TUNING HYPERPARAMETERS OF SELF-ORGANIZING MAPS IN COMBINATION WITH K-NEAREST NEIGHBORS FOR IOT MALWARE DETECTION
Keywords:SOM, KNN, IoT, hyperparameter optimization, malware detection
In the Internet of Things, sensor devices often generate massive sensory data across multiple domains and applications. Identifying IoT malware from a huge amount of such IoT data is often a challenging task. In our previous studies, analytic techniques were applied to reduce dimensionality and discover valuable information from the original data. Particularly, the Self-organizing Maps (SOM)-based classifier with an AutoEncoder is used to create an end-to-end IoT malware detection model. However, the SOM-based classifier has a constraint that new instances may be incorrectly classified if they are mapped into unlabelled neurons in the SOM map. To address this issue, in this study, a novel hybrid between SOM-based classifier and well-known classification algorithms like K-Nearest Neighbors, Support Vector Machine, Softmax, Random Forest. In this hybrid, classification methods will help to correctly assign labels for instances mapped into the unlabeled neurons. In addition, this article investigates hyperparameter optimization methods for optimizing SOM hyperparameters. Our proposed methods were tested on the NBaIoT dataset with various experimental settings. Experimental results illustrate that SOMKNN often performs better than stand-alone techniques, including the SOM classifier.