4.7 Article

Autoencoder-based deep metric learning for network intrusion detection

INFORMATION SCIENCES (2021)

Get Full Text
Add to Collection

Journal

INFORMATION SCIENCES
Volume 569, Issue -, Pages 706-727

Publisher

ELSEVIER SCIENCE INC
DOI: 10.1016/j.ins.2021.05.016

Keywords

Network intrusion detection; Deep metric learning; Triplet network; Autoencoder

Categories

Computer Science, Information Systems

Funding

  1. MIUR-Ministero dell'Istruzione dell'Universit a e della Ricerca [ARS01_01116]
  2. project Modelli e tecniche di data science per la analisi di dati strutturati - University of Bari Aldo Moro

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

In this study, a new intrusion detection method is introduced which leverages a deep metric learning methodology combining autoencoders and Triplet networks. Two separate autoencoders are trained on historical normal network flows and attacks, and a Triplet network is trained to learn the embedding of the feature vector representation of network flows. This methodology achieves better predictive accuracy in detecting new signs of malicious activities in network traffic compared to competitive intrusion detection architectures on benchmark datasets.
Nowadays intrusion detection systems are a mandatory weapon in the war against the ever-increasing amount of network cyber attacks. In this study we illustrate a new intrusion detection method that analyses the flow-based characteristics of the network traffic data. It learns an intrusion detection model by leveraging a deep metric learning methodology that originally combines autoencoders and Triplet networks. In the training stage, two separate autoencoders are trained on historical normal network flows and attacks, respectively. Then a Triplet network is trained to learn the embedding of the feature vector representation of network flows. This embedding moves each flow close to its reconstruction, restored with the autoencoder associated with the same class as the flow, and away from its reconstruction, restored with the autoencoder of the opposite class. The predictive stage assigns each new flow to the class associated with the autoencoder that restores the closest reconstruction of the flow in the embedding space. In this way, the predictive stage takes advantage of the embedding learned in the training stage, achieving a good prediction performance in the detection of new signs of malicious activities in the network traffic. In fact, the proposed methodology leads to better predictive accuracy when compared to competitive intrusion detection architectures on benchmark datasets. (c) 2021 Elsevier Inc. All rights reserved.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.