4.7 Article

Effective network intrusion detection via representation learning: A Denoising AutoEncoder approach

Journal

COMPUTER COMMUNICATIONS
Volume 194, Issue -, Pages 55-65

Publisher

ELSEVIER
DOI: 10.1016/j.comcom.2022.07.027

Keywords

Deep learning; Denoising autoencoder; Intrusion detection; Cybersecurity

Funding

  1. National Natural Science Foun-dation of China [61902138]
  2. Key-Area Re-search and Development Program of Guangdong Province [2019B010139001]
  3. Shenzhen Fundamental Research Program [JCYJ20170413114215614]

Ask authors/readers for more resources

This study introduces a semi-supervised intrusion detection framework that combines unsupervised and supervised techniques to address the lack of labeled network traffic. By using unsupervised pre-training and DNN classifier training, it achieves efficient intrusion detection and outperforms other competitive methods.
The introduction of deep learning techniques in intrusion detection problems has enabled an enhanced standard of detection effectiveness. However, most of the progress has occurred in supervised learning, which required a vast amount of labeled training samples. In the real world, there is a limited amount of labeled data available to train a deep neural network, affecting the classifier's detection performance. Therefore, to address the lack of labeled network traffic required to train an effective supervised classifier, this study introduces a semi -supervised intrusion detection framework that combines the unsupervised and supervised techniques. The unsupervised pre-training approach is implemented based on a denoising autoencoder (DAE), to compress the intrusion dataset and obtain the lower-dimensional features representation. Then a portion of the compressed data is used to train the DNN classifier based on a multiclass supervised approach. The network architecture is optimized by tuning hyper-parameters using a trial-and-error approach. Comparative analysis is performed between the proposed approach and the most relevant deep learning methods available in the literature against the CICIDS2018 dataset, consisting of recent network attack traces. Our approach outperforms competitive methods while maintaining stable classification results above 99.6% on F1-score, precision, and recall metrics. Additionally, it is trained in 64 min while achieving a low false alarm rate. Furthermore, the DAE module reduces the input network traffic data to one-tenth of the size of the input dataset.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available