Unsupervised Approach for Detecting Low Rate Attacks on Network Traffic with Autoencoder

Baskoro Adi Pratomo, Pete Burnap, George Theodorakopoulos

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

25 Citations (Scopus)

Abstract

Most approaches to network intrusion detection look only at the header part of network packets. These approaches are able to detect high-rate attacks, such as Denial of Service or probing, with high degrees of accuracy. However, it remains to be seen whether they are also able to detect more subtle attacks, such as when adversaries try to exploit a vulnerability or plant a backdoor. In these cases, the attributes of network packets are usually very similar to the legitimate traffic which presents a limitation for header-only intrusion detection methods. Such attacks present an increasing problem to network security, especially given the rise of Internet of Things (IoT) and the rapidly increasing number of devices that can be exploited through low-intensity attacks. To address this problem we propose the use of the Autoencoder method for network intrusion detection. Autoencoder is a deep learning architecture that has the capability to identify outliers in a dataset. Thus it does not need labelled datasets which contain both legitimate and malicious traffic for training purposes. Through our experiments, we show that the proposed approach was able to detect 100% of low rate attack traffic with an average false positive rate of 8.01%. To demonstrate the improvement over the state of the art we have compared our results to a number of other similar works and our proposed method gave at least 32.81% better in detection rate.

Original languageEnglish
Title of host publication2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538646830
DOIs
Publication statusPublished - 4 Dec 2018
Event4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018 - Glasgow, Scotland, United Kingdom
Duration: 11 Jun 201812 Jun 2018

Publication series

Name2018 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018

Conference

Conference4th International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2018
Country/TerritoryUnited Kingdom
CityGlasgow, Scotland
Period11/06/1812/06/18

Keywords

  • autoen-coder
  • deep learning
  • intrusion detection
  • payload inspection

Fingerprint

Dive into the research topics of 'Unsupervised Approach for Detecting Low Rate Attacks on Network Traffic with Autoencoder'. Together they form a unique fingerprint.

Cite this