research-article

Network Anomaly Detection Using Transfer Learning Based on Auto-Encoders Loss Normalization

Authors:

Or SofferAuthors Info & Claims

AISec '21: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security

Pages 61 - 71

https://doi.org/10.1145/3474369.3486869

Published: 15 November 2021 Publication History

Abstract

Anomaly detection is a classic, long-term research problem. Previous attempts to solve it have used auto-encoders to learn a representation of the normal behaviour of networks and detect anomalies according to reconstruction loss. In this paper, we study the problem of anomaly detection in computer networks and propose the concept of "auto-encoder losses transfer learning". This approach normalizes auto-encoder losses in different model deployments, providing the ability to transform loss vectors of different networks with potentially significant varying characteristics, properties, and behaviors into a domain invariant representation. This is forwarded to a global detection model that can detect and classify threats in a generalized way that is agnostic to the specific network deployment, allowing for comprehensive network coverage.

Supplementary Material

MP4 File (AISec21-30.mp4)

Anomaly detection is a classic, long-term research problem. Previous attempts to solve it have used auto-encoders to learn a representation of the normal behaviour of networks and detect anomalies according to reconstruction loss. In this paper, we study the problem of anomaly detection in computer networks and propose the concept of "auto-encoder losses transfer learning". This approach normalizes auto-encoder losses in different model deployments, providing the ability to transform loss vectors of different networks with potentially significant varying characteristics, properties, and behaviors into a domain invariant representation. This is forwarded to a global detection model that can detect and classify threats in a generalized way that is agnostic to the specific network deployment, allowing for comprehensive network coverage.

Download
349.91 MB

References

[1]

Major cyberattacks have rocked the us, and there are 'a lot of different ways that ransomware actors can disrupt everyone's lives,' experts say. https://www.businessinsider.com/cyberattacks-are-on-the-rise-in-the-us-experts-say-2021--6.

[2]

2 iranian men indicted for ransomware cyberattacks on u.s. targets, including port of san diego. https://www.sandiegouniontribune.com/business/technology/sd-fi-charges-port-of-san-diego-ransomware-20181128-story.html.

[3]

New orleans declares state of emergency following ransomware attack. https://techcrunch.com/2019/12/14/new-orleans-declares-state-of-emergency-following-ransomware-attack/.

[4]

Gilberto Junior, Joel Rodrigues, Luiz Carvalho, Jalal Al-Muhtadi, and Mario Proença. A comprehensive survey on network anomaly detection. Telecommunication Systems, 2019.

[5]

Baek-Young Choi and Supratik Bhattacharyya. On the accuracy and overhead of cisco sampled netflow. 2005.

[6]

Jaehak Yu, Hansung Lee, Myung-Sup Kim, and Daihee Park. Traffic flooding attack detection with snmp mib using svm. Computer Communications, 31, 2008.

[7]

B. Claise. Rfc 3954: Cisco systems netflow services export version 9. 2004.

Digital Library

[8]

S. Panchen, P. Phaal, and N. McKee. Rfc 3176: Inmon corporation's sflow: A method for monitoring traffic in switched and routed networks. 2001.

[9]

B. Trammell and B. Claise. Rfc 7011: Specification of the ip flow information export (ipfix) protocol for the exchange of flow information. 2013.

[10]

Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai. Kitsune: an ensemble of autoencoders for online network intrusion detection. NDSS, 2018.

[11]

Jerone Andrews, Edward Morton, and Lewis Griffin. Detecting anomalous data using auto-encoders. International Journal of Machine Learning and Computing, 6, 2016.

[12]

Chong Zhou and Randy Paffenroth. Anomaly detection with robust deep autoencoders. 23rd ACM SIGKDD International Conference, pages 665--674, 2017.

Digital Library

[13]

Florian Tramer, Nicholas Carlini, Wieland Brendel, and Aleksander Madry. On adaptive attacks to adversarial example defenses. arXiv preprint arXiv:2002.08347, 2020.

[14]

Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael P Wellman. Sok: Security and privacy in machine learning. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]

Battista Biggio and Fabio Roli. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84, 2018.

[16]

Giovanni Apruzzese and Michele Colajanni. Evading botnet detectors based on flows and random forest with adversarial samples. In 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA).

[17]

Giovanni Apruzzese, Mauro Andreolini, Luca Ferretti, Mirco Marchetti, and Michele Colajanni. Modeling realistic adversarial attacks against network intrusion detection systems. arXiv preprint arXiv:2106.09380, 2021.

[18]

Stevo Bozinovski. Reminder of the first paper on transfer learning in neural networks, 1976. Informatica (Slovenia), 2020.

[19]

Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A. Ghorbani. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers and Security, 31, 2012.

[20]

Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. Toward generating a new intrusion detection dataset and intrusion traffic characterization. 4th International Conference on Information Systems Security and Privacy (ICISSP), 2018.

[21]

Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. Dos and don'ts of machine learning in computer security. arXiv preprint arXiv:2010.09470, 2020.

[22]

Sarah M. Erfani, Sutharshan Rajasegarar, Shanika Karunasekera, and Christopher Leckie. High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning. Pattern Recogn., page 121--134, 2016.

[23]

Drausin Wulsin, Justin Blanco, Ram Mani, and Brian Litt. Semi-supervised anomaly detection for eeg waveforms using deep belief nets. Machine Learning and Applications (ICMLA), pages 436--441, 2011.

[24]

Mutahir Nadeem, Ochaun Marshall, Sarbjit Singh, Xing Fang, and Xiaohong Yuan. Semi-supervised deep neural network for network intrusion detection. 2016 KSU Conference on Cybersecurity Education, Research and Practice.

[25]

Hongchao Song, Zhuqing Jiang, Aidong Men, and Bo Yang. A hybrid semi-supervised anomaly detection model for high-dimensional data. Computational Intelligence and Neuroscience, 2017.

Digital Library

[26]

Sarah M. Erfani, Sutharshan Rajasegarar, Shanika Karunasekera, and Christopher Leckie. High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning. Pattern Recognition, 58:121--134, 2016.

Digital Library

[27]

Raghavendra Chalapathy, Aditya Krishna Menon, and Sanjay Chawla. Anomaly detection using one-class neural networks. CoRR, abs/1802.06360, 2018.

[28]

Gyuwan Kim, Hayoon Yi, Jangho Lee, Yunheung Paek, and Sungroh Yoon. Lstm-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems. CoRR, abs/1611.01726, 2016.

[29]

Jinghui Chen, Saket Sathe, Charu Aggarwal, and Deepak Turaga. Outlier detection with autoencoder ensembles. In Proceedings of the 2017 SIAM International Conference on Data Mining, SIAM, pages 90--98, 2017.

[30]

Diederik P Kingma and Max Welling. Auto-encoding variational bayes. CoRR, abs/1312.6114, 2014.

[31]

Ian J. Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. Generative adversarial nets. In Proceedings of the 27th International Conference on Neural Information Processing Systems - Volume 2, NIPS, page 2672--2680, 2014.

Digital Library

[32]

Alireza Makhzani, Jonathon Shlens, Navdeep Jaitly, Ian Goodfellow, and Brendan Frey. Adversarial autoencoders. CoRR, abs/1511.05644, 2016.

[33]

Dan Li, Dacheng Chen, Jonathan Goh, and See-Kiong Ng. Anomaly detection with generative adversarial networks for multivariate time series. CoRR, abs/1809.04758, 2018.

[34]

Lucas Deecke, Robert A. Vandermeulen, Lukas Ruff, Stephan Mandt, and Marius Kloft. Image anomaly detection with generative adversarial networks. In ECML PKDD 2018.

[35]

Thomas Schlegl, Philipp Seeböck, Sebastian Waldstein, Ursula Schmidt-Erfurth, and Georg Langs. Unsupervised anomaly detection with generative adversarial networks to guide marker discovery. International Conference on Information Processing in Medical Imaging, 2017.

[36]

Mahdyar Ravanbakhsh, Moin Nabi, E. Sangineto, L. Marcenaro, C. Regazzoni, and N. Sebe. Abnormal event detection in videos using generative adversarial nets. IEEE International Conference on Image Processing (ICIP), pages 1577--1581, 2017.

Digital Library

[37]

Aksel Wilhelm Wold Eide. Applying generative adversarial networks for anomaly detection in hyperspectral remote sensing imagery. Master's thesis, NTNU, 2018.

[38]

Vít Skvára, Tomás Pevný, and Václav Smídl. Are generative deep models for novelty detection truly better? CoRR, abs/1807.05027, 2018.

[39]

Remi Tachet des Combes, Han Zhao, Yu-Xiang Wang, and Geoffrey J. Gordon. Domain adaptation with conditional distribution matching and generalized label shift. CoRR, abs/2003.04475, 2020.

[40]

Tolga Ergen and Suleyman Serdar Kozat. Unsupervised anomaly detection with lstm neural networks. IEEE Transactions on Neural Networks and Learning Systems, 31(8):3127--3141, 2020.

[41]

Sawsan Abdul Rahman, Hanine Tout, Chamseddine Talhi, and Azzam Mourad. Internet of things intrusion detection: Centralized, on-device, or federated learning? IEEE Network, 34(6), 2020.

[42]

Ying Zhao, Junjun Chen, Di Wu, Jian Teng, and Shui Yu. Multi-task network anomaly detection using federated learning. In Proceedings of the 10th international symposium on information and communication technology, 2019.

Digital Library

[43]

Poonam Mehetrey, Behrooz Shahriari, and Melody Moh. Collaborative ensemble-learning based intrusion detection systems for clouds. In 2016 International Conference on Collaboration Technologies and Systems (CTS).

[44]

Lianbing Deng, Daming Li, Xiang Yao, David Cox, and Haoxiang Wang. Mobile network intrusion detection for iot system based on transfer learning algorithm. Cluster Computing, 22(4), 2019.

[45]

Mehdi Moradi and Mohammad ZULKERNINE. A neural network based system for intrusion detection and classification of attacks. IEEE 22nd national conference on communication, 2014.

[46]

Ahmed Saeed, Ali Ahmadinia, Abbas Javed, and Hadi Larijani. Intelligent intrusion detection in low-power iots. ACM Transactions on Internet Technology, 2016.

Digital Library

[47]

James Brown, Mohd Anwar, and Gerry Dozier. An evolutionary general regression neural network classifier for intrusion detection. In 25th International Conference on Computer Communication and Networks (ICCCN), 2016.

Cited By

Rao VBalakrishna REl-Ebiary YThapar PSaravanan KGodla S(2024)AI Driven Anomaly Detection in Network Traffic Using Hybrid CNN-GANJournal of Advances in Information Technology10.12720/jait.15.7.886-89515:7(886-895)Online publication date: 2024
https://doi.org/10.12720/jait.15.7.886-895
Dietz KMühlhauser MKögel JSchwinger SSichermann MSeufert MHerrmann DHoßfeld T(2024)The Missing Link in Network Intrusion Detection: Taking AI/ML Research Efforts to UsersIEEE Access10.1109/ACCESS.2024.340693912(79815-79837)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3406939
Zehra SFaseeha USyed HSamad FIbrahim AAbulfaraj ANagmeldin W(2023)Machine Learning-Based Anomaly Detection in NFV: A Comprehensive SurveySensors10.3390/s2311534023:11(5340)Online publication date: 5-Jun-2023
https://doi.org/10.3390/s23115340
Show More Cited By

Index Terms

Network Anomaly Detection Using Transfer Learning Based on Auto-Encoders Loss Normalization

Recommendations

Semi-supervised Deep Learning for Network Anomaly Detection
Algorithms and Architectures for Parallel Processing
Abstract
Deep learning promotes the fields of image processing, machine translation and natural language processing etc. It also can be used in network anomaly detection. In practice, it is not hard to obtain normal instances. However, it is always ...
Network Anomaly Detection using Threshold-based Sparse
IAIT '20: Proceedings of the 11th International Conference on Advances in Information Technology

Nowadays, cyber-attacks have been dramatically increased due to the rapid development of Internet-based services. The current network anomaly detection solutions such as Firewall, Snort, honeypots are useful, but they are insufficient to deal with zero-...
Group Anomaly Detection Using Deep Generative Models
Machine Learning and Knowledge Discovery in Databases
Abstract
Unlike conventional anomaly detection research that focuses on point anomalies, our goal is to detect anomalous collections of individual data points. In particular, we perform group anomaly detection (GAD) with an emphasis on irregular group ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

AISec '21: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security

November 2021

210 pages

ISBN:9781450386579

DOI:10.1145/3474369

Program Chairs:
Nicholas Carlini
Google Brain
,
Ambra Demontis
University of Cagliari
,
Yizheng Chen
University of California, Berkeley

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 94 of 231 submissions, 41%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
657
Total Downloads

Downloads (Last 12 months)146
Downloads (Last 6 weeks)9

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rao VBalakrishna REl-Ebiary YThapar PSaravanan KGodla S(2024)AI Driven Anomaly Detection in Network Traffic Using Hybrid CNN-GANJournal of Advances in Information Technology10.12720/jait.15.7.886-89515:7(886-895)Online publication date: 2024
https://doi.org/10.12720/jait.15.7.886-895
Dietz KMühlhauser MKögel JSchwinger SSichermann MSeufert MHerrmann DHoßfeld T(2024)The Missing Link in Network Intrusion Detection: Taking AI/ML Research Efforts to UsersIEEE Access10.1109/ACCESS.2024.340693912(79815-79837)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3406939
Zehra SFaseeha USyed HSamad FIbrahim AAbulfaraj ANagmeldin W(2023)Machine Learning-Based Anomaly Detection in NFV: A Comprehensive SurveySensors10.3390/s2311534023:11(5340)Online publication date: 5-Jun-2023
https://doi.org/10.3390/s23115340
DeMedeiros KHendawi AAlvarez M(2023)A Survey of AI-Based Anomaly Detection in IoT and Sensor NetworksSensors10.3390/s2303135223:3(1352)Online publication date: 25-Jan-2023
https://doi.org/10.3390/s23031352
Lewandowski BPaffenroth R(2023)Autoencoder Feature Residuals for Network Intrusion Detection: One-Class Pretraining for Improved PerformanceMachine Learning and Knowledge Extraction10.3390/make50300465:3(868-890)Online publication date: 31-Jul-2023
https://doi.org/10.3390/make5030046
Darra YGupta HDeogirikar ADeshpande S(2023)Sensor Profiling and Automated Quality Checks on Sensor Data2023 IEEE Technology & Engineering Management Conference - Asia Pacific (TEMSCON-ASPAC)10.1109/TEMSCON-ASPAC59527.2023.10531627(1-6)Online publication date: 14-Dec-2023
https://doi.org/10.1109/TEMSCON-ASPAC59527.2023.10531627
Xu LDing XPeng HZhao DLi X(2023)ADTCD: An Adaptive Anomaly Detection Approach Toward Concept Drift in IoTIEEE Internet of Things Journal10.1109/JIOT.2023.326596410:18(15931-15942)Online publication date: 15-Sep-2023
https://doi.org/10.1109/JIOT.2023.3265964
Guida CNascita AMontieri APescapé A(2023)Cross-Evaluation of Deep Learning-based Network Intrusion Detection Systems2023 10th International Conference on Future Internet of Things and Cloud (FiCloud)10.1109/FiCloud58648.2023.00055(328-335)Online publication date: 14-Aug-2023
https://doi.org/10.1109/FiCloud58648.2023.00055
Apruzzese GLaskov PSchneider J(2023)SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00042(592-614)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00042
Duan GFu YCai MChen HSun J(2023)DongTingJournal of Systems and Software10.1016/j.jss.2023.111745203:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111745
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents