V.A. Zabelina, G.A. Savchenko, I.M. Chernenky, E.Yu. Silantieva

Bauman Moscow State Technical University (Moscow, Russia)

This study presents an analysis of autoencoder models for the problems of detecting anomalies in network traffic. Results of the training were assessed using open source software on the UNB ICS IDS 2017 dataset. As deep learning models, we considered standard and variational autoencoder, Deep SSAD approaches for a normal autoencoder (AE-SAD) and a variational autoencoder (VAE-SAD). The constructed deep learning models demonstrated different indicators of anomaly detection accuracy; the best result in terms of the AUC metric of 98% was achieved with VAE-SAD model. In the future, it is planned to continue the analysis of the characteristics of neural network models in cybersecurity problems. One of directions is to study the influence of structure of network traffic on the performance indicators of using deep learning models. Based on the results, it is planned to develop an approach of robust identification of security events based on deep learning methods.

Zabelina V.A., Savchenko G.A., Chernenky I.M., Silantieva E.Yu. Detecting internet attacks using a neural network. Dynamics of complex systems. 2021. T. 15. № 2. Р. 39−47. DOI: 10.18127/j19997493-202102-04 (in Russian)

1. Cisco Visual Networking Index: Forecast and Trends. 2017–2022 White Paper. 2019.
2. Branickij A.A., Kotenko I.V. Obnaruzhenie setevyh atak na osnove kompleksirovaniya nejronnyh, immunnyh i nejronechetkih klassifikatorov // Informacionno-upravlyayushchie sistemy. 2015. № 4 (77) (in Russian).
3. Hinton G.E., Zemel R.S. Autoencoders, minimum description length, and Helmholtz free energy. Advances in neural information processing systems. 1994. V. 6. P. 3–10.
4. Sakurada M., Yairi T. Anomaly detection using autoencoders with nonlinear dimensionality reduction. Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis. 2014. P. 4–11.
5. Zhou C., Paffenroth R.C. Anomaly detection with robust deep autoencoders. Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. 2017. P. 665–674.
6. Kingma D.P., Welling M. Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114. 2013.
7. An J., Cho S. Variational autoencoder based anomaly detection using reconstruction probability. Special Lecture on IE. 2015. V. 2.  № 1. P. 1–18.
8. Zavrak S., İskefiyeli M. Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access. 2020. V. 8. P. 108346–108358.
9. Ruff L. et al. Deep semi-supervised anomaly detection. arXiv preprint arXiv:1906.02694. 2019.
10. Tishby N., Zaslavsky N. Deep learning and the information bottleneck principle. 2015. IEEE Information Theory Workshop (ITW). IEEE. 2015. P. 1–5.
11. Higgins I. et al. beta-vae: Learning basic visual concepts with a constrained variational framework. 2016.
12. Spackman K.A. Signal detection theory: Valuable tools for evaluating inductive learning. Proceedings of the sixth international workshop on Machine learning. Morgan Kaufmann. 1989. P. 160–163.
13. Fawcett T. ROC graphs: Notes and practical considerations for researchers. Machine learning. 2004. V. 31. № 1. P. 1–38.
14. Sharafaldin I., Lashkari A.H., Ghorbani A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp. 2018. P. 108–116. 
15. Lekha J., Ganapathi P. Detection of illegal traffic pattern using hybrid improved CART and multiple extreme learning machine approach. International Journal of Communication Networks and Information Security. 2017. V. 9. № 2. P. 164.
16. Mining W.I.D. Data mining: Concepts and techniques. Morgan Kaufinann. 2006. V. 10. P. 559–569.
17. Rezvy S. et al. Intrusion detection and classification with autoencoded deep neural network. International Conference on Security for Information Technology and Communications. Springer. Cham. 2018. P. 142–156.