KAN-LSTM: Benchmarking Kolmogorov-Arnold Networks for Cyber Security Threat Detection in IoT Networks

TL;DR

This paper introduces KAN-LSTM, a novel adaptive neural network model leveraging Kolmogorov-Arnold Networks for improved cyber threat detection in IoT networks, demonstrating superior performance over traditional models.

Contribution

The paper presents KAN-LSTM, combining KANs with LSTM, and provides extensive benchmarking on multiple datasets, including a newly developed large-scale IoT traffic dataset.

Findings

KAN models outperform traditional MLPs with fewer parameters.

KAN-LSTM shows superior accuracy in detecting cyber threats.

New large-scale IoT dataset enhances benchmarking reliability.

Abstract

By utilising their adaptive activation functions, Kolmogorov-Arnold Networks (KANs) can be applied in a novel way for the diverse machine learning tasks, including cyber threat detection. KANs substitute conventional linear weights with spline-parametrized univariate functions, which allows them to learn activation patterns dynamically, inspired by the Kolmogorov-Arnold representation theorem. In a network traffic data, we show that KANs perform better than traditional Multi-Layer Perceptrons (MLPs), yielding more accurate results with a significantly less number of learnable parameters. We also propose KAN-LSTM model to combine advantages of spatial and temporal encoding. The suggested methodology highlights the potential of KANs as an effective tool in detecting cyber threats and offers up new directions for adaptive defensive models. Lastly, we conducted experiments on three main dataset, UNSW-NB15, NSL-KDD, and CICID2017, as well as we developed a new dataset combined from IOT-BOT, NSL-KDD, and CICID2017 to present a stable, unbiased, large-scale dataset with diverse traffic patterns. The results show the superiority of KAN-LSTM and then KAN models over the traditional deep learning models. The source code is available at GitHub repository