TY - GEN
T1 - A Systematic Approach to Building Autoencoders for Intrusion Detection
AU - Song, Youngrok
AU - Hyun, Sangwon
AU - Cheong, Yun Gyung
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - Network Intrusion Detection Systems (NIDS) have been the most effective defense mechanism against various network attacks. As attack patterns have been intelligently and dynamically evolving, the deep learning-based NIDSs have been widely adopted to improve intrusion detection accuracy. Autoencoders, one of the unsupervised neural networks, are generative deep learning models that learn to represent the data as compressed vectors without class labels. Recently, various autoencoder–generative deep learning models–have been used for NIDS in order to efficiently alleviate the laborious labeling and to effectively detect unknown types of attacks (i.e. zero-day attacks). In spite of the effectiveness of autoencoders in detecting intrusions, it requires tremendous effort to identify the optimal model architecture of the autoencoders that results in the best performance, which is an obstacle for practical applications. To address this challenge, this paper rigorously studies autoencoders with two important factors using real network data. We investigate how the size of a latent layer and the size of the model influence the detection performance. We evaluate our autoencoder model using the IDS benchmark data sets and present the experimental findings.
AB - Network Intrusion Detection Systems (NIDS) have been the most effective defense mechanism against various network attacks. As attack patterns have been intelligently and dynamically evolving, the deep learning-based NIDSs have been widely adopted to improve intrusion detection accuracy. Autoencoders, one of the unsupervised neural networks, are generative deep learning models that learn to represent the data as compressed vectors without class labels. Recently, various autoencoder–generative deep learning models–have been used for NIDS in order to efficiently alleviate the laborious labeling and to effectively detect unknown types of attacks (i.e. zero-day attacks). In spite of the effectiveness of autoencoders in detecting intrusions, it requires tremendous effort to identify the optimal model architecture of the autoencoders that results in the best performance, which is an obstacle for practical applications. To address this challenge, this paper rigorously studies autoencoders with two important factors using real network data. We investigate how the size of a latent layer and the size of the model influence the detection performance. We evaluate our autoencoder model using the IDS benchmark data sets and present the experimental findings.
KW - (One-class) unsupervised learning algorithm
KW - Autoencoder
KW - Deep learning algorithm
KW - Dimension reduction
KW - IDS
KW - PCA
KW - Semi-supervised machine learning algorithm
UR - https://www.scopus.com/pages/publications/85107434562
U2 - 10.1007/978-3-030-72725-3_14
DO - 10.1007/978-3-030-72725-3_14
M3 - Conference contribution
AN - SCOPUS:85107434562
SN - 9783030727246
T3 - Communications in Computer and Information Science
SP - 188
EP - 204
BT - Silicon Valley Cybersecurity Conference - First Conference, SVCC 2020, Revised Selected Papers
A2 - Park, Younghee
A2 - Jadav, Divyesh
A2 - Austin, Thomas
PB - Springer Science and Business Media Deutschland GmbH
T2 - 1st Silicon Valley Cybersecurity Conference, SVCC 2020
Y2 - 17 December 2020 through 19 December 2020
ER -