ENAD: An Ensemble Framework for Unsupervised Network Anomaly Detection

Page view(s)
14
Checked on Aug 10, 2022
ENAD: An Ensemble Framework for Unsupervised Network Anomaly Detection
Title:
ENAD: An Ensemble Framework for Unsupervised Network Anomaly Detection
Other Titles:
2021 IEEE International Conference on Cyber Security and Resilience (CSR)
Publication Date:
06 September 2021
Citation:
Liao, J., Teo, S. G., Pratim Kundu, P., & Truong-Huu, T. (2021). ENAD: An Ensemble Framework for Unsupervised Network Anomaly Detection. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). doi:10.1109/csr51186.2021.9527982
Abstract:
Network anomaly detection is paramount to early detect traffic anomalies and protect networks against cyber attacks such as (distributed) denial of service attacks and phishing attacks. As deep learning has succeeded in various domains, it has been adopted for network anomaly detection using a supervised learning approach. Due to the high velocity and dynamics of network traffic, labeling such voluminous network data with specific domain knowledge is difficult, and yet impossible. It makes supervised learning techniques become impractical. Several existing works have proposed unsupervised learning techniques to train detection models with unlabeled data. However, a single model cannot detect all types of attacking traffic due to the variety of their behavior. In this work, we develop an ensemble framework that uses different AutoEncoders (AEs) and generative adversarial networks (GANs) for network anomaly detection. We develop a weighting scheme that allows us to quantify the importance (goodness) of each model to each attacking traffic and then determine the final prediction score during the inference (detection) phase. We carry out extensive experiments on two recent datasets including UNSW-NB15 and CICIDS2017 to demonstrate the effectiveness of the proposed framework. The experimental results have shown that our framework significantly outperforms many state-of-the-art methods with an increase of up to 14.70% in various performance metrics such as precision, recall, F1-measure, AUROC and AUPRC.
License type:
Publisher Copyright
Funding Info:
There was no specific funding for the research done
Description:
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
ISBN:
978-1-6654-0285-9
978-1-6654-0286-6
Files uploaded:

Files uploaded:

File Size Format Action
networkanomalydetection.pdf 751.91 KB PDF Request a copy