An intrusion detection method based on stacked sparse autoencoder and improved gaussian mixture model

The analysis of a substantial portion of network data is a requirement for almost any machine learning-based network intrusion detection method. High dimension features, a lack of labelled datasets, and inflexible feature selection are some of the difficulties it encounters. This paper proposes an i...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Computers & security Ročník 128; s. 103144
Hlavní autoři: Zhang, Tianyue, Chen, Wei, Liu, Yuxiao, Wu, Lifa
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier Ltd 01.05.2023
Témata:
Autoencoder
Deep learning
Gaussian mixture
Intrusion detection
Unsupervised learning
Deep learning
Gaussian mixture
Autoencoder
Intrusion detection
Unsupervised learning
ISSN:0167-4048, 1872-6208
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The analysis of a substantial portion of network data is a requirement for almost any machine learning-based network intrusion detection method. High dimension features, a lack of labelled datasets, and inflexible feature selection are some of the difficulties it encounters. This paper proposes an intrusion detection method based on stacked sparse autoencoder and improved Gaussian mixture model (SIGMOD). The method utilizes the stacked sparse autoencoder to produce non-linear dimensionality reduction after first using the Pearson correlation coefficient to achieve linear dimensionality reduction. It can lessen redundant data, obtain low-dimensional features and generate reconstruction errors of the samples, which are subsequently fed into the improved Gaussian mixture model. The method finally judges whether it is abnormal according to the output sample energy threshold of the improved Gaussian mixture model. Unlike the traditional anomaly detection technology that performs dimensionality reduction and clustering in two separate steps, SIGMOD jointly optimizes the parameters of the stacked sparse autoencoder and the Gaussian mixture model in an end-to-end manner, avoiding the key feature loss of cluster analysis or probability density estimation in dimensionality reduction by the two-step method. The experiment results on the UNSW-NB15 dataset demonstrate that SIGMOD performs significantly better than the conventional anomaly detection approach.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2023.103144