The rapid increase in network traffic has recently led to the importance of flow-based intrusion detection systems processing a small amount of traffic data. Furthermore, anomaly-based methods, which can identify unknown attacks are also integrated into these systems. In this study, the focus is concentrated on the detection of anomalous network traffic (or intrusions) from flow-based data using unsupervised deep learning methods with semi-supervised learning approach. More specifically, Autoencoder and Variational Autoencoder methods were employed to identify unknown attacks using flow features. In the experiments carried out, the flow-based features extracted out of network traffic data, including typical and different types of attacks, were used. The Receiver Operating Characteristics (ROC) and the area under ROC curve, resulting from these methods were calculated and compared with One-Class Support Vector Machine. The ROC curves were examined in detail to analyze the performance of the methods in various threshold values. The experimental results show that Variational Autoencoder performs, for the most part, better than Autoencoder and One-Class Support Vector Machine.
In this study, the SAnDet architecture, which can do anomaly-based intrusion detection by taking advantage of the capabilities offered by the SDN architecture, is presented and implemented as a controller application. A detailed description of this system which consists of three main modules which are statistics collector, anomaly detector, and anomaly prevention is given. More specifically, Replicator Neural Networks (RNN) which is a special variant of the autoencoder, and the EncDecAD method which is a special type of LSTM network that can produce successful results, especially in given data series, are used to identify unknown attacks using flow features collected from OpenFlow switches. In experiments, flow-based features extracted from network traffic data including different types of attacks, are given as input into models as time series. The results of the methods are calculated using the ROC and AUC metrics. Experimental results show that EncDecAD outperforms RNN. Moreover, it is demonstrated that this study has several benefits over previously conducted research.
Genetic algorithm is one of data mining classification techniques and it has been applied successfully in a wide range of applications. However, the performance of Genetic algorithm fluctuates significantly. This research work combines Genetic algorithm with fuzzy logic to adapt dynamically crossover and mutation parameters of Genetic algorithm. Two different datasets are taken during the experiment. Several experiments have been performed to prove the effectiveness of the proposed algorithm. Results show that the rules generated from a proposed algorithm are significantly better with high fitness and more efficient as compared to a normal Genetic algorithm.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.