research-article

Autoencoders: A Low Cost Anomaly Detection Method for Computer Network Data Streams

Authors:

Christopher Nixon,

Mohamed HassanAuthors Info & Claims

ICCBDC '20: Proceedings of the 2020 4th International Conference on Cloud and Big Data Computing

Pages 58 - 62

https://doi.org/10.1145/3416921.3416937

Published: 24 September 2020 Publication History

Abstract

Computer networks are vulnerable to cyber attacks that can affect the confidentiality, integrity and availability of mission critical data. Intrusion detection methods can be employed to detect these attacks in real-time. Anomaly detection offers the advantage of detecting unknown attacks in a semi-supervised fashion. This paper aims to answer the question if autoencoders, a type of semi-supervised feedforward neural network, can provide a low cost anomaly detector method for computer network data streams. Autoencoder methods were evaluated online with the KDD'99 and UNSW-NB15 data sets, demonstrating that running time and labeling cost are significantly reduced compared to traditional online classification techniques for similar detection performance. Further research would consider the trade-off between single vs stacked networks, multi-label classification, concept drift detection and active learning.

References

[1]

Anna L. Buczak and Erhan Guven. 2016. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18, 2, 1153--1176.

Digital Library

[2]

Xiaoming Yuan, RanWang, Yi Zhuang, Kun Zhu, and Jie Hao. 2018. A concept drift based ensemble incremental learning approach for intrusion detection. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 350- 357.

[3]

João Gama, Indrė Žliobaitė, Albert Bifet, Mykola Pechenizkiy, and Abdelhamid Bouchachia. 2014. A survey on concept drift adaptation. ACM computing surveys (CSUR), 46, 4, 44.

[4]

R. Can Aygun and A. Gokhan Yavuz. 2017. Network anomaly detection with stochastically improved autoencoder based models. In 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). IEEE, 193--198.

[5]

Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep Learning. http://www.deeplearningbook.org. MIT Press.

[6]

Thi-Thu-Huong Le, Jihyun Kim, and Howon Kim. 2017. An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In 2017 International Conference on Platform Technology and Service (PlatCon). IEEE, 1--6.

[7]

Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai. 2018. Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089.

[8]

Miguel Nicolau and James McDermott. 2016. A hybrid autoencoder and density estimation model for anomaly detection. In International Conference on Parallel Problem Solving from Nature. Springer, 717--726.

[9]

Ali H. Mirza and Selin Cosan. 2018. Computer network intrusion detection using sequential lstm neural networks autoencoders. In 2018 26th Signal Processing and Communications Applications Conference (SIU). IEEE, 1--4.

[10]

Jinghui Chen, Saket Sathe, Charu Aggarwal, and Deepak Turaga. 2017. Outlier detection with autoencoder ensembles. In Proceedings of the 2017 SIAM International Conference on Data Mining. SIAM, 90--98.

[11]

Tung Kieu, Bin Yang, Chenjuan Guo, and Christian S. Jensen. 2019. Outlier detection for time series with recurrent autoencoder ensembles. In 28th international joint conference on artificial intelligence.

[12]

XuKui Li, Wei Chen, Qianru Zhang, and LifaWu. 2020. Building auto-encoder intrusion detection system based on random forest feature selection. Computers & Security, 101851.

[13]

Christopher Nixon, Mohamed Sedky, and Mohamed Hassan. 2019. Practical application of machine learning based online intrusion detection to internet of things networks. In 2019 IEEE Global Conference on Internet of Things (GCIoT). IEEE, 1--5.

[14]

Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research, 15, 1, 1929--1958.

[15]

Jacob Montiel, Jesse Read, Albert Bifet, and Talel Abdessalem. 2018. Scikitmultiflow: a multi-output streaming framework. The Journal of Machine Learning Research, 19, 1, 2915--2914.

Digital Library

[16]

Albert Bifet, Ricard Gavaldà, Geoff Holmes, and Bernhard Pfahringer. 2018. Machine Learning for Data Streams with Practical Examples in MOA. https://moa.cms.waikato.ac.nz/book/. MIT Press.

[17]

Indrė Žliobaitė, Albert Bifet, Bernhard Pfahringer, and Geoffrey Holmes. 2013. Active learning with drifting streaming data. IEEE transactions on neural networks and learning systems, 25, 1, 27--39.

Cited By

Mvula PBranco PJourdan GViktor H(2024)A Survey on the Applications of Semi-supervised Learning to Cyber-securityACM Computing Surveys10.1145/365764756:10(1-41)Online publication date: 22-Jun-2024
https://dl.acm.org/doi/10.1145/3657647
Nixon CSedky MChampion JHassan M(2024)SALADExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.123439248:COnline publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.123439
Willems DKohls Kvan der Kamp BVranken H(2023)Data Exfiltration Detection on Network Metadata with AutoencodersElectronics10.3390/electronics1212258412:12(2584)Online publication date: 8-Jun-2023
https://doi.org/10.3390/electronics12122584
Show More Cited By

Index Terms

Autoencoders: A Low Cost Anomaly Detection Method for Computer Network Data Streams
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
2. Theory of computation
  1. Design and analysis of algorithms
    1. Online algorithms
      1. Online learning algorithms

Recommendations

Anomaly Detection with Robust Deep Autoencoders
KDD '17: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Deep autoencoders, and other deep neural networks, have demonstrated their effectiveness in discovering non-linear features across many problem domains. However, in many real-world problems, large outliers and pervasive noise are commonplace, and one ...
Detecting Anomalies with Autoencoders on Data Streams
Machine Learning and Knowledge Discovery in Databases
Abstract
Autoencoders have achieved impressive results in anomaly detection tasks by identifying anomalous data as instances that do not match their learned representation of normality. To this end, autoencoders are typically trained on large amounts of ...
Adaptive ensembles of autoencoders for unsupervised IoT network intrusion detection
Abstract
In recent years, neural networks-based autoencoders have gained popularity in problems of anomaly detection. Recent approaches have proposed ensembles of autoencoders to detect network intrusions. The computationally expensive ensembles of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCBDC '20: Proceedings of the 2020 4th International Conference on Cloud and Big Data Computing

August 2020

130 pages

ISBN:9781450375382

DOI:10.1145/3416921

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Brookes: Oxford Brookes University
Staffordshire University: Staffordshire University
University of Liverpool

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 September 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCBDC '20

ICCBDC '20: 2020 4th International Conference on Cloud and Big Data Computing

August 26 - 28, 2020

Virtual, United Kingdom

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
261
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mvula PBranco PJourdan GViktor H(2024)A Survey on the Applications of Semi-supervised Learning to Cyber-securityACM Computing Surveys10.1145/365764756:10(1-41)Online publication date: 22-Jun-2024
https://dl.acm.org/doi/10.1145/3657647
Nixon CSedky MChampion JHassan M(2024)SALADExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.123439248:COnline publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.123439
Willems DKohls Kvan der Kamp BVranken H(2023)Data Exfiltration Detection on Network Metadata with AutoencodersElectronics10.3390/electronics1212258412:12(2584)Online publication date: 8-Jun-2023
https://doi.org/10.3390/electronics12122584
Daugėla KVaičiukynas E(2022)Real-Time Anomaly Detection for Distributed Systems Logs Using Apache Kafka and H2O.aiInformation and Software Technologies10.1007/978-3-031-16302-9_3(33-42)Online publication date: 6-Oct-2022
https://doi.org/10.1007/978-3-031-16302-9_3
Heine FKleiner CKlostermeyer PAhlers VLaue TWellermann N(2022)Detecting Attacks in Network Traffic Using Normality Models: The Cellwise EstimatorFoundations and Practice of Security10.1007/978-3-031-08147-7_18(265-282)Online publication date: 15-Jun-2022
https://doi.org/10.1007/978-3-031-08147-7_18

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents