Self-Organizing Maps-Assisted Variational Autoencoder for Unsupervised Network Anomaly Detection

In network intrusion detection systems (NIDS), conventional supervised learning approaches remain constrained by their reliance on labor-intensive labeled datasets, especially in evolving network ecosystems. Although unsupervised learning offers a viable alternative, current methodologies frequently...

Full description

Saved in:
Bibliographic Details
Published in:Symmetry (Basel) Vol. 17; no. 4; p. 520
Main Authors: Huang, Hailong, Yang, Jiahong, Zeng, Hang, Wang, Yaqin, Xiao, Liuming
Format: Journal Article
Language:English
Published: Basel MDPI AG 01.04.2025
Subjects:
Accuracy
Algorithms
Anomalies
Cluster analysis
Clustering
Datasets
Deep learning
Detectors
Encoding-Decoding
Intrusion detection systems
Labels
Machine learning
Optimization
Reconstruction
Self organizing maps
Statistical methods
Supervised learning
Unsupervised learning
ISSN:2073-8994, 2073-8994
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In network intrusion detection systems (NIDS), conventional supervised learning approaches remain constrained by their reliance on labor-intensive labeled datasets, especially in evolving network ecosystems. Although unsupervised learning offers a viable alternative, current methodologies frequently face challenges in managing high-dimensional feature spaces and achieving optimal detection performance. To overcome these limitations, this study proposes a self-organizing maps-assisted variational autoencoder (SOVAE) framework. The SOVAE architecture employs feature correlation graphs combined with the Louvain community detection algorithm to conduct feature selection. The processed data—characterized by reduced dimensionality and clustered structure—is subsequently projected through self-organizing maps to generate cluster-based labels. These labels are further incorporated into the symmetric encoding-decoding reconstruction process of the VAE to enhance data reconstruction quality. Anomaly detection is implemented through quantitative assessment of reconstruction discrepancies and SOM deviations. Experimental results show that SOVAE achieves F1 scores of 0.983 (±0.005) on UNSW-NB15 and 0.875 (±0.008) on CICIDS2017, outperforming mainstream unsupervised baselines.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2073-8994
2073-8994
DOI:10.3390/sym17040520