, the best NBcoded is compared with state of the art classifiers like Multilayer Perceptron and Random Forest. Our implementation shows to be the best model reducing the impact of training time and disk usage, even if it is outperformed by the other two in terms of Accuracy and F1-score (~ 2%).