ABSTRACT
Network Intrusion Detection System (NIDS) is an important tool for network administrators to detect security breaches in a network. However, due to the diversity of attacks and imbalanced datasets having less number of data pertinent to attack events, current machine learning based NIDS applications often do not perform well. Therefore, it is important to synthesize data in a probabilistic manner that is similar to original attack event related data. Accordingly, in this paper, we propose a new paradigm of the synthesizing task based on Variational Laplace AutoEncoder (VLAE) and Deep Neural Network, and exploit the paradigm to develop a new intrusion detection model. Here, we go beyond the existing VLAE model through incorporating class labels as an input. We term the enhanced model as Conditional Variational Laplace AutoEncoder (CVLAE). We employ the CVLAE to learn latent variable representations of network data features and to synthesize data in a probabilistic manner. We use a Deep Neural Network (DNN) classifier, trained on the original and synthesized data, and classify the attack samples. We evaluate our model on the benchmark NSL-KDD dataset. We demonstrate efficacy of our proposed model through showing that our method achieve higher precision in minority attacks than other methods in our experimentation.
- Tamer Aldwairi, Dilina Perera, and Mark A Novotny. 2018. An evaluation of the performance of Restricted Boltzmann Machines as a model for anomaly network intrusion detection. Computer Networks 144(2018), 111–119.Google ScholarDigital Library
- Jinwon An and Sungzoon Cho. 2015. Variational autoencoder based anomaly detection using reconstruction probability. Special Lecture on IE 2, 1 (2015), 1–18.Google Scholar
- Rodrigo Braga, Edjard de Souza Mota, and Alexandre Passito. 2010. Lightweight DDoS flooding attack detection using NOX/OpenFlow.. In LCN, Vol. 10. 408–415.Google Scholar
- Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. 2002. SMOTE: synthetic minority over-sampling technique. Journal of artificial intelligence research 16 (2002), 321–357.Google ScholarCross Ref
- Kruti Choksi, Bhavin Shah, and Ompriya Kale. 2014. Intrusion detection system using self organizing map: a surevey. International Journal of Engineering Research and Applications 4, 12(2014), 11–16.Google Scholar
- Haibo He, Yang Bai, Edwardo A Garcia, and Shutao Li. 2008. ADASYN: Adaptive synthetic sampling approach for imbalanced learning. In 2008 IEEE international joint conference on neural networks (IEEE world congress on computational intelligence). IEEE, 1322–1328.Google Scholar
- Shamsul Huda, Suruz Miah, John Yearwood, Sultan Alyahya, Hmood Al-Dossari, and Robin Doss. 2018. A malicious threat detection model for cloud assisted internet of things (CoT) based industrial control system (ICS) networks using deep belief network. J. Parallel and Distrib. Comput. 120 (2018), 23–31.Google ScholarDigital Library
- Ahmad Javaid, Quamar Niyaz, Weiqing Sun, and Mansoor Alam. 2016. A deep learning approach for network intrusion detection system. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS). ICST, 21–26.Google ScholarDigital Library
- Michael I Jordan, Zoubin Ghahramani, Tommi S Jaakkola, and Lawrence K Saul. 1998. An introduction to variational methods for graphical models. In Learning in graphical models. Springer, 105–161.Google Scholar
- Yuta Kawachi, Yuma Koizumi, and Noboru Harada. 2018. Complementary set variational autoencoder for supervised anomaly detection. In 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2366–2370.Google ScholarDigital Library
- Gisung Kim, Seungmin Lee, and Sehun Kim. 2014. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications 41, 4 (2014), 1690–1700.Google ScholarDigital Library
- Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980(2014).Google Scholar
- Durk P Kingma, Shakir Mohamed, Danilo Jimenez Rezende, and Max Welling. 2014. Semi-supervised learning with deep generative models. In Advances in neural information processing systems. 3581–3589.Google Scholar
- Diederik P Kingma and Max Welling. 2013. Auto-Encoding Variational Bayes. arxiv:1312.6114 [stat.ML]Google Scholar
- Levent Koc, Thomas A Mazzuchi, and Shahram Sarkani. 2012. A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. Expert Systems with Applications 39, 18 (2012), 13492–13500.Google ScholarDigital Library
- Yihua Liao and V Rao Vemuri. 2002. Use of k-nearest neighbor classifier for intrusion detection. Computers & security 21, 5 (2002), 439–448.Google Scholar
- Manuel Lopez-Martin, Belen Carro, Antonio Sanchez-Esguevillas, and Jaime Lloret. 2017. Conditional variational autoencoder for prediction and feature recovery applied to intrusion detection in iot. Sensors 17, 9 (2017), 1967.Google ScholarCross Ref
- Tahir Mehmood and Helmi B Md Rais. 2015. SVM for network anomaly detection using ACO feature subset. In 2015 International symposium on mathematical sciences and computing research (iSMSC). IEEE, 121–126.Google ScholarCross Ref
- Lee Nicholas, Shih Yin Ooi, Ying Han Pang, Seong Oun Hwang, and Syh-Yuan Tan. 2018. Study of long short-term memory in flow-based network intrusion detection system. Journal of Intelligent & Fuzzy SystemsPreprint (2018), 1–11.Google Scholar
- Quamar Niyaz, Weiqing Sun, and Ahmad Y Javaid. 2016. A deep learning based DDoS detection system in software-defined networking (SDN). arXiv preprint arXiv:1611.07400(2016).Google Scholar
- Yookoon Park, Chris Kim, and Gunhee Kim. 2019. Variational Laplace Autoencoders. In International Conference on Machine Learning. 5032–5041.Google Scholar
- Rinku Sen, Manojit Chattopadhyay, and Nilanjan Sen. 2015. An efficient approach to develop an intrusion detection system based on multi layer backpropagation neural network algorithm: IDS using BPNN algorithm. In Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research. ACM, 105–108.Google ScholarDigital Library
- S. J. Stolfo. [n.d.]. KDD Cup 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.htmlGoogle Scholar
- Jiayu Sun, Xinzhou Wang, Naixue Xiong, and Jie Shao. 2018. Learning sparse representation with variational auto-encoder for anomaly detection. IEEE Access 6(2018), 33353–33361.Google ScholarCross Ref
- Tuan A Tang, Lotfi Mhamdi, Des McLernon, Syed Ali Raza Zaidi, and Mounir Ghogho. 2016. Deep learning approach for network intrusion detection in software defined networking. In 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM). IEEE, 258–263.Google ScholarCross Ref
- UNB. [n.d.]. NSL-KDD Dataset. https://www.unb.ca/cic/datasets/nsl.htmlGoogle Scholar
- Ly Vu, Quang Uy Nguyen, Diep N Nguyen, Dinh Thai Hoang, Eryk Dutkiewicz, 2019. Learning latent distribution for distinguishing network traffic in intrusion detection system. In ICC 2019-2019 IEEE International Conference on Communications (ICC). IEEE, 1–6.Google ScholarCross Ref
- Yanqing Yang, Kangfeng Zheng, Chunhua Wu, and Yixian Yang. 2019. Improving the classification effectiveness of intrusion detection by using improved conditional variational autoencoder and deep neural network. Sensors 19, 11 (2019), 2528.Google ScholarCross Ref
- Chuanlong Yin, Yuefei Zhu, Jinlong Fei, and Xinzheng He. 2017. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5(2017), 21954–21961.Google ScholarCross Ref
Recommendations
Network intrusion detection based on conditional wasserstein variational autoencoder with generative adversarial network and one-dimensional convolutional neural networks
AbstractThere is a class-imbalance problem that the number of minority class samples is significantly lower than that of majority class samples in common network traffic datasets. Class-imbalance phenomenon will affect the performance of the classifier ...
A hybrid Intrusion Detection System based on Sparse autoencoder and Deep Neural Network
AbstractA large number of attacks are launched daily in the era of the internet and with a large number of users. Nowadays, effective detection of numerous attacks using the Intrusion Detection System (IDS) is an emerging research technique. ...
VAEPP: Variational Autoencoder with a Pull-Back Prior
Neural Information ProcessingAbstractMany approaches to training generative models by distinct training objectives have been proposed in the past. Variational Autoencoder (VAE) is an outstanding model of them based on log-likelihood. In this paper, we propose a novel learnable prior, ...
Comments