Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.4.617

Network Anomaly Detection Technologies Using Unsupervised Learning AutoEncoders  

Kang, Koohong (Seowon University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.4, 2020 , pp. 617-629 More about this Journal
Abstract
In order to overcome the limitations of the rule-based intrusion detection system due to changes in Internet computing environments, the emergence of new services, and creativity of attackers, network anomaly detection (NAD) using machine learning and deep learning technologies has received much attention. Most of these existing machine learning and deep learning technologies for NAD use supervised learning methods to learn a set of training data set labeled 'normal' and 'attack'. This paper presents the feasibility of the unsupervised learning AutoEncoder(AE) to NAD from data sets collecting of secured network traffic without labeled responses. To verify the performance of the proposed AE mode, we present the experimental results in terms of accuracy, precision, recall, f1-score, and ROC AUC value on the NSL-KDD training and test data sets. In particular, we model a reference AE through the deep analysis of diverse AEs varying hyper-parameters such as the number of layers as well as considering the regularization and denoising effects. The reference model shows the f1-scores 90.4% and 89% of binary classification on the KDDTest+ and KDDTest-21 test data sets based on the threshold of the 82-th percentile of the AE reconstruction error of the training data set.
Keywords
Network Anomaly Detection; NSL-KDD Data Set; AutoEncoder; Unsupervised Learning;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 W. Liu, Z. Wang, X. Liu, N. Zeng, Y. Liu, and F.E. Alsaadi, "A Survey of Deep Neural Network Architectures and Their Applications," Neurocomputing, vol. 234, pp. 11-26, Apr. 2017.   DOI
2 M. Ahmed, A.N. Mahmood, and J. Ju, "A survey of network anomaly detection techniques," Journal of Network and Computer Applications, vol. 60, pp. 19-31, Jan. 2016.   DOI
3 M. Tavallaee, E. Bagheri, W. Lu, and A.A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," Proceedings of the 2009 IEEE Symposium on Computational Intelligence, pp. 1-6, Jul. 2009.
4 NSL-KDD dataset, Available on: https://www.unb.ca/cic/datasets/nsl.html, Mar. 2009.
5 D. Kwon, H. Kim, J. Kim, S.C. Suh, I. Kim, and K.J. Kim, "A survey of deep learning-based network anomaly detection," Cluster Computing, vol.27, pp. 949-961, Jan. 2019.
6 C. Yin, Y. Zhu, J. Fei, and X. He, "A deep learning approach for intrusion detection using recurrent neural networks," IEEE Access, pp. 21954-21961, Oct. 2017.   DOI
7 J.J. Davis and A.J. Clark, "Data preprocessing for anomaly based network intrusion detection: A review," Computers & Security, vol. 30, no. 6-7, pp. 353-375, Sep. 2011.   DOI
8 H. Bourlard and Y. Kamp, "Auto-association by multilayer perceptron and singular value decomposition," Biological cybernetics, vol. 59, no. 4-5, pp. 291-294, Sep. 1988.   DOI
9 M. Sakurada and T. Yairi, "Anomaly Detection Using Autoencoders with Nonlinear Dimensionality Reduction," Proc. of MLSDA'14, pp. 4-11, Dec. 2014.
10 A. Borghesi, A. Bartolini, M. Lombardi, M. Milano, and L. Benini, "Anomaly detection using autoencoders in high performance computing systems", In Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, pp. 9428-9433, Jul. 2019.
11 Z. Chen, C.K. Yeo, B.S Lee, and C.T. Lau, "Autoencoder-based Network Anomaly Detection," In 2018 Wireless Telecommunications Symposium, pp. 1-5, Apr. 2018.
12 F. Farahnakian and J. Heikkonen, "A deep auto-encoder based approach for intrusion detection system," Proceedings of the 20th International Conference on Advanced Communication Technology, pp. 178-183, Feb. 2018.
13 C. Ieracitano, A. Adeel, M. Gogate, K. Dashtipour, F.C. Morabito, H. Larijani, and A. Hussain, "Statistical analysis driven optimized deep learning system for intrusion detection," Proceedings of the International Conference on Brain Inspired Cognitive Systems, pp. 759-769, Jul. 2018.
14 R.C. Aygun and A.G. Yavuz, "Network Anomaly Detection with Stochastically Improved Autoencoder Based Models," Proc. of 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing, pp. 193-198, Jun. 2017
15 A. Ozgur and H. Erdem, "A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015," PeerJ Preprints, vol. 4, Art. no. e1954, Apr. 2016.
16 A. Geron, Hands-On Machine Learning with Scikit-Learn, Keras & TensorFlow: Concepts, tools, and techniques to build intelligent systems, 2nd Edition, O'Reilly Media, 2019.
17 K. Kang, "Decision Tree Techniques with Feature Reduction for Network Anomaly Detection," Journal of the Korea Institute of Information Security and Cryptology, 29(4), pp. 795-805, Aug. 2019.   DOI
18 P. Vincent, H. Larochelle, Y. Bengio, and P. Manzagol, "Extracting and Composing Robust Features with Denoising Autoencoders," Pro. of the 25th International Conference on Machine Learning, pp. 1096-1103, Jul. 2008.
19 D. Kwon, K. Natarajan, S.C. Suh, H. Kim, and J. Kim, "An Empirical Study on Network Anomaly Detection Using Convolutional Neural Networks," Proceedings of the IEEE 38th International Conference on Distributed Computing Systems, pp. 1595-1598, Jul. 2018.
20 C. Zhou and R.C. Paffenroth, "Anomaly Detection with Robust Deep Autoencoders," Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 665-674, Aug. 2017.