Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS

dc.contributor.authorHore, Soumyadeep
dc.contributor.authorNguyen, Quoc
dc.contributor.authorXu, Yulun
dc.contributor.authorShah, Ankit
dc.contributor.authorBastian, Nathaniel D.
dc.contributor.authorLe, Trung
dc.date.accessioned2023-12-19T13:21:01Z
dc.date.available2023-12-19T13:21:01Z
dc.date.issued2023
dc.description.abstractAnomaly detection is critical for network security. Unsupervised learning models trained on benign network traffic data aim to detect anomalies without relying on attack data sets. Autoencoder-based models have emerged as a promising approach for detecting anomalies in network intrusion data. While autoencoder models have predominantly been utilized in flow-based approaches, which are suitable for offline analysis, there is a notable gap in research concerning unsupervised learning, particularly autoencoder-based techniques, for packetbased network intrusion detection. Packet-based network intrusion detection systems (NIDS) enable real-time detection at a granular level, making this area of investigation crucial. In this work, we compare autoencoder models for anomaly detection in packet-based NIDS. A methodological framework is presented for implementing an autoencoder-based network intrusion detection mechanism with packet data. A novel reconstruction error metric is proposed for autoencoders, which is evaluated at different threshold levels to compare the detection accuracies of network traffic anomalies. The effectiveness of autoencoder models is demonstrated on various network attacks and adversarial samples obtained from publicly available network intrusion data sets. The analysis highlights the strengths and limitations of different autoencoders for network traffic anomaly detection. The insights obtained from the empirical evaluation offer valuable guidance to researchers and practitioners aiming to develop an autoencoder-based network intrusion detection mechanism.
dc.description.sponsorshipU.S. Army Combat Capabilities Development Command C5ISR Center under Support Agreement No. USMA21056.
dc.identifier.citationHore, S., Nguyen, Q., Xu, Y., Shah, A., Bastian, N. & Le, T. (2023). Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS. Proceedings of the 2023 IEEE Conference on Dependable and Secure Computing, pp. 1-8. IEEE.
dc.identifier.doihttps://doi.org/10.1109/DSC61021.2023.10354098
dc.identifier.urihttps://hdl.handle.net/20.500.14216/1461
dc.publisherProceedings of the 2023 IEEE Conference on Dependable and Secure Computing
dc.subjectAutoencoders
dc.subjectNetwork Intrusion Detection
dc.subjectAnomaly detection
dc.titleEmpirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS
dc.typeConference presentations, papers, posters
local.USMAemailnathaniel.bastian@westpoint.edu
local.peerReviewedYes

Files