research-article

Unsupervised learning approach for network intrusion detection system using autoencoders

Authors:

Hyunseung Choi,

Wooju KimAuthors Info & Claims

Volume 75, Issue 9

Pages 5597 - 5621

https://doi.org/10.1007/s11227-019-02805-w

Published: 01 September 2019 Publication History

Abstract

Network intrusion detection systems are useful tools that support system administrators in detecting various types of intrusions and play an important role in monitoring and analyzing network traffic. In particular, anomaly detection-based network intrusion detection systems are widely used and are mainly implemented in two ways: (1) a supervised learning approach trained using labeled data and (2) an unsupervised learning approach trained using unlabeled data. Most studies related to intrusion detection systems focus on supervised learning. However, the process of acquiring labeled data is expensive, requiring manual labeling by network experts. Therefore, it is worthwhile investigating the development of unsupervised learning approaches for intrusion detection systems. In this study, we developed a network intrusion detection system using an unsupervised learning algorithm autoencoder and verified its performance. As our results show, our model achieved an accuracy of 91.70%, which outperforms previous studies that achieved 80% accuracy using cluster analysis algorithms. Our results provide a practical guideline for developing network intrusion detection systems based on autoencoders and significantly contribute to the exploration of unsupervised learning techniques for various network intrusion detection systems.

References

[1]

Akhgar B, Saathoff GB, Arabnia HR, Hill R, Staniforth A, Bayerl PS (2015) Application of big data for national security: a practitioner’s guide to emerging technologies. Butterworth-Heinemann, Oxford, p 320. https://doi.org/10.1016/B978-0-12-801967-2.01002-8

[2]

Deligiannidis L, Arabnia HR (2015) Security surveillance applications utilizing parallel video-processing techniques in the spatial domain. In: Deligiannidis L, Arabnia HR (eds) Emerging trends in image processing, computer vision and pattern recognition. Morgan Kaufmann, Boston, pp 117–130. https://doi.org/10.1016/B978-0-12-802045-6.00008-9

[3]

Choche A, Arabnia H (2011) A methodology to conceal qr codes for security applications. In: Proceedings of the 10th International Conference on Information and Knowledge Engineering. pp 151–157

[4]

Javaid A, Niyaz Q, Sun W, Alam M (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), 2016. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), pp 21–26. https://doi.org/10.4108/eai.3-12-2015.2262516

[5]

Bace R, Mell P (2001) NIST special publication on intrusion detection systems. National Institute of Standards and Technology, Gaithersburg

[6]

Gogoi P, Borah B, Bhattacharyya DK (2010) Anomaly detection analysis of intrusion data using supervised & unsupervised approach. J Converg Inf Technol 5(1):95–110

[7]

Panda M, Abraham A, Patra MR (2010) Discriminative multinomial Naïve Bayes for network intrusion detection. In: 2010 Sixth International Conference on Information Assurance and Security. pp 5–10. https://doi.org/10.1109/ISIAS.2010.5604193

[8]

Naoum RS, Abid NA, Al-Sultani ZN (2012) An enhanced resilient backpropagation artificial neural network for intrusion detection system. Int J Comput Sci Netw Secur 12(3):11–16

[9]

Thaseen S, Kumar CA (2013) An analysis of supervised tree based classifiers for intrusion detection system. In: 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering. pp 294–299. https://doi.org/10.1109/ICPRIME.2013.6496489

[10]

Syarif I, Prugel-Bennett A, Wills G (2012) Unsupervised clustering approach for network anomaly detection. 2012 networked digital technologies. Springer, Berlin, pp 135–145

[11]

Heba FE, Darwish A, Hassanien AE, Abraham (2010) A principle components analysis and support vector machine based intrusion detection system. In: 2010 10th International Conference on Intelligent Systems Design and Applications. pp 363–367. https://doi.org/10.1109/ISDA.2010.5687239

[12]

Bengio Y, Lamblin P, Popovici D, Larochelle H (2006) Greedy layer-wise training of deep networks. In: Proceedings of the 19th International Conference on Neural Information Processing Systems, Canada. pp 153–160

[13]

Sakurada M, Yairi T (2014) Anomaly detection using autoencoders with nonlinear dimensionality reduction. In: Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis. ACM, pp 4–11. https://doi.org/10.1145/2689746.2689747

[14]

Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv Preprint. arXiv:1802.09089

[15]

Vincent P, Larochelle H, Bengio Y, Manzagol P-A (2008) Extracting and composing robust features with denoising autoencoders. In: Proceedings of the 25th International Conference on Machine Learning, Helsinki, Finland. ACM, pp 1096–1103. https://doi.org/10.1145/1390156.1390294

Digital Library

[16]

Bengio Y (2009) Learning Deep Architectures for AI. Found Trends Mach Learn 2(1):1–127. https://doi.org/10.1561/2200000006

Digital Library

[17]

Hinton GE, Salakhutdinov RR (2006) Reducing the dimensionality of data with neural networks. Science 313(5786):504–507. https://doi.org/10.1126/science.1127647

[18]

Cao L, Huang W, Sun F (2016) Building feature space of extreme learning machine with sparse denoising stacked-autoencoder. Neurocomput 174:60–71. https://doi.org/10.1016/j.neucom.2015.02.096

Digital Library

[19]

Robbins H, Monro S (1951) A stochastic approximation method. Ann Math Stat 22(3):400–407

[20]

Kingma DP, Welling M (2013) Auto-encoding variational bayes. arXiv Preprint. arXiv:1312.6114

[21]

Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. pp 1–6. https://doi.org/10.1109/CISDA.2009.5356528

[22]

Kingma DP, Ba J (2014) Adam: A method for stochastic optimization. arXiv Preprint. arXiv:1412.6980

Cited By

Sabeel UHeydari SEl-Khatib KElgazzar K(2024)Unknown, Atypical and Polymorphic Network Intrusion Detection: A Systematic SurveyIEEE Transactions on Network and Service Management10.1109/TNSM.2023.329853321:1(1190-1212)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TNSM.2023.3298533
Li HSang YGe HYan JLi S(2024)Anomaly detection of aviation data bus based on SAE and IMDComputers and Security10.1016/j.cose.2023.103619137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103619
Sun HHuang YHan LFu CLiu HLong X(2024)MTS-DVGANComputers and Security10.1016/j.cose.2023.103570139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103570
Show More Cited By

Index Terms

Unsupervised learning approach for network intrusion detection system using autoencoders

Index terms have been assigned to the content through auto-classification.

Recommendations

Unsupervised Intrusion Detection System for Unmanned Aerial Vehicle with Less Labeling Effort
Information Security Applications
Abstract
Along with the importance of safety, an IDS has become a significant task in the real world. Prior studies proposed various intrusion detection models for the UAV. Past rule-based approaches provided a concrete baseline IDS model, and the machine ...
A semi-supervised approach for network intrusion detection
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Security of computer networks is a crucial topic nowadays. We present a novel semi-supervised approach for building intrusion detection systems and compare it to selected supervised machine learning models for binary classification. To evaluate the ...
Autoencoding Binary Classifiers for Supervised Anomaly Detection
PRICAI 2019: Trends in Artificial Intelligence
Abstract
We propose the Autoencoding Binary Classifiers (ABC), a novel supervised anomaly detector based on the Autoencoder (AE). There are two main approaches in anomaly detection: supervised and unsupervised. The supervised approach accurately detects ...

Comments

Information & Contributors

Information

Published In

cover image The Journal of Supercomputing

The Journal of Supercomputing Volume 75, Issue 9

Sep 2019

562 pages

ISSN:0920-8542

Issue’s Table of Contents

Copyright © 2019 Springer Science+Business Media, LLC, part of Springer Nature.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 September 2019

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sabeel UHeydari SEl-Khatib KElgazzar K(2024)Unknown, Atypical and Polymorphic Network Intrusion Detection: A Systematic SurveyIEEE Transactions on Network and Service Management10.1109/TNSM.2023.329853321:1(1190-1212)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TNSM.2023.3298533
Li HSang YGe HYan JLi S(2024)Anomaly detection of aviation data bus based on SAE and IMDComputers and Security10.1016/j.cose.2023.103619137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103619
Sun HHuang YHan LFu CLiu HLong X(2024)MTS-DVGANComputers and Security10.1016/j.cose.2023.103570139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103570
Saikam JCh K(2024)An ensemble approach-based intrusion detection system utilizing ISHO-HBA and SE-ResNet152International Journal of Information Security10.1007/s10207-023-00777-w23:2(1037-1054)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00777-w
Zhang JLiang QBah MLi HChang LKiran R(2024)Discriminative boundary generation for effective outlier detectionKnowledge and Information Systems10.1007/s10115-023-02012-366:5(2987-3004)Online publication date: 1-May-2024
https://dl.acm.org/doi/10.1007/s10115-023-02012-3
de Araujo-Filho PNaili MKaddoum GFapi EZhu Z(2023)Unsupervised GAN-Based Intrusion Detection System Using Temporal Convolutional Networks and Self-AttentionIEEE Transactions on Network and Service Management10.1109/TNSM.2023.326003920:4(4951-4963)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1109/TNSM.2023.3260039
Verma PBreslin JO’Shea DMehta NBharot NVidyarthi A(2023)Leveraging Gametic Heredity in Oversampling Techniques to Handle Class Imbalance for Efficient Cyberthreat Detection in IIoTIEEE Transactions on Consumer Electronics10.1109/TCE.2023.331943970:1(1940-1951)Online publication date: 26-Sep-2023
https://dl.acm.org/doi/10.1109/TCE.2023.3319439
Nguyen HKashef R(2023)TS-IDSKnowledge-Based Systems10.1016/j.knosys.2023.110966279:COnline publication date: 4-Nov-2023
https://dl.acm.org/doi/10.1016/j.knosys.2023.110966
Yao WShi HZhao H(2023)Scalable anomaly-based intrusion detection for secure Internet of Things using generative adversarial networks in fog environmentJournal of Network and Computer Applications10.1016/j.jnca.2023.103622214:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103622
Liyanage MBraeken AShahabuddin SRanaweera P(2023)Open RAN securityJournal of Network and Computer Applications10.1016/j.jnca.2023.103621214:COnline publication date: 10-May-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103621
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents