articles

The article examines the problem of dynamic cyberthreat detection in distributed Internet of Things systems, addressing the limited adaptability of static intrusion detection systems and the vulnerability of machine learning models to adversarial influences. The aim of the work is to improve the effectiveness of cyberthreat detection in distributed IoT systems based on efficiency and timeliness criteria by using generative models capable of simulating normal and abnormal node behavior while accounting for environmental variability. A method based on generative adversarial models and contrastive learning is employed to generate anomaly estimates for IoT data time windows and make decisions based on a threshold rule. A computational experiment was conducted on the open N-BaIoT dataset for Mirai family attack scenarios, comparing statistical, linear, and autoencoder-based anomaly detection methods on windowed representations of IoT data. It was demonstrated that the selected feature description ensures high cyberthreat detection efficiency with short inference times, and the use of an autoencoder yields the best F1-score values across the scenarios considered. The obtained results confirm the potential for further implementation of the proposed generative method for analyzing IoT traffic time sequences and its application in intelligent network security monitoring tools at the edge and gateway levels of IoT systems.