Anomaly based Resilient Network Intrusion Detection using Inferential Autoencoders

This article focuses on the application of conditional variational autoencoders as anomaly detectors to identify emerging threats in computer networks. Autoencoders are machine learning techniques that are used to find lower-dimensional representations, i.e. an encoding in latent space, from input s...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2021 IEEE International Conference on Cyber Security and Resilience (CSR) s. 1 - 7
Hlavní autoři: Hannan, Abdul, Gruhl, Christian, Sick, Bernhard
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 26.07.2021
Témata:
Anomaly Detection
Artificial Intelligence
Autoencoders
Computer networks
Cyber Security
Encoding
Network Intrusion Detection
Probability distribution
Resilience
Robustness
Telecommunication traffic
Training data
Turning
Variational Autoencoders
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This article focuses on the application of conditional variational autoencoders as anomaly detectors to identify emerging threats in computer networks. Autoencoders are machine learning techniques that are used to find lower-dimensional representations, i.e. an encoding in latent space, from input space. With variational Autoencoders (VAE) this representation is not a single code word or vector but a probability distribution - greatly improving the robustness of the coding scheme. In contrast to VAE, we present a conditional variational autoencoder (CVAE), which uses the latent representation to encode regular and malicious network traffic into a bimodal distribution. While regular autoencoders are unsupervised, we require some labeled data to tune the bimodal representations, thus turning the learning problem into a semi-supervised classification task. However, unknown threats (i.e. those not contained in labeled training data) can be detected as well. In our presented case study, based on available computer network datasets (KDD99 and CIC-IDS2017), we could improve the detection of unknown threats compared to conventional approaches. Our experiments are publicly available.
DOI:10.1109/CSR51186.2021.9527980