Affordable Access

deepdyve-link
Publisher Website

Unsupervised machine learning techniques for network intrusion detection on modern data

Authors
  • Verkerken, Miel
  • D'hooge, Laurens
  • Wauters, Tim
  • Volckaert, Bruno
  • De Turck, Filip
Publication Date
Jan 01, 2020
Identifiers
DOI: 10.1109/CSNet50428.2020.9265461
OAI: oai:archive.ugent.be:8682348
Source
Ghent University Institutional Archive
Keywords
Language
English
License
Unknown
External links

Abstract

The rapid growth of the internet, connecting billions of people and businesses, brings with it an increased risk of misuse. Handling this misuse requires adaptive techniques detecting known as well as unknown, zero-day, attacks. The latter proved most challenging in recent studies, where supervised machine learning techniques excelled at detecting known attacks, but failed to recognize unknown patterns. Therefore, this paper focuses on anomaly-based detection of malicious behavior on the network by using flow-based features. Four unsupervised methods are evaluated of which two employ a self-supervised learning approach. A realistic modern dataset, CIC-IDS-2017, containing multiple different attack types is used to evaluate the proposed models in terms of classification performance and computational complexity. The results show that an autoencoder, obtained from the field of deep-learning, yields the highest area under the Receiver Operating Characteristics (AUROC) of 0.978 while maintaining an acceptable computational complexity, followed by one-class support vector machine, isolation forest and principal components analysis.

Report this publication

Statistics

Seen <100 times