The widespread integration of Internet of Things (IoT) devices across all facets of life has ushered in an era of interconnectedness, creating new avenues for cybersecurity challenges and underscoring the need for robust intrusion detection systems. However, traditional security systems are designed with a closed-world perspective and often face challenges in dealing with the ever-evolving threat landscape, where new and unfamiliar attacks are constantly emerging. In this paper, we introduce a framework aimed at mitigating the open set recognition (OSR) problem in the realm of Network Intrusion Detection Systems (NIDS) tailored for IoT environments. Our framework capitalizes on image-based representations of packet-level data, extracting spatial and temporal patterns from network traffic. Additionally, we integrate stacking and sub-clustering techniques, enabling the identification of unknown attacks by effectively modeling the complex and diverse nature of benign behavior. The empirical results prominently underscore the framework's efficacy, boasting an impressive 88\% detection rate for previously unseen attacks when compared against existing approaches and recent advancements. Future work will perform extensive experimentation across various openness levels and attack scenarios, further strengthening the adaptability and performance of our proposed solution in safeguarding IoT environments.

翻译：物联网设备在生活各领域的广泛普及开创了互联互通的新时代，但同时也为网络安全挑战开辟了新途径，凸显了构建鲁棒入侵检测系统的必要性。然而，传统安全系统基于封闭世界视角设计，往往难以应对不断演变的威胁环境——其中新型未知攻击层出不穷。本文提出一个旨在缓解面向物联网环境的网络入侵检测系统（NIDS）中开集识别（OSR）问题的框架。该框架利用数据包级数据的图像化表征，从网络流量中提取时空模式，并通过集成叠加与子聚类技术，有效建模良性行为的复杂多样性，从而实现对未知攻击的识别。实验结果表明，与现有方法和最新进展相比，该框架对先前未见过攻击的检测率高达88%，充分彰显其有效性。未来工作将在不同开放程度与攻击场景下开展大量实验，进一步增强本方案在保障物联网环境安全时的适应性与性能。