Abstract

A Network-based Intrusion Detection System (NIDS) monitors network traffic and analyses it to look for any sign of malicious behaviour. A NIDS may be using of these two methods to look for malicious activities, signature-based or anomaly-based. A Signature-based NIDS relies on a database of rulesets to determine whether a packet or a flow is malicious. Therefore, it suffers when the database is not updated regularly or when a zero-day attack appears. An Anomaly-based NIDS works by learning the behaviour of normal traffic and looking for anomalous activities. The anomalous activities are then deemed malicious. In doing so, this kind of NIDS does not have to rely on an updated database. It can identify deviation from the normal behaviour by training itself with some training data obtained from the organisation network traffic. The issue is cleaning the network traffic data from a real-world capture is time-consuming. Thus, in this paper, we proposed an anomaly detection method that was trained with network traffic that contains malicious activities. We were looking for evidence of whether using Autoencoders is robust to noisy data in the training set. Our experiments show that the detection method can achieve an F2-score of 0.87 for TP traffic, 0.83 for TTP traffic, and 0.98 for SMTP traffic. These results were obtained from models that had been trained with a training set which contains 0.3% of malicious traffic.

Original languageEnglish
Title of host publicationProceedings - 2022 IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages138-143
Number of pages6
ISBN (Electronic)9781665497428
DOIs
Publication statusPublished - 2022
Event6th IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022 - Virtual, Malang, Indonesia
Duration: 16 Jun 202218 Jun 2022

Publication series

NameProceedings - 2022 IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022

Conference

Conference6th IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022
Country/TerritoryIndonesia
CityVirtual, Malang
Period16/06/2218/06/22

Keywords

  • NIDS
  • deep learning
  • intrusion detection
  • machine learning
  • noisy datasets

Fingerprint

Dive into the research topics of 'Training Autoencoders with Noisy Training Sets for Detecting Low-rate Attacks on the Network'. Together they form a unique fingerprint.

Cite this