Network Anomaly Detection Using LSTM Based Autoencoder

Anomaly detection aims to discover patterns in data that do not conform to the expected normal behaviour. One of the significant issues for anomaly detection techniques is the availability of labeled data for training/validation of models. In this paper, we proposed a hyper approach based on Long Short Term Memory (LSTM) autoencoder and One-class Support Vector Machine (OC-SVM) to detect anomalies based attacks in an unbalanced dataset, by training the models using only examples of normal classes. The LSTM-autoencoder is trained to learn the normal traffic pattern and to learn the compressed representation of the input data (i.e. latent features) and then feed it to an OC-SVM approach. The hybrid model overcomes the shortcomings of the separate OC-SVM, in which its low capability to operate with massive and high-dimensional datasets. Additionally, we perform our experiments using the most recent dataset (InSDN) of Intrusion Detection Systems (IDSs) for SDN environments. The experimental results show that the proposed model provides higher detection rate and reduces the processing time significantly. Hence, our method provides great confidence in securing SDN networks from malicious traffic.

[1]  Nhien-An Le-Khac,et al.  Detecting Abnormal Traffic in Large-Scale Networks , 2020, 2020 International Symposium on Networks, Computers and Communications (ISNCC).

[2]  Bernhard Schölkopf,et al.  Support Vector Method for Novelty Detection , 1999, NIPS.

[3]  Mounir Ghogho,et al.  A Deep Learning Approach Combining Autoencoder with One-class SVM for DDoS Attack Detection in SDNs , 2020, 2020 IEEE Eighth International Conference on Communications and Networking (ComNet).

[4]  Ping Jiang,et al.  Credit Card Fraud Detection Using Autoencoder Neural Network , 2019, ArXiv.

[5]  Nhien-An Le-Khac,et al.  Machine-Learning Techniques for Detecting Attacks in SDN , 2019, 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT).

[6]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[7]  Dave Larson Distributed denial of service attacks - holding back the flood , 2016, Netw. Secur..

[8]  Nhien-An Le-Khac,et al.  InSDN: A Novel SDN Intrusion Dataset , 2020, IEEE Access.

[9]  Nhien-An Le-Khac,et al.  One-Class Collective Anomaly Detection Based on LSTM-RNNs , 2017, Trans. Large Scale Data Knowl. Centered Syst..

[10]  Pascal Vincent,et al.  Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion , 2010, J. Mach. Learn. Res..

[11]  Mahesh Kumar Prasath,et al.  A meta-heuristic Bayesian network classification for intrusion detection , 2019, Int. J. Netw. Manag..

[12]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[13]  Walid El Shafai,et al.  Efficient anomaly detection from medical signals and images , 2019, International Journal of Speech Technology.

[14]  Jerry den Hartog,et al.  A Hybrid Framework for Data Loss Prevention and Detection , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[15]  Edward Tunstel,et al.  Identification of anomalies in lane change behavior using one-class SVM , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[16]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[17]  Nhien-An Le-Khac,et al.  DDoSNet: A Deep-Learning Model for Detecting Network Attacks , 2020, 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[18]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[19]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[20]  Takehisa Yairi,et al.  Anomaly Detection Using Autoencoders with Nonlinear Dimensionality Reduction , 2014, MLSDA'14.

[21]  Xinghuo Yu,et al.  Spatiotemporal Anomaly Detection Using Deep Learning for Real-Time Video Surveillance , 2020, IEEE Transactions on Industrial Informatics.

[22]  Nhien-An Le-Khac,et al.  Collective Anomaly Detection Based on Long Short-Term Memory Recurrent Neural Networks , 2016, FDSE.

[23]  Jürgen Schmidhuber,et al.  Learning to Forget: Continual Prediction with LSTM , 2000, Neural Computation.

[24]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[25]  Raghavendra Chalapathy University of Sydney,et al.  Deep Learning for Anomaly Detection: A Survey , 2019, ArXiv.

[26]  Feng Jiang,et al.  Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security , 2020, IEEE Transactions on Sustainable Computing.

[27]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[28]  Majd Latah,et al.  An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks , 2018, CCF Transactions on Networking.

[29]  Jinoh Kim,et al.  A survey of deep learning-based network anomaly detection , 2017, Cluster Computing.

[30]  Naveen K. Chilamkurti,et al.  Survey on SDN based network intrusion detection system using machine learning approaches , 2018, Peer-to-Peer Networking and Applications.

[31]  Shalini Batra,et al.  A novel ensembled technique for anomaly detection , 2017, International Journal of Communication Systems.

[32]  Hongxing He,et al.  Outlier Detection Using Replicator Neural Networks , 2002, DaWaK.