Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Network Intrusion Detection by Variational Component-Based Feature Saliency Gaussian Mixture Clustering

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

Abstract

Anomaly detection is a core function of the network intrusion detection system, and due to the high volume and dimensionality of network data, clustering is an important technique for anomaly detection in unsupervised machine learning. In this paper, we propose a clustering approach for anomaly detection on network traffic flow data. For profiling normal traffic, we apply the component-based feature saliency Gaussian mixture model. We then present a variational learning algorithm which can simultaneously optimize over the number of components, the saliencies of the features for each component, and the parameters of the mixture model. The preliminary experiments on a network intrusion dataset demonstrate the satisfying performance achieved by both our method on its own and with a data preprocessing using the auto-encoder.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. An, P., Wang, Z., Zhang, C.: Ensemble unsupervised autoencoders and Gaussian mixture model for cyberattack detection. Inf. Process. Manag. 59(2) (2022)

    Google Scholar 

  2. Binbusayyis, A., Vaiyapuri, T.: Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and one-class SVM. Appl. Intell. 51, 7094–7108 (2021)

    Google Scholar 

  3. Chen, Y., Ashizawa, N., Yeo, C.K., Yanai, N., Yean, S.: Multiscale self-organizing map assisted deep autoencoding Gaussian mixture model for unsupervised intrusion detection. Knowl.-Based Syst. 224, 2021 (2021)

    Article  Google Scholar 

  4. Chen, Z., Yeo, C.K., Lee, B.S., Lau, C.T.: Autoencoder-based network anomaly detection. In: 2018 Wireless Telecommunications Symposium (WTS), pp. 1–5. IEEE (2018)

    Google Scholar 

  5. Constantinopoulos, C., Titsias, M.K., Likas, A.: Bayesian feature and model selection for Gaussian mixture models. IEEE Trans. PAMI 28(6), 1013–1018 (2006)

    Google Scholar 

  6. Hong, X., et al.: Component-based feature saliency for clustering. IEEE Trans. KDE 33(3), 882–896 (2021)

    Google Scholar 

  7. Huang, X., Hu, Z., Lin, L.: Deep clustering based on embedded auto-encoder. Soft Comput. 27, 1075–1090 (2023)

    Google Scholar 

  8. Intrusion Detection Evaluation Dataset (CICIDS2017). https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 7 July 2023

  9. Law, M.H., Figueiredo, M.A., Jain, A.K.: Simultaneous feature selection and clustering using mixture models. IEEE Trans. PAMI 26(9), 1154–1166 (2004)

    Article  Google Scholar 

  10. Leonid, S.: Unsupervised anomaly detection in network traffic using Deep Autoencoding Gaussian Mixture model. Int. J. Open Inf. Technol. 9(9), 109–112 (2021)

    Google Scholar 

  11. Lim, K.L., Jiang, X., Yi, C.: Deep clustering with variational autoencoder. IEEE Sig. Process. Lett. 27, 231–235 (2020)

    Article  Google Scholar 

  12. Meng, J., Shang, H., Bian, L.: The Application on intrusion detection based on K-means cluster algorithm. In: 2009 International Forum on Information Technology and Applications, pp. 150–152 (2009)

    Google Scholar 

  13. Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set. Inf. Secur. J. Glob. Perspect. 25(1–3), 18–31, 2016 (2016)

    Google Scholar 

  14. Schisterman, E.F., Perkins, N.J., Liu, A., Bondell, H.: Optimal cut-point and its corresponding Youden index to discriminate individuals using pooled blood samples. Epidemiology 16(1), 73–81 (2005)

    Google Scholar 

  15. Song, C., Liu, F., Huang, Y., Wang, L., Tan, T.: Auto-encoder based data clustering. In: Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications: 18th Iberoamerican Congress, CIARP 2013, Part I, vol. 18, pp. 117–124 (2013)

    Google Scholar 

  16. The UNSW-NB15 Dataset. https://research.unsw.edu.au/projects/unsw-nb15-dataset. Accessed 6 July 2023

  17. Tian, K., Zhou, S., Guan, J.: Deepcluster: a general clustering framework based on deep learning. In: Proceedings of ECML PKDD 2017, Part II 17, pp. 809–825 (2017)

    Google Scholar 

  18. Tsai, C., Lin, C.: A triangle area based nearest neighbors approach to intrusion detection. Pattern Recogn. 43(2010), 222–229 (2010)

    Article  Google Scholar 

  19. Wang, J., Wei, J.M., Yang, Z., Wang, S.Q.: Feature selection by maximizing independent classification information. IEEE Trans. KDE 29, 828–843 (2017)

    Google Scholar 

  20. Winter, P., Hermann, E., Zeilinger, M.: Inductive intrusion detection in flow-based network data using one-class support vector machines. In: IEEE Conference on New Technologies, Mobility and Security (2011)

    Google Scholar 

  21. Yang, B., Fu, X., Sidiropoulos, N.D., Hong, M.: Towards k-means-friendly spaces: simultaneous deep learning and clustering. In: ICML 2017, pp. 3861–3870 (2017)

    Google Scholar 

  22. Yang, Y., Zheng, K., Wu, C., Yang, Y.: Improving the classification effectiveness of intrusion detection by using improved conditional variational AutoEncoder and deep neural network. Sensors 19(11), 2528 (2019)

    Google Scholar 

  23. Zhai, J., Zhang, S., Chen, J., He, Q.: Autoencoder and its various variants. In: 2018 IEEE International Conference on System Man and Cybernetics (SMC), pp. 415–419 (2018)

    Google Scholar 

  24. Zhang, R., Tong, H., Xia, Y., Zhu, Y.: Robust embedded deep k-means clustering. In: Proceedings of the 28th ACM International Conference on Information and Knowledge and Management, pp. 1181–1190 (2019)

    Google Scholar 

  25. Zhu, X., Li, X., Zhang, S., Ju, C., Wu, X.: Robust joint graph sparse coding for unsupervised spectral feature selection. IEEE Trans. NNLS 28, 1263–1275 (2017)

    MathSciNet  Google Scholar 

  26. Zong, B., et al.: Deep autoencoding gaussian mixture model for unsupervised anomaly detection. In: ICLR 2018 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Secure Information Technologies, School of Electronics, Electrical Engineering and Computer Science, Queen’s University Belfast, Belfast, Northern Ireland, UK

    Xin Hong, Zafeirios Papazachos, Jesus Martinez del Rincon & Paul Miller

Authors
  1. Xin Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zafeirios Papazachos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jesus Martinez del Rincon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paul Miller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xin Hong .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hong, X., Papazachos, Z., del Rincon, J.M., Miller, P. (2024). Network Intrusion Detection by Variational Component-Based Feature Saliency Gaussian Mixture Clustering. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_45

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation