An intrusion detection method based on stacked sparse autoencoder and improved gaussian mixture model

The analysis of a substantial portion of network data is a requirement for almost any machine learning-based network intrusion detection method. High dimension features, a lack of labelled datasets, and inflexible feature selection are some of the difficulties it encounters. This paper proposes an i...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security Vol. 128; p. 103144
Main Authors: Zhang, Tianyue, Chen, Wei, Liu, Yuxiao, Wu, Lifa
Format: Journal Article
Language:English
Published: Elsevier Ltd 01.05.2023
Subjects:
Autoencoder
Deep learning
Gaussian mixture
Intrusion detection
Unsupervised learning
Deep learning
Gaussian mixture
Autoencoder
Intrusion detection
Unsupervised learning
ISSN:0167-4048, 1872-6208
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The analysis of a substantial portion of network data is a requirement for almost any machine learning-based network intrusion detection method. High dimension features, a lack of labelled datasets, and inflexible feature selection are some of the difficulties it encounters. This paper proposes an intrusion detection method based on stacked sparse autoencoder and improved Gaussian mixture model (SIGMOD). The method utilizes the stacked sparse autoencoder to produce non-linear dimensionality reduction after first using the Pearson correlation coefficient to achieve linear dimensionality reduction. It can lessen redundant data, obtain low-dimensional features and generate reconstruction errors of the samples, which are subsequently fed into the improved Gaussian mixture model. The method finally judges whether it is abnormal according to the output sample energy threshold of the improved Gaussian mixture model. Unlike the traditional anomaly detection technology that performs dimensionality reduction and clustering in two separate steps, SIGMOD jointly optimizes the parameters of the stacked sparse autoencoder and the Gaussian mixture model in an end-to-end manner, avoiding the key feature loss of cluster analysis or probability density estimation in dimensionality reduction by the two-step method. The experiment results on the UNSW-NB15 dataset demonstrate that SIGMOD performs significantly better than the conventional anomaly detection approach.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2023.103144