Anomaly detection is an important method for intrusion detection.In recent years,unsupervised methods have been widely researched because they do not require labeling.For example,a nonlinear autoencoder can use recons...Anomaly detection is an important method for intrusion detection.In recent years,unsupervised methods have been widely researched because they do not require labeling.For example,a nonlinear autoencoder can use reconstruction errors to attain the discrimination threshold.This method is not effective when the model complexity is high or the data contains noise.The method for detecting the density of compressed features in a hidden layer can be used to reduce the influence of noise on the selection of the threshold because the density of abnormal data in hidden layers is smaller than normal data.However,compressed features may lose some of the high-dimensional distribution information of the original data.In this paper,we present an efficient anomaly detection framework for unsupervised anomaly detection,which includes network data capturing,processing,feature extraction,and anomaly detection.We employ a deep autoencoder to obtain compressed features and multi-layer reconstruction errors,and feeds them the same to the Gaussian mixture model to estimate the density.The proposed approach is trained and tested on multiple current intrusion detection datasets and real network scenes,and performance indicators,namely accuracy,recall,and F1-score,are better than other autoencoder models.展开更多
基金This work is supported by the Introducing Program of Dongguan for Leading Talents in Innovation and Entrepreneur(Dongren Han[2018],No.738).
文摘Anomaly detection is an important method for intrusion detection.In recent years,unsupervised methods have been widely researched because they do not require labeling.For example,a nonlinear autoencoder can use reconstruction errors to attain the discrimination threshold.This method is not effective when the model complexity is high or the data contains noise.The method for detecting the density of compressed features in a hidden layer can be used to reduce the influence of noise on the selection of the threshold because the density of abnormal data in hidden layers is smaller than normal data.However,compressed features may lose some of the high-dimensional distribution information of the original data.In this paper,we present an efficient anomaly detection framework for unsupervised anomaly detection,which includes network data capturing,processing,feature extraction,and anomaly detection.We employ a deep autoencoder to obtain compressed features and multi-layer reconstruction errors,and feeds them the same to the Gaussian mixture model to estimate the density.The proposed approach is trained and tested on multiple current intrusion detection datasets and real network scenes,and performance indicators,namely accuracy,recall,and F1-score,are better than other autoencoder models.
