Abstract
Network Intrusion Detection Systems (NIDS) have been the most effective defense mechanism against various network attacks. As attack patterns have been intelligently and dynamically evolving, the deep learning-based NIDSs have been widely adopted to improve intrusion detection accuracy. Autoencoders, one of the unsupervised neural networks, are generative deep learning models that learn to represent the data as compressed vectors without class labels. Recently, various autoencoder–generative deep learning models–have been used for NIDS in order to efficiently alleviate the laborious labeling and to effectively detect unknown types of attacks (i.e. zero-day attacks). In spite of the effectiveness of autoencoders in detecting intrusions, it requires tremendous effort to identify the optimal model architecture of the autoencoders that results in the best performance, which is an obstacle for practical applications. To address this challenge, this paper rigorously studies autoencoders with two important factors using real network data. We investigate how the size of a latent layer and the size of the model influence the detection performance. We evaluate our autoencoder model using the IDS benchmark data sets and present the experimental findings.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
99 K.C.: KDD Cup 1999 Data (2007). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed Mar 2019
Alom, M.Z., Bontupalli, V., Taha, T.: Intrusion detection using deep belief networks. In: 2015 National Aerospace and Electronics Conference (NAECON), pp. 339–344 (2015)
Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)
Aygun, R.C., Yavuz, A.G.: Network anomaly detection with stochastically improved autoencoder based models. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 193–198. IEEE (2017)
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)
Chitrakar, R., Huang, C.: Selection of candidate support vectors in incremental SVM for network intrusion detection. Comput. Secur. 45, 231–241 (2014)
Cyphort: Cyphort Data Sheet (2017). http://go.cyphort.com/rs/181-NTN-682/images/CYPHORT_DataSheet.pdf. Accessed Mar 2019
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)
Gharib, M., Mohammadi, B., Dastgerdi, S.H., Sabokrou, M.: AutoIDS: auto-encoder based method for intrusion detection system. arXiv abs/1911.03306 (2019)
Javaid, A., Niyaz, Q., Sun, W., Alam, M.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (Formerly BIONETICS), BICT 2015, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, Belgium, pp. 21–26 (2016). https://doi.org/10.4108/eai.3-12-2015.2262516
Kaur, H., Singh, G., Minhas, J.: A review of machine learning based anomaly detection techniques. arXiv preprint arXiv:1307.7286 (2013)
Kim, J., Kim, J., Thu, H.L.T., Kim, H.: Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 International Conference on Platform Technology and Service (PlatCon), pp. 1–5. IEEE (2016)
Kuypers, M.A., Maillart, T., Paté-Cornell, E.: An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley (2016). http://fsi.stanford.edu/sites/default/files/kuypersweis_v7.pdf. Accessed 30 July 2020
Li, Y., Ma, R., Jiao, R.: A hybrid malicious code detection method based on deep learning. Int. J. Softw. Eng. Appl. 9(5), 205–216 (2015)
MartĂn, M.L., Carro, B., Sánchez-Esguevillas, A., Lloret, J.: Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in IoT. Sensors (Basel, Switzerland) 17, 1967 (2017)
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A.: Kitsune: an ensemble of autoencoders for online network intrusion detection. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018. The Internet Society (2018). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_03A-3_Mirsky_paper.pdf
Petersen, R.: Data mining for network intrusion detection: a comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks (2015)
RSA: RSA Netwitness Logs and Packets (2017). https://www.rsa.com/content/dam/en/data-sheet/rsa-netwitness-logs-and-packets.pdf. Accessed Mar 2019
Sahu, S., Mehtre, B.M.: Network intrusion detection system using j48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2023–2026. IEEE (2015)
Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha, A., Takahashi, R., Schaefer, G., Costa, L. (eds.) Soft computing in industrial applications. AINSC, vol. 96, pp. 293–303. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20505-7_26
Sapre, S., Ahmadi, P., Islam, K.R.: A robust comparison of the KDDCup99 and NSL-KDD IoT network intrusion detection datasets through various machine learning algorithms. arXiv abs/1912.13204 (2019)
Sharafaldin, I., Lashkari, A., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP (2018)
Siddique, K., Akhtar, Z., Khan, F.A., Kim, Y.: KDD Cup 99 data sets: a perspective on the role of data sets in network intrusion detection research. Computer 52, 41–51 (2019)
Tao, X., Kong, D., Wei, Y., Wang, Y.: A big network traffic data fusion approach based on fisher and deep auto-encoder. Information 7(2), 20 (2016)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6 (2009)
Zavrak, S., İskefiyeli, M.: Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access 8, 108346–108358 (2020). https://doi.org/10.1109/ACCESS.2020.3001350
Zhang, B., Yu, Y., Li, J.: Network intrusion detection based on stacked sparse autoencoder and binary tree ensemble method. In: 2018 IEEE International Conference on Communications Workshops (ICC Workshops). IEEE (2018)
Acknowledgement
This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (No.2020-0-00952, Development of 5G Edge Security Technology for Ensuring 5G+ Service Stability and Availability).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Song, Y., Hyun, S., Cheong, YG. (2021). A Systematic Approach to Building Autoencoders for Intrusion Detection. In: Park, Y., Jadav, D., Austin, T. (eds) Silicon Valley Cybersecurity Conference. SVCC 2020. Communications in Computer and Information Science, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-72725-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-72725-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72724-6
Online ISBN: 978-3-030-72725-3
eBook Packages: Computer ScienceComputer Science (R0)