LE QUY DON
Technical University
VietnameseClear Cookie - decide language by browser settings

Deep clustering hierarchical latent representation for anomaly-based cyber-attack detection

Nguyen, V.Q. and Ngo, L.T. and Nguyen, L.M. and Nguyen, V.H. and Shone, N. (2024) Deep clustering hierarchical latent representation for anomaly-based cyber-attack detection. Knowledge-Based Systems, 301. ISSN 09507051

Full text not available from this repository. (Upload)

Abstract

In the field of anomaly detection, well-known techniques and state-of-the-art models often face challenges when interpreting the latent space, which hinders their behavioral classification accuracy. Firstly, the sub-optimal distribution of data points within the latent space makes normal behavioral regions verbose and indistinguishable from abnormal regions. Secondly, within the latent space, it can be difficult to identify meaningful, separable, and indicative features. Finally, the processing time at the inference stage is still relatively slow. This paper aims to improve the accuracy of network anomaly detection mechanisms by proposing two novel deep hierarchical representation learning models: Deep Nested Clustering Auto-Encoder (DNCAE) and Deep Clustering Hierarchical Auto-Encoder (DCHAE). Both models adopt a nested branch structure, utilizing dual deep auto-encoders to establish hierarchical latent spaces; in each, clustering algorithms are used to spatially optimize and refine the data points. This approach results in improved separation between normal and abnormal data points, and easier identification of notable and/or indicative features. To ascertain the effectiveness of the approach and the quality of resulting features, both models were used in conjunction with ten different one-class anomaly detectors. Each of these ten anomaly detectors was evaluated on popular network intrusion datasets, notably: NSL-KDD, UNSW-NB15, CIC-IDS-2017, CSE-CIC-IDS-2018, and CTU13. Experimental results have confirmed that both of the proposed models produced higher levels of accuracy than existing baselines and current state-of-the-art models. Additionally, the processing time at the inference stage shows a significant reduction. © 2024 Elsevier B.V.

Item Type: Article
Divisions: Offices > Office of International Cooperation
Identification Number: 10.1016/j.knosys.2024.112366
Uncontrolled Keywords: Anomaly detection; Computer crime; Crime; Deep learning; Learning systems; Network security; Signal encoding, Anomaly detection; Attack detection; Auto encoders; Clusterings; Cybe-attack detection; Cyber-attacks; Datapoints; Deep clustering; Deep learning; Latent representation, Clustering algorithms
URI: http://eprints.lqdtu.edu.vn/id/eprint/11324

Actions (login required)

View Item
View Item