Anomaly based Resilient Network Intrusion Detection using Inferential Autoencoders

This article focuses on the application of conditional variational autoencoders as anomaly detectors to identify emerging threats in computer networks. Autoencoders are machine learning techniques that are used to find lower-dimensional representations, i.e. an encoding in latent space, from input s...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2021 IEEE International Conference on Cyber Security and Resilience (CSR) s. 1 - 7
Hlavní autori: Hannan, Abdul, Gruhl, Christian, Sick, Bernhard
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 26.07.2021
Predmet:
Anomaly Detection
Artificial Intelligence
Autoencoders
Computer networks
Cyber Security
Encoding
Network Intrusion Detection
Probability distribution
Resilience
Robustness
Telecommunication traffic
Training data
Turning
Variational Autoencoders
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:This article focuses on the application of conditional variational autoencoders as anomaly detectors to identify emerging threats in computer networks. Autoencoders are machine learning techniques that are used to find lower-dimensional representations, i.e. an encoding in latent space, from input space. With variational Autoencoders (VAE) this representation is not a single code word or vector but a probability distribution - greatly improving the robustness of the coding scheme. In contrast to VAE, we present a conditional variational autoencoder (CVAE), which uses the latent representation to encode regular and malicious network traffic into a bimodal distribution. While regular autoencoders are unsupervised, we require some labeled data to tune the bimodal representations, thus turning the learning problem into a semi-supervised classification task. However, unknown threats (i.e. those not contained in labeled training data) can be detected as well. In our presented case study, based on available computer network datasets (KDD99 and CIC-IDS2017), we could improve the detection of unknown threats compared to conventional approaches. Our experiments are publicly available.
DOI:10.1109/CSR51186.2021.9527980