Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS
| dc.contributor.author | Hore, Soumyadeep | |
| dc.contributor.author | Nguyen, Quoc | |
| dc.contributor.author | Xu, Yulun | |
| dc.contributor.author | Shah, Ankit | |
| dc.contributor.author | Bastian, Nathaniel D. | |
| dc.contributor.author | Le, Trung | |
| dc.date.accessioned | 2023-12-19T13:21:01Z | |
| dc.date.available | 2023-12-19T13:21:01Z | |
| dc.date.issued | 2023 | |
| dc.description.abstract | Anomaly detection is critical for network security. Unsupervised learning models trained on benign network traffic data aim to detect anomalies without relying on attack data sets. Autoencoder-based models have emerged as a promising approach for detecting anomalies in network intrusion data. While autoencoder models have predominantly been utilized in flow-based approaches, which are suitable for offline analysis, there is a notable gap in research concerning unsupervised learning, particularly autoencoder-based techniques, for packetbased network intrusion detection. Packet-based network intrusion detection systems (NIDS) enable real-time detection at a granular level, making this area of investigation crucial. In this work, we compare autoencoder models for anomaly detection in packet-based NIDS. A methodological framework is presented for implementing an autoencoder-based network intrusion detection mechanism with packet data. A novel reconstruction error metric is proposed for autoencoders, which is evaluated at different threshold levels to compare the detection accuracies of network traffic anomalies. The effectiveness of autoencoder models is demonstrated on various network attacks and adversarial samples obtained from publicly available network intrusion data sets. The analysis highlights the strengths and limitations of different autoencoders for network traffic anomaly detection. The insights obtained from the empirical evaluation offer valuable guidance to researchers and practitioners aiming to develop an autoencoder-based network intrusion detection mechanism. | |
| dc.description.sponsorship | U.S. Army Combat Capabilities Development Command C5ISR Center under Support Agreement No. USMA21056. | |
| dc.identifier.citation | Hore, S., Nguyen, Q., Xu, Y., Shah, A., Bastian, N. & Le, T. (2023). Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS. Proceedings of the 2023 IEEE Conference on Dependable and Secure Computing, pp. 1-8. IEEE. | |
| dc.identifier.doi | https://doi.org/10.1109/DSC61021.2023.10354098 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14216/1461 | |
| dc.publisher | Proceedings of the 2023 IEEE Conference on Dependable and Secure Computing | |
| dc.subject | Autoencoders | |
| dc.subject | Network Intrusion Detection | |
| dc.subject | Anomaly detection | |
| dc.title | Empirical Evaluation of Autoencoder Models for Anomaly Detection in Packet-based NIDS | |
| dc.type | Conference presentations, papers, posters | |
| local.USMAemail | nathaniel.bastian@westpoint.edu | |
| local.peerReviewed | Yes |