Model fusion of deep neural networks for anomaly detection

Network Anomaly Detection is still an open challenging task that aims to detect anomalous network traffic for security purposes. Usually, the network traffic data are large-scale and imbalanced. Additionally, they have noisy labels. This paper addresses the previous challenges and utilizes million-scale and highly imbalanced ZYELL’s dataset. We propose to train deep neural networks with class weight optimization to learn complex patterns from rare anomalies observed from the traffic data. This paper proposes a novel model fusion that combines two deep neural networks including binary normal/attack classifier and multi-attacks classifier. The proposed solution can detect various network attacks such as Distributed Denial of Service (DDOS), IP probing, PORT probing, and Network Mapper (NMAP) probing. The experiments conducted on a ZYELL’s real-world dataset show promising performance. It was found that the proposed approach outperformed the baseline model in terms of average macro Fβ score and false alarm rate by 17% and 5.3%, respectively.

[1]  Thomas Bäck,et al.  Hyperparameter Optimisation for Improving Classification under Class Imbalance , 2019, 2019 IEEE Symposium Series on Computational Intelligence (SSCI).

[2]  Christian Callegari,et al.  Combining sketches and wavelet analysis for multi time-scale network anomaly detection , 2011, Comput. Secur..

[3]  Marina Thottan,et al.  Anomaly Detection Approaches for Communication Networks , 2010, Algorithms for Next Generation Networks.

[4]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[5]  Karim Afdel,et al.  Distributed Intrusion Detection System for Cloud Environments based on Data Mining techniques , 2018 .

[6]  Muhammad Ashfaq Khan,et al.  HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System , 2021, Processes.

[7]  Jun Feng,et al.  Network Attacks Detection Methods Based on Deep Learning Techniques: A Survey , 2020, Secur. Commun. Networks.

[8]  김선경,et al.  1999 , 2000, Les 25 ans de l’OMC: Une rétrospective en photos.

[9]  Sylvio Barbon Junior,et al.  Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment , 2017, Inf. Sci..

[10]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[11]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[12]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[13]  Hamid H. Jebur,et al.  Machine Learning Techniques for Anomaly Detection: An Overview , 2013 .

[14]  Thomas Bäck,et al.  Improving Imbalanced Classification by Anomaly Detection , 2020, PPSN.

[15]  Francisco Herrera,et al.  Learning from Imbalanced Data Sets , 2018, Springer International Publishing.

[16]  Jiankun Hu,et al.  A novel statistical technique for intrusion detection systems , 2018, Future Gener. Comput. Syst..

[17]  Carlos García Garino,et al.  An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection , 2012, Expert Syst. Appl..

[18]  Sylvio Barbon Junior,et al.  Correlational paraconsistent machine for anomaly detection , 2014, 2014 IEEE Global Communications Conference.

[19]  Jinoh Kim,et al.  A survey of deep learning-based network anomaly detection , 2017, Cluster Computing.

[20]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[21]  Hongyu Liu,et al.  CNN and RNN based payload classification methods for attack detection , 2019, Knowl. Based Syst..

[22]  Ken Ueno,et al.  dLSTM: a new approach for anomaly detection using deep learning with delayed prediction , 2019, International Journal of Data Science and Analytics.

[23]  Saichon Jaiyen,et al.  Intrusion detection model based on ensemble learning for U2R and R2L attacks , 2015, 2015 7th International Conference on Information Technology and Electrical Engineering (ICITEE).

[24]  Suraj Sharma,et al.  Internet of Things attack detection using hybrid Deep Learning Model , 2021, Comput. Commun..

[25]  Vaishali Ganganwar,et al.  An overview of classification algorithms for imbalanced datasets , 2012 .

[26]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[27]  Myungsook Klassen,et al.  Anomaly based intrusion detection in wireless networks using Bayesian classifier , 2012, 2012 IEEE Fifth International Conference on Advanced Computational Intelligence (ICACI).

[28]  Farrukh Aslam Khan,et al.  TSDL: A Two-Stage Deep Learning Model for Efficient Network Intrusion Detection , 2019, IEEE Access.

[29]  Slim Abdennadher,et al.  Enhancing one-class support vector machines for unsupervised anomaly detection , 2013, ODD '13.

[30]  Hilde van der Togt,et al.  Publisher's Note , 2003, J. Netw. Comput. Appl..

[31]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..