Browse > Article
http://dx.doi.org/10.7472/jksii.2021.22.1.13

Network Intrusion Detection with One Class Anomaly Detection Model based on Auto Encoder.  

Min, Byeoungjun (Dept. of Computer Science, Sejong University)
Yoo, Jihoon (Dept. of Computer Science, Sejong University)
Kim, Sangsoo (Agency for Defense Development)
Shin, Dongil (Dept. of Computer Science, Sejong University)
Shin, Dongkyoo (Dept. of Computer Science, Sejong University)
Publication Information
Journal of Internet Computing and Services / v.22, no.1, 2021 , pp. 13-22 More about this Journal
Abstract
Recently network based attack technologies are rapidly advanced and intelligent, the limitations of existing signature-based intrusion detection systems are becoming clear. The reason is that signature-based detection methods lack generalization capabilities for new attacks such as APT attacks. To solve these problems, research on machine learning-based intrusion detection systems is being actively conducted. However, in the actual network environment, attack samples are collected very little compared to normal samples, resulting in class imbalance problems. When a supervised learning-based anomaly detection model is trained with such data, the result is biased to the normal sample. In this paper, we propose to overcome this imbalance problem through One-Class Anomaly Detection using an auto encoder. The experiment was conducted through the NSL-KDD data set and compares the performance with the supervised learning models for the performance evaluation of the proposed method.
Keywords
Anomaly Detection; Network Intrusion Detection; AutoEncoder; NSL-KDD;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Thottan and C. Ji, "Anomaly detection in IP networks", IEEE Transactions on signal processing, vol. 51, no. 8, pp. 2191-2204, 2003. https://doi.org/10.1109/tsp.2003.814797   DOI
2 M. Ahmed, A. N. Mahmood and J. Hu, "A survey of network anomaly detection techniques", Journal of Network and Computer Applications, vol 60, pp. 19-31, 2016. https://doi.org/10.1016/j.jnca.2015.11.016   DOI
3 R. Longadge and S. Dongre, "Class imbalance problem in data mining review", 2013. Preprint at https://arxiv.org/abs/1305.1707
4 S. Barua, M. M. Islam, X. Yao and K. Murase, "MWMOTE--majority weighted minority oversampling technique for imbalanced data set learning", IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 2, pp. 405-425, 2012. https://doi.org/10.1109/tkde.2012.232   DOI
5 L. M. Manevitz and M. Yousef, "One-class SVMs for document classification", Journal of machine Learning research, vol 2, pp. 139-154, 2001. https://dl.acm.org/doi/10.5555/944790.944808
6 T. Luo and S. G. Nagarajan, "Distributed anomaly detection using autoencoder neural networks in wsn for iot", IEEE International Conference on Communications (ICC), pp. 1-6, 2018. https://doi.org/10.1109/icc.2018.8422402   DOI
7 C. Yin, Y. Zhu, J. Fei and X. He, "A deep learning approach for intrusion detection using recurrent neural networks", Ieee Access, vol. 5, pp. 21954-21961, 2017. https://doi.org/10.1109/access.2017.2762418   DOI
8 M. Tavallaee, E. Bagheri, W. Lu and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set", IEEE symposium on computational intelligence for security and defense applications, pp. 1-6, 2009. https://doi.org/10.1109/cisda.2009.5356528   DOI
9 J. Song, H. Takakura, Y. Okabe and Y. Kwon, "Correlation analysis between honeypot data and IDS alerts using one-class SVM", Intrusion Detection Systems, pp. 173-192, 2011. https://doi.org/10.5772/13951
10 A. Borghesi, A. Bartolini, M. Lombardi, M. Milano and L. Benini, "Anomaly detection using autoencoders in high performance computing systems", In Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, pp. 9428-9433, 2019. https://doi.org/10.1609/aaai.v33i01.33019428   DOI
11 Y. Yang, K. Zheng, C. Wu and Y. Yang, "Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network", Sensors, vol. 19, no. 11, pp. 2528, 2019. https://doi.org/10.3390/s19112528   DOI
12 A. Javaid, Q. Niyaz, W. Sun, and M. Alam, "A deep learning approach for network intrusion detection system", In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp. 21-26, 2016. https://dl.acm.org/doi/10.4108/eai.3-12-2015.2262516   DOI
13 D. S. Kim, H. N. Nguyen and J. S. Park, "Genetic algorithm to improve SVM based network intrusion detection system", In 19th International Conference on Advanced Information Networking and Applications (AINA papers), vol. 2, pp. 155-158, 2005. https://doi.org/10.1109/aina.2005.191   DOI