LE QUY DON
Technical University
VietnameseClear Cookie - decide language by browser settings

Clustering-Based Deep Autoencoders for Network Anomaly Detection

Nguyen, V.Q. and Nguyen, V.H. and Le-Khac, N.-A. and Cao, V.L. (2020) Clustering-Based Deep Autoencoders for Network Anomaly Detection. In: 7th International Conference on Future Data and Security Engineering, FDSE 2020, 25 November 2020 through 27 November 2020.

Text
Clustering-Based Deep Autoencoders for Network Anomaly Detection.pdf

Download (5MB) | Preview
Text
62. Clustering-Based Deep Autoencoders for Network Anomaly Detection..pdf

Download (5MB) | Preview

Abstract

A novel hybrid approach between clustering methods and autoencoders (AEs) is introduced for detecting network anomalies in a semi-supervised manner. A previous work has developed regularized AEs, namely Shrink AE (SAE) and Dirac Delta Variational AE (DVAE) that learn to represent normal data into a very small region being close to the origin in their middle hidden layers (latent representation). This work based on the assumption that normal data points may share some common characteristics, so they can be forced to distribute in a small single cluster. In some scenarios, however, normal network data may contain data from very different network services, which may result in a number of clusters in the normal data. Our proposed hybrid model attempts to automatically discover these clusters in the normal data in the latent representation of AEs. At each iteration, an AE learns to map normal data into the latent representation while a clustering method tries to discover clusters in the latent normal data and force them being close together. The co-training strategy can help to reveal true clusters in normal data. When a querying data point coming, it is first mapped into the latent representation of the AE, and its distance to the closest cluster center can be used as an anomaly score. The higher anomaly score a data point has, the more likely it is anomaly. The method is evaluated with four scenarios in the CTU13 dataset, and experiments illustrate that the proposed hybrid model often out-performs SAE on three out of four scenarios. © 2020, Springer Nature Switzerland AG.

Item Type: Conference or Workshop Item (Paper)
Divisions: Faculties > Faculty of Information Technology
Identification Number: 10.1007/978-3-030-63924-2_17
Uncontrolled Keywords: Cluster analysis; Iterative methods; Learning systems; Query processing; Security systems; Cluster centers; Clustering methods; Hybrid approach; Network anomalies; Network anomaly detection; Network services; Number of clusters; Semi-supervised; Anomaly detection
Additional Information: Conference code: 252059. Language of original document: English.
URI: http://eprints.lqdtu.edu.vn/id/eprint/9113

Actions (login required)

View Item
View Item