Developing deep neural networks for network attack detection

1. The thesis proposes three latent representation learning models based on AEs namely Multi-distribution Variational AutoEncoder (MVAE), Multi-distribution AutoEncoder (MAE), and Multi-distribution Denoising AutoEncoder (MDAE). These proposed models project normal traffic data and attack traffic data, including known network attacks and unknown network attacks to two separate regions. As a result, the new representation space of network traffic data fascinates simple classification algorithms. In other words, normal data and network attack data in the new representation space are distinguishable from the original features, thereby making a more robust NAD system to detect both known attacks and unknown attacks.
2. The thesis proposes three new deep neural networks namely Auxiliary Classifier GAN - Support Vector Machine (ACGAN-SVM), Conditional Denoising Adversarial AutoEncoder (CDAAE), and Conditional Denoising Adversarial AutoEncoder - K Nearest Neighbor (CDAAE-KNN) for handling data imbalance, thereby improving the accuracy of machine learning methods for NAD systems. These proposed techniques developed from a very new deep neural network aim to generate network attack data samples. The generated network attack data samples help to balance the training network traffic datasets. Thus, the accuracy of NAD systems is improved significantly.
3. A DTL model is proposed based on AE, i.e., Maximum Mean Discrepancy-AutoEncoder (MMD-AE). This model can transfer the knowledgenfrom a source domain of network traffic data with label informationnto a target domain of network traffic data without label information. As a result, we can classify the data samples in the target domain without training with the target labels.