A method combining improved Mahalanobis distance and adversarial autoencoder to detect abnormal network traffic
Authors: 
Li Ming, Han Dezhi, Li DunAuthors Info & Claims
Pages 161 - 169
Abstract
[]The Internet has been widely used in various industries, so the anomaly detection of network traffic is of great significance for the security of network applications. Currently, network traffic anomaly detection has a high detection accuracy, but it relies on supervised learning techniques, which have issues with label identification difficulties and limited scalability. To solve the above-mentioned problems, a method combining improved Mahalanobis distance and autoencoder (AE) to detect abnormal network traffic is proposed. To increase detection effectiveness, the approach is trained without using the labels and makes use of an enhanced inverse of the Mahalanobis distance and a threshold to easily differentiate the partly normal data. In this model, the AE and the generative adversarial network (GNN) are fused, and the output of the AE is fed to the discriminator for discrimination. The loss is constructed based on the output of AE and discriminator, which improves the feature extraction ability of the autoencoder, and is more conducive to distinguishing potential anomalies. Experiments show that the proposed method has an anomaly detection precision rate of 96% and 95% F1 value on the CICIDS2017 dataset and an anomaly detection precision rate of 90% on the cicids2018 dataset. This effectively demonstrates the suggested method’s ability to generalize and have strong network traffic anomaly detection.
References
[1]
Julien Audibert, Pietro Michiardi, Frédéric Guyard, Sébastien Marti, and Maria A Zuluaga. 2020. Usad: Unsupervised anomaly detection on multivariate time series. In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. 3395–3404.
[2]
Shaokang Cai, Dezhi Han, Xinming Yin, Dun Li, and Chin-Chen Chang. 2022. A hybrid parallel deep learning model for efficient intrusion detection based on metric learning. Connection Science 34, 1 (2022), 551–577.
[3]
Young-Sik Choi. 2009. Least squares one-class support vector machine. Pattern Recognition Letters 30, 13 (2009), 1236–1240.
[4]
Carl Doersch. 2016. Tutorial on variational autoencoders. arXiv preprint arXiv:1606.05908 (2016).
[5]
Gianni D’Angelo and Francesco Palmieri. 2021. Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial–temporal features extraction. Journal of Network and Computer Applications 173 (2021), 102890.
[6]
Jose M Guerrero-Gonzalez, Benjamin Yeske, Gregory R Kirk, Michael J Bell, Peter A Ferrazzano, and Andrew L Alexander. 2022. Mahalanobis distance tractometry (MaD-Tract)–a framework for personalized white matter anomaly detection applied to TBI. Neuroimage 260 (2022), 119475.
[7]
Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2022. Anomaly detection in blockchain networks: A comprehensive survey. IEEE Communications Surveys & Tutorials (2022).
[8]
Ren-Hung Hwang, Min-Chun Peng, Chien-Wei Huang, Po-Ching Lin, and Van-Linh Nguyen. 2020. An unsupervised deep learning model for early network traffic anomaly detection. IEEE Access 8 (2020), 30387–30399.
[9]
Hossein Hadian Jazi, Hugo Gonzalez, Natalia Stakhanova, and Ali A Ghorbani. 2017. Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks 121 (2017), 25–36.
[10]
Muhammad Ashfaq Khan, Md Rezaul Karim, and Yangwoo Kim. 2019. A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11, 4 (2019), 583.
[11]
SungJin Kim, WooYeon Jo, and Taeshik Shon. 2020. APAD: Autoencoder-based payload anomaly detection for industrial IoE. Applied Soft Computing 88 (2020), 106017.
[12]
Tae-Young Kim and Sung-Bae Cho. 2018. Web traffic anomaly detection using C-LSTM neural networks. Expert Systems with Applications 106 (2018), 66–76.
[13]
Dun Li, Dezhi Han, Tien-Hsiung Weng, Zibin Zheng, Hongzhi Li, Han Liu, Arcangelo Castiglione, and Kuan-Ching Li. 2022. Blockchain for federated learning toward secure distributed machine learning systems: a systemic survey. Soft Computing 26, 9 (2022), 4423–4440.
[14]
Fei Tony Liu, Kai Ming Ting, and Zhi-Hua Zhou. 2012. Isolation-based anomaly detection. ACM Transactions on Knowledge Discovery from Data (TKDD) 6, 1 (2012), 1–39.
[15]
Andrew Ng 2011. Sparse autoencoder. CS294A Lecture notes 72, 2011 (2011), 1–19.
[16]
David E Rumelhart, Geoffrey E Hinton, and Ronald J Williams. 1986. Learning representations by back-propagating errors. nature 323, 6088 (1986), 533–536.
[17]
Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization.ICISSp 1 (2018), 108–116.
[18]
Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. 2018. A deep learning approach to network intrusion detection. IEEE transactions on emerging topics in computational intelligence 2, 1 (2018), 41–50.
[19]
Xiaodan Yan, Yang Xu, Xiaofei Xing, Baojiang Cui, Zihao Guo, and Taibiao Guo. 2020. Trustworthy network anomaly detection based on an adaptive learning rate and momentum in IIoT. IEEE Transactions on Industrial Informatics 16, 9 (2020), 6182–6192.
[20]
Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki Cho, and Haifeng Chen. 2018. Deep autoencoding gaussian mixture model for unsupervised anomaly detection. In International conference on learning representations.
Recommendations
Detect Adversarial Examples by Using Feature Autoencoder
Artificial Intelligence and SecurityAbstractThe existence of adversarial samples seriously threatens the security of various deep learning models. Therefore, the detection of adversarial examples is a very important work. Motivated by the comparison with feature maps of adversarial examples ...
Improved autoencoder for unsupervised anomaly detection
AbstractDeep autoencoder‐based methods are the majority of deep anomaly detection. An autoencoder learning on training data is assumed to produce higher reconstruction error for the anomalous samples than the normal samples and thus can distinguish ...
Abnormal Traffic Detection Based on a Fusion BiGRU Neural Network
Advances in Swarm IntelligenceAbstractAs network security is getting more and more attention, methods for anomalous traffic detection are proposed. However, the methods for anomalous traffic detection have problems such as low detection rate and high false alarm rate, so this paper ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2023
222 pages
ISBN:9798400707445
DOI:10.1145/3589462
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 May 2023
Check for updates
Author Tag
Qualifiers
- Short-paper
- Research
- Refereed limited
Conference
IDEAS '23
IDEAS '23: International Database Engineered Applications Symposium Conference
May 5 - 7, 2023
Heraklion, Crete, Greece
Acceptance Rates
Overall Acceptance Rate 74 of 210 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 65Total Downloads
- Downloads (Last 12 months)20
- Downloads (Last 6 weeks)4
Reflects downloads up to 31 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format