Convolutional neural networks (CNNs) are the specific architecture of feed-forward artificial neural networks. It is the de-facto standard for various operations in machine learning and computer vision. To transform this performance towards the task of network anomaly detection in cyber-security, this study proposes a model using one-dimensional CNN architecture. The authors' approach divides network traffic data into transmission control protocol (TCP), user datagram protocol (UDP), and OTHER protocol categories in the first phase, then each category is treated independently. Before training the model, feature selection is performed using the Chisquare technique, and then, over-sampling is conducted using the synthetic minority over-sampling technique to tackle a class imbalance problem. The authors' method yields the weighted average f-score 0.85, 0.97, 0.86, and 0.78 for TCP, UDP, OTHER, and ALL categories, respectively. The model is tested on the UNSW-NB15 dataset.
Feature selection is essential for prioritising important attributes in data to improve prediction quality in machine learning algorithms. As different selection techniques identify different feature sets, relying on a single method may result in risky decisions. The authors propose an ensemble approach using union and quorum combination techniques with five primary individual selection methods which are analysis of variance, variance threshold, sequential backward search, recursive feature elimination, and least absolute selection and shrinkage operator. The proposed method reduces features in three rounds: (i) discard redundant features using pairwise correlation, (ii) individual methods select their own feature sets independently, and (iii) equalise individual feature sets. The equalised individual feature sets are combined using union and quorum techniques. Both the combined and individual sets are tested for network anomaly detection using random forest, decision tree, K‐nearest neighbours, Gaussian Naive Bayes, and logistic regression classifiers. The experimental results on the UNSW‐NB15 data set show that random forest with union and quorum feature sets yields 99 and 99.02% f1_score with minimum 6 and 12 features, respectively. The results on the NSL‐KDD data set show that random forest with union and quorum gets 99.34 and 99.21% f1_score with a minimum of 28 and 18 features.
Computer network assets expose to various cyber threats in today’s digital era. Network Anomaly Detection Systems (NADS) play a vital role in protecting digital assets in the purview of network security. Intrusion detection systems data are imbalanced and high dimensioned, affecting models’ performance in classifying malicious traffic. This paper uses a denoising autoencoder (DAE) for feature selection to reduce data dimension. To balance the data, the authors use a combined approach of oversampling technique, adaptive synthetic (ADASYN) and a cluster-based under-sampling method using a clustering algorithm, Kmeans. Then, a one-dimensional convolutional neural network (1D-CNN) is used to perform classification. The performance of the proposed model is evaluated on UNSW-NB15 and NSL-KDD datasets. The experimental results show that the model produces a detection rate of 98.79% and 97.23% on UNSW-NB15 for binary classification and multiclass classification, respectively. In the evaluation using NSL-KDD, the model yields a detection rate of 98.52% for binary type classification and 98.16% for multiclass type classification.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.