In recent years, neural networks-based autoencoders have gained popularity in problems of anomaly detection. Recent approaches have proposed ensembles of autoencoders to detect network intrusions. The computationally expensive ensembles of autoencoders make it challenging to be used for intrusion detection in networks of devices with lower resources, e.g., the Internet of Things, than in the cloud or data centers. To overcome this challenge, in this work, we propose, investigate and compare four methods to reduce the ensemble complexity through adaptive de-activations of autoencoders. These methods differ in their approach to select the autoencoders to de-activate (criteria-based or random) and differ when they conduct the de-activations (post-training or in-training). Extensive experiments on two recent, realistic IoT intrusion detection datasets validate the effectiveness of the proposed methods in achieving satisfactory detection performance at much lower training, re-training and inference time costs. The proposed methods shall enable scalable and efficient intrusion detection systems or services that could be deployed on-device or on-edge.

近年来，基于神经网络的自动编码器已在异常检测问题中得到普及。最近的方法已经提出了自动编码器的集合以检测网络入侵。自编码器的计算上昂贵的集成使其在具有比云或数据中心低的资源的设备网络（例如，物联网）中用于入侵检测变得具有挑战性。为了克服这一挑战，在这项工作中，我们提出，研究和比较了四种通过自适应禁用自动编码器来降低整体复杂度的方法。这些方法在选择要停用的自动编码器的方法方面有所不同（基于标准或随机的），而在进行停用时（训练后或训练中）的方法也有所不同。最近进行了两次广泛的实验，现实的IoT入侵检测数据集以较低的培训，再培训和推理时间成本验证了所提出方法在实现令人满意的检测性能方面的有效性。所提出的方法应支持可在设备或边缘部署的可扩展且高效的入侵检测系统或服务。