Unsupervised network traffic anomaly detection based on score iterations

doi:10.16511/j.cnki.qhdxxb.2021.21.045

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(3264 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract Network traffic anomaly detection is limited by the lack of annotation information in the traffic. This paper presents an unsupervised anomaly detection method based on score iterations that overcomes this limitation. An autoencoder based anomaly score iteration process was designed to learn generic anomaly features to determine an initial anomaly score. A deep ordinal regression model based anomaly score iteration process was then designed to learn discriminative anomaly features to further improve the anomaly score accuracy. Deep models, multi-view features and ensemble learning are also used to improve the detection accuracy. Tests on several datasets show that this method has significant advantages over other methods in the absence of annotation information and can be effectively applied to network traffic anomaly detection.

Keywords computer networks anomaly scores unsupervised autoencoder deep ordinal regression model ensemble learning

Issue Date: 26 April 2022

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	PING Guolou
	ZENG Tingyu
	YE Xiaojun

Cite this article:

PING Guolou,ZENG Tingyu,YE Xiaojun. Unsupervised network traffic anomaly detection based on score iterations[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(5): 819-824.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2021.21.045 OR http://jst.tsinghuajournals.com/EN/Y2022/V62/I5/819

[1] LIU F T, TING K M, ZHOU Z H. Isolation forest[C]//Proceedings of the 2008 8th IEEE International Conference on Data Mining. Pisa, Italy:IEEE Press, 2008:413-422.
[2] ZHANG J, JONES K, SONG T Y, et al. Comparing unsupervised learning approaches to detect network intrusion using netflow data[C]//Proceedings of the 2017 Systems and Information Engineering Design Symposium. Charlottesville, USA:IEEE Press, 2017:122-127.
[3] ESKIN E, ARNOLD A, PRERAU M, et al. A geometric framework for unsupervised anomaly detection[M]//BARBARá D, JAJODIA S. Applications of Data Mining in Computer Security. Boston, MA, USA:Springer, 2002:77-101.
[4] RINGBERG H, SOULE A, REXFORD J, et al. Sensitivity of PCA for traffic anomaly detection[C]//Proceedings of the 2007 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. California, USA:Association for Computing Machinery, 2007:109-120.
[5] PASCOAL C, DE OLIVEIRA M R, VALADAS R, et al. Robust feature selection and robust PCA for internet traffic anomaly detection[C]//2012 Proceedings IEEE INFOCOM. Orlando, USA:IEEE Press, 2012:1755-1763.
[6] MIRZA A H, COSAN S. Computer network intrusion detection using sequential LSTM neural networks autoencoders[C]//Proceedings of the 2018 26th Signal Processing and Communications Applications Conference. Izmir, Turkey:IEEE Press, 2018:1-4.
[7] MVNZ G, LI S, CARLE G. Traffic anomaly detection using k-means clustering[C]//Proceedings of Leistungs-, Zuverlässigkeits-und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4 GI/ITG Workshop MMBnet. Hamburg, Germany, 2007:13-14.
[8] BOHARA A, THAKORE U, SANDERS W H. Intrusion detection in enterprise systems by combining and clustering diverse monitor data[C]//Proceedings of the Symposium and Bootcamp on the Science of Security. Pittsburgh, PA, USA:Association for Computing Machinery, 2016:7-16.
[9] VINCENT P, LAROCHELLE H, LAJOIE I, et al. Stacked denoising autoencoders:Learning useful representations in a deep network with a local denoising criterion[J]. Journal of Machine Learning Research, 2010, 11:3371-3408.
[10] MANDIC D P, CHAMBERS J. Recurrent neural networks for prediction:Learning algorithms, architectures and stability[M]. New York:John Wiley & Sons, Inc., 2001.
[11] LI Z, ZHAO Y, BOTTA N, et al. COPOD:Copula-based outlier detection[C]//Proceedings of the 2020 IEEE International Conference on Data Mining. Sorrento, Italy:IEEE Press, 2020:1118-1123.
[12] SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//Proceedings of the 4th International Conference on Information Systems Security and Privacy. Funchal, Madeira Island, Portugal:SciTePress, 2018:108-116.
[13] MONTAZERISHATOORI M, DAVIDSON L, KAUR G, et al. Detection of DoH tunnels using time-series classification of encrypted traffic[C]//Proceedings of the 2020 IEEEInternational Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress. Calgary, Canada:IEEE, 2020:63-70.
[14] RUFF L, VANDERMEULEN R A, GÖRNITZ N, et al. Deep one-class classification[C]//Proceedings of the 35th International Conference on Machine Learning. Stockholm, Sweden:PMLR, 2018:4393-4402.
[15] AYTEKIN C, NI X Y, CRICRI F, et al. Clustering and unsupervised anomaly detection with l2 normalized deep auto-encoder representations[C]//Proceedings of the 2018 International Joint Conference on Neural Networks. Rio de Janeiro, Brazil:IEEE, 2018:1-6.
[16] ZHAO Y, NASRULLAH Z, LI Z. PyOD:A Python toolbox for scalable outlier detection[J]. Journal of Machine Learning Research, 2019, 20:1-7.

[1]	JIA Peng, WANG Pinghui, CHEN Pin-an, CHEN Yichao, HE Cheng, LIU Jiongzhou, GUAN Xiaohong. Unsupervised learning-based intelligent data center power topology system[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(5): 730-739.
[2]	ZHAO Qiming, BI Kexin, QIU Tong. Comparison and integration of machine learning based ethylene cracking process models[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(9): 1450-1457.
[3]	ZHAO Zeheng, ZHAO Jinsong. Remaining useful life prediction of fan belts based on destructive experiments and autoencoders[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(9): 1458-1466.
[4]	LIU Shudong, ZHANG Jiani, CHEN Xu. Review-aware heterogeneous variational autoencoder recommendation model[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(1): 88-97.
[5]	YANG Hongyu, WANG Fengyan, L�Weili. Network security threat assessment method based on unsupervised generation reasoning[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(6): 474-484.
[6]	SONG Yubo, YANG Huiwen, WU Wei, HU Aiqun, GAO Shang. Joint DDoS detection system based on software-defined networking[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(1): 28-35.
[7]	LIU Weidong, LIU Yaning. Variational autoencoder with side information in recommendation systems[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(8): 698-702.
[8]	YANG Qianwen, SUN Fuchun. Remote sensing image recognition based on generalized regularized auto-encoders[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 113-121.
[9]	LIU Wu, WANG Yongke, SUN Donghong, REN Ping, LIU Ke. Login authentication vulnerability mining and improved login authentication method based on an open source intelligent terminal[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 897-902.
[10]	WANG Suge, LI Dayu, LI Yang. Sentiment mining of commodity reputation data based on joint model[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 926-931.
[11]	WANG Bingkun, HUANG Yongfeng, LI Xing. Sentiment classification based on multi-granularity computing and multi-criteria fusion[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(5): 497-502.

Viewed

Full text

Abstract

Cited

Shared

Discussed