Effective network intrusion detection via representation learning: A Denoising AutoEncoder approach

The introduction of deep learning techniques in intrusion detection problems has enabled an enhanced standard of detection effectiveness. However, most of the progress has occurred in supervised learning, which required a vast amount of labeled training samples. In the real world, there is a limited amount of labeled data available to train a deep neural network, affecting the classifier's detection performance. Therefore, to address the lack of labeled network traffic required to train an effective supervised classifier, this study introduces a semi -supervised intrusion detection framework that combines the unsupervised and supervised techniques. The unsupervised pre-training approach is implemented based on a denoising autoencoder (DAE), to compress the intrusion dataset and obtain the lower-dimensional features representation. Then a portion of the compressed data is used to train the DNN classifier based on a multiclass supervised approach. The network architecture is optimized by tuning hyper-parameters using a trial-and-error approach. Comparative analysis is performed between the proposed approach and the most relevant deep learning methods available in the literature against the CICIDS2018 dataset, consisting of recent network attack traces. Our approach outperforms competitive methods while maintaining stable classification results above 99.6% on F1-score, precision, and recall metrics. Additionally, it is trained in 64 min while achieving a low false alarm rate. Furthermore, the DAE module reduces the input network traffic data to one-tenth of the size of the input dataset.

Automated summary

This study introduces a semi-supervised intrusion detection framework that combines unsupervised and supervised techniques to address the lack of labeled network traffic. By using unsupervised pre-training and DNN classifier training, it achieves efficient intrusion detection and outperforms other competitive methods.