An Empirical Evaluation of Deep Learning for Network Anomaly Detection

Malaiya, Ritesh K.; Kwon, Donghwoon; Suh, Sang C.; Kim, Hyun‐Joo; Kim, Ikkyun; Kim, Jin Oh

doi:10.1109/access.2019.2943249

Cited by 69 publications

(29 citation statements)

References 30 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…LSTMs, on the other hand, is naturally able to capture relationships in sequences and have relatively stable accuracies over different hyperparameter choices as shown by [8]. Lastly, we confirmed the conclusion by [4] and [8] that, when it comes to LSTMs, a deeper model can achieve higher accuracies than a shallower model, but this is at the cost of increased training time.…”

Section: Core Anomaly Detection Modelsupporting

confidence: 86%

“…There has been previous works using supervised approaches for anomaly detection involving the use of Logistic Regression, Decision Trees, or Neural Networks as binary classifiers to directly classify behaviors as normal or abnormal [3] [4]. However, these techniques require both normal and abnormal data points during training, which is often not a very practical requirement.…”

Section: Fig 3 Taxonomy Of Anomaly Detection Techniques In Recent Lmentioning

confidence: 99%

“…LSTM is a type of Recurrent Neural Network (RNN) that uses three multiplicative gates-input gate, output gate, and forget gate-to control gradient flow and alleviate the vanishing/exploding gradient problems encountered when training RNNs on long sequences. Previous works[4][8] have used deep-LSTM for log sequence modeling with promising results. Therefore, we built LSTM-based models as baseline for comparison.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Intelligent Log Analysis for Anomaly Detection

Yen¹

View full text Add to dashboard Cite

Intelligent Log Analysis for Anomaly Detection By Steven Yen Computer logs are a rich source of information that can be analyzed to detect various issues. The large volumes of logs limit the effectiveness of manual approaches to log analysis. The earliest automated log analysis tools take a rule-based approach, which can only detect known issues with existing rules. On the other hand, anomaly detection approaches can detect new or unknown issues. This is achieved by looking for unusual behavior different from the norm, often utilizing machine learning (ML) or deep learning (DL) models. In this project, we evaluated various ML and DL techniques used for log anomaly detection. We propose a hybrid neural network (NN) we call "CausalConvLSTM" for modeling log sequences, which takes advantage of both Convolutional Neural Network and Long Short-Term Memory Network's strengths. Furthermore, we evaluated and proposed a concrete strategy for retraining NN anomaly detection models to maintain a low false-positive rate in a drifting environment. 4 ACKNOWLEDGEMENTS This master's project has been a substantial undertaking for me, and I would like to thank my project advisor Dr. Melody Moh for all her support and guidance through the entire process, from my initial project selection, to development, to completion. I would like to thank Dr. Teng Moh for all the feedback and insights he has provided throughout the development of the project. I would like to thank Professor Auston Davis and Dr. Katerina Potika for serving as my committee members, and spending time to discuss the project with me and sharing ideas and other considerations. I would like to thank all the CS department faculty members and my friends at SJSU for making my pursuit of a master's degree more fulfilling and pleasant. Finally, I would like to thank my family for always being there for me.

show abstract

Section: Core Anomaly Detection Modelsupporting

confidence: 86%

Section: Fig 3 Taxonomy Of Anomaly Detection Techniques In Recent Lmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Intelligent Log Analysis for Anomaly Detection

Yen¹

View full text Add to dashboard Cite

show abstract

“…CNN-based anomaly detection methods have been mainly applied to intrusion detection [60,61] by preprocessing data samples with float and integer attributes into an image form convenient for CNN processing. In a more recent study, Kwon et al [62] assess several CNN architectures for anomaly detection using different network traffic datasets by comparing their performance to other techniques including Variational Autoencoders (VAE), Fully Connected Networks (FCN) [84] and LSTM. Their results indicate that CNN perform better than VAE, but worse than FCN and LSTM.…”

Section: Recent Advances In Convolutional Neural Networkmentioning

confidence: 99%

Recent Advances in Anomaly Detection Methods Applied to Aviation

2019

View full text Add to dashboard Cite

Anomaly detection is an active area of research with numerous methods and applications. This survey reviews the state-of-the-art of data-driven anomaly detection techniques and their application to the aviation domain. After a brief introduction to the main traditional data-driven methods for anomaly detection, we review the recent advances in the area of neural networks, deep learning and temporal-logic based learning. In particular, we cover unsupervised techniques applicable to time series data because of their relevance to the aviation domain, where the lack of labeled data is the most usual case, and the nature of flight trajectories and sensor data is sequential, or temporal. The advantages and disadvantages of each method are presented in terms of computational efficiency and detection efficacy. The second part of the survey explores the application of anomaly detection techniques to aviation and their contributions to the improvement of the safety and performance of flight operations and aviation systems. As far as we know, some of the presented methods have not yet found an application in the aviation domain. We review applications ranging from the identification of significant operational events in air traffic operations to the prediction of potential aviation system failures for predictive maintenance.

show abstract

“…Usually, the Machine Learning techniques employed in anomaly detection systems are divided into two approaches: Shallow Learning and Deep Learning. Shallow Learning algorithms have some limitations, such as largely depending on attributes used in the process of training, and an intensive analysis is necessary in order to capture the most relevant attributes and statistics of the traffic [23], [24]. Besides, the models often need to be retrained to learn new patterns of network behavior [25], [26].…”

Section: Introductionmentioning

confidence: 99%

Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment

et al. 2020

View full text Add to dashboard Cite

Computer networks become complex and dynamic structures. As a result of this fact, the configuration and the managing of this whole structure is a challenging activity. Software-Defined Networks(SDN) is a new network paradigm that, through an abstraction of network plans, seeks to separate the control plane and data plane, and tends as an objective to overcome the limitations in terms of network infrastructure configuration. As in the traditional network environment, the SDN environment is also liable to security vulnerabilities. This work presents a system of detection and mitigation of Distributed Denial of Service (DDoS) attacks and Portscan attacks in SDN environments (LSTM-FUZZY). The LSTM-FUZZY system presented in this work has three distinct phases: characterization, anomaly detection, and mitigation. The system was tested in two scenarios. In the first scenario, we applied IP flows collected from the SDN Floodlight controllers through emulation on Mininet. On the other hand, in the second scenario, the CICDDoS 2019 dataset was applied. The results gained show that the efficiency of the system to assist in network management, detect and mitigate the occurrence of the attacks.

show abstract

An Empirical Evaluation of Deep Learning for Network Anomaly Detection

Cited by 69 publications

References 30 publications

Intelligent Log Analysis for Anomaly Detection

Intelligent Log Analysis for Anomaly Detection

Recent Advances in Anomaly Detection Methods Applied to Aviation

Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment

Contact Info

Product

Resources

About